[go: up one dir, main page]

CN105074746A - Two-time near distance connection secure payment device, method, and system - Google Patents

Two-time near distance connection secure payment device, method, and system Download PDF

Info

Publication number
CN105074746A
CN105074746A CN201480019130.8A CN201480019130A CN105074746A CN 105074746 A CN105074746 A CN 105074746A CN 201480019130 A CN201480019130 A CN 201480019130A CN 105074746 A CN105074746 A CN 105074746A
Authority
CN
China
Prior art keywords
data
checkout
last payment
payment data
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201480019130.8A
Other languages
Chinese (zh)
Inventor
邵通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201480019130.8A priority Critical patent/CN105074746A/en
Publication of CN105074746A publication Critical patent/CN105074746A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a two-time near distance connection secure payment device, a method, and a system. A mobile phone is used as a password keyboard to implement secure payment, such that when a user makes a payment at an non-trusted computer terminal, the user can use the mobile phone in combination with the computer terminal to control, via two-time near distance communication, the inputting of a PIN code on user's own mobile phone and the confirmation of the payment amount. The method can be applied to making payments. The invention is a method that works with good password protocols and easily and securely enables services such as network banking and gaming on non-secure computer terminals.

Description

Two-time near distance connection secure payment device, method, and system
A kind of short range twice connects the device, method and system of secure payment
Technical field
The invention belongs to information security field.The present invention relates to a kind of device, method and system that secure payment is carried out using the connection of short-haul connections twice.
Background technology
Traditional bank card paying system by receipts single file 3 as shown in figure 1, POS5 and be issued to businessman, while also associating the POS5 and collecting account.Credit card issuer 1 provides bank card to holder 6, that is, provides bank card account 61 and the PIN62 of holder oneself.During payment, holder swipes the card on POS5 inputs bank card account 61 (input Send only Account F), input amount of money M, input PIN62, POS5 is collecting account S (or because POS is associated with collecting account, equivalent to collecting account information), bank card account 61 (Send only Account F), after the amount of money M and PIN62 encryption, receipts single file 3 is sent to by telephone network 4, then credit card issuer 1 is sent to by bank network 2;If information is correct, credit card issuer 1 is then paid accordingly.It will be apparent that POS5 is the key component of the Payment System.If forged or transformation POS5, attacker is obtained with bank card account 61 that holder 6 possessed (or encrypted form)And PIN62, then made a profit by forging bank card.Therefore, banking has formulated strict POS security technology standards, and strict control measures.Technology, manufacture and the management cost that these measures are brought are prevent POS is from spreading to ordinary people's family and little Wei enterprises.In POS payments, because the POS5 information for being sent to receipts single file 3 is encryption information, and receiving single file system is considered as safety.It can not be stolen and forge so the key paid is data obtained by POS5.So POS5 can be claimed to be last payment data generating means, the last payment data that the device is generated is sent to after credit card issuer 1, if correct can be carried out corresponding payment.
Credit card issuer 1, bank network 2, receipts single file 3, telephone network 4 and POS5 are simply referred to as bank in banking and receive single system.We are reduced to Fig. 1 Fig. 2 to represent for sake of convenience.So, payment datas of the POS2 encryption(Collecting account S, bank card account 31, the amount of money M and PIN32), it is sent to the single platform 1 of receipts;If payment data is correct, paid accordingly.Receiving single platform includes Fig. 1 credit card issuer 1, bank network 2, receipts single file 3 and telephone network 4.Obvious bank network and telephone network are the passage of information transmission, and other modes, such as internet can be used completely.
POS2 encrypts payment data, receives the legitimacy of single decryption payment data of platform 1 and validation of payment data, performs legal payment data, refuse illegal payment data.Can more simply it be stated as:POS2 is last payment data(Collecting account S, bank card account 31, the amount of money M and PIN32) the single platform 1 of receipts is sent to, receive the payment request that single platform 1 performs legal last payment data, the payment request of the illegal last payment data of refusal.Just most simply it is expressed as below:Last payment data is sent to the single platform 1 of receipts and paid by POS2.
Banking also provides e-Bank payment mode.U-shield Net silver (two generations), the means of payment was as shown in figure 3, the transaction data such as collecting account S, amount of money M are supplied to U-shield 4 by computer 2 (POS);U-shield 4 includes cardholder account 31;U-shield 4 shows collecting account and the amount of money;After confirming correctly, by the acknowledgement key in U-shield 4;U-shield 4 is received after acknowledgement key, and computer 2 is sent to after the payment data such as digital signature Send only Account F (bank card account 31), collecting account S, amount of money M, is forwarded to the single platform 1 of receipts;After the single checking of platform 1 digital signature of receipts is correct, paid accordingly.Or be simply described as:Computer 2 is last payment data(Collecting account S, Send only Account F and the amount of money M digital signature)The single platform 1 of receipts is sent to, the payment request that single platform 1 performs legal last payment data, the payment request of the illegal last payment data of refusal is received.Here, last payment data generating means are exactly U-shield.
EMV cards(Similar generation U-shield, compared with second-generation U-key, without keyboard and display)Occupation mode it is as shown in Figure 4;Collecting account S and amount of money M are supplied to EMV4 by computer 2;After EMV4 signatures, POS2 is sent back to;Data and the PIN32 of input after EMV cards signature are sent to the single platform 1 of receipts by POS;After the single checking of platform 1 signature of receipts and PIN32 are correct, paid accordingly.Or be simply described as:POS2 is data(Collecting account S, Send only Account F and the amount of money M digital signature, PIN32) it is sent to the single platform 1 of receipts and constitutes last payment data, receive the payment request that single platform 1 performs legal last payment data, the payment request of the illegal last payment data of refusal.Here, last payment data generating means are exactly to receive single platform 1.
The normal flow of EMV4 bank cards is that PIN32 is sent into EMV4, if PIN32 correct, signature collecting account S, Send only Account F, Amount of money M, is sent to the single platform of receipts and is paid accordingly.Here PIN32 is exactly the pass that an EMV4 is signed.The dealing money M of this scheme can be forged by computer 2, and collecting account S can also be forged, PIN32 can also be stolen.So being only used for the POS2 of " safety ".Although the program is also dangerous, the generating means of last payment data here are EMV4, and are a kind of secure payment means that will be popularized when POS2 is safe(EMV is migrated).Or be more simply stated as:POS2 is last payment data(Collecting account S, Send only Account F and the amount of money M digital signature)The single platform 1 of receipts is sent to, the payment request that single platform 1 performs legal last payment data, the payment request of the illegal last payment data of refusal is received.
Banking also provides the SMS means of payment.User input Send only Account and amount of money on gathering computer;Computer of collecting money transmits Send only Account, collecting account and the amount of money to website of bank;The phone number associated when website of bank is according to the user's registration Send only Account, sends the short message comprising collecting account, the amount of money and confirmation code to user mobile phone;After the payment information that user is read on mobile phone confirms, the input validation code on gathering computer;Gathering computer will confirm that code is sent to website of bank;Website is compared from the confirmation code of gathering computer and sends the confirmation code of short message, when consistent, sent payment information and is completed payment to bank main.Here website is the device of last payment data generation.The problem of technical scheme, is, if mobile phone operating system is invaded by virus or wooden horse, then attacker is assured that the corresponding mobile phone of Send only Account, thus can arbitrarily pay.And Send only Account and corresponding confirmation code of the attacker on it can also collect gathering computer, while regathering the confirmation code that mobile phone is received, the corresponding relation of mobile phone and Send only Account can be analyzed by comparing.The payment scheme is simply described as:Website is last payment data(Collecting account, Send only Account, the amount of money)The single platform 1 of receipts is sent to, the payment request that single platform 1 performs legal last payment data, the payment request of the illegal last payment data of refusal is received.Substantially similar also has " dynamic password " payment, fingerprint payment etc..Website can be exactly a website with receiving single platform, and last payment data generating means are exactly to receive single platform.
The implication of the generating means of last payment data is just to provide to last " integrated " device for receiving single system payment data.The data, which are sent to the single platform of receipts, can realize payment.Obviously last payment data typically all includes collecting account, Send only Account and the amount of money, and authentication information such as digital signature, PIN or dynamic password etc. are only also included sometimes.Certainly last payment data generating means, can also only provide collecting account, Send only Account and amount information and are just paid accordingly after the completion of authentication.
Bank payment system, is substantially exactly account management system.Basic factor is:Account, the amount of money(Remaining sum), authentication.The identification authentication mode of past magnetic stripe card is card number+PIN.Digital certificate technique is added now, can be with digital signature, for convenience of post-hoc tests and legal affairs while authentication being accomplished.
, it is necessary to use various cryptographic techniques to illustrate technical scheme in present specification.Asymmetric cryptosystem is illustrated using RSA:The RSA private t months represent decipherment algorithm or signature algorithm(Including the use of summary technology, signature digest), RSA ^ represent public algorithm.Symmetric encipherment algorithm is represented with DES: DESERepresent encryption or decrypt, E represents key.
With a large amount of popularizations of mobile phone and smart mobile phone, it is possible to use smart mobile phone is paid.The safety problem that Net silver is present, still exists in mobile-phone payment field, and more serious.It is for example original to use U-shield on computers, it can also extract after usage.But the T shields in mobile phone, it is impossible to it is required that user every time in use, carry out into and out work.The target of mobile-phone payment is just desirable to the POS and card that handle machine is transformed into secure payment, accomplishes that 3A pays (anytime, anywhere, anyhow)
In the system paid using traditional magnetic stripe card, people, which make great efforts transformation mobile phone, turns into mobile POS.Square companies of the U.S., the drawing OK a karaoke club of China and Kuai Qian companies have all exited the payment services of mobile phone card-brushing, are exactly the result of this effort.Generally checkout is mobile phone to such system, the earphone hole that card reader therein passes through mobile phone(Or the interface of other external message exchange equipments)Turn into an entirety with gathering mobile phone.When needing to pay, payment is inputted on mobile phone first;Then requestee is swiped the card with bank card on card reader;So gathering mobile phone has obtained the bank card account number information of requestee;Then, requestee inputs the PIN of correlation on card swiping mobile phone;Mobile phone collect money after the Bank Account Number of payee, the Bank Account Number of requestee, the amount of money and PIN encryption, the single platform of receipts is sent to by mobile radio network or computer network, completes to pay.
