CN105678543B - Pay cipher key calculation method and apparatus - Google Patents
Pay cipher key calculation method and apparatus Download PDFInfo
- Publication number
- CN105678543B CN105678543B CN201511030922.8A CN201511030922A CN105678543B CN 105678543 B CN105678543 B CN 105678543B CN 201511030922 A CN201511030922 A CN 201511030922A CN 105678543 B CN105678543 B CN 105678543B
- Authority
- CN
- China
- Prior art keywords
- payment
- terminal
- application software
- key
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004364 calculation method Methods 0.000 title claims abstract description 48
- 238000000034 method Methods 0.000 claims abstract description 22
- 239000013598 vector Substances 0.000 claims description 41
- 238000009434 installation Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 206010048669 Terminal state Diseases 0.000 claims description 3
- 241000208340 Araliaceae Species 0.000 claims 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 claims 1
- 235000003140 Panax quinquefolius Nutrition 0.000 claims 1
- 230000005540 biological transmission Effects 0.000 claims 1
- 235000008434 ginseng Nutrition 0.000 claims 1
- 238000007726 management method Methods 0.000 description 27
- 238000010586 diagram Methods 0.000 description 12
- 238000004458 analytical method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013478 data encryption standard Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012502 risk assessment Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 description 1
- 239000010931 gold Substances 0.000 description 1
- 229910052737 gold Inorganic materials 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1011—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2153—Using hardware token as a secondary aspect
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of payment cipher key calculation method and apparatus, and the method comprising the steps of: receiving the first facility information of terminal that payment application software is sent in terminal, be the terminal configuring identifier according to first facility information;The identifier is sent to the payment application software, and the payment account in the identifier and the payment application software is bound;If detecting the more new command for updating parameter in the payment application software, the first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for obtaining calculating the first limitation key;The first limitation key is sent to the payment application software, when detecting the operational order paid for the payment application software, according to the identifier and the first limitation key, the second limitation key is calculated by the Encryption Algorithm.The present invention prevents the risk used after limitation Key Exposure in other terminals.
Description
Technical field
The present invention relates to terminal payment technical field more particularly to a kind of payment cipher key calculation method and apparatus.
Background technique
With the fast development of terminal, and the convenience carried, more and more users carry out delivery operation at the terminal.
But due to the opening of terminal computing resource, currently based on HCE (host-based cardemulation, Intrusion Detection based on host
Card mold is quasi-) NFC (Near Field Communication, the short distance wireless communication technology) the payment application realized of technology faces
Very big security risk.Usually using the security risk of NFC payment is reduced in conjunction with cloud payment, payment process beyond the clouds
In, having mostly used limitation cipher key technique, i.e. the corresponding card