CN102073958A - System and method for implementing mobile payment - Google Patents
System and method for implementing mobile paymentDownload PDFInfo
- Publication number
- CN102073958A CN102073958ACN2009102287306ACN200910228730ACN102073958ACN 102073958 ACN102073958 ACN 102073958ACN 2009102287306 ACN2009102287306 ACN 2009102287306ACN 200910228730 ACN200910228730 ACN 200910228730ACN 102073958 ACN102073958 ACN 102073958A
- Authority
- CN
- China
- Prior art keywords
- transaction
- mobile payment
- pos
- pin
- personal identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription24
- 101100520032Dictyostelium discoideum pikB geneProteins0.000claimsdescription17
- 238000012545processingMethods0.000claimsdescription12
- 238000012795verificationMethods0.000claimsdescription12
- 101100520073Candida albicans (strain SC5314 / ATCC MYA-2876) PIKALPHA geneProteins0.000claimsdescription11
- 101100520031Dictyostelium discoideum pikA geneProteins0.000claimsdescription11
- 101150105393pik1 geneProteins0.000claimsdescription11
- 230000008859changeEffects0.000claimsdescription4
- 238000005538encapsulationMethods0.000claimsdescription3
- 238000007726management methodMethods0.000description41
- 238000004891communicationMethods0.000description13
- 238000005516engineering processMethods0.000description13
- 239000013589supplementSubstances0.000description5
- 230000005540biological transmissionEffects0.000description4
- 230000004044responseEffects0.000description3
- 238000006243chemical reactionMethods0.000description2
- 238000013461designMethods0.000description2
- 238000010586diagramMethods0.000description2
- 230000002452interceptive effectEffects0.000description2
- 238000010295mobile communicationMethods0.000description2
- 230000002159abnormal effectEffects0.000description1
- 239000013256coordination polymerSubstances0.000description1
- 238000000151depositionMethods0.000description1
- 230000009977dual effectEffects0.000description1
- 230000008676importEffects0.000description1
- 230000010354integrationEffects0.000description1
- 230000007246mechanismEffects0.000description1
- 238000012544monitoring processMethods0.000description1
- 230000006855networkingEffects0.000description1
- 238000007639printingMethods0.000description1
- 230000008569processEffects0.000description1
- 239000000047productSubstances0.000description1
- 238000011084recoveryMethods0.000description1
- 238000012954risk controlMethods0.000description1
- 230000011218segmentationEffects0.000description1
- 229910052709silverInorganic materials0.000description1
- 239000004332silverSubstances0.000description1
- 238000011191terminal modificationMethods0.000description1
- 238000012360testing methodMethods0.000description1
Images
Landscapes
- Cash Registers Or Receiving Machines (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Technical field
The present invention relates to pay by mails and the financial field, be specifically related to a kind of system and method for realizing mobile payment.
Background technology
Mobile payment forum (Mobile Payment Forum) is thought: " mobile payment is meant the both sides that conclude the business; with the deposit of certain credit line or certain amount of money; for certain goods or business; exchange the data of representing same amount from the mobile payment merchant by mobile device; be that media is transferred to the payment object with these data with the portable terminal, thus the modes of payments that the liquidation consumption charge carries out business transaction.”
By implementation and distance, mobile payment can be divided into two kinds: a kind of is remote payment.As payment account, mention service request with bank account, mobile phone charge or virtual pre-stored account in modes such as note, voice, WAP.Second kind is on-site payment.By closely noncontact wireless communication technology, as infrared technique, RFID REID, NFC (Near Field Communication, close range wireless communication) technology, Bluetooth technology etc., at mobile phone terminal and POS (Point Of Sale, point of sales terminal) pay between the equipment such as machine, automatic vending machine, the ticket machine exchange of information, the real realization finished aspectant payment transaction with mobile phone.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of system and method for realizing mobile payment, can realize non-contact mobile payment fast, effectively, safely.
In order to address the above problem, the invention provides a kind of method that realizes mobile payment, comprise: when type of transaction is online account, MIS trade company device obtains the transaction data of mobile payment terminal and user's PIN (Personal Identification Number), and will be packaged into 8583 on-line transaction messages together with described transaction data, POS end message behind the described individual identification code encryption;
Described mobile payment platform judges whether transaction request is legal after receiving described 8583 on-line transaction messages, if the legal legitimacy of then verifying user and account of transaction request, and described PIN (Personal Identification Number) verified, if user and account are legal, and PIN (Personal Identification Number) is correctly then finished the accounting processing of this transaction;
Described mobile payment terminal is the portable terminal with RF-SIM card.
Further, described MIS trade company device also carries out being sent to corresponding mobile payment platform after MAC generates to 8583 on-line transaction messages;
Described mobile payment platform carries out mac authentication earlier after receiving described 8583 on-line transaction messages, if mac authentication is by carrying out the legitimate verification of described user and account again.
Further, after the POS preposition equipment that is positioned at mobile payment platform is received described 8583 on-line transaction messages, by the back described PIN (Personal Identification Number) is changeed encryption in mac authentication, then message is converted to class 8583 messages and is sent to Business Management Platform by application platform;
Described PIN (Personal Identification Number) is verified is meant, encrypted PIN (Personal Identification Number) is decrypted, and pass through with consistent then checking of PIN (Personal Identification Number) of local storage as if the PIN (Personal Identification Number) after the deciphering, otherwise checking do not passed through.
Further, described MIS trade company device is also stored the corresponding relation of POS terminal and POS preposition equipment, and MIS trade company device is searched the POS preposition equipment of determining to handle this transaction behind this corresponding relation according to described POS end message.