Such system inserts a magnetic stripe card reader on mobile phone, using the communication function of mobile phone, has effectively formed Mobile POS Terminal.But its main unsafe factor is, when the mobile phone of insertion card reader(Checkout)Invaded by mobile phone viruses, or by mobile phone owner implant procedure or by After transformation, the key messages such as the PIN swiped the card and Bank Account Number can be readily available.Because people are unwilling in oneself out of contior mobile phone by the light of nature(Others' mobile phone)Upper input PIN, seriously hinders the popularization of the technology.Chinese patent literature ZL200910234546.2 " methods of data in-kind of confirmation CPU cards " proposes a kind of method for confirming data in CPU card, but this method can not be applied to the requirement of " the input PIN codes not on card swiping mobile phone ".
Do not consider safety factor, the essence of payment is exactly:Account, the amount of money and the PIN of the requestee (authentication informations of account, requestee payee), it is sent to the bank of deposit of requestee;After bank validation account and corresponding PIN are correct, corresponding fund transfer is carried out.The essence of safety of payment technology is exactly to use agreement, to reach safe and easy-to-use combination.
Patent document on this respect may be referred to:Chinese patent literature ZL200610041361.6 "-kind independent of operating system security safe handling network server service apparatus and method ", CN99806523.4 " is used for the method and system of Secure Transaction " in computer system, ZL200910234546.2 " a kind of methods of data in confirmation CPU cards ", ZL200910234552.8 " a kind of security system and method ", a kind of devices of enhancing USBKEY safety of ZL200910234553.2 ", method and system ", ZL200410103401.6 " method of-kind of enhancing security of electronic signature tool in use for computer ".
With the progressively popularization of the popularization of non-contact information switching technology, particularly NFC mobile phone.Using the portability of non-contact technology combination mobile phone, while safety of payment is strengthened, it is ensured that easy to use to turn into new technological innovation field.Current non-contact information switching technology mainly has 13.56M and 2.4G technologies.Wireless messages switching technology also has bluetooth, ZIGBEE and WIFI etc. in fact.But it is suitable for the wireless technology of payment technical field, it should meet the requirement of near-field communication.It is, equipment must be very close to could communicate first(Less than 10CM), and shut-off communication (being more than 10CM) after leaving.Additionally by the MIC and loudspeaker of mobile phone, two equipment can also be realized(Mobile phone)Between information exchange.So, it is ensured that when paying progress data exchange, equipment is really close to each other.
Two equipment are connected on short-haul connections, the patent document of this respect can also be referred to:Chinese patent literature ZL201120500867.5 "-kind of on-site payment equipment ", " ZL201210268533.9 a kind of Mobile phone payment device and method of payment based on safety chip and sound carrier communication ", ZL201010205532.0 " apparatus and method of the secure data communication based on sound wave ", ZL201120494926.2 " a kind of on-site payment equipment ", ZL201110314015.1 " a kind of method of mobile payment, system and terminal device ".These files and above mentioned all patent documents are all the background papers that this patent is realized, in order to save the length of patent specification, applicant is using the specifications of above-mentioned all patent documents as a part for present patent application, and these application documents are written with this specification by expression.
The content of the invention
Device A is connected with equipment B short ranges and is meant that, when A and B close to when, A equipment can mutually obtain information, such as NFC, RFID radio-frequency technique with equipment B.Device A is unidirectionally connected with equipment B short ranges and is meant that, when A and B close to when, A equipment can obtain information with slave unit B, but equipment B is unable to slave unit A and obtains information;For example, it is that short range is unidirectionally connected to read Quick Response Code using camera, i.e., information can be sent to the equipment for possessing camera from Quick Response Code display device, otherwise can not transmit information.MIC and loudspeaker are also used, connection is constituted between device A and equipment B, is exchanged for information, this is also a kind of short range connection.In a word, short range connection is exactly that only two equipment mutually physically close to rear, can just enter the connection of row information exchange.We use " A is close to B ", represent that A sets up short range connection close to B;Typically represent A and be connected with B short ranges from B and obtain information.
In order to which " mobile phone move POS " not in businessman above inputs the PIN of user's bank card, it can use and input PIN code to improve safe experience on the bank card owner mobile phone of oneself.This mobile phone of oneself is called " confirming device ".In present specification, mobile phone is not also the same using its telecommunications functions, i.e. MID, can also be formed with the card shape of display and keyboard.
Present bank card and mobile phone are all must be with article;Mobile phone has display and keyboard, and it is an easy-to-use scheme to make full use of mobile phone.So paying front end just has two devices:Checkout(Such as computer or POS) and confirmation device(Mobile phone).Payment safety can be improved using checkout and confirmation two articles of device.As long as ensureing that an article is safe wherein, it is possible to safety of guaranteeing payment;When poor situation is exactly that two articles are all dangerous, as long as " wooden horse " in two articles is not carried out by same hacker or can ensure safety;Further it is exactly two articles In " wooden horse " be exactly carried out by same hacker, as long as but hacker be difficult to should two articles, that is, be difficult correspondence Send only Account and corresponding mobile phone, it is also or safe.As long as or hacker can not " real-time " correspond to the two articles, and can real-time exchange information, also or safety.Finally, if two equipment have a hardware security module, such account information can just be accomplished can only short range transmission, it is ensured that fund can only be from requestee to payee.
A kind of short range twice connects the device of secure payment, and it includes:
Display device:For selecting display gathering data;
Safety device:Critical data is paid for generating, or generates last payment data.
Short-haul connections device, inputoutput data is connected for short range;
Safety device is connected with display device, and safety device is connected with short-haul connections device;
Safety device obtains gathering data by short-haul connections device, and selection is delivered to display device and shown;Safety device pays critical data or last payment data according to gathering data generation;Safety device pays critical data or last payment data again by the output of short-haul connections device.
Further, also security module carries out related cryptographic calculations, generates last payment data or generation pays critical data.
The system that a kind of short range twice connects secure payment, it includes:
Checkout:For transmitting gathering data to confirmation device short range, or receive the payment critical data or last payment data come from confirmation device short range transmission, or transmission pays critical data to last payment data generating means, either from last payment data generating means receive last payment data or transmit last payment data to receiving list platform etc.;
Confirm device:For selecting display gathering data, generation to pay critical data or last payment data, and short range is sent to checkout;Receive single platform:Last payment data is generated according to the payment critical data received or last payment data is received, and according to last payment data, performs legal last payment data, the illegal last payment data of refusal;
Last payment data generating means:Last payment data is generated according to critical data is paid, he can connect checkout, can also connect confirmation device, may be in checkout, may be at confirming in device, be also in receiving in single platform;
Checkout is connected with receiving single platform;Confirm that device is connected with checkout short range;
Device is confirmed close to checkout, and short range obtains gathering data;Confirm device selection display gathering data;Confirm that device generation pays critical data, if last payment data device connection confirms device, then the transmission of confirmation device is paid critical data to last payment data device, last payment data is generated, and be sent to confirmation device;Confirm that device is again adjacent to checkout, short range transmission pays critical data or last payment data to checkout;If the payment critical data that checkout is received is last payment data, it is transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts;Receive single platform and payment processes are carried out according to last payment data.
Further, CPU card is last payment data generating means, and CPU card is directly connected to checkout, receives the payment critical data that checkout transmission comes, and generates last payment data, and send back checkout and receive single platform.
Or, receive in single platform and also have safety device, receive the payment critical data that checkout transmission comes, generate last payment data, and be sent to the single platform of receipts.
Or, checkout also has security module, receives the payment critical data that checkout transmission comes, and generates last payment data, and be sent to the single platform of receipts.
According to another aspect of the present invention, a kind of connection of short range twice safe payment method, it includes:
A, confirmation device are close to checkout, and short range obtains gathering data;
B, confirmation device selection display gathering data;
C, confirmation device generation pay critical data;
If D, last payment data generating means connection confirm device, then confirm that device transmission pays critical data and is sent to last payment data device, generate last payment data, and transfer back to confirmation device; E, confirmation device are again adjacent to checkout, and short range transmission pays critical data or last payment data to checkout;
If the payment critical data that F, checkout are received is last payment data, then it is transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts;
The single platform of G, receipts carries out payment processes according to last payment data.
Normally, last payment data generating means either connect the CPU card of checkout, or the security module in checkout, or connect the receipts list platform of checkout;It is characterized in that also payment critical data is sent to last payment data generating means, the step of last payment data generating means are according to critical data generation last payment data is paid by checkout.
Usually, the payment critical data in step C is last payment data, confirms that device is exactly last payment data generating means.
Usually, step C, which pays critical data, is generated in the security module for confirming device, while also security module forbids paying the step of critical data is sent to confirmation device.
Normally, last payment data generating means transmit last payment data to the single platform of receipts by checkout;
Usually, confirm device connected by short range obtained from checkout including collecting account and(Or)The gathering data such as amount of money;Usually, last payment data generating means are the CPU cards for connecting checkout;
More easily, it is last payment data to pay critical data, confirms that device is exactly last payment data generating means;
Or, last payment data generating means are the security modules in checkout;
Or, last payment data generating means are the receipts list platforms for connecting checkout;
More safely, C, which pays critical data, is generated in the security module for confirming device, while also security module forbids paying the step of critical data is sent to confirmation device;
Brief description of the drawings
Describe the present invention with reference to the accompanying drawings, wherein
Fig. 1 represents the schematic diagram of existing bank card paying system;
Fig. 2 represents the schematic diagram of simplified bank card paying system;
Fig. 3 represents existing U-shield(Two generations)The schematic diagram of payment system;
Fig. 4 represents existing U-shield generation), CPU card pay and EMV card paying systems schematic diagram;
Fig. 5 represents the schematic diagram of the associated system of preferred embodiment 12,3;
Fig. 6 represents the schematic diagram of the associated system of preferred embodiment 4;
