CN101436280B - Method and system for implementing electronic payment of mobile terminal - Google Patents

Abstract

The invention discloses a method for realizing electronic payment of a mobile terminal. An intelligent card is taken as a carrier of business data and a key and is connected with a mobile telephone to substitute for a solid bank card; at the same time, encryption and decryption technology is utilized to perform signature encryption to the business data and further convert the encrypted data into a two-dimensional code so as to realize the safe and instant payment of the bank card. The invention also discloses a device for realizing electronic payment of the mobile terminal. The method solves the potential safety hazard caused by directly converting account information into the two-dimensional code for electronic payment at present, provides safety protection for the electronization of the bank account payment, and provides the novel carrier for account information of the bank card.

Description

Realize the method and system of electronic payment of mobile terminal

Technical field

The present invention relates to the E-Payment technology, particularly realize the method and system of electronic payment of mobile terminal.

Background technology

Smart card has been widely used in the fields such as bank, telecommunications, social insurance, ecommerce, for Secure Transaction provides reliable assurance as a kind of IC-card with functions such as identification, payment, encrypt/decrypts now.Planar bar code technology is brand-new automatic identification and information carrier technology, have contain much information, error correcting capability is strong, recognition speed is fast, advantages such as comprehensive recognition, and support variety carrier.

The mode of utilizing portable terminal to pay by mails at present is directly to convert accounts information to two-dimension code, and is stored on the mobile phone.When concluding the business, all be that this fixing two-dimension code is discerned at every turn, in security, have very big hidden danger,, can cause tremendous loss to the user in case mobile phone is lost.

Summary of the invention

In view of this, the object of the present invention is to provide the method and system of realizing electronic payment of mobile terminal, the electronization that is used to the bank account payment provides the new modes of payments and safer protection.

For realizing above-mentioned purpose, the invention provides a kind of method that realizes electronic payment of mobile terminal, may further comprise the steps:

The smart card that stores business datum is connected with portable terminal, said business datum is encrypted, and convert the business datum after encrypting into two-dimension code; Distinguish said two-dimension code, it is reduced to original ciphertext, to carrying out authentication after the said decrypt ciphertext, if authentication success then conclude the business;

Wherein, said business datum is encrypted specifically comprises:

The user selects corresponding business data in the smart card, in smart card, produces the authentication factor; The said authentication factor is specially: the data element of exchange hour or agreement;

With business datum and the synthetic data 1 of authentication factor set;

Individual private key with in the smart card blocks interior signature to data 1, thereby generatesdata 2;

Use the said authentication factor data 1 anddata 2 to be encrypted, generate ciphertext 1 as key;

Use the PKI in bank's root certificate that the said authentication factor is encrypted, generateciphertext 2.

The present invention replaces the entity bank card through being connected the carrier of smart card as business datum and key with portable terminal with this; Utilize encryption and decryption technology that business datum is wherein carried out encrypted signature simultaneously, convert data encrypted into two-dimension code then, to realize the safe pay down of bank card.Solved and at present directly convert accounts information to two-dimension code and pay the potential safety hazard of bringing by mails, paying by mails for bank account provides safe guarantee, and new carrier is provided for bank card account information.

Description of drawings

Fig. 1 is a system construction drawing of realizing electronic payment of mobile terminal in the embodiment of the invention;

Fig. 2 is a method flow diagram of realizing electronic payment of mobile terminal in the embodiment of the invention.

Embodiment

Embodiments of the invention are through with the embedded or external smart card that contains business datum and relevant key information of portable terminal, and the user is connected portable terminal with the e-bank server, and carries out authentication with smart card, conclude the business determining whether.Through utilizing the combination of smart card and portable terminal, make portable terminal have the function the same with bank card on the one hand, the user only need carry this medium of mobile phone and can realize paying by mails; On the other hand, when transaction,, guaranteed the secure payment of bank card through adopting encryption and decryption technology that user sensitive information is carried out encrypted signature.

For making the object of the invention, technical scheme and advantage clearer, the present invention is made further detailed description below in conjunction with accompanying drawing.

Fig. 1 is a system construction drawing of realizing electronic payment of mobile terminal in the embodiment of the invention; Comprising portable terminal 1 that can complete two-dimensional code display figure; This portable terminal can embedded two-dimension code modular converter, and this module can be with converting two-dimension code into behind the business datum encrypted signature in the smart card; Thesmart card 11 that is used for storage service data and key, said two-dimension code modular converter also can be arranged in the smart card, accomplish said function; Can correctly distinguish out theidentification terminal 2 of the two-dimension code that shows on the portable terminal; Authentication terminal 3, the authentication terminal can pass to e-bank's server with information such as ciphertext business datum, transaction data and verification msgs; E-bank's server 4 is deciphered and is verified ciphertext, if verify successfully then conclude the business.