Further, the PIK1 that described MIS trade company device is encrypted PIN (Personal Identification Number) is produced by the POS preposition equipment, and the PIK2 that described POS preposition equipment changes encryption to PIN (Personal Identification Number) is produced by Business Management Platform;
The MAK that carries out mac authentication is produced the MAK unanimity of each network element by the POS preposition equipment;
The MAK at PIK1, PIK2 and each network element place is all encrypted the back storage by KEK, but the KEK difference at each network element place.
The present invention also provides a kind of method that realizes mobile payment, comprise: when type of transaction is cash account, after MIS trade company device obtains the balance amount information of the transaction data of mobile payment terminal and mobile payment terminal, verify whether whether enough this transaction of cash account remaining sum of legal and described mobile payment terminal of this transaction, if transaction is legal and enough this transaction of cash account remaining sum, then finishes this off-line trading and handle; Described mobile payment terminal is the portable terminal with RF-SIM card.
The present invention also provides a kind of system that realizes mobile payment, comprising: mobile payment terminal, MIS trade company device and mobile payment platform;
Described mobile payment terminal is the portable terminal with RF-SIM card;
Described MIS trade company device is used for obtaining transaction data and user's PIN (Personal Identification Number) when type of transaction is online account, and the PIN (Personal Identification Number) after will encrypting is sent to mobile payment platform after being packaged into 8583 on-line transaction messages together with described transaction data, POS end message;
Described mobile payment platform judges whether transaction request is legal after being used to receive described 8583 on-line transaction messages, if the legal legitimacy of then verifying user and account of transaction request, and described PIN (Personal Identification Number) verified, also be used for the user and account is legal, and PIN (Personal Identification Number) is finished the accounting processing of this transaction when correct.
Further, described mobile payment platform comprises POS preposition equipment, application platform and Business Management Platform;
Described MIS trade company device also is used for described 8583 on-line transaction messages are added and carries out MAC after the encapsulation enterprise code and generate, and described 8583 on-line transaction messages are sent to the POS preposition equipment;
Described POS preposition equipment is used for described 8583 on-line transaction messages are carried out mac authentication, and pass through the back in mac authentication and judge whether transaction request is legal, if legal then described 8583 on-line transaction messages being converted to carried out MAC behind class 8583 messages and generated, be sent to the application platform of correspondence afterwards;
Described application platform is carried out mac authentication after being used to receive described class 8583 messages, and mac authentication is by the legitimacy of back checking user and account, also is used for described class 8583 messages being carried out being sent to Business Management Platform after the MAC generation after user and account are legal;
Described Business Management Platform carries out mac authentication to described class 8583 messages after being used to receive described message, and mac authentication is by then verifying described PIN (Personal Identification Number), if PIN (Personal Identification Number) is correctly then finished the accounting processing of this transaction.
Further, described POS preposition equipment changes encryption to described PIN (Personal Identification Number) after also being used to receive described 8583 on-line transaction messages, and the PIN (Personal Identification Number) that will change after encrypting is packaged into class 8583 messages together with described transaction data, this POS end message;
Described Business Management Platform verifies to PIN (Personal Identification Number) and is meant that Business Management Platform is decrypted the PIN (Personal Identification Number) after encrypting, and pass through with consistent then checking of PIN (Personal Identification Number) of local storage as if the PIN (Personal Identification Number) after the deciphering, otherwise checking is not passed through.
Further, described trade company end front end processor also is used to store the routing iinformation of each POS terminal and POS preposition equipment corresponding relation, and according to the local routing iinformation of storing of POS end message inquiry, determine to handle the POS preposition equipment of this transaction message, and transaction message is sent to corresponding POS preposition equipment.
Further, described POS preposition equipment also is used to produce the PIK1 that PIN (Personal Identification Number) is encrypted, and sends it to MIS trade company device;
Described Business Management Platform also is used for PIN (Personal Identification Number) is changeed the PIK2 of encryption, and sends it to the POS preposition equipment;
The MAK at described PIK1, PIK2 and each network element place is all encrypted the back storage by KEK, but the KEK difference at each network element place.
The present invention also provides a kind of system that realizes mobile payment, comprising: mobile payment terminal and MIS trade company device;
Described mobile payment terminal is the portable terminal with RF-SIM card;
Described MIS trade company device is used for obtaining during for cash account when type of transaction the balance amount information of transaction data and mobile payment terminal, also be used to verify whether whether enough this transaction of cash account remaining sum of legal and described mobile payment terminal of this transaction, if transaction is legal and enough this transaction of cash account remaining sum, then finishes this off-line trading and handle.
The present invention based on the RF-SIM technology, promptly be a kind of of on-site payment technology, it is by being integrated into radio-frequency technique in the SIM cards of mobile phones, make the cellie only need to change a sheet smart card, just can make existing mobile phone become class NFC mobile phone, the all functions that not only have common SIM card also have an all-around service platform that can replace wallet, key and I.D..Wherein SIM card partly is used for normal mobile phone mobile communication, authentication, only is used as the physical connection with mobile phone.Embedded software is used to manage the RF-ID of high degree of safety, built-in e-credit e-credit, EMV stored value card and other VIP member cards based on the mifare logic.Use the Micro RF module also by built-in antenna and external unit communication simultaneously.
Description of drawings
Fig. 1 is the centralized networking structure figure of mobile-payment system of the present invention;
Fig. 2 is an on-line transaction process flow diagram of the present invention;
Fig. 3 is the online recharge procedure figure of payment account of the present invention;
Fig. 4 is encryption key distribution system figure of the present invention.