Fig. 7 represents the schematic diagram of the associated system of preferred embodiment 56;
Fig. 8 represents the schematic diagram of the associated system of preferred embodiment 7;
Fig. 9 represents the schematic diagram of the associated system of preferred embodiment 8;
Embodiment
[embodiment 1] (cell phone password keyboard, platform)
It is as shown in Figure 5 according to the 1st kind of embodiment that the present invention is associated.Payment system is constituted by receiving single platform 1, checkout 2, bank card 3, confirmation device 4 and requestee 5.Single platform 1 is wherein received to be connected with checkout 2;Checkout 2 is connected with bank card 3;Confirm that device 4 is connected with the short range of checkout 2.
Receive single platform 1:The gathering data public key RSA m m^ for possessing the collecting account S of platform private key RSA checkouts 2 confirm device 4:There is platform public key RSA
Checkout 2:There is collecting account S, security module 21 has collecting account S and gathering data private key RSA m rn;
Requestee 5 has bank card 3 to pay desired PIN51;Bank card 3 possesses Send only Account F
Payment flow is: 1st, checkout 2 obtains amount of money M, there is collecting account S;
2nd, confirm that device 4, close to checkout 2, is obtained(M, S),
3rd, the selection display of device 4 is confirmed(M、 S ) ;
4th, confirm to input PIN51 on device 4, calculate RSA (M, S, PIN51);
5th, confirm that device 4 is again adjacent to checkout 2, short range connection transmission RSA (M, S, PIN51) arrives checkout 2, be then delivered to the single platform 1 of receipts;
6th, receive single platform 1 and calculate RSA (RSA M, S, PIN51)), obtain(M、 S、 PIN51 ) ;RSA m& are obtained according to S, RSA (M, PIN51) is calculated and is sent to the security module 21 of checkout 2;
7th, (RSA mmm^ (M, PIN51) obtain M and PIN51 to the calculating RSA m of security module 21 m&;
8th, bank card 3, checkout 2 and the single platform 1 of receipts carry out delivery operation according to bank paying normal process, when security module 21 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using security module, is finally proceeded to receive single platform and is paid.Here, security module 21 is exactly POS, and confirms that device 4 is exactly the trusted display and trusted keypad of the POS, completes the display of POS and the function of code keypad.
Step 1 and 2, is exactly " confirming device close to checkout, short range obtains gathering data ".Here gathering data are collecting account S (cores)It can also be generated with amount of money M, amount of money M on device 4 is confirmed;The connection for confirming device 4 and checkout 2 is short range connection, and such as NFC, RFID, audio communication and the confirmation scanning display of checkout 2 of device 4 include the Quick Response Code of gathering data.Can also such as shake to be closely located to according to geography so that confirm that device is connected with checkout, such connection is near it is also assumed that being short range connection due to geographic distance.
Step 3, it is " confirming device selection display gathering data ";Here collecting account can not be shown.
Step 4, it is " confirming that device generation pays critical data ".Confirm that device generation pays critical data and is: RSA ^^ ( M、 S、 PIN51 ) ;The last payment data generating means of the present embodiment are the security modules 21 of checkout 2, and with confirming that device 4 is not directly connected, so " if last payment data generating means connection confirms device; so confirm that device transmission pays critical data and is sent to last payment data device; the last payment data of generation, and be sent to confirmation device " not perform;
Step 5, step 6 and step 7, are exactly " confirming device close to checkout, short range transmission pays critical data or last payment data to checkout ";Confirm that device, close to checkout, the payment critical data generated is transmitted to checkout security module by short-haul connections;
Step 8, exactly " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ";The present embodiment, it is not last payment data to pay critical data.Last payment data generating means are checkout security modules, and checkout security module generates last payment data using critical data is paid, and is sent to the single platform of receipts.
Step 8, " receive single platform and payment processes are carried out according to last payment data ";
Input PIN51 in step 4, which can also be used, is pre-stored in PIN51 in confirmation device 4.Bank card, checkout and the single platform of receipts generate last payment data using critical data is paid in step 7:When bank card is magnetic card, last payment data is generated in checkout security module 21;When bank card is CPU card, last payment data is generated in CPU card.Bank card in additional embodiment 1 can also be U-shield, and technically U-shield is exactly CPU card.In device 4 is confirmed, security module can also be set to carry out the cryptographic calculations of correlation;And can take only to the necessary information of confirmation device transmission(The amount of money), forbid transmitting other information(Collecting account).That is, only sent, and forbidden from hardware (software) to the transmission of other devices to the device of needs using information, or be referred to as:Orientation transmission.
The essence of the present embodiment is exactly to be used as checkout using confirmation device(POS in PBOC standards)" code keypad ".It is convenient that narration is intended merely to using asymmetric cryptography agreement.Actually because checkout security module is provided by merchant bank, gathering data public key and private key can not needed, and use other symmetric cryptography agreements;The function of this pair of secret keys is ensuring that, by receiving M and PIN that single platform processes are obtained, securely transmits the security module of checkout. The difference of the present embodiment and code keypad is that code keypad and POS are an entirety, are a POS parts, and embodiment confirms that device and checkout are actually two people(Or mechanism)It is all;Code keypad merely enters PIN, and the confirmation device of the present embodiment will not only input PIN, also to show the amount of money, or even also to show collecting account(Or gathering user name).Especially, it is emphasized that in the present embodiment, confirm that device must could set up password with checkout by receiving single platform and be connected, and conventional cipher keyboard is directly to be authenticated setting up password with POS being connected.
The present embodiment can also be described so:
A kind of short range safe payment method, it includes:
A, confirmation device are close to checkout, and short range obtains gathering data;(Step 1,2)
B, confirmation device selection display gathering data;(Step 3)
C, confirmation device generation pay critical data;(Step 4)
D, confirmation device pay critical data to checkout close to checkout, short range transmission;
E, transmission pay critical data to the single platform of receipts, then are sent to checkout security module;(Step 5,6,7 safety requirements);
F, execution bank paying normal process carry out delivery operation, form last payment data;(Step 8)
The single platform of G, receipts carries out payment processes according to last payment data;
In fact, confirming that device 4 can be mobile phone.Embodiment 1 is exactly mobile phone as checkout(POS code keypad).The connection of mobile phone and checkout is short range connection, such as Quick Response Code, NFC, audio communication or the connection of geographical position short range.Quick Response Code as scanning checkout can be used to show for mobile phone obtains data from checkout, can also use short-range communication technology(Such as NFC) data are obtained from checkout, data can also be obtained by MIC, the close network connection set up in geographical position can also be passed through.Checkout obtains data from mobile phone, and data and input etc. on the keyboard of checkout by hand can be obtained using NFC, Quick Response Code, by MIC.The payment critical data of embodiment 1 is inconvenient using input through keyboard, and it is NFC near-field communication technologies to recommend short range connection.
The use step of so program is exactly:
1st, the amount of money is generated on checkout(Or collecting account and the amount of money);
2nd, mobile phone close to checkout;
3rd, requestee Check sees the mobile phone the gathering data of display;
4th, gathering data are correct, input bank card PIN code;
5th, mobile phone is completed close to checkout to pay;
It will be apparent that bank card in embodiment 1 can be common magnetic card or CPU card.If bank card account information is put into the safety chip built in mobile phone or CPU card is put into mobile phone security or directly CPU card is attached on mobile phone, is connected and exchanged into row information with checkout short range by NFC mobile phone.So logically see, bank card still connects checkout, but physically bank card is together with confirming device, i.e., mobile phone includes bank card.
[embodiment 2] (cell phone password keyboard 2, without platform)
It is as shown in Figure 5 according to the 2nd kind of embodiment that the present invention is associated.Payment system is constituted by receiving single platform 1, checkout 2, bank card 3, confirmation device 4 and requestee 5.Single platform 1 is wherein received to be connected with checkout 2;Checkout 2 is connected with bank card 3;Confirm that device 4 is connected with the short range of checkout 2.
Receive single platform 1:Possess platform private key RS A RSA
Confirm device 4:Platform public key RSA
The security module 21 of checkout 2 has collecting account S and gathering data private key RSA to also have RSA, and (RSA requestee 5 has bank card 3 to pay desired PIN51;Bank card 3 possesses Send only Account.
Payment flow is:
1st, checkout 2 obtains amount of money M, is sent to security module 21; 2nd, security module 21 calculates RSA M, S), RSA RSA
3rd, confirm that device 4, close to checkout 2, obtains RSA (M, S), RSA f (RSA f
4th, confirm that device 4 calculates RSA RSA RSA《)), RSA mmm^ are obtained, RSA RSA are calculated
M, S)), obtain amount of money M and collecting account S;
5th, display amount of money M and(Or)Collecting account S;
6th, PIN51 is inputted on device 4 is confirmed, confirms that device 4 calculates RSA (M, PIN51);
7th, device 4 is confirmed close to checkout 2, and short range connection transmission RSA (M, PIN51) arrives checkout 2, then security module 21;
8th, security module 21 calculates RSA (RSA (M, PIN51)), obtains M and PIN51;
9th, bank card 3, checkout 2 and the single platform 1 of receipts carry out delivery operation according to bank paying normal process, when security module 21 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using security module;Finally proceed to receive single platform 1 and paid.Step 1 and 2, is exactly " confirming device close to checkout, short range obtains gathering data ".Here gathering data are collecting accounts(Core)With amount of money M, the amount of money can also be generated on device is confirmed;The connection for confirming device and checkout is short range connection, and such as NFC, RFID, audio communication and confirmation display device scanning checkout show the Quick Response Code for including gathering data.
RSA in step 2ffi(RSA essence is exactly the digital certificate for the security module for receiving single platform signature.Due to confirming that device 4 confirms the legitimacy of security module 21.
Step 3, it is " confirming device display gathering data ";Here collecting account can not be shown.
Step 4, it is " confirming that device generation pays critical data ".Confirm that device generation pays critical data: RSAftft i ffi( M、 S、 PIN51 ) ;The last payment data generating means of the present embodiment are checkout security modules, and with confirming that device is not connected to, so " if last payment data generating means connection confirms device; so confirm that device transmission pays critical data and is sent to last payment data device; the last payment data of generation, and be sent to confirmation device " not perform;
Step 5, step 6 and step 7, exactly " confirm that device is again adjacent to checkout, short range transmission pays critical data or last payment data to checkout ";Confirm that device, close to checkout, the payment critical data generated is transmitted to checkout and security module by short-haul connections;Step 8, exactly " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ";The present embodiment, it is not last payment data to pay critical data.Last payment data generating means are checkout security modules, and checkout security module generates last payment data using critical data is paid, and is sent to the single platform of receipts.
Step 9, " receive single platform and payment processes are carried out according to last payment data ";
