[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN105678543A - Payment secret key calculating method and device - Google Patents

Payment secret key calculating method and device Download PDF

Info

Publication number
CN105678543A
CN105678543A CN201511030922.8A CN201511030922A CN105678543A CN 105678543 A CN105678543 A CN 105678543A CN 201511030922 A CN201511030922 A CN 201511030922A CN 105678543 A CN105678543 A CN 105678543A
Authority
CN
China
Prior art keywords
payment
application software
terminal
card
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201511030922.8A
Other languages
Chinese (zh)
Other versions
CN105678543B (en
Inventor
卢道和
陈朝亮
杨军
韩海燕
黄兵
黎成
孙曦
邓翔
蔡毅
方镇举
邓志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201511030922.8A priority Critical patent/CN105678543B/en
Publication of CN105678543A publication Critical patent/CN105678543A/en
Application granted granted Critical
Publication of CN105678543B publication Critical patent/CN105678543B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1011Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention discloses a payment secret key calculating method and device. The method comprises the steps of receiving the terminal first equipment information sent by a payment application software in a terminal, and configuring an identifier for the terminal according to the first equipment information; sending the identifier to the payment application software, and binding the identifier with a payment account in the payment application software; if an updating instruction of updating the parameters in the payment application software is detected, obtaining the parameters needed to calculate a first limit secret key, and according to the parameters, calculating and obtaining the first limit secret key by an encryption algorithm; sending the first limit secret key to the payment application software, so that a second limit secret key is calculated via the encryption algorithm, according to the identifier and the first limit secret key and when the payment application software detects a payment operation instruction. According to the present invention, the risks that the limit secret keys are used in other terminals after being leaked, are prevented.