Embodiment
Fundamental purpose of the present invention is to provide a kind of electric paying method safely and efficiently based on RF-SIM terminal card technology and ISO8583 agreement, is mainly used in and realizes closely non-contact mobile payment.For the existing bank card class transaction of compatibility, transaction message of the present invention is based on the ISO8583 standard.Outside mobile payment platform, comprise MIS trade company device and with the account interface section of commercial bank, employing standard 8583 messages; And within mobile payment platform, then carry out the processing and the forwarding of transaction data according to class 8583 messages of system design.
The present invention has provided the solution of a whole set of mobile payment, comprises the system architecture design, and security system is set up, and transmission of transaction data etc.
The several explanations of nouns that relate among the present invention are as follows:
RF-SIM:RF-SIM is a kind of near/middle distance wireless communication technology based on SIM card, and technical support side is the straight-through telecommunication in Hong Kong.This technology is a kind of of NFC wireless near field communication, and the module that it will have the RF radio-frequency enabled is embedded in the SIM card, uses the microwave frequency of 2.4G to carry out data communication.Maximum characteristics are that the user need not change mobile phone, are typical single SIM card mobile payment solutions.
The ISO8583:ISO8583 agreement is the standard message agreement that financial sector is general in the world at present.It is widely used in being exchanged for main financial transaction system with bank card, each interbank communication, and the ISO8583 message is all adopted in ATM or POS communication.At present popular Net silver is online, the communication packet between Call Center and the bank also is the ISO8583 agreement.
OTA: be the abbreviation of Over The Air, Chinese is called air download.The air download technology is the technology of SIM card data and application being carried out telemanagement by the air interface of mobile communication (GSM or CDMA).Air interface can adopt WAP, GPRS, CDMA1X and short message technology.
Realize the system architecture of this method among the present invention, mainly by the mobile payment terminal, MIS trade company device and mobile payment platform three parts are formed.Here indication MIS trade company is meant and can accepts mobile payment service, retailer, company or other mechanisms that affiliated POS terminal links to each other with mobile payment platform by trade company's end front end processor.
As shown in Figure 1, mobile-payment system according to the present invention comprises RF-SIM mobile payment terminal, three major parts of MIS trade company device and mobile payment platform.Be respectively described below:
Mobile payment terminal: mainly be meant the RF-SIM technology that adopts, can carry out the closely portable terminal of non-contact data exchange with the POS terminal.Can also finish management by the mode of OTA air download to terminal card, comprise to the division of terminal card security domain and by the air download mode to Business Management Platform down load application program; Has the RF-SIM card in the mobile payment terminal.
MIS trade company device: comprise card reader, POS terminal and trade company's preposition equipment.
Card reader is used for reading transaction data when type of transaction during for cash account, and sends it to the POS terminal, also is used for obtaining user's PIN (PIN (Personal Identification Number)) when the mobile payment terminal is selected online account, and PIN and transaction data are sent to the POS terminal;
The POS terminal is used to discern the RF-SIM card parameter of mobile payment terminal, comprise and judge whether to support transaction, and this type of transaction (comprising online account, cash account etc.), when transaction when the cash account, whether enough this transaction of the cash account remaining sum of mobile payment terminal;
The POS terminal also is used for when type of transaction is cash account, verifies whether this transaction is legal, if legal and enough this transaction of cash account remaining sum are then finished this off-line trading and handled, comprises the cash account remaining sum of deduction mobile payment terminal.
The POS terminal also is used for when type of transaction is online account, PIN, the transaction data received are packaged into standard 8583 on-line transaction messages (this message comprises application type sign AID) together with this POS end message, and carry out after MAC (Message Authentication Code, message authentication code) generates 8583 on-line transaction messages being sent to trade company's preposition equipment.
The POS terminal is used to also check whether background system has authority to receive the data of POS terminal; And data upload, on-line transaction is handled and information uploading; Provide bill printing, the control of paper delivery mistake.
Trade company's preposition equipment comprises trade company's front end processor and encryption equipment;
Encryption equipment is used to carry out key conversion, is about to the WK (working key comprises PIK and MAK) through KEK encrypts that the POS preposition equipment in the mobile payment platform sends and carries out sending to the POS terminal after the key conversion;
Encryption equipment carries out mac authentication after also being used to receive the 8583 on-line transaction messages that the POS terminal sends, checking by after carry out MAC again and generate;
Message after trade company's front end processor is used for MAC generated is packaged into standard 8583 on-line transaction messages after adding information such as enterprise code, and transaction message is sent to corresponding POS preposition equipment.
Trade company's front end processor also is used to store the routing iinformation of each POS terminal and POS preposition equipment corresponding relation, and according to the local routing iinformation of storing of POS end message inquiry, thereby determine to handle the POS preposition equipment of this transaction message, and transaction message is sent to corresponding POS preposition equipment.
Mobile payment platform comprises POS preposition equipment, POS terminal management platform, application platform, Business Management Platform and unified payment platform, is the core of this mobile-payment system; Wherein:
The POS preposition equipment is used to generate WK, and by sending to trade company's front end processor after the KEK encryption; Also be used to produce PIK1, and send it to the POS terminal;
The POS preposition equipment carries out mac authentication after also being used to receive transaction message, checking is carried out validity checking by the back to transaction message, comprise terminal device numbering and running status, the operator, whether the terms of validity of check bit and POS terminal etc. are legal, and whether transaction is overtime, super scope, if it is legal and not overtime, not super scope then uses PIK2 that PIN is changeed encryption (promptly with PIK2 PIN being encrypted again), afterwards message is packaged into inner general class 8583 messages of mobile payment platform, and transaction message is forwarded to corresponding application platform according to the AID in the message; If transaction is illegal or the overtime or super scope of concluding the business is then refused this transaction.Like this, can reduce the load of application platform and account clearance platform etc., reduce background system and handle the required expense of account.