Input PIN51 in step 4, which can also be used, is pre-stored in PIN51 in confirmation device.Bank card, checkout and the single platform of receipts generate last payment data using critical data is paid in step 7:When bank card is magnetic card, last payment data is generated in checkout security module 21;When bank card is CPU card, last payment data is generated in CPU card.Bank card in additional embodiment 1 can also be U-shield, and technically U-shield is exactly CPU card.In device is confirmed, security module can also be set to carry out the cryptographic calculations of correlation;And can take only to the necessary information of confirmation device transmission(The amount of money), forbid transmitting other information(Collecting account).That is, only sent, and forbidden from hardware (software) to the transmission of other devices to the device of needs using information.
The essence of the present embodiment is exactly to be used as checkout using confirmation device(POS in PBOC standards)" code keypad ".It is convenient that narration is intended merely to using asymmetric cryptography agreement.Due to the RSA using similar digital signature¥i!¾ffi ( RSA &), and checkout security module is provided by merchant bank, it is ensured that safety.
The present embodiment realizes that the password for confirming device and security module is connected with code keypad with the technology of digital signature.
The present embodiment can also be described so: A kind of short range safe payment method, it includes:
A, confirmation device are close to checkout, and short range obtains gathering data;(Step 1,2)
B, confirmation device display gathering data;(Step 3)
C, confirmation device generation pay critical data;(Step 4)
D, confirmation device are again adjacent to checkout, and short range transmission pays critical data to checkout security module;(Step 5,6,7);
E, execution bank paying normal process carry out delivery operation, form last payment data;
The single platform of F, receipts carries out payment processes according to last payment data;
In fact, confirming that device 4 can be mobile phone.Embodiment 1 is exactly mobile phone as checkout(POS code keypad).The connection of mobile phone and checkout is short range connection, such as Quick Response Code, NFC or audio communication.Quick Response Code as scanning checkout can be used to show for mobile phone obtains data from checkout, can also use short-range communication technology(Such as NFC) data are obtained from checkout, data can also be obtained by MIC.Checkout obtains data from mobile phone, and data and input etc. on the keyboard of checkout by hand can be obtained using NFC, Quick Response Code, by MIC.The payment critical data of embodiment 1 is inconvenient using input through keyboard, and the short range connection of recommendation is NFC near-field communication technologies.
The use step of so program is exactly:
1st, the amount of money is generated on checkout(Or collecting account and the amount of money);
2nd, mobile phone close to checkout;
3rd, requestee Check sees the mobile phone the gathering data of display;
4th, gathering data are correct, input bank card PIN code;
5th, mobile phone is completed close to checkout to pay;
It will be apparent that bank card in example 2 can be common magnetic card or CPU card.If bank card account information is put into the safety chip built in mobile phone or CPU card is put into mobile phone security or directly CPU card is attached on mobile phone, is connected and exchanged into row information with checkout short range by NFC mobile phone.So logically see, bank card still connects checkout, but physically bank card confirms display device together, i.e., mobile phone includes bank card.
When the difference of the present embodiment and embodiment 1 is to pay, it is not necessary to receive single platform 1 and participate in cryptographic calculations.
[embodiment 3] (cell phone password keyboard 2, position)
It is as shown in Figure 5 according to the 3rd kind of embodiment that the present invention is associated.Payment system is constituted by receiving single platform 1, checkout 2, bank card 3, confirmation device 4 and requestee 5.Single platform 1 is wherein received to be connected with checkout 2;Checkout 2 is connected with bank card 3;Confirm that device 4 is connected with the short range of checkout 2.
Receive single platform 1:Possess the Send only Account F of the bank card 3 collecting account S of payment data public key RSA m m^ checkouts 2 gathering number SA
Confirm that device 4 has payment data public key mark FB, the payment data private key RSA mmrnm of bank card 3;
The security module 21 of checkout 2 has collecting account S and gathering data private key RSA m rn;
Requestee 5 has bank card 3 to pay desired PIN51;Bank card 3 possesses Send only Account.
Payment flow is:
1st, checkout 2 obtains amount of money M, is sent to security module 21;
2nd, confirm that device 4, close to checkout 2, obtains amount of money M and collecting account S;
3rd, display amount of money M and(Or)Collecting account S;
4th, requestee is confirmed after display information, and PIN51 is inputted on device 4 is confirmed, confirms that device 4 calculates RSA M, S, PIN51);
5th, confirm that device 4 is again adjacent to checkout 2, short range connection transmission RSAft ¾ffi(M, S, PIN51), payment data public key identifies FB to checkout 2, is then delivered to the single platform 1 of receipts; 6th, receive single platform 1 and FB is identified according to payment data public key, obtain payment data public key;RSA (RSA (M, S, PIN51)) is calculated, M, S and PIN51 is obtained;Calculate RSA M, S, PIN51) it is sent to the security module 21 of checkout 2;
7th, (RSA (M, S, PIN51) obtains M, S and PIN51 to the calculating of security module 21 RSA;
8th, bank card 3, checkout 2 and the single platform 1 of receipts carry out delivery operation according to bank paying normal process, when security module 21 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using security module;Finally proceed to receive single platform and paid.Step 1 and 2, is exactly " confirming device close to checkout, short range obtains gathering data ".Here gathering data are collecting accounts(Core)With amount of money M, the amount of money can also be generated on device is confirmed;The connection for confirming device and checkout is short range connection, and such as NFC, RFID, audio communication and confirmation display device scanning checkout show the Quick Response Code for including gathering data.
Step 3, it is " confirming device display gathering data ";Here collecting account can not be shown.
Step 4, it is " confirming that device generation pays critical data ".Confirm that device generation pays critical data: RSAft ¾ffi(M、 S、 PIN51 ) ;The last payment data generating means of the present embodiment are checkout security modules, and with confirming that device is not connected to, so " if last payment data generating means connection confirms device; so confirm that device transmission pays critical data and is sent to last payment data device; the last payment data of generation, and be sent to confirmation device " not perform;
Step 5, step 6 and step 7, exactly " confirm that device is again adjacent to checkout, short range transmission pays critical data or last payment data to checkout ";Confirm that device, close to checkout, the payment critical data generated is transmitted to checkout and security module by short-haul connections;Step 8, exactly " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ";The present embodiment, it is not last payment data to pay critical data.Last payment data generating means are checkout security modules, and checkout security module generates last payment data using critical data is paid, and is sent to the single platform of receipts.
Bank card, checkout and the single platform of receipts generate last payment data using critical data is paid in step 7:When bank card is magnetic card, last payment data is generated in checkout security module 21;When bank card is CPU card, last payment data is generated in CPU card.
The essence of the present embodiment is exactly to be used as checkout using confirmation device(POS in PBOC standards)" code keypad ".POS code keypad and POS are connected by cipher protocol, and in the present embodiment, confirm that device must could set up password with checkout by receiving single platform and be connected.
The present embodiment 3 is by receiving the certification that single platform has in fact carried out the public key of checkout.
[embodiment 4] (mobile phone CPU card)
The 4th kind of embodiment associated according to the present invention, as shown in Figure 6.Payment system is constituted by receiving single platform 1, checkout 2, requestee 3, confirmation device 4 and CPU card device 5.Single platform 1 is wherein received to be connected with checkout 2;Checkout 2 is with confirming that the short range of device 4 is connected;CPU card device 5 is with confirming that device 4 is connected.
Receiving single platform 1 includes:The Send only Account F and payment public key RSA of CPU card device 5m ;
CPU card device 5 includes:The payment private key of CPU card device 5 RSA m mn, Send only Account F and PIN51;
Checkout 2 includes:Collecting account S;Requestee 3 has the PIN51 of CPU card device 5;
1st, checkout 2 obtains amount of money M, there is collecting account S;
2nd, confirm that device 4, close to checkout 2, is obtained(The amount of money M, collecting account S);
3rd, display amount of money M and(Or)Collecting account S;
4th, confirm to input PIN51 on device 4, transmit(M, S, PIN51) arrive CPU card device 5;
5th, CPU card device 5 compares after the PIN51 received and PIN51-cause for possessing, calculates RSAft¾¾(M, S, F), is sent to confirmation device 4; 6th, confirm that device 4 is again adjacent to checkout 2, short range transmission RSA (M S, F) arrives checkout 2;
7th, the transmission of checkout 2 RSAft¾ffi(M S F) receives single platform 1;
8th, single platform 1 is received according to last payment data RSAft¾ffi(M S, F) carries out payment processes;
Step 1 and 2, is exactly " confirming device close to checkout, short range obtains gathering data ".Here gathering data are collecting accounts(Core)With amount of money M, the amount of money can also be generated on device is confirmed;The connection for confirming device and checkout is short range connection, and such as NFC RFID, sound and confirmation device scanning checkout show the Quick Response Code for including gathering data;
Step 3, it is " confirming device display gathering data ";Here collecting account can not be shown.
Step 4 is " confirming that device pays critical data using payment data generation ".Confirm that device generation pays critical data M PIN51, collecting account S, Send only Account F;
Step 5, transmission pay critical data to last payment data generating means CPU card, and the last payment data generating means of the present embodiment are CPU cards, and connection confirms device;If " last payment data device connection confirms display device, then the transmission of confirmation display device is paid critical data and is sent to last payment data device, generates last payment data, and be sent to confirmation display device ";
Step 6, it is exactly " confirming device close to checkout, short range transmission pays critical data or last payment data to checkout ".Confirm that device, close to checkout, the last payment data generated is transmitted to checkout by short-haul connections;
Step 7, exactly " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ";The present embodiment, what checkout was received is last payment data.Checkout safety device generates last payment data using critical data is paid.
Step 8, " receive single platform and payment processes are carried out according to last payment data ";
Here device 4 and CPU card device 5 are confirmed, completely can be in a physical unit, such as mobile phone.CPU card device 5 and security module 41 can be a modules(Hardware or software).Embodiment 4 is exactly in fact mobile phone as a secure private and pays computer.This scheme directly does second-generation U-key safety than mobile phone.The connection of mobile phone and checkout is short range connection, so when mobile phone is without close to checkout, it is impossible to which payment critical data is sent to checkout.
In order to strengthen the safety of embodiment 4, with reference to embodiment 3, a security module provided by receipts single file can be increased in checkout, by cipher protocol, can realize that collecting account securely transmits the security module 41 for confirming device
The use step of embodiment 2 is exactly:
1st, the amount of money is inputted on checkout(Or collecting account and the amount of money);
2nd, mobile phone close to checkout;
3rd, Check sees the mobile phone the payment data of display;
4th, payment data is correct, then inputs bank card PIN code;
5th, mobile phone close to checkout;
In mobile phone, actually CPU card device 5 and confirmation equipment safety module 41 are probably that a chip, such as bank and mobile communication business combine the SIM card provided, or the TF cards that bank individually issues.
[embodiment 5] (mobile phone CPU card, last payment data)