Fig. 2 is a method flow diagram of realizing electronic payment of mobile terminal in the embodiment of the invention, and this method specifically may further comprise the steps:

Step 201, the smart card that will store business datum and key are connected with portable terminal.In the present invention, smart card can have multiple encapsulation form, can support multiple communication form such as SD interface, USB interface, ISO 7816.The business datum that is stored in the smart card is meant business information such as bank's root certificate, Private Banking's certificate, bank account and individual private key information etc.Among the present invention, can select the different connected modes with portable terminal according to the concrete encapsulation form of smart card, as be embedded in the portable terminal, or external connection.

Step 202, user select corresponding business data in the smart card, in smart card, produce the authentication factor.Business datum in the smart card can be to be presented to the user again after related service department of bank directly stores on the smart card according to individual specifying information; Also can be that the user downloaded from network voluntarily after related service department of bank generated the corresponding business data according to individual specifying information, the form that also can issue through the related service department of third party bank be obtained.In the present invention, the user can give the business datum of the one or more banks of smart card application of oneself according to individual demand, to realize a single account of card or the many accounts of a card.

For guaranteeing the security of business datum, the authentication factor can be specified various ways, like random number, Time of Day etc.The generation of this authentication factor can be realized by hardware or software, for example generates random number through random number generation module or respective algorithms, or utilizes the Time of Day of agreement to do the authentication factor.

Step 203, with the synthetic data 1 of business datum and authentication factor set.

Step 204, data 1 are blocked interior signature, thereby generatedata 2 with the individual private key in the smart card.Smart card need carry out signature operation before converting business datum and the authentication factor into two-dimension code, need to add authenticating user identification in the process of operation, like the input password etc.This data signature operation is that its concrete principle is for the identity of verifying transmit leg and the integrality that helps protected data: A is applied to this message to create eap-message digest with hash algorithm earlier, and this eap-message digest is compact and unique representation of data; Its this eap-message digest of individual encrypted private key of A usefulness is to create the idiograph then; B receiving message and when signature, and reverting to eap-message digest, and use comes ashed information with the employed identical hash algorithm of A to B with the PKI decrypted signature of A.If eap-message digest that B calculates and the eap-message digest of receiving from A are in full accord there, B just can confirm this message really from the private key possessor, and data are not modified.

Step 205, the use authentication factor are encrypted data 1 anddata 2 as key, generate ciphertext 1.This AES is a symmetric encipherment algorithm.

PKI instep 206, the use bank root certificate is encrypted the authentication factor and is generated ciphertext 2.Utilizing PKI in bank's root certificate that the authentication factor is encrypted is the method that adopts digital envelope, and the function class of digital envelope is similar to ordinary envelope capable, and ordinary envelope capable guarantees to have only the receiver could read the content of believing under the constraint of law; Digital envelope then adopts cryptographic technique to guarantee to have only the content that the recipient of regulation could reading information.Why will also encrypt the authentication factor mainly is to let key transmit with relatively safer form.

Step 207, with 2 combinations of ciphertext 1 and ciphertext and convert two-dimension code into, be presented on the portable terminal.This conversion realizes that through corresponding modular converter this module has the function that becomes data-switching two-dimension code, and this module can be built in the smart card and also can be built in the portable terminal.

Because the authentication factor all is different at every turn, so two-dimension code also all will regenerate when each transaction, could guarantee the security of concluding the business like this.

Afterstep 208, identification terminal are read two-dimension code, it is reduced to ciphertext 1 andciphertext 2, and sends it to the authentication terminal.

Step 209, authentication terminal pass to e-bank's server with the PIN of user's input and dealing money andciphertext 1,2.

Step 210, e-bank's server use bank's root certificate private key thatciphertext 2 is deciphered, and obtain the authentication factor.

Step 211, with authentication factor decrypting ciphertext 1, obtain data 1 anddata 2.

Step 212, utilize the corresponding individual PKI of business datum in the data 1 thatdata 2 are verified.

Ifstep 213 is verified successfully then is concluded the business.