Application platform, the download that is used to write down mobile payment terminal application programs, as legal which application program of downloading, if the mobile payment terminal once illegal download cross application program and then this mobile payment terminal added blacklist; Also be used to receive after the transaction message legitimacy according to blacklist checking user and account, comprise whether arrearage and whether be user etc. in the blacklist of this user, can also be used for finishing relevant treatment (as collect certain service charge for operator), and message is forwarded to Business Management Platform according to using charging principle (as the access times used etc.).
Application platform also is used to assist Business Management Platform to finish the product test of application program, and application is divided into groups, and the renewal that application program is provided, the time-out of application, recovery, and operation such as cancellation; The security control function is provided, comprises built-in function person's management, the restriction of mobile payment terminal transaction, subscriber blacklist management, extract transaction feature and set up risk control model etc.
Business Management Platform is used to produce PIK2, and sends it to the POS preposition equipment; Carry out mac authentication after also being used to receive transaction message, mac authentication is carried out verification by the back to PIN, and also be used for verification and accounting processing carried out in this transaction by the back, as the processing of withholing, return the transaction response afterwards; If verification is not passed through, then return the message of Fail Transaction.
PIN is carried out verification be meant, decrypt encrypted PIK2 with the KEK of local storage, decrypt PIN in the message with PIK2 afterwards, whether the PIN that relatively decrypts then consistent with the PIN of this locality storage, if unanimity then verification pass through, otherwise verification is not passed through;
Business Management Platform is responsible for the registration and the information management of user, trade company, SP/CP, payment terminal card and POS machine; The management function of payment account is provided, comprises cash account (as the deduction closing balance), online account (as revising online accounts information) and integration account (as revising user integral etc.); Query statistic, the analytic function of business information are provided; Provide secret key safety management, application program to download.
The POS terminal management platform mainly is responsible for POS terminal information and parameter management; Increase, download, the renewal of POS end application are provided; Be responsible for terminal running state monitoring (whether the POS terminal operating is normal), comprise that terminal initiatively reports abnormal conditions and terminal management platform to issue the monitor command dual mode.
POS terminal management platform storage POS terminal and merchant information, whether these information are offered POS preposition equipment checking POS terminal legal, and whether trade company is legal.
When unified payment platform is used for online transaction, after the user profile and relationship trading information that the reception Business Management Platform is sent, carries out real-time, interactive with banking system and finish withholing of bank account; When also being used for off-line trading, after the user profile and relationship trading information that the reception Business Management Platform is sent, adopt a day whole mode to finish.Promptly unified payment platform is to support to settle accounts the link that links to each other with funds systems with concrete trade company.The interface of unified payment platform and bank's billing and accounting system is unique inlet that bank's billing and accounting system inserts mobile-payment system, and all clearances related with bank, reconciliation information all are forwarded to Business Management Platform via unified payment platform and handle.
Present embodiment provides a kind of method that realizes mobile payment, as shown in Figure 2, realizes that according to the present invention the method for mobile payment comprises the steps:
After the payment that step S2002, user confirm to show on the POS terminal, on the mobile payment terminal of RF-SIM, select " online account " to pay, with the close card reader of mobile payment terminal, on the subsidiary code keypad of POS, import PIN simultaneously then.
Step S2004, MIS trade company device obtains the transaction data of mobile payment terminal and user's PIN, and be packaged into standard 8583 on-line transaction messages (this message comprises application type sign AID) together with transaction data and POS end message after using PIK1 that PIN is encrypted, and carry out the MAC generation, afterwards message is sent to mobile payment platform.
In this step, can be to generate above-mentioned 8583 on-line transaction messages by the POS terminal that is positioned at MIS trade company device, and carry out being sent to the trade company's preposition equipment that is positioned at MIS trade company device after MAC generates, trade company's preposition equipment carries out mac authentication earlier after receiving above-mentioned message, checking adds encapsulation by the back to this 8583 on-line transaction message to be carried out MAC after the enterprise code and generates, and by Leased line above-mentioned message is sent to corresponding mobile payment platform behind the corresponding relation of the POS terminal of inquiry storage and mobile payment platform then.
Step S2006, after mobile payment platform is received 8583 on-line transaction messages, carry out mac authentication earlier, checking is carried out validity checking by the back to message, content comprises the term of validity of terminal device numbering and running status, operator, check bit and POS terminal etc., in order to the legitimacy of judging transaction request and whether make refusal.Also need checking PIN whether correct,, return the transaction response if after correctly then finishing this accounting processing.When comprising online account, accounting processing revises online accounts information etc.
This step specifically comprises:
A) after the POS preposition equipment that is positioned at mobile payment platform is received 8583 on-line transaction messages, carry out mac authentication earlier, checking is changeed encryption (promptly again with PIK2 PIN encrypted) to using PIK2 with PIN by the back, again carry out the MAC generation after encapsulating inner general class 8583 messages of a mobile payment platform, and, transaction message is forwarded to corresponding application platform handles according to the AID in the message (application type sign);
B) after application platform is received class 8583 messages, carry out mac authentication earlier, checking is carried out validity checking by the back to such 8583 message, then class 8583 messages is carried out being sent to Business Management Platform after MAC generates again as if legal;
C) Business Management Platform receives that class 8583 messages carry out mac authentication earlier, and whether checking is correct by the back checking PIN, finishes the accounting processing of this transaction afterwards.