Description

Pay cipher key calculation method and device
Technical field
The present invention relates to terminal payment technical field, particularly relate to a kind of payment cipher key calculation method and device.
Background technology
Along with the fast development of terminal, and the convenience carried, more and more users carries out delivery operation in terminal. But owing to terminal calculates the opening of resource, at present based on HCE (host-basedcardemulation, the snap gauge of Intrusion Detection based on host is intended) NFC (NearFieldCommunication, the short distance wireless communication technology) that realizes of technology pays application and faces very big security risk. Usually the security risk paying in conjunction with high in the clouds and reducing NFC and pay is used, in the payment process of high in the clouds, have employed restriction cipher key technique more, namely the main key of card that high in the clouds payment account is corresponding is placed on high in the clouds and pays back-stage management, and to be stored in that user terminal pays in application software be the restriction key disperseing out according to some dispersion factors by the main key of card for calculating the application cryptogram of transaction, these restriction keys limit and use number of times or validity period, can reduce key and be lost by the risk caused after revealing.
But, in current existing restriction cipher key calculation method, not and use the terminating unit of this key to set up binding relationship, this just also exists after restriction key revealed in the terminal, this restriction key can be used to carry out delivery operation in other terminal, cause user's monetary losses.
Summary of the invention
The main purpose of the present invention is that providing a kind of pays cipher key calculation method and device, it is intended to solve in prior art and limits after key revealed in the terminal, this restriction key can be used to carry out delivery operation in other terminal, cause the technical problem of user's monetary losses.
For achieving the above object, the present invention provides a kind of and pays cipher key calculation method, comprises step:
Receive the terminal first equipment information paying application software in terminal and sending, it is described terminal configuration identifier according to described terminal first equipment information;
Described identifier is sent to described payment application software, and the payment account in described identifier and described payment application software is bound;
If detecting the renewal instruction upgrading parameter in described payment application software, then obtain and calculate the first restriction key desired parameters, according to described parameter, calculate described first restriction key by encryption algorithm;
Described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculates the 2nd restriction key by described encryption algorithm.
Preferably, described reception terminal pays the terminal first equipment information that application software sends, after according to described terminal first equipment information being the step of described terminal configuration identifier, also comprises:
It is that described identifier sets up fisrt feature vector according to described terminal first equipment information;
Described described identifier is sent to described payment application software, and after the step of the payment account binding in described identifier and described payment application software, also will comprise:
Determine the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
If the instruction detected is the supervisory instruction to payment account in described payment application software, then receive terminal the 2nd equipment information that described payment application software sends;
Second feature vector is set up according to the identifier that described terminal the 2nd equipment information is described terminal;
If the similarity between described fisrt feature vector and described second feature vector is greater than default similarity, then judge that the described supervisory instruction to described payment account is as the instruction that can perform.
Preferably, described be described terminal according to described terminal the 2nd equipment information identifier set up second feature vector step after, also comprise:
Calculate the similarity between second feature vector described in described fisrt feature vector sum;
Judge whether described similarity is greater than described default similarity;
If described similarity is less than or equal to described default similarity, then judge that the described supervisory instruction to described payment account exists risk.
Preferably, detecting the renewal instruction upgrading parameter in described payment application software if described, then obtain and calculate the first restriction key desired parameters, according to described parameter, the step being calculated described first restriction key by encryption algorithm is comprised:
If detecting the renewal instruction upgrading parameter in described payment application software, then obtain main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculate in described first restriction cipher key processes the randomized number distributed;
Main key according to described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculate the card key of described Payment Card by encryption algorithm;
Card key according to described Payment Card, described time parameter and described randomized number, calculate described first restriction key by described encryption algorithm.
Preferably, list is installed in the international mobile equipment mark of described equipment information, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application.
, for achieving the above object, in addition the present invention also provides a kind of and pays cipher key calculation device, and described device comprises:
Configuration module, for receiving the terminal first equipment information paying application software in terminal and sending, is described terminal configuration identifier according to described terminal first equipment information;
First sending module, for described identifier is sent to described payment application software, and binds the payment account in described identifier and described payment application software;
First calculating module, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtains and calculates the first restriction key desired parameters, according to described parameter, calculates described first restriction key by encryption algorithm;
2nd sending module, for described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculate the 2nd restriction key by described encryption algorithm.
Preferably, described payment cipher key calculation device also comprises:
First sets up module, for being that described identifier sets up fisrt feature vector according to described terminal first equipment information;
Determination module, for determine the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
Receiver module, if the instruction for detecting is the supervisory instruction to payment account in described payment application software, then receives terminal the 2nd equipment information that described payment application software sends;
2nd sets up module, for be described terminal according to described terminal the 2nd equipment information identifier set up second feature vector;
Determination module, if being greater than default similarity for the similarity between described fisrt feature vector and described second feature vector, then judges that the described supervisory instruction to described payment account is as the instruction that can perform.
Preferably, described payment cipher key calculation device also comprises:
2nd calculating module, for the similarity calculated described in described fisrt feature vector sum between second feature vector;
Judge module, also for judging whether described similarity is greater than described default similarity;
Described determination module, if being also less than or equal to described default similarity for described similarity, then judges that the described supervisory instruction to described payment account exists risk.
Preferably, described first calculating module comprises:
Acquiring unit, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtain main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculate in described first restriction cipher key processes the randomized number distributed;
First calculating unit, for the main key according to described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculates the card key of described Payment Card by encryption algorithm;
2nd calculating unit, for the card key according to described Payment Card, described time parameter and described randomized number, calculates described first restriction key by described encryption algorithm.
Preferably, list is installed in the international mobile equipment mark of described equipment information, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application.