In embodiments of the present invention, the packaged type of smart card can have multiple, for example:

Smart card is embedded in the portable terminal with the form of SD card, and this packing forms makes the user only need carry this medium of mobile phone and just can realize paying by mails easily and efficiently;

Perhaps; The packing forms of said smart card with PLUG-IN type card is embedded in the portable terminal; Or the packing forms of said smart card with integrated circuit be embedded in the portable terminal, or said smart card is carried out the outside with the packing forms of USB KEY with portable terminal be connected.The user in use, the patchcord of available USB mouth is carried out the outside with USB KEY with portable terminal and is connected, and realizes the E-Payment of portable terminal with this.

In addition, in embodiments of the present invention, the mode that the user obtains smart card also can have multiple, for example:

Related service department of bank produces corresponding business data and key according to the individual subscriber specifying information; And directly store on the smart card; The smart card that will store business datum and key again is presented to the user, and in a single day this smart card is issued, and being connected the back user can directly use with portable terminal;

Related service department of bank provides smart card to the user; And according to individual subscriber specifying information generation corresponding business data and key; The user can through with smart card with after portable terminal is connected, the form of employing network download downloads to business datum and key in the smart card and re-uses;

The third-party institution provides smart card to the user; The user directly uses the mode that related service department of third party bank downloads through using smart card, obtains corresponding service data and key information that this related service department of bank produces according to the individual subscriber specifying information.

Through above flow process, on the one hand through utilizing the combination of smart card and portable terminal, make portable terminal have the function the same with bank card, the user only need carry this medium of mobile phone and can realize paying by mails; On the other hand, when transaction,, guaranteed the secure payment of bank card through adopting encryption and decryption technology that user sensitive information is carried out encrypted signature.

In other embodiments of the invention, also can handle data and specify different modes, for example can be divided into data: ciphertext three parts that the signature+business datum of business datum+business datum generates make it be converted into two-dimension code.Also can be only it be signed and do not encrypt or simultaneously data are carried out encrypted signature.

In a word, the above is merely preferred embodiment of the present invention, is not to be used to limit protection scope of the present invention.

Claims (7)

1. a method that realizes electronic payment of mobile terminal is characterized in that, may further comprise the steps:

The smart card that stores business datum is connected with portable terminal, said business datum is encrypted, and convert the business datum after encrypting into two-dimension code; Distinguish said two-dimension code, it is reduced to original ciphertext; To said original decrypt ciphertext, and carry out authentication, if authentication success then conclude the business;

Wherein, said business datum is encrypted specifically comprises:

The user selects corresponding business data in the smart card, in smart card, produces the authentication factor; The said authentication factor is specially: the data element of exchange hour or agreement;

With business datum and the synthetic data 1 of authentication factor set;

Individual private key with in the smart card blocks interior signature to data 1, thereby generates data 2;

Use the said authentication factor data 1 and data 2 to be encrypted, generate ciphertext 1 as key;

Use the PKI in bank's root certificate that the said authentication factor is encrypted, generate ciphertext 2.

2. method according to claim 1 is characterized in that, the connected mode of said smart card and portable terminal specifically comprises:

The packing forms of said smart card with the SD card is embedded in the portable terminal; Or the packing forms of said smart card with PLUG-IN type card be embedded in the portable terminal; Or the packing forms of said smart card with integrated circuit be embedded in the portable terminal; Or said smart card is carried out the outside with the packing forms of USB KEY with portable terminal be connected.

3. method according to claim 1 and 2 is characterized in that, said business datum specifically comprises:

Bank's root certificate, Private Banking's certificate, bank account business information and individual private key information.

4. method according to claim 3 is characterized in that, the obtain manner of said business datum specifically comprises:

Related service department of bank produces the corresponding business data according to the individual subscriber specifying information, and directly stores on the smart card, and the smart card that will store business datum again is presented to the user; Or

Related service department of bank provides smart card to the user, and produces the corresponding business data according to the individual subscriber specifying information, the user through with smart card with after portable terminal is connected, the form of employing network download downloads to business datum in the smart card and re-uses; Or

The third-party institution provides smart card to the user, and the user directly uses the mode that related service department of third party bank downloads through using smart card, obtains the corresponding service data that this related service department of bank produces according to the individual subscriber specifying information.

5. method according to claim 4 is characterized in that, saidly is reduced to original ciphertext and specifically comprises:

After said two dimension code reading gone out, it is reduced to ciphertext 1 and ciphertext 2.

6. method according to claim 5 is characterized in that, this method further uses bank's root certificate private key that ciphertext 2 is deciphered, and obtains the said authentication factor;

With authentication factor decrypting ciphertext 1, obtain data 1 and data 2.

7. method according to claim 6 is characterized in that, said authentication specifically comprises: utilize the corresponding individual PKI of business datum in the said data 1 that data 2 are verified, and legal like checking through showing transaction.

Images