During online transaction, after the user profile and relationship trading information that unified payment platform reception Business Management Platform is sent, carry out real-time, interactive with banking system and finish withholing of bank account.
PIN is carried out verification can be, PIK2 under PIN ciphertext, KEK (key-encrypting key) encryption and the local information of depositing such as PIN ciphertext are sent into the local cipher machine in the lump, by encryption equipment within it portion the PIN that deposits in the PIN that send on the Business Management Platform and the local data base is compared, finish the verification of PIN.
Step S2008, mobile payment platform returns the transaction response by MIS trade company device to the mobile payment terminal.
Under the small amount payment scene, the mobile payment terminal can select " cash account " to carry out off-line trading, need not to use PIN this moment.Concrete steps are as follows:
After the payment that step S3002, user confirm to show on the POS terminal, on the mobile payment terminal of RF-SIM, select " cash account " to pay, then with the close card reader of mobile payment terminal;
Step S3004, MIS trade company device obtains the transaction data of mobile payment terminal and the balance amount information of mobile payment terminal, verify whether this transaction is legal, and whether enough this transaction of the cash account remaining sum of verifying this mobile payment terminal, if transaction is legal and enough this transaction of cash account remaining sum, then finish this off-line trading and handle, comprise the cash account remaining sum of deduction mobile payment terminal.And adopt a day whole clearance mode to hand over this transaction record to be sent to mobile payment platform.
As shown in Figure 3, the online recharge procedure of payment account according to the present invention comprises the steps:
Step S4002, user hold cash and RF-SIM mobile payment terminal to the business hall/supplement the site with money, POS supplements with money and is sent to cabinet face client after terminal reads the user profile of mobile payment terminal (card) side.
Step S4004, cabinet face client is issued Business Management Platform with user profile, and Business Management Platform carries out legitimate verification, comprises the checking to subscriber card, account identity;
Step S4006, checking is by afterwards being returned the details of user and attached payment account thereof by Business Management Platform, and attached payment account refers to online account and cash account, and what return here is the information of two accounts in the Business Management Platform stored.
Step S4008, cabinet face client is selected to supplement account (cash account or online account) with money according to customer requirements, Business Management Platform is issued in request after filling in recharge amount.
Step S4010, Business Management Platform carries out the account legitimate verification according to request, revises cash account/online accounts information, generates and supplements record with money.
Step S4012, Business Management Platform returns recharging result information by cabinet face client to the mobile payment terminal.
Step S4014 supplements with money for cash account, also will be supplemented with money the cash account information of terminal modifications mobile payment end side by POS.
Fig. 4 is according to encryption key distribution mode synoptic diagram of the present invention.
The key code system of mobile-payment system is divided into three layers: master key (MK), be used for key-encrypting key KEK is carried out encipherment protection, and the KEK of each encryption equipment storage encrypts through MK, and MK is produced by the local cipher machine;
Key-encrypting key (KEK), cryptographic work key when being used for the working key online updating;
Working key (WK) comprises the PIK (PIN cryptographic work key) that PIN is encrypted, and carries out the MAK (MAC cryptographic work key) that message is differentiated (MAC).
MAK is produced by the POS preposition equipment, the MAK unanimity of each zone (being network element), but encrypt by different KEK.
The purpose of encryption key distribution at first is to make to share identical transmission security key (KEK) between the main frame respectively, so that the safe transmission of working key.Just can regularly generate working key then and encrypt down biography, thereby the both sides that guarantee communication have identical working key.To carry out brief description (Fig. 4 is an example with PIK) to the encryption key distribution mode in the mobile-payment system below
1) the working key PIK1 of POS terminal is produced by the POS preposition equipment, and the PIK2 that is used for PIN commentaries on classics encryption in the POS preposition equipment is produced by Business Management Platform.By different KEK protection, these KEK are produced by the local cipher machine PIK in zones of different (being network element), inject the encryption equipment of next communication network element by modes such as IC-cards, are about to the local KEK that produces and store the next level communications network element that is attached thereto into.
2) the effective principle of key segmentation: each KEK only exists in a certain zone (being network element) and effectively, between the KEK between zones of different (being network element) without any relation.In order to guaranteeing not and can influence the safety of the data of other interregional transmission, thereby realize the division of labor management of key because of the leakage of the KEK of certain zone (being network element).
The present invention proposes a kind of secured mobile payment method, be used for fast, non-contact mobile payment concluded the business handle effectively, safely based on RF-SIM and ISO8583 agreement.
Claims (12)
1. method that realizes mobile payment, comprise: when type of transaction is online account, MIS trade company device obtains the transaction data of mobile payment terminal and user's PIN (Personal Identification Number), and will be packaged into 8583 on-line transaction messages together with described transaction data, POS end message behind the described individual identification code encryption;
Described mobile payment platform judges whether transaction request is legal after receiving described 8583 on-line transaction messages, if the legal legitimacy of then verifying user and account of transaction request, and described PIN (Personal Identification Number) verified, if user and account are legal, and PIN (Personal Identification Number) is correctly then finished the accounting processing of this transaction;
Described mobile payment terminal is the portable terminal with RF-SIM card.