The present invention is described terminal configuration identifier by the equipment information according to terminal, described identifier is sent to payment application software, and the payment account in described identifier and described payment application software is bound, in payment process, when described payment application software receives the first restriction key that backstage sends, obtain the 2nd restriction key according to described identifier and described first restriction cipher key calculation.Even if after achieving the 2nd restriction key loss; owing to the identifier of each terminal is different; other users also cannot use described 2nd restriction key to carry out delivery operation in other terminal, and the risk used in other terminal after preventing restriction key to reveal, protects the safety of user's fund.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that the present invention pays cipher key calculation method first embodiment;
If Fig. 2 is the renewal instruction detecting in the embodiment of the present invention and upgrading parameter in described payment application software, then obtain and calculate the first restriction key desired parameters, according to described parameter, calculated a kind of schematic flow sheet of described first restriction key by encryption algorithm;
Fig. 3 is the schematic flow sheet that the present invention pays cipher key calculation method the 2nd embodiment;
Fig. 4 is the high-level schematic functional block diagram that the present invention pays cipher key calculation device first embodiment;
Fig. 5 is a kind of high-level schematic functional block diagram of the first calculating module in the embodiment of the present invention;
Fig. 6 is the high-level schematic functional block diagram that the present invention pays cipher key calculation device the 2nd embodiment.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
It is to be understood that specific embodiment described herein is only in order to explain the present invention, it is not intended to limit the present invention.
The present invention provides a kind of and pays cipher key calculation method.
Reference Fig. 1, Fig. 1 are the schematic flow sheet that the present invention pays cipher key calculation method first embodiment.
In the present embodiment, described payment cipher key calculation method comprises:
Step S10, receives the terminal first equipment information paying application software in terminal and sending, is described terminal configuration identifier according to described terminal first equipment information;
Terminal is downloaded payment application software by its user in application fairground and is installed described payment application software, when after described payment application software successful installation, described terminal is scanned by described payment application software, gather described terminal first equipment information, and described first equipment information is sent in background server. Wherein, described first equipment information but be not limited to international mobile equipment mark, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application installation list etc. Described international mobile equipment mark IMEI (InternationalMobileEquipmentIdentity) is made up of 15 bit digital, each mobile equipment has unique international mobile equipment mark, and international mobile equipment mark is that the whole world is unique; Described international mobile subscriber identity IMSI (InternationalMobileSubscriberIdentity) has 15 codings, with SIM (SubscriberIdentityModule, subscriber identification card) block or USIM (UniversalSubscriberIdentityModule, Global Subscriber identification card) card correspondence; Described hardware address, namely, there are 6 byte lengths MAC (MediaAccessControl, media interviews control) address, represent the identifier of each main frame on internet.
After described payment application software collects described terminal first equipment information, described terminal first equipment information is sent to background server. After described background server receives described terminal first equipment information, described background server is the unique identifier of described terminal configuration.Further, when described terminal detects the operational order that described user opens high in the clouds payment account by application interface to credit card issuer application, described terminal points out described user to input authentication information on described application interface. After described terminal receives the authentication information of described user input, described authentication information is sent to background server, the application of described user is carried out venture analysis according to the described authentication information received by described background server, obtain analytical results, and according to described analytical results, the application of described user is carried out classification, directly by the application of risk reduction user, application for risk high user then needs further identity verification information, and the application for the very high user of risk is then directly refused.
Step S20, is sent to described payment application software by described identifier, and is bound by the payment account in described identifier and described payment application software;
After described background server is the unique identifier of described terminal configuration, the payment application software that described identifier is sent in described terminal by described background server, and by the payment account binding of described identifier and described user application, after described identifier and described payment account are bound, described payment account is managed by described background server according to described identifier, only when the identifier of described terminal is consistent with the identifier that described payment account is bound, described user just can perform to download the data of corresponding Payment Card in described payment application software, download transactions voucher, carry out the operations such as payment transaction. after the payment application software in described terminal receives the identifier that described background server sends, described identifier is encrypted by described payment application software. and the identifier after encryption is stored in described terminal.
Step S30, if detecting the renewal instruction upgrading parameter in described payment application software, then obtains and calculates the first restriction key desired parameters, according to described parameter, calculates described first restriction key by encryption algorithm;
Step S40, described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculate the 2nd restriction key by described encryption algorithm.
When detecting the renewal instruction upgrading parameter in described payment application software when described background server, as user as described in detecting as described in payment application software carries out the operational order that pays, or when detecting the instruction such as account and/or password that described user changes described payment account, described background server obtains and calculates the first restriction key desired parameters, and according to described parameter, encrypt algorithm by 3DES (tripleDataEncryptionStandard) and calculate the first restriction key. Wherein, described restriction key is in the payment process of high in the clouds, downloads to restricted use number of times and the key information having use validity period described terminal from described background server, for calculating application cryptogram information in the payment process of described high in the clouds. The payment application software that the described first restriction key calculating gained is sent in described terminal by described background server. After the payment application software in described terminal receives the described first restriction key that described background server sends, and detect described user and use when carrying out the operational order paid, identifier and described first according to its described terminal stored limits key, encrypts algorithm by described 3DES and calculates the 2nd corresponding restriction key.Further, after described payment application software calculates described 2nd restriction key, obtain the transaction data in application transaction counter in Payment Card, the span of described application transaction counter is 0000~FFFF (maximum value is 65535), after bank is the Payment Card write personal data that it is issued, the initial value of the application transaction counter of described Payment Card is 0000, when described user often uses described payment card transaction one time, the numerical value in described application transaction counter just correspondingly increases by 1. Described payment application software, according to the transaction data in described application transaction counter and described 2nd restriction key, is encrypted algorithm by described 3DES and is calculated an interim key. When described payment application software obtains described interim key, obtain the transaction data of corresponding payment account, according to the transaction data of described payment account and described interim key, encrypt algorithm by described 3DES and calculate corresponding application cryptogram. After described payment application software obtains described application cryptogram, described application cryptogram is sent to described background server. After described background server receives described application cryptogram, described application cryptogram is verified, to complete this time transaction.