The 5th kind of embodiment associated according to the present invention, as shown in Figure 7.Payment system is by receiving single platform 1, checkout 2, bank card 3, confirmation device 4 and requestee 5.Single platform 1 is wherein received to be connected with checkout 2;Checkout 2 has gathering safety chip 21 with confirming that the short range of device 4 is connected in checkout 2;Confirm there is confirmation security module 41 in device 4;Bank card 3 is connected with checkout 2;Confirm that device 4 is connected with the short range of checkout 2.When bank card is CPU card:
Receive single platform 1:Platform private key RSA Send only Accounts, payment public key RSA
Payment data public key RSA mmmrn; Bank card 3:Pay the bill private key RSA u, Send only Account F and PIN51;
Confirm security module 41:Payment data private key RSA
Requestee 5 has the PIN51 of bank card 3;
Gathering security module 21:Collecting account S and gathering data private key RSA m m^
1st, checkout 2 obtains amount of money M, there is collecting account S;
2nd, confirm that device 4, close to checkout 2, is obtained(M、 S);
3rd, display amount of money M and(Or)Collecting account S;
4th, confirm to input PIN51 on device 4, confirm that security module 41 calculates RSA M, S, PIN51);
5th, confirm that device 4 is again adjacent to checkout 2, transmit RSAft ¾ffi(M, S, PIN51) arrives checkout 2, is then delivered to the single platform 1 of receipts;
6th, receive single platform 1 and calculate RSA (RSA M, S, PIN51)), then calculate RSA (RSA M, S, PIN51)), checkout 2 is sent to, then to bank card 3;
7th, bank card 3 is according to RSA RSA RSA (RSA M, S, PIN51)), obtain(M, S, PIN51), if PIN51 and PIN51-cause in bank card, calculate RSA M, S, F);
8th, the transmission RSA of bank card 3 (M, S, F) arrives checkout 2, then to the single platform 1 of receipts;
9th, receive single platform 1 and calculate RSA RSA M, S, F)), M and S is obtained, is then paid according to M, collecting account S and Send only Account F.Step 1 and 2, is exactly " confirming device close to checkout, short range obtains gathering data ".Here gathering data are collecting accounts(Core)With amount of money M, collecting account and the amount of money can also be generated on display device is confirmed, can be other communication technologys, and such as NFC, RFID, audio communication or confirmation display device scanning checkout show the Quick Response Code for including payment data.
Step 3, it is " confirming device display gathering data ";Here collecting account can not be shown.
Step 4 is " confirming that device generation pays critical data ".Confirm that device generation pays critical data M, PIN51, collecting account S, RSA M, S, PIN51);
Transmission pays critical data to last payment data generating means bank card 3, and the last payment data generating means of the present embodiment are CPU cards, and is not connected to confirm device;" if last payment data generating means connection confirms device, then confirms that device transmission pays critical data and is sent to last payment data device, generates last payment data, and be sent to confirmation device ", the present embodiment is not performed;
Step 5, exactly " confirm that device is again adjacent to checkout, short range transmission pays critical data or last payment data to checkout ".Confirm that device, close to checkout, critical data is paid to checkout by short-haul connections transmission;
Step 6,7,8 and 9, exactly " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform; otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ";The present embodiment, bank card 3 is last payment data generating means.
Step 10, " receive single platform and payment processes are carried out according to last payment data ";When bank card is magnetic card, it is necessary to added in checkout 2 and receive the security module 21 that single platform is provided.Shellfish IJ:
1st, checkout 4 generates or inputted amount of money M;
2nd, confirm that device 4, close to checkout 2, receives amount of money M and collecting account;
3rd, display the amount of money and(Or)Collecting account; 4th, requestee is confirmed after display information, and PIN51 is inputted on device 4 is confirmed;
5th, confirm that security module 41 calculates RSA mm (amount of money M, collecting account S, PIN51);
6th, confirm device 4 close to checkout 2, transmission RSA M, S, PIN51) checkout 2 is arrived, it is then delivered to the single platform 1 of receipts;
7th, receive single platform 1 and calculate RSA (RSA M, S, PIN51)), then calculate RSA (RSA M, S, PIN51)), it is sent to checkout 2 and security module 21;
8th, security module 21 is according to RSA RSA RSA RSA M, S, PIN51)), obtain the amount of money M, S and PIN51;
9th, security module 21 is combined according to bank's Standard Encryption(M, S, F, PIN51), it is sent to the single platform 1 of receipts and carries out payment processes;Here, RSA Mg could only be transmitted when confirmation device is close to checkout¾t¾(M、 S、 PIN51).If it is confirmed that device is mobile phone, it is exactly using step:
1st, inserted on checkout(Brush)Bank card;
2nd, the amount of money is inputted on checkout;
3rd, mobile phone close to checkout;
4th, Check sees the mobile phone the payment data of display;
5th, payment data is correct, then inputs bank card PIN code;
6th, mobile phone close to checkout, complete to pay;
Even, due to there is generation RSAffiThe step of (M, S, PIN51);If adding Send only Account F wherein, then receive single platform just can directly generate last payment data according to M, S, F and PIN51.RSA^aMgw^ essence is exactly the digital signature that requestee pays.It is alternative associate and using the mobile phone U-shield payment of bank card that example 5, which is implemented,.
[embodiment 6] (PIN code is changed)
The present invention is exactly, payment critical data, user's credible equipment to be output to believable method, is used by user's confirmation payment data or after confirming.According to the 6th embodiment of the present invention, the system associated by a kind of method of secure payment is as shown in Figure 7.Safety payment system includes:Receive single platform 1, checkout 2, bank card 3, confirmation device 4 and requestee 5.Single platform 1 is wherein received to be connected with checkout 2;Bank card 3 is connected with checkout 2;Confirm that device 4 is connected with the short range of checkout 2.Receiving single platform 1 includes:Receive the Send only Account F and payment public key RSA collecting accounts S and gathering public key RSA of single platform private key RSA bank cards 3 of platform 1
Checkout 2 includes:Security module 21 and platform public key RSA collecting accounts S;
Confirm that device 4 includes:Pay the bill private key RSA
Requestee has bank card 52 (containing Send only Account)And corresponding PIN51;If bank card is magnetic card(Only accounts information), then:
1st, the generation of checkout 2 amount of money M, is calculated (M, S), is sent to the single platform 1 of receipts;
2nd, receive single platform 1 and calculate RS A RSA M, S)) M, S are obtained, and serial number N is generated, then calculate RSA (N) and be sent to checkout 2;
3rd, RSA (N) is sent to security module 21 by checkout 2;Brush bank card 3 obtains Send only Account F simultaneously;Security module 21 calculates RSAfeft (RSA mkmn (N)), obtains serial number N;Security module 21 calculates RSA (F, N);It is sent to Receive single platform 1;
4th, receive single platform 1 and calculate RSA RSA (F, N)), F and N is obtained, collecting account S can be obtained according to N;
5th, receive single platform 1 and generate random confirmation code R, and calculate RSA (M, S, R), be sent to checkout 2;
6th, confirm that device 4, close to checkout 2, obtains RSA (M, S, R);
7th, confirm that device calculates RSA (RSA m &a (M, S, R)) and obtains M, S and R, show M and collecting account S;
8th, requestee 5 is confirmed after collecting account S and amount of money M, the PIN51 on the input of device 4 is confirmed;
9th, confirm that device calculates K=PIN51+R;
10th, confirm that device 4 is again adjacent to checkout 2, checkout 2 is by with confirming that the short range of device 4 is connected, obtaining K and being sent to the single platform 1 of receipts;
11st, receive single platform 1 and calculate K-R, obtain PIN51;
12nd, single platform 1 is received according to PIN51, F, S and M, is generated last payment data, is carried out payment processes.In this embodiment, step 1,2,3 and 4 are exactly that M, collecting account S and Send only Account F are sent to the single platform 1 of receipts;Obviously can also directly it transmit, safety is not reduced substantially.Step 5 and 6 is exactly, the confirmation code R of generation and gathering data, to securely transmit in confirmation device 4.It is exactly " confirming that device obtains the gathering such as the amount of money and collecting account data ".
Step 7, it is exactly " confirm that device shows value data, and(Or)Collecting account ".
Step 8 and 9 is exactly to convert PIN51." confirming that device generation pays critical data ".
Step 10, " if last payment data generating means connection confirms device; so confirm that device transmission pays critical data and is sent to last payment data device; the last payment data of generation; and it is sent to confirmation device ", the last payment data generating means of the present embodiment are to receive single platform, and " confirming device close to checkout, short range transmission pays critical data or last payment data to checkout ";
Step 11, " if the payment critical data that checkout is received is last payment data; be then transferred directly to receive single platform; otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts ".
Step 12, receive single platform and payment processes are carried out according to last payment data;Receive single platform 1 and obtain PIN51, then constitute last payment data and paid.Obviously, the advantage of embodiment 6 is, non-encrypted state does not occur all the time in confirmation code PIN51, and only could be sent out K close to checkout with confirmation device physical.The step of inputting K on the keyboard of checkout can also be used, this is also short range connection transmission.If bank card 3 is CPU card(There is computing capability), then:Receiving single platform 1 includes:The Send only Account F and payment public key RSA of bank card 3m ;
Bank card 3 includes:Payment data private key RSA mmwM^ Send only Accounts F and payment private key RSA u m;
Confirm that device 4 includes:Payment data private key RSA
Requestee has the corresponding PIN51 of bank card 3;
1st, the generation of checkout 2 amount of money M, transmission M and collecting account S to bank card 3;
2nd, bank card 3 generates random confirmation code R, and calculates RSA M, S, R), it is sent to checkout 2;
3rd, confirm that device 4, close to checkout 2, obtains RSA (M, S, R);
4th, confirm that device calculates RSA RSA M, S, R)) M, S and R are obtained, show M and S; 5th, requestee 5 is confirmed after collecting account S and amount of money M, is confirming the input of device 4 PIN51
6th, confirm that device calculates K=PIN51+R;
7th, confirm that device 4 is again adjacent to checkout 2, checkout 2 is by with confirming that the short range of device 4 is connected, obtaining K and being sent to bank card 3;
8th, bank card 3 calculates K-R, obtains the Γ of Ρ Ι Ν 5;
If the 9, Γ of Ρ Ι Ν 51=Ρ Ι Ν 5, bank card 3 constitutes last payment data RSA m n (F, S, M) and is sent to the single progress of platform 1 payment processes of receipts.In this embodiment, step 1 is exactly that M, collecting account S and Send only Account F are sent to bank card 3;Step 2,3 and 4 are exactly the confirmation code R and payment data generation, are sent in confirmation device 4.Step 5 and 6 is exactly to convert PIN51.K, is exactly sent to bank card 3 by step 7,8 and 9 with short range connected mode, and obtains PIN51, is then constituted last payment data and is paid.Obviously, the advantage of embodiment 5 is, non-encrypted state does not occur all the time in confirmation code R, and only confirms that device physical could send out K close to checkout, it is clear that can also input through keyboard K.
Exchanged it will be apparent that bank card 3 is intended merely to information with the connection of checkout, it is possible to bank card(Magnetic card is that accounts information F, CPU card are the chip or program for having computing capability)It is put into confirmation device, i.e., bank card 3 is logically connected with checkout 2, physically in device 4 is confirmed.So, occupation mode is:
1st, the amount of money is inputted on checkout;
2nd, mobile phone close to checkout;
3rd, Check sees the mobile phone the payment data of display;
4th, payment data is correct, then inputs bank card PIN code;
5th, mobile phone close to checkout, complete to pay;
It is embodiment 5 that more practical Bicell phone, which pays embodiment,.
[embodiment 7] (Bicell phone is paid)
System associated by embodiments in accordance with the present invention 5 is as shown in Figure 8.Payment system includes:Receive single platform 1, network 2, payment device 3, checkout 4 and requestee 5.Single platform 1 is wherein received to be connected by network 2 with checkout 4;Payment device 3 is connected with checkout 4 by NFC.