2. the method for claim 1 is characterized in that:
Described MIS trade company device also carries out being sent to corresponding mobile payment platform after MAC generates to 8583 on-line transaction messages;
Described mobile payment platform carries out mac authentication earlier after receiving described 8583 on-line transaction messages, if mac authentication is by carrying out the legitimate verification of described user and account again.
3. method as claimed in claim 1 or 2 is characterized in that:
After the POS preposition equipment that is positioned at mobile payment platform is received described 8583 on-line transaction messages, by the back described PIN (Personal Identification Number) is changeed encryption, then message is converted to class 8583 messages and is sent to Business Management Platform by application platform in mac authentication;
Described PIN (Personal Identification Number) is verified is meant, encrypted PIN (Personal Identification Number) is decrypted, and pass through with consistent then checking of PIN (Personal Identification Number) of local storage as if the PIN (Personal Identification Number) after the deciphering, otherwise checking do not passed through.
4. method as claimed in claim 2 is characterized in that:
Described MIS trade company device is also stored the corresponding relation of POS terminal and POS preposition equipment, and MIS trade company device is searched the POS preposition equipment of determining to handle this transaction behind this corresponding relation according to described POS end message.
5. method as claimed in claim 3 is characterized in that:
The PIK1 that described MIS trade company device is encrypted PIN (Personal Identification Number) is produced by the POS preposition equipment, and the PIK2 that described POS preposition equipment changes encryption to PIN (Personal Identification Number) is produced by Business Management Platform;
The MAK that carries out mac authentication is produced the MAK unanimity of each network element by the POS preposition equipment;
The MAK at PIK1, PIK2 and each network element place is all encrypted the back storage by KEK, but the KEK difference at each network element place.
6. method that realizes mobile payment, comprise: when type of transaction is cash account, after MIS trade company device obtains the balance amount information of the transaction data of mobile payment terminal and mobile payment terminal, verify whether whether enough this transaction of cash account remaining sum of legal and described mobile payment terminal of this transaction, if transaction is legal and enough this transaction of cash account remaining sum, then finishes this off-line trading and handle; Described mobile payment terminal is the portable terminal with RF-SIM card.
7. a system that realizes mobile payment comprises: mobile payment terminal, MIS trade company device and mobile payment platform; It is characterized in that:
Described mobile payment terminal is the portable terminal with RF-SIM card;
Described MIS trade company device is used for obtaining transaction data and user's PIN (Personal Identification Number) when type of transaction is online account, and the PIN (Personal Identification Number) after will encrypting is sent to mobile payment platform after being packaged into 8583 on-line transaction messages together with described transaction data, POS end message;
Described mobile payment platform judges whether transaction request is legal after being used to receive described 8583 on-line transaction messages, if the legal legitimacy of then verifying user and account of transaction request, and described PIN (Personal Identification Number) verified, also be used for the user and account is legal, and PIN (Personal Identification Number) is finished the accounting processing of this transaction when correct.
8. system as claimed in claim 7 is characterized in that:
Described mobile payment platform comprises POS preposition equipment, application platform and Business Management Platform;
Described MIS trade company device also is used for described 8583 on-line transaction messages are added and carries out MAC after the encapsulation enterprise code and generate, and described 8583 on-line transaction messages are sent to the POS preposition equipment;
Described POS preposition equipment is used for described 8583 on-line transaction messages are carried out mac authentication, and pass through the back in mac authentication and judge whether transaction request is legal, if legal then described 8583 on-line transaction messages being converted to carried out MAC behind class 8583 messages and generated, be sent to the application platform of correspondence afterwards;
Described application platform is carried out mac authentication after being used to receive described class 8583 messages, and mac authentication is by the legitimacy of back checking user and account, also is used for described class 8583 messages being carried out being sent to Business Management Platform after the MAC generation after user and account are legal;
Described Business Management Platform carries out mac authentication to described class 8583 messages after being used to receive described message, and mac authentication is by then verifying described PIN (Personal Identification Number), if PIN (Personal Identification Number) is correctly then finished the accounting processing of this transaction.
9. as claim 7 or 8 described systems, it is characterized in that:
Described POS preposition equipment changes encryption to described PIN (Personal Identification Number) after also being used to receive described 8583 on-line transaction messages, and the PIN (Personal Identification Number) that will change after encrypting is packaged into class 8583 messages together with described transaction data, this POS end message;
Described Business Management Platform verifies to PIN (Personal Identification Number) and is meant that Business Management Platform is decrypted the PIN (Personal Identification Number) after encrypting, and pass through with consistent then checking of PIN (Personal Identification Number) of local storage as if the PIN (Personal Identification Number) after the deciphering, otherwise checking is not passed through.
10. system as claimed in claim 7 is characterized in that:
Described trade company end front end processor also is used to store the routing iinformation of each POS terminal and POS preposition equipment corresponding relation, and according to the local routing iinformation of storing of POS end message inquiry, determine to handle the POS preposition equipment of this transaction message, and transaction message is sent to corresponding POS preposition equipment.
11. system as claimed in claim 9 is characterized in that:
Described POS preposition equipment also is used to produce the PIK1 that PIN (Personal Identification Number) is encrypted, and sends it to MIS trade company device;
Described Business Management Platform also is used for PIN (Personal Identification Number) is changeed the PIK2 of encryption, and sends it to the POS preposition equipment;
The MAK at described PIK1, PIK2 and each network element place is all encrypted the back storage by KEK, but the KEK difference at each network element place.