The present embodiment is described terminal configuration identifier by the equipment information according to terminal, described identifier is sent to payment application software, and the payment account in described identifier and described payment application software is bound, in payment process, when described payment application software receives the first restriction key that backstage sends, obtain the 2nd restriction key according to described identifier and described first restriction cipher key calculation. Even if after achieving the 2nd restriction key loss; owing to the identifier of each terminal is different; other users also cannot use described 2nd restriction key to carry out delivery operation in other terminal, and the risk used in other terminal after preventing restriction key to reveal, protects the safety of user's fund.
With reference to Fig. 2, if Fig. 2 is the renewal instruction detecting in the embodiment of the present invention and upgrading parameter in described payment application software, then obtain and calculate the first restriction key desired parameters, according to described parameter, calculated a kind of schematic flow sheet of described first restriction key by encryption algorithm.
In the present embodiment, described step S30 comprises:
Step S31, if detecting the renewal instruction upgrading parameter in described payment application software, then obtains main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculates in described first restriction cipher key processes the randomized number distributed;
Step S32, according to the main key of described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculates the card key of described Payment Card by encryption algorithm;
Step S33, according to the card key of described Payment Card, described time parameter and described randomized number, calculates described first restriction key by described encryption algorithm.
When described background server detects the renewal instruction that described user upgrades parameter in described payment application software, described background server obtains main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculates in described first restriction cipher key processes the randomized number distributed. Described current time parameter is that described user uses described payment application software to carry out the time concluded the business. Described background server, according to the main key of described credit card issuer, described Payment Card card number and described Payment Card card sequence number, encrypts, by described 3DES, the card key that algorithm calculates described Payment Card.When described background server calculates the card key of described Payment Card, described background server, according to the card key of described Payment Card, described time parameter and described randomized number, is encrypted algorithm by described 3DES and is calculated described first restriction key.
It is the schematic flow sheet that the present invention pays cipher key calculation method the 2nd embodiment with reference to Fig. 3, Fig. 3, pays cipher key calculation method first embodiment based on the present invention and propose the present invention and pay cipher key calculation method the 2nd embodiment.
In the present embodiment, described payment cipher key calculation method also comprises:
Step S50 is that described identifier sets up fisrt feature vector according to described terminal first equipment information;
When described background server obtains unique identifier of described terminal, described terminal first equipment information is carried out standardization by described background server. owing to the manifestation of some information in described terminal first equipment information is inconsistent, lack of standardization, it is thus desirable to described terminal first equipment information is carried out standardization, described terminal first equipment information is represented with the form specified. described background server using the described terminal first equipment information after standardization that carries out as fisrt feature vector corresponding to the unique identifier of described terminal. further, when described terminal is performed the operation of the described payment application software of deletion by described user, when causing the unique identifier stored in described terminal to be deleted, when described user reuse described terminal downloads described payment application software is installed time, described background server obtains the proper vector of the payment application software reinstalled, calculate described terminal proper vector and delete before proper vector between similarity, the identifier of described terminal is recovered according to described similarity, when described similarity is greater than certain numerical value, recover the identifier of described terminal, when described similarity is less than or equal to described similarity, again obtain the identifier of described terminal.
Step S60, it is determined that the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
Step S70, if the instruction detected is the supervisory instruction to payment account in described payment application software, then receives terminal the 2nd equipment information that described payment application software sends;
Step S80, sets up second feature vector according to the identifier that described terminal the 2nd equipment information is described terminal;
It is the renewal instruction that described user upgrades parameter in described payment application software that described background server determines to detect the operational order of described user, or described user is to the supervisory instruction of payment account in described payment application software. When described operational order be described user to described payment application software in the supervisory instruction of payment account time, such as the state or download transactions voucher etc. of payment account as described in changing, payment application software in described terminal gathers described terminal the 2nd equipment information, and described terminal the 2nd equipment information is sent to described background server. Described background server receives described terminal the 2nd equipment information that described payment application software sends, and sets up second feature vector according to the identifier that described terminal the 2nd equipment information is described terminal. Described 2nd equipment information but be not limited to international mobile equipment mark, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application installation list.
Step S90, if the similarity between described fisrt feature vector and described second feature vector is greater than default similarity, then judges that the described supervisory instruction to described payment account is as the instruction that can perform.
When similarity between described fisrt feature vector and described second feature vector is greater than default similarity, described background server judges that described user is to the operational order of the operational order of payment account in described payment application software as safety. Described default similarity can be set to 85%, 90% or 95%, as when as described in default similarity be 90% time, when described fisrt feature vector and described second feature vector between similarity be greater than 90% time. Described background server judges described user to the supervisory instruction of described payment account as the instruction that can perform.
Further, described payment cipher key calculation method also comprises:
Calculate the similarity between second feature vector described in described fisrt feature vector sum;
Judge whether described similarity is greater than described default similarity;
If described similarity is less than or equal to described default similarity, then judge that the described supervisory instruction to described payment account exists risk.
Further, described background server calculates described in described fisrt feature vector sum the similarity between second feature vector, whether the similarity judged described in described fisrt feature vector sum between second feature vector is greater than described default similarity, when similarity between second feature vector described in described fisrt feature vector sum is less than or equal to described default similarity, described background server judges that the supervisory instruction of described payment account is existed risk by described user.