A kind of short range twice associated by embodiments in accordance with the present invention 5 connects the device of secure payment, as shown in Fig. 8 confirmation device.Confirm there is calculating in device(Base band)Chip 31 is connected with display 34 and keyboard 35;Safety chip 32 is connected with computing chip 31 and NFC chip 32, computing chip 31 be connected with the dotted line of NFC chip 33 be current mobile phone structure, but should be without from security standpoint.In addition, if using the PIN that storage payment needs in device is confirmed, then keyboard 35 can be omitted.
Equally, there is calculating in checkout(Base band)Chip 41 is connected with display 44 and keyboard 45;Safety chip 42 is connected with computing chip 41 and NFC chip 42, is exactly that chip 41 is connected by network 2 with receiving single platform 1.Network 2 can be GPRS, WIFI, bluetooth and telephone network.
Safety chip 32 can perform the module of the standard payment flow of PBOC (EMV) cards;Safety chip 42 can perform the flow of security module in PBOC (EMV) terminal, particularly internet POS security modules flow.
Receive single platform 1:Possess outside including all information required for bank card receipts list, also Send only Account F payment data public key RSAftftSiThe H months, collecting account S gathering data public key RSA m ^;
Confirm device 3:There are all information and payment data private key RSA mmrnm that bank card is paid;
Checkout 4:Security module 41 has all information of banking terminal, collecting account S and gathering data private key RSA m m; Requestee 5 has PIN51;
1st, the computing chip 41 of checkout 4 generates amount of money M, and is sent to safety chip 42 (inside having collecting account S), then NFC chip 43;
2nd, device 3 is confirmed close to checkout 4, and NFC chip 33 is obtained from NFC chip 43(M、 S);
3rd, safety chip 32 is obtained from NFC chip 33(M, S), it is sent to computing chip 31;
4th, computing chip 31 is shown after M (and S) on the display 34, and requestee inputs PIN51 on keyboard 35, and is sent to safety chip 32;
5th, safety chip 32 calculates RSA M, S, PIN51), it is sent to NFC chip 33;
6th, payment device 3 is close to checkout 4, and the transmission RSA m mn of NFC chip 33 (M, S, PIN51) arrive NFC chip 43, then to safety chip 42, to computing chip 41, then receives single platform 1 by the transmission of network 2;
7th, receive single platform 1 and calculate RSA RSA M, S, PIN51)), obtain(M、 S、 PIN51);Calculate RSA
M, S, PIN51) computing chip 41 is sent to by network 2, it is then delivered to safety chip 42;
8th, (RSA mm& (M, S, PIN51) are obtained the calculating of safety chip 42 RSA(M、 S、 PIN51);
9th, (the card of safety chip 32), (the terminal security module of safety chip 42), NFC33, NFC43, NFC33 and NFC43 connection, baseband chip 41, network 2 and single platform 1 is received, according to bank paying normal process(PBO EMV) delivery operation is carried out, when safety chip 42 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using safety chip;Input PIN51 in step 4, which can also be used, is pre-stored in PIN51 in safety chip 32.For enhancing safety, increase is confirmed after the NFC connections shut-off of device and checkout, the step of could being calculated using PIN51.Step 6 preferably also transmission Send only Account, to gathering platform 1, is conducive to gathering platform Check to look for payment data public key.
The confirmation device of the device of secure payment is connected as a kind of short range twice, in the present embodiment, it includes:Display device:For selecting display gathering data;Safety device:Critical data is paid for generating, or generates last payment data;Short-haul connections device, inputoutput data is connected for short range;Safety device is connected with display device, and safety device is connected with short-haul connections device;
Safety device obtains gathering data by short-haul connections device(Step 2), selection is delivered to display device and shown(Step 3);Safety device pays critical data or last payment data according to gathering data generation(Step 4);Safety device pays critical data or last payment data again by the output of short-haul connections device(Step 5).
The essence of the present embodiment is exactly to use confirmation device(Mobile phone)It is used as checkout(Mobile phone, internet POS)(POS machines in PBOC standards)" code keypad ".It is convenient that narration is intended merely to using asymmetric cryptography agreement.Actually because checkout security module is provided by merchant bank, gathering data public key and private key can not needed, and use other secure transfer means;The function of this pair of secret keys is ensuring that, by receiving M and PIN that single platform processes are obtained, securely transmits the security module of checkout.Payment data public key and private key can also use DSE arithmetic, and his purpose is ensuring that securely transmits the single platform of receipts the M and PIN that confirm by requestee.
Certificate of utility can be used, key exchange is carried out:
Receive single platform 1:Bank card, which receives single all information needed, includes credit card issuer certificate RSA¥i!¾ffi;Safety chip 42 possesses the data of standard POS security modules, collecting account, gathering private key RSAft¾ffiAnd certificate RSA i^ (RSAfei^);Safety chip 32 possesses the Send only Account of bank card, (RSA requestee 5 has PIN51 to payment private key RSA and certificate RSA;
1st, the computing chip 41 of checkout 4 generates amount of money M, and is sent to safety chip 42, then NFC chip 43;
2nd, device 3 is confirmed close to checkout 4, and NFC chip 33 obtains M and collecting account S from NFC chip 43;
3rd, safety chip 32 obtains M and collecting account S from NFC chip 33, is sent to baseband chip 31;
4th, safety chip 32 reads the certificate of safety chip 42:(RSA generates random number R l to RSA, and transmission RSA (R1) arrives safety chip 42;
5th, safety chip 42 calculate RSA (RSA mk& (RD) obtain R1, generate random number R 2, calculate RSA m & (R1, R2), And it is sent to safety chip 32;Asymmetric cryptographic key is used as using E=(Rl R2).
6th, safety chip 32 calculates RSA (RSA (Rl, R2)) and obtains R1 and R2, completes the certification of safety chip 42, asymmetric cryptographic key is used as using E=(Rl, R2).
7th, baseband chip 31 is shown after amount of money M (and collecting account S) on the display 34, and requestee inputs PIN51 on keyboard 35, and is sent to safety chip 32;
8th, safety chip 32 calculates DESE(M PIN51), is sent to NFC chip 33;
9th, confirm that device 3 transmits DES close to the NFC chip 33 of checkout 4E(M PIN51) arrives NFC chip 43, then to safety chip 42
, safety chip 42 calculate DESE(M PIN51), is obtained(M PIN51);
, safety chip 32 (card), (the terminal security module of safety chip 42), NFC33 and NFC43 connection, baseband chip 41, network 2 and single platform 1 is received, according to bank paying normal process(PBO EMV) delivery operation is carried out, when safety chip 42 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using safety chip 42
Step 2345 and 6, is, when first time short range is connected, to carry out multiple data exchange.
The key for realizing safety chip 32 and safety chip 42 used here as common digital certificate is exchanged.
[embodiment 8] (mobile phone terminal)
Association the 8th kind of embodiment of the invention is as shown in Figure 9.Payment system includes:Receive single platform 1, network 2, confirm device 3, checkout 4, bank card 6 and requestee 5.Single platform 1 is wherein received to be connected by network 2 with checkout 4;Confirm that device 3 is connected with checkout 4 by short range;Checkout 4 is connected with bank card 6 by NFC.
Confirm there is computing chip 31 to be connected with display 34 and keyboard 35 in device.
There is computing chip 41 to be connected with display 44 and keyboard 45 in checkout;Safety chip 42 is connected with baseband chip 41 and NFC chip 42, and baseband chip 41 is connected by network 2 with receiving single platform 1.Network 2 can be GPRS WIFK bluetooths and telephone network.Bank card 6 can perform the module of the standard payment flow of PBOC (EMV) cards;Safety chip 42 can perform the flow of security module in PBOC (EMV) terminal, particularly internet POS security modules flow.So:
Receive single platform 1:Possess outside including all information required for bank card receipts list, also Send only Account F payment data public key RSAftftSiH collecting accounts S gathering data public key RSA m ^;
Confirm that device has all information and payment data private key RSA mmrnm of bank card payment;
All information of banking terminal of 2 security module of checkout 21 and gathering data private key RSA m rn;
Requestee 5 has PIN51;
1st, checkout 4 obtains Send only Account F, the baseband chip 41 of checkout 4 generation amount of money M, transmission Send only Account F, collecting account S and M to the single platform 1 of receipts close to bank card 6;
2nd, single platform 1 generation confirmation code R at random is received, RSA (M S, R) is calculated, is sent to checkout 4;
3rd, checkout 4 changes RSA M S R) into Quick Response Code, and show;
4th, baseband chip 31 scans display 44 by camera 33, obtains RSA M S, R);
5th, baseband chip 31 calculates RSA (RSA f (M S R));
6th, baseband chip 31 shows M (and R) on the display 34;
7th, requestee inputs PIN51 on keyboard 35
8th, baseband chip 31 calculates K=PIN51+R, and shows;
9th, K is inputted on the keyboard 45 of checkout 4, is sent to the single platform 1 of receipts; , receive single platform 1 and calculate K-R, obtain PIN51, calculate RSA Mw^ (M, S, PIN51), be sent to the safety chip 42 of checkout 4;
, safety chip 42 calculate RSA mm n (RSA mm & (M, collecting account S, PIN51)) obtain(M, collecting account S, PIN51);, bank card 6, (the terminal security module of safety chip 42), the connection of NFC43 and bank card 6, baseband chip 41, network 2 and single platform 1 is received, according to bank paying normal process(PBOC, EMV) delivery operation is carried out, when safety chip 42 needs input amount of money M and PIN, the amount of money M and PIN51 obtained using safety chip;
The essence of the present embodiment is exactly to use payment device(Mobile phone)It is used as checkout(Mobile phone, internet POS)(POS machines in PBOC standards)" code keypad ".It is convenient that narration is intended merely to using asymmetric cryptography agreement.Actually because checkout security module is provided by merchant bank, gathering data public key and private key can not needed, and use other secure transfer means;The function of this pair of secret keys is ensuring that, by receiving M and PIN that single platform processes are obtained, securely transmits the security module of checkout.The purpose of payment data public key and private key is exactly to securely transmit M, S to payment device.And PIN51 is converted for K, in order to protect PIN51 safety.
Obviously, the bank card in this embodiment, may be inserted into checkout and is directly connected to;Payment device can also be attached to(Mobile phone)On, bank card is connected with checkout logic, and with payment device physical connection.
In the description of all embodiments of the present invention, the information of payee is all represented using collecting account, is easy to requestee to be confirmed.Obviously the name of payee can be changed into replace.The thought of the present invention, its core is exactly to use short-range communication technology(NFC, RFID, audio communication or Quick Response Code), mobile phone is realized as " code keypad " of POS terminal, or random confirmation code, bound transaction data and confirmation code are used, transaction data is shown in other equipment, confirmation code is converted, using the confirmation code after conversion, generation really " transaction " instruction.It is different according to the mode of trading instruction, can be the PIN code in magnetic card transaction, whether the end product of this yard generation is " correct ", and the system is not relevant for, and the PIN code of user's input can not be revealed by being only concerned(It is probably wrong), graphic code can be used in addition(Quick Response Code)Encryption information is transmitted, is also an innovation.
Illustrate the method for the present invention with embodiment above, particularly password authentication protocol is even more so.But it is of the invention, do not limit cipher protocol;Cipher protocol in embodiment is descriptive, rather than is limited restricted.The present invention is not fully limited for Bank application, it is clear that can also be applied to online game, also have other to need authentication(Account and password), in addition it is also necessary to authentication data(The amount of money)Application.Although in the embodiment more than, invention has been described, it is to be understood that, the description of above example is illustrative and be not restrictive, it will be appreciated by those skilled in the art that, on the premise of the spirit and scope of the present invention being defined by the claims are not departed from, various modifications, improvement, modification can be made and replaced.