12. a system that realizes mobile payment comprises: mobile payment terminal and MIS trade company device; It is characterized in that:
Described mobile payment terminal is the portable terminal with RF-SIM card;
Described MIS trade company device is used for obtaining during for cash account when type of transaction the balance amount information of transaction data and mobile payment terminal, also be used to verify whether whether enough this transaction of cash account remaining sum of legal and described mobile payment terminal of this transaction, if transaction is legal and enough this transaction of cash account remaining sum, then finishes this off-line trading and handle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102287306ACN102073958A (en) | 2009-11-25 | 2009-11-25 | System and method for implementing mobile payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009102287306ACN102073958A (en) | 2009-11-25 | 2009-11-25 | System and method for implementing mobile payment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102073958Atrue CN102073958A (en) | 2011-05-25 |
Family
ID=44032491
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009102287306APendingCN102073958A (en) | 2009-11-25 | 2009-11-25 | System and method for implementing mobile payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102073958A (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102855560A (en)* | 2011-06-29 | 2013-01-02 | 国民技术股份有限公司 | Method and system for mobile payment |
| CN103077457A (en)* | 2012-12-27 | 2013-05-01 | 德赛电子(惠州)有限公司 | Intelligent RFID (radio frequency identification) payment terminal and method |
| US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
| CN103606080A (en)* | 2013-12-05 | 2014-02-26 | 神州数码国信信息技术(苏州)有限公司 | Electronic wallet machine |
| CN103679976A (en)* | 2012-09-25 | 2014-03-26 | 中国银联股份有限公司 | A system and method for reading and writing IC cards |
| CN104363105A (en)* | 2014-09-29 | 2015-02-18 | 杭州华三通信技术有限公司 | Message transparent transfer method and equipment |
| CN104361491A (en)* | 2014-11-03 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile paying method and system |
| CN104754568A (en)* | 2015-03-05 | 2015-07-01 | 深圳市创凯电子有限公司 | Identity recognition method and device based on NFC (Near Field Communication) |
| CN104901806A (en)* | 2014-12-29 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Method, device and system for processing virtual resources |
| US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| CN105243541A (en)* | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | BLE Bluetooth and sound wave combined mobile payment method and system |
| CN105654299A (en)* | 2015-12-31 | 2016-06-08 | 深圳前海微众银行股份有限公司 | Mobile payment method, and cloud payment platform and system |
| CN107203875A (en)* | 2017-04-01 | 2017-09-26 | 北京波若科技有限公司 | Fund clearing method, device and server |
| CN107292606A (en)* | 2017-07-27 | 2017-10-24 | 中国银联股份有限公司 | A kind of method of payment and device |
| CN107730253A (en)* | 2017-09-15 | 2018-02-23 | 飞天诚信科技股份有限公司 | A kind of offline transaction aging management method and device |
| CN107808287A (en)* | 2017-11-21 | 2018-03-16 | 艾体威尔电子技术(北京)有限公司 | A kind of aggregate payment system |
| CN108183958A (en)* | 2017-12-29 | 2018-06-19 | 银联商务股份有限公司 | Message transmitting method, device and payment system |
| CN108475371A (en)* | 2015-11-06 | 2018-08-31 | Visa欧洲有限公司 | transaction authorization |
| US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| CN111935684A (en)* | 2020-07-17 | 2020-11-13 | 深圳一卡通新技术有限公司 | Bluetooth payment system and method |
| CN112508548A (en)* | 2016-01-05 | 2021-03-16 | 创新先进技术有限公司 | Data interaction method and device and offline credit payment method and device |
| CN116092244A (en)* | 2023-01-12 | 2023-05-09 | 厦门大学 | A POS machine supervision system based on 5G signal |
- 2009
- 2009-11-25CNCN2009102287306Apatent/CN102073958A/enactivePending
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11120413B2 (en) | 2011-06-03 | 2021-09-14 | Fintiv, Inc. | Monetary transaction system |
| US8538845B2 (en) | 2011-06-03 | 2013-09-17 | Mozido, Llc | Monetary transaction system |
| US9892386B2 (en) | 2011-06-03 | 2018-02-13 | Mozido, Inc. | Monetary transaction system |
| US11295281B2 (en) | 2011-06-03 | 2022-04-05 | Fintiv, Inc. | Monetary transaction system |
| US12346886B2 (en) | 2011-06-03 | 2025-07-01 | Fintiv, Inc. | Monetary transaction system |
| CN102855560A (en)* | 2011-06-29 | 2013-01-02 | 国民技术股份有限公司 | Method and system for mobile payment |
| CN102855560B (en)* | 2011-06-29 | 2018-07-17 | 国民技术股份有限公司 | A kind of method of mobile payment and system |
| US12248929B2 (en) | 2011-11-21 | 2025-03-11 | Fintiv, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| US9208488B2 (en) | 2011-11-21 | 2015-12-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| US10438196B2 (en) | 2011-11-21 | 2019-10-08 | Mozido, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| US11468434B2 (en) | 2011-11-21 | 2022-10-11 | Fintiv, Inc. | Using a mobile wallet infrastructure to support multiple mobile wallet providers |
| CN103679976A (en)* | 2012-09-25 | 2014-03-26 | 中国银联股份有限公司 | A system and method for reading and writing IC cards |
| CN103679976B (en)* | 2012-09-25 | 2016-02-17 | 中国银联股份有限公司 | A kind of system and method that IC-card is read and write |