According to the similarity between proper vector, the present embodiment is by judging that user is to the enforceability of the supervisory instruction of payment account in described payment application software, it is to increase the security that high in the clouds pays.
The present invention further provides a kind of payment cipher key calculation device.
Reference Fig. 4, Fig. 4 are the high-level schematic functional block diagram that the present invention pays cipher key calculation device first embodiment.
In the present embodiment, described payment cipher key calculation device comprises:
Configuration module 10, for receiving the terminal first equipment information paying application software in terminal and sending, is described terminal configuration identifier according to described terminal first equipment information;
Terminal is downloaded payment application software by its user in application fairground and is installed described payment application software, when after described payment application software successful installation, described terminal is scanned by described payment application software, gather described terminal first equipment information, and described first equipment information is sent in background server. Wherein, described first equipment information but be not limited to international mobile equipment mark, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application installation list etc. Described international mobile equipment mark IMEI (InternationalMobileEquipmentIdentity) is made up of 15 bit digital, each mobile equipment has unique international mobile equipment mark, and international mobile equipment mark is that the whole world is unique; Described international mobile subscriber identity IMSI (InternationalMobileSubscriberIdentity) has 15 codings, with SIM (SubscriberIdentityModule, subscriber identification card) block or USIM (UniversalSubscriberIdentityModule, Global Subscriber identification card) card correspondence;Described hardware address, namely, there are 6 byte lengths MAC (MediaAccessControl, media interviews control) address, represent the identifier of each main frame on internet.
After described payment application software collects described terminal first equipment information, described terminal first equipment information is sent to background server. After described background server receives described terminal first equipment information, described background server is the unique identifier of described terminal configuration. Further, when described terminal detects the operational order that described user opens high in the clouds payment account by application interface to credit card issuer application, described terminal points out described user to input authentication information on described application interface. After described terminal receives the authentication information of described user input, described authentication information is sent to background server, the application of described user is carried out venture analysis according to the described authentication information received by described background server, obtain analytical results, and according to described analytical results, the application of described user is carried out classification, directly by the application of risk reduction user, application for risk high user then needs further identity verification information, and the application for the very high user of risk is then directly refused.
First sending module 20, for described identifier is sent to described payment application software, and binds the payment account in described identifier and described payment application software;
After described background server is the unique identifier of described terminal configuration, the payment application software that described identifier is sent in described terminal by described background server, and by the payment account binding of described identifier and described user application, after described identifier and described payment account are bound, described payment account is managed by described background server according to described identifier, only when the identifier of described terminal is consistent with the identifier that described payment account is bound, described user just can perform to download the data of corresponding Payment Card in described payment application software, download transactions voucher, carry out the operations such as payment transaction. after the payment application software in described terminal receives the identifier that described background server sends, described identifier is encrypted by described payment application software. and the identifier after encryption is stored in described terminal.
First calculating module 30, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtains and calculates the first restriction key desired parameters, according to described parameter, calculates described first restriction key by encryption algorithm;
2nd sending module 40, for described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculate the 2nd restriction key by described encryption algorithm.
When detecting the renewal instruction upgrading parameter in described payment application software when described background server, as user as described in detecting as described in payment application software carries out the operational order that pays, or when detecting the instruction such as account and/or password that described user changes described payment account, described background server obtains and calculates the first restriction key desired parameters, and according to described parameter, encrypt algorithm by 3DES (tripleDataEncryptionStandard) and calculate the first restriction key. Wherein, described restriction key is in the payment process of high in the clouds, downloads to restricted use number of times and the key information having use validity period described terminal from described background server, for calculating application cryptogram information in the payment process of described high in the clouds. The payment application software that the described first restriction key calculating gained is sent in described terminal by described background server. After the payment application software in described terminal receives the described first restriction key that described background server sends, and detect described user and use when carrying out the operational order paid, identifier and described first according to its described terminal stored limits key, encrypts algorithm by described 3DES and calculates the 2nd corresponding restriction key.Further, after described payment application software calculates described 2nd restriction key, obtain the transaction data in application transaction counter in Payment Card, the span of described application transaction counter is 0000~FFFF (maximum value is 65535), after bank is the Payment Card write personal data that it is issued, the initial value of the application transaction counter of described Payment Card is 0000, when described user often uses described payment card transaction one time, the numerical value in described application transaction counter just correspondingly increases by 1. Described payment application software, according to the transaction data in described application transaction counter and described 2nd restriction key, is encrypted algorithm by described 3DES and is calculated an interim key. When described payment application software obtains described interim key, obtain the transaction data of corresponding payment account, according to the transaction data of described payment account and described interim key, encrypt algorithm by described 3DES and calculate corresponding application cryptogram. After described payment application software obtains described application cryptogram, described application cryptogram is sent to described background server. After described background server receives described application cryptogram, described application cryptogram is verified, to complete this time transaction.
The present embodiment is described terminal configuration identifier by the equipment information according to terminal, described identifier is sent to payment application software, and the payment account in described identifier and described payment application software is bound, in payment process, when described payment application software receives the first restriction key that backstage sends, obtain the 2nd restriction key according to described identifier and described first restriction cipher key calculation. Even if after achieving the 2nd restriction key loss; owing to the identifier of each terminal is different; other users also cannot use described 2nd restriction key to carry out delivery operation in other terminal, and the risk used in other terminal after preventing restriction key to reveal, protects the safety of user's fund.