Claims (10)

  1. Claim
    1st, a kind of short range twice connects the device of secure payment, and it includes:
    Display device:For selecting display gathering data;
    Safety device:Critical data is paid for generating, or generates last payment data;
    Short-haul connections device, inputoutput data is connected for short range;
    Safety device is connected with display device, and safety device is connected with short-haul connections device;
    Safety device obtains gathering data by short-haul connections device, and selection is delivered to display device and shown;Safety device pays critical data or last payment data according to gathering data generation;Safety device pays critical data or last payment data again by the output of short-haul connections device.
    2nd, device according to claim 1, it is characterised in that also have security module to carry out related cryptographic calculations, generates last payment data, and generation pays critical data.
    3rd, the system that a kind of short range twice connects secure payment, it includes:
    Checkout:For transmitting gathering data to confirmation device short range, or receive the payment critical data or last payment data come from confirmation device short range transmission, or transmission pays critical data to last payment data generating means, either from last payment data generating means receive last payment data or transmit last payment data to receiving list platform etc.;
    Confirm device:For selecting display gathering data, generation to pay critical data or last payment data, and short range is sent to checkout;Receive single platform:Last payment data is generated according to the payment critical data received or last payment data is received, and according to last payment data, performs legal last payment data, the illegal last payment data of refusal;
    Last payment data generating means:Last payment data is generated according to critical data is paid, he can connect checkout, can also connect confirmation device, may be in checkout, may be at confirming in device, be also in receiving in single platform;
    Checkout is connected with receiving single platform;Confirm that device is connected with checkout short range;
    Device is confirmed close to checkout, and short range obtains gathering data;Confirm device selection display gathering data;Confirm that device generation pays critical data, if last payment data device connection confirms device, then the transmission of confirmation device is paid critical data to last payment data device, last payment data is generated, and be sent to confirmation device;Confirm that device is again adjacent to checkout, short range transmission pays critical data or last payment data to checkout;If the payment critical data that checkout is received is last payment data, it is transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts;Receive single platform and payment processes are carried out according to last payment data.
    4th, system according to claim 3, it is characterized in that CPU card is last payment data generating means, CPU card is directly connected to checkout, receives the payment critical data that checkout transmission comes, last payment data is generated, and sends back checkout and receives single platform.
    5th, system according to claim 3, it is characterised in that receive in single platform and also have safety device, receives the payment critical data that checkout transmission comes, and generates last payment data, and be sent to the single platform of receipts.
    6th, system according to claim 3, it is characterised in that checkout also has security module, receives the payment critical data that checkout transmission comes, and generates last payment data, and be sent to the single platform of receipts.
    7th, a kind of connection of short range twice safe payment method, it includes:
    A, confirmation device are close to checkout, and short range obtains gathering data;
    B, confirmation device selection display gathering data;
    C, confirmation device generation pay critical data;
    If D, last payment data generating means connection confirm device, then confirm that device transmission pays critical data and is sent to last payment data device, generate last payment data, and transfer back to confirmation device;
    E, confirmation device are again adjacent to checkout, and short range transmission pays critical data or last payment data to checkout; If the payment critical data that F, checkout are received is last payment data, then it is transferred directly to receive single platform, otherwise transmission pays critical data and generates last payment data to last payment data generating means, and transmits last payment data to the single platform of receipts;
    The single platform of G, receipts carries out payment processes according to last payment data.
    8th, method according to claim 7, last payment data generating means either connect the CPU card of checkout, or the security module in checkout, or connect the receipts list platform of checkout;It is characterized in that also payment critical data is sent to last payment data generating means, the step of last payment data generating means are according to critical data generation last payment data is paid by checkout.
    9th, method according to claim 7, it is characterised in that the payment critical data in step C is last payment data, confirms that device is exactly last payment data generating means.
    10th, method according to claim 7, it is characterised in that step C, which pays critical data, to be generated in the security module for confirming device, while also security module forbids paying the step of critical data is sent to confirmation device.
CN201480019130.8A 2013-03-26 2014-03-25 Two-time near distance connection secure payment device, method, and system Pending CN105074746A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201480019130.8A CN105074746A (en) 2013-03-26 2014-03-25 Two-time near distance connection secure payment device, method, and system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201310097568 2013-03-26
CN2013100975685 2013-03-26
PCT/CN2014/074021 WO2014154129A1 (en) 2013-03-26 2014-03-25 Two-time near distance connection secure payment device, method, and system
CN201480019130.8A CN105074746A (en) 2013-03-26 2014-03-25 Two-time near distance connection secure payment device, method, and system