| CN103077457B (en)* | 2012-12-27 | 2016-02-24 | 惠州市德赛工业研究院有限公司 | A kind of intelligent RFID payment terminal and method |
| CN103077457A (en)* | 2012-12-27 | 2013-05-01 | 德赛电子(惠州)有限公司 | Intelligent RFID (radio frequency identification) payment terminal and method |
| CN103606080A (en)* | 2013-12-05 | 2014-02-26 | 神州数码国信信息技术(苏州)有限公司 | Electronic wallet machine |
| CN104363105A (en)* | 2014-09-29 | 2015-02-18 | 杭州华三通信技术有限公司 | Message transparent transfer method and equipment |
| CN104363105B (en)* | 2014-09-29 | 2018-05-15 | 新华三技术有限公司 | A kind of message transmission method and apparatus |
| CN104361491A (en)* | 2014-11-03 | 2015-02-18 | 中国联合网络通信集团有限公司 | Mobile paying method and system |
| CN104901806A (en)* | 2014-12-29 | 2015-09-09 | 腾讯科技(深圳)有限公司 | Method, device and system for processing virtual resources |
| CN104901806B (en)* | 2014-12-29 | 2016-06-22 | 腾讯科技(深圳)有限公司 | A kind of virtual resource processing method, device and system |
| CN104754568A (en)* | 2015-03-05 | 2015-07-01 | 深圳市创凯电子有限公司 | Identity recognition method and device based on NFC (Near Field Communication) |
| CN108475371A (en)* | 2015-11-06 | 2018-08-31 | Visa欧洲有限公司 | transaction authorization |
| CN108475371B (en)* | 2015-11-06 | 2022-10-11 | Visa欧洲有限公司 | Transaction authorization |
| CN105243541A (en)* | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | BLE Bluetooth and sound wave combined mobile payment method and system |
| CN105654299A (en)* | 2015-12-31 | 2016-06-08 | 深圳前海微众银行股份有限公司 | Mobile payment method, and cloud payment platform and system |
| CN112508548A (en)* | 2016-01-05 | 2021-03-16 | 创新先进技术有限公司 | Data interaction method and device and offline credit payment method and device |
| CN107203875A (en)* | 2017-04-01 | 2017-09-26 | 北京波若科技有限公司 | Fund clearing method, device and server |
| CN107203875B (en)* | 2017-04-01 | 2021-07-20 | 网联清算有限公司 | Capital clearing method, device and server |
| CN107292606A (en)* | 2017-07-27 | 2017-10-24 | 中国银联股份有限公司 | A kind of method of payment and device |
| TWI684152B (en)* | 2017-07-27 | 2020-02-01 | 大陸商中國銀聯股份有限公司 | Payment method and device |
| WO2019019826A1 (en)* | 2017-07-27 | 2019-01-31 | 中国银联股份有限公司 | PAYMENT METHOD AND DEVICE |
| CN107730253A (en)* | 2017-09-15 | 2018-02-23 | 飞天诚信科技股份有限公司 | A kind of offline transaction aging management method and device |
| CN107730253B (en)* | 2017-09-15 | 2020-08-07 | 飞天诚信科技股份有限公司 | A method and device for managing the timeliness of offline transactions |
| CN107808287A (en)* | 2017-11-21 | 2018-03-16 | 艾体威尔电子技术(北京)有限公司 | A kind of aggregate payment system |
| CN108183958A (en)* | 2017-12-29 | 2018-06-19 | 银联商务股份有限公司 | Message transmitting method, device and payment system |
| CN111935684A (en)* | 2020-07-17 | 2020-11-13 | 深圳一卡通新技术有限公司 | Bluetooth payment system and method |
| CN116092244A (en)* | 2023-01-12 | 2023-05-09 | 厦门大学 | A POS machine supervision system based on 5G signal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101853453A (en) | System and method for realizing mobile payment | |
| CN102073958A (en) | System and method for implementing mobile payment | |
| JP7483688B2 (en) | System and method for cryptographic authentication of contactless cards - Patents.com | |
| EP2526514B1 (en) | Method, device and system for securing payment data for transmission over open communication networks | |
| CN102201143B (en) | A kind of bank card transaction system based on SMS platform real-time interaction and method | |
| US20180053167A1 (en) | Processing of financial transactions using debit networks | |
| US10270587B1 (en) | Methods and systems for electronic transactions using multifactor authentication | |
| CN101098371B (en) | Financial data processing method and mobile terminal device | |
| EP3861673A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN102630083B (en) | System for using mobile terminal to carry out card operation and method thereof | |
| EP2365469A1 (en) | Method for performing payment transaction using personal mobile device and arrangement for personal mobile device | |
| US20080257952A1 (en) | System and Method for Conducting Commercial Transactions | |
| KR20140058564A (en) | Mobile device with secure element | |
| CN101098225A (en) | Secure data transmission method and payment method, payment terminal and payment server | |
| CN104951937A (en) | Authentication method and authentication system among mobile devices | |
| KR20060125835A (en) | Emv transactions in mobile terminals | |
| WO2003044710A1 (en) | Apparatus, method and system for payment using a mobile device | |
| CA3115142A1 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN104240073A (en) | Offline payment method and offline payment system on basis of prepaid cards | |
| CN102131164A (en) | System for performing loan transaction service based on mobile phone short message | |
| El Madhoun et al. | An overview of the emv protocol and its security vulnerabilities | |
| CN101571926A (en) | Safe read-write device for IC cards and method for using same | |
| CN113112251A (en) | Digital currency thin film smart card, digital currency transaction system and method | |
| Me et al. | Mobile local macropayments: Security and prototyping | |
| KR20090091893A (en) | Method for settling affiliated store, van server, settlement process server and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication | Application publication date:20110525 |