With reference to a kind of high-level schematic functional block diagram that Fig. 5, Fig. 5 are the first calculating module in the embodiment of the present invention.
In the present embodiment, described first calculating module 30 comprises:
Acquiring unit 31, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtain main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculate in described first restriction cipher key processes the randomized number distributed;
First calculating unit 32, for the main key according to described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculates the card key of described Payment Card by encryption algorithm;
2nd calculating unit 33, for the card key according to described Payment Card, described time parameter and described randomized number, calculates described first restriction key by described encryption algorithm.
When described background server detects the renewal instruction that described user upgrades parameter in described payment application software, described background server obtains main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculates in described first restriction cipher key processes the randomized number distributed. Described background server, according to the main key of described credit card issuer, described Payment Card card number and described Payment Card card sequence number, encrypts, by described 3DES, the card key that algorithm calculates described Payment Card. When described background server calculates the card key of described Payment Card, described background server, according to the card key of described Payment Card, described time parameter and described randomized number, is encrypted algorithm by described 3DES and is calculated described first restriction key.
It is the high-level schematic functional block diagram that the present invention pays cipher key calculation device the 2nd embodiment with reference to Fig. 6, Fig. 6, pays cipher key calculation device first embodiment based on the present invention and propose the present invention and pay cipher key calculation device the 2nd embodiment.
In the present embodiment, described payment cipher key calculation device comprises:
First sets up module 50, for being that described identifier sets up fisrt feature vector according to described terminal first equipment information;
When described background server obtains unique identifier of described terminal, described terminal first equipment information is carried out standardization by described background server. owing to the manifestation of some information in described terminal first equipment information is inconsistent, lack of standardization, it is thus desirable to described terminal first equipment information is carried out standardization, described terminal first equipment information is represented with the form specified. described background server using the described terminal first equipment information after standardization that carries out as fisrt feature vector corresponding to the unique identifier of described terminal. further, when described terminal is performed the operation of the described payment application software of deletion by described user, when causing the unique identifier stored in described terminal to be deleted, when described user reuse described terminal downloads described payment application software is installed time, described background server obtains the proper vector of the payment application software reinstalled, calculate described terminal proper vector and delete before proper vector between similarity, the identifier of described terminal is recovered according to described similarity, when described similarity is greater than certain numerical value, recover the identifier of described terminal, when described similarity is less than or equal to described similarity, again obtain the identifier of described terminal.
Determination module 60, for determine the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
Receiver module 70, if the instruction for detecting is the supervisory instruction to payment account in described payment application software, then receives terminal the 2nd equipment information that described payment application software sends;
2nd sets up module 80, for be described terminal according to described terminal the 2nd equipment information identifier set up second feature vector;
It is the renewal instruction that described user upgrades parameter in described payment application software that described background server determines to detect the operational order of described user, or described user is to the supervisory instruction of payment account in described payment application software. When described operational order be described user to described payment application software in the supervisory instruction of payment account time, such as the state or download transactions voucher etc. of payment account as described in changing, payment application software in described terminal gathers described terminal the 2nd equipment information, and described terminal the 2nd equipment information is sent to described background server. Described background server receives described terminal the 2nd equipment information that described payment application software sends, and sets up second feature vector according to the identifier that described terminal the 2nd equipment information is described terminal. Described 2nd equipment information but be not limited to international mobile equipment mark, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application installation list.
Determination module 90, if being greater than default similarity for the similarity between described fisrt feature vector and described second feature vector, then judges that the described supervisory instruction to described payment account is as the instruction that can perform.
When similarity between described fisrt feature vector and described second feature vector is greater than default similarity, described background server judges that described user is to the operational order of the operational order of payment account in described payment application software as safety. Described default similarity can be set to 85%, 90% or 95%, as when as described in default similarity be 90% time, when described fisrt feature vector and described second feature vector between similarity be greater than 90% time. Described background server judges described user to the supervisory instruction of described payment account as performing instruction.
Further, described payment cipher key calculation device also comprises:
2nd calculating module, for the similarity calculated described in described fisrt feature vector sum between second feature vector;
Judge module, also for judging whether described similarity is greater than described default similarity;
Described determination module 90, if being also less than or equal to described default similarity for described similarity, then judges that the described supervisory instruction to described payment account exists risk.
Further, described background server calculates described in described fisrt feature vector sum the similarity between second feature vector, whether the similarity judged described in described fisrt feature vector sum between second feature vector is greater than described default similarity, when similarity between second feature vector described in described fisrt feature vector sum is less than or equal to described default similarity, described background server judges that the supervisory instruction of described payment account is existed risk by described user.
According to the similarity between proper vector, the present embodiment is by judging that user is to the enforceability of the supervisory instruction of payment account in described payment application software, it is to increase the security that high in the clouds pays.
Through the above description of the embodiments, the technician of this area can be well understood to above-described embodiment method and can realize by the mode that software adds required general hardware platform, hardware can certainly be passed through, but in a lot of situation, the former is better enforcement mode. Based on such understanding, the technical scheme of the present invention in essence or says that part prior art contributed can embody with the form of software product, this computer software product is stored in a storage media (such as ROM/RAM, magnetic disc, CD), comprise some instructions with so that a station terminal equipment (can be mobile phone, computer, server, conditioner, or the network equipment etc.) perform the method described in each embodiment of the present invention.
These are only the preferred embodiments of the present invention; not thereby the patent scope of the present invention is limited; every utilize specification sheets of the present invention and accompanying drawing content to do equivalent structure or equivalence flow process conversion; or directly or indirectly it is used in other relevant technical fields, all it is included in the scope of patent protection of the present invention with reason.