Publications (1)

Publication Number Publication Date
CN105074746A true CN105074746A (en) 2015-11-18

Family

ID=51622459

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480019130.8A Pending CN105074746A (en) 2013-03-26 2014-03-25 Two-time near distance connection secure payment device, method, and system

Country Status (2)

Country Link
CN (1) CN105074746A (en)
WO (1) WO2014154129A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114330396B (en) * 2021-12-31 2023-10-13 福建新大陆支付技术有限公司 External password keyboard and identity card information interaction method based on Android platform

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123454A (en) * 2007-09-21 2008-02-13 北京交通大学 Method and system for data transmission of mobile UnionPay card based on bluetooth
CN102073802A (en) * 2009-11-23 2011-05-25 邵通 Security system and method
WO2012048373A1 (en) * 2010-10-14 2012-04-19 Nokuta Pty Ltd Systems and methods of securely carrying out transactions
CN102521743A (en) * 2011-11-16 2012-06-27 赵启程 Mobile phone safety payment method and system on basis of wireless channel
CN102568097A (en) * 2010-12-08 2012-07-11 邵通 Method and system for improving safety of electronic wallets
CN102779303A (en) * 2012-08-07 2012-11-14 上海方付通商务服务有限公司 Wireless payment system and method on basis of mobile phone
US20130026229A1 (en) * 2011-07-27 2013-01-31 Murray Jarman System or Method for Storing Credit on a Value Card or Cellular Phone Rather Than Accepting Coin Change

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060401A (en) * 2006-04-21 2007-10-24 上海烨鑫网络技术服务有限公司 The third party safety payment confirmation method controlled with the mobile phone short message
US20130009756A1 (en) * 2011-07-07 2013-01-10 Nokia Corporation Verification using near field communications
CN102402744A (en) * 2011-11-08 2012-04-04 北京数码视讯软件技术发展有限公司 Data processing method and system of mobile equipment and mobile equipment
CN102592221A (en) * 2012-01-16 2012-07-18 深圳一卡通新技术有限公司 Bank card payment system and method based on mobile phone confirmed password

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123454A (en) * 2007-09-21 2008-02-13 北京交通大学 Method and system for data transmission of mobile UnionPay card based on bluetooth
CN102073802A (en) * 2009-11-23 2011-05-25 邵通 Security system and method
WO2012048373A1 (en) * 2010-10-14 2012-04-19 Nokuta Pty Ltd Systems and methods of securely carrying out transactions
CN102568097A (en) * 2010-12-08 2012-07-11 邵通 Method and system for improving safety of electronic wallets
US20130026229A1 (en) * 2011-07-27 2013-01-31 Murray Jarman System or Method for Storing Credit on a Value Card or Cellular Phone Rather Than Accepting Coin Change
CN102521743A (en) * 2011-11-16 2012-06-27 赵启程 Mobile phone safety payment method and system on basis of wireless channel
CN102779303A (en) * 2012-08-07 2012-11-14 上海方付通商务服务有限公司 Wireless payment system and method on basis of mobile phone

Also Published As

Publication number Publication date
WO2014154129A1 (en) 2014-10-02

Similar Documents

Publication Publication Date Title
CN103873244B (en) Identity authentication method and system in mobile payment based on fingerprint identification
EP2526514B1 (en) Method, device and system for securing payment data for transmission over open communication networks
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20160117673A1 (en) System and method for secured transactions using mobile devices
TWI775820B (en) Mobile payment subauthorization method and payment system realized by the method
EP3098786A1 (en) Emv transactions in mobile terminals
EP2701415A1 (en) Mobile electronic device and use thereof for electronic transactions
EP2733654A1 (en) Electronic payment method, system and device for securely exchanging payment information
CN104240074B (en) The online payment system of prepaid card and its method of payment of identity-based certification
Chen et al. NFC mobile payment with Citizen Digital Certificate
CN101098225A (en) Secure data transmission method and payment method, payment terminal and payment server
CN103971241A (en) Two-channel payment method and system
CN105046479A (en) Trusted service manager (TSM) architectures and methods
EP1142194B1 (en) Method and system for implementing a digital signature
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
CN101697220A (en) Systems and methods for secure pin-based transactions
CN101916476A (en) Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology
CN102096972A (en) Method and system for finishing on-line payment based on user terminal, and user terminal
CN107730256A (en) Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method
CN104871186A (en) Application system for mobile payment and method for providing and using mobile payment tool
CN104021473A (en) Safe payment method of visual financial card
CN104574047A (en) Financial IC card payment platform based on Internet
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
CN101369365A (en) POS system for mobile phone based on built-in certificate and virtual credit card
US9792592B2 (en) Portable electronic device for exchanging values and method of using such a device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20151118

RJ01 Rejection of invention patent application after publication