Claims (10)

1. one kind pays cipher key calculation method, it is characterised in that, described payment cipher key calculation method comprises the following steps:
Receive the terminal first equipment information paying application software in terminal and sending, it is described terminal configuration identifier according to described terminal first equipment information;
Described identifier is sent to described payment application software, and the payment account in described identifier and described payment application software is bound;
If detecting the renewal instruction upgrading parameter in described payment application software, then obtain and calculate the first restriction key desired parameters, according to described parameter, calculate described first restriction key by encryption algorithm;
Described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculates the 2nd restriction key by described encryption algorithm.
2. payment cipher key calculation method as claimed in claim 1, it is characterised in that, described reception terminal pays the terminal first equipment information that application software sends, after according to described terminal first equipment information being the step of described terminal configuration identifier, also comprises:
It is that described identifier sets up fisrt feature vector according to described terminal first equipment information;
Described described identifier is sent to described payment application software, and after the step of the payment account binding in described identifier and described payment application software, also will comprise:
Determine the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
If the instruction detected is the supervisory instruction to payment account in described payment application software, then receive terminal the 2nd equipment information that described payment application software sends;
Second feature vector is set up according to the identifier that described terminal the 2nd equipment information is described terminal;
If the similarity between described fisrt feature vector and described second feature vector is greater than default similarity, then judge that the described supervisory instruction to described payment account is as the instruction that can perform.
3. as claimed in claim 2 pay cipher key calculation method, it is characterised in that, described be described terminal according to described terminal the 2nd equipment information identifier set up second feature vector step after, also comprise:
Calculate the similarity between second feature vector described in described fisrt feature vector sum;
Judge whether described similarity is greater than described default similarity;
If described similarity is less than or equal to described default similarity, then judge that the described supervisory instruction to described payment account exists risk.
4. payment cipher key calculation method as claimed in claim 1, it is characterized in that, if the renewal instruction upgrading parameter in described payment application software is detected described, then obtain and calculate the first restriction key desired parameters, according to described parameter, the step being calculated described first restriction key by encryption algorithm is comprised:
If detecting the renewal instruction upgrading parameter in described payment application software, then obtain main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculate in described first restriction cipher key processes the randomized number distributed;
Main key according to described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculate the card key of described Payment Card by encryption algorithm;
Card key according to described Payment Card, described time parameter and described randomized number, calculate described first restriction key by described encryption algorithm.
5. payment cipher key calculation method as described in item as arbitrary in Claims 1-4, it is characterized in that, list is installed in the international mobile equipment mark of described equipment information, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application.
6. one kind pays cipher key calculation device, it is characterised in that, described payment cipher key calculation device comprises:
Configuration module, for receiving the terminal first equipment information paying application software in terminal and sending, is described terminal configuration identifier according to described terminal first equipment information;
First sending module, for described identifier is sent to described payment application software, and binds the payment account in described identifier and described payment application software;
First calculating module, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtains and calculates the first restriction key desired parameters, according to described parameter, calculates described first restriction key by encryption algorithm;
2nd sending module, for described first restriction key is sent to described payment application software, when detecting, for described payment application software, the operational order carrying out paying, according to described identifier and described first restriction key, calculate the 2nd restriction key by described encryption algorithm.
7. payment cipher key calculation device as claimed in claim 6, it is characterised in that, described payment cipher key calculation device also comprises:
First sets up module, for being that described identifier sets up fisrt feature vector according to described terminal first equipment information;
Determination module, for determine the instruction detected be upgrade parameter in described payment application software renewal instruction or to the supervisory instruction of payment account in described payment application software;
Receiver module, if the instruction for detecting is the supervisory instruction to payment account in described payment application software, then receives terminal the 2nd equipment information that described payment application software sends;
2nd sets up module, for be described terminal according to described terminal the 2nd equipment information identifier set up second feature vector;
Determination module, if being greater than default similarity for the similarity between described fisrt feature vector and described second feature vector, then judges that the described supervisory instruction to described payment account is as the instruction that can perform.
8. payment cipher key calculation device as claimed in claim 7, it is characterised in that, described payment cipher key calculation device also comprises:
2nd calculating module, for the similarity calculated described in described fisrt feature vector sum between second feature vector;
Judge module, also for judging whether described similarity is greater than described default similarity;
Described determination module, if being also less than or equal to described default similarity for described similarity, then judges that the described supervisory instruction to described payment account exists risk.
9. payment cipher key calculation device as claimed in claim 6, it is characterised in that, described first calculating module comprises:
Acquiring unit, if the renewal instruction upgrading parameter in described payment application software for detecting, then obtain main key, Payment Card card number, Payment Card card sequence number, the current time parameter of credit card issuer and calculate in described first restriction cipher key processes the randomized number distributed;
First calculating unit, for the main key according to described credit card issuer, described Payment Card card number and described Payment Card card sequence number, calculates the card key of described Payment Card by encryption algorithm;
2nd calculating unit, for the card key according to described Payment Card, described time parameter and described randomized number, calculates described first restriction key by described encryption algorithm.
10. payment cipher key calculation device as described in item as arbitrary in claim 6 to 9, it is characterized in that, list is installed in the international mobile equipment mark of described equipment information, international mobile subscriber identity, hardware address, described terminating unit model, Internet protocol address, WiFi list, central processing unit information, internal memory information, screen resolving power and application.
CN201511030922.8A 2015-12-31 2015-12-31 Pay cipher key calculation method and apparatus Active CN105678543B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511030922.8A CN105678543B (en) 2015-12-31 2015-12-31 Pay cipher key calculation method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511030922.8A CN105678543B (en) 2015-12-31 2015-12-31 Pay cipher key calculation method and apparatus

Publications (2)

Publication Number Publication Date
CN105678543A true CN105678543A (en) 2016-06-15
CN105678543B CN105678543B (en) 2019-11-29

Family

ID=56298377

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511030922.8A Active CN105678543B (en) 2015-12-31 2015-12-31 Pay cipher key calculation method and apparatus

Country Status (1)

Country Link
CN (1) CN105678543B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357663A (en) * 2016-09-30 2017-01-25 中国银联股份有限公司 Data encryption method for host card emulation (HCE) mode
CN109754511A (en) * 2019-01-14 2019-05-14 深圳前海微众银行股份有限公司 Shopping cart equipment firmware update method, system, platform, gateway and storage medium
CN117314430A (en) * 2023-11-22 2023-12-29 山东同其万疆科技创新有限公司 Payment data monitoring method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841416A (en) * 2009-12-31 2010-09-22 北京握奇数据系统有限公司 Method, device and system for realizing mobile phone bank
CN102402746A (en) * 2010-09-09 2012-04-04 深圳市财付通科技有限公司 Method, device and system for mobile payment safety validation
CN103400269A (en) * 2013-07-24 2013-11-20 江苏晓山信息产业股份有限公司 Smart community home gateway-based safety payment method
CN104504567A (en) * 2014-12-23 2015-04-08 城联数据有限公司 Recharge method and device of micro-payment card
CN104753675A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Information verification method, and electronic payment method, terminal, server and system
CN105046486A (en) * 2015-07-17 2015-11-11 百度在线网络技术(北京)有限公司 NFC-based mobile payment method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841416A (en) * 2009-12-31 2010-09-22 北京握奇数据系统有限公司 Method, device and system for realizing mobile phone bank
CN102402746A (en) * 2010-09-09 2012-04-04 深圳市财付通科技有限公司 Method, device and system for mobile payment safety validation
CN103400269A (en) * 2013-07-24 2013-11-20 江苏晓山信息产业股份有限公司 Smart community home gateway-based safety payment method
CN104753675A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Information verification method, and electronic payment method, terminal, server and system
CN104504567A (en) * 2014-12-23 2015-04-08 城联数据有限公司 Recharge method and device of micro-payment card
CN105046486A (en) * 2015-07-17 2015-11-11 百度在线网络技术(北京)有限公司 NFC-based mobile payment method and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106357663A (en) * 2016-09-30 2017-01-25 中国银联股份有限公司 Data encryption method for host card emulation (HCE) mode
WO2018059262A1 (en) * 2016-09-30 2018-04-05 中国银联股份有限公司 Data encryption method for hce mode
TWI774695B (en) * 2016-09-30 2022-08-21 大陸商中國銀聯股份有限公司 Data encryption method for host card emulation (HCE)
CN109754511A (en) * 2019-01-14 2019-05-14 深圳前海微众银行股份有限公司 Shopping cart equipment firmware update method, system, platform, gateway and storage medium
CN109754511B (en) * 2019-01-14 2021-05-14 深圳前海微众银行股份有限公司 Shopping cart equipment firmware updating method, system, platform, gateway and storage medium
CN117314430A (en) * 2023-11-22 2023-12-29 山东同其万疆科技创新有限公司 Payment data monitoring method
CN117314430B (en) * 2023-11-22 2024-03-01 山东同其万疆科技创新有限公司 Payment data monitoring method

Also Published As

Publication number Publication date
CN105678543B (en) 2019-11-29

Similar Documents

Publication Publication Date Title
EP2919497B1 (en) Soft sim card activating method and network-joining method and terminal, and network access device
EP2905715B1 (en) Method, system and terminal for encrypting/decrypting application program on communication terminal
CN110232568B (en) Mobile payment method, mobile payment device, computer equipment and readable storage medium
EP2861002B1 (en) Virtual user identification data distributing method and obtaining method, and devices
US20070186115A1 (en) Dynamic Password Authentication System and Method thereof
EP2696531B1 (en) Initialization of embedded secure elements
CN104601327A (en) Safe verification method, relative apparatus and system
CN108476223B (en) Method and apparatus for SIM-based authentication of non-SIM devices
CN102056077B (en) Method and device for applying smart card by key
CN102859966A (en) Wireless network authentication apparatus and methods
WO2013008048A1 (en) Method and apparatus for provisioning network access credentials
CN103095457A (en) Login and verification method for application program
CN104618314A (en) Method, device and system for password reset
CN104268756A (en) Mobile payment method and system
CN108228211B (en) Smart card, and method and system for safely updating data of smart card
CN103905194A (en) Identity traceability authentication method and system
CN104363589A (en) Identity authentication method, device and terminal
AU2015230197A1 (en) Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal
CN112448930A (en) Account registration method, device, server and computer readable storage medium
CN105678543A (en) Payment secret key calculating method and device
CN111404706A (en) Application downloading method, secure element, client device and service management device
CN109981585B (en) Business handling method and equipment
CN103095735B (en) The method of data message, mobile terminal, Cloud Server and system in reading SIM card
CN105743651A (en) Method and apparatus for utilizing card application in chip security domain, and application terminal
CN103475661A (en) Method and system for safely obtaining authentication programs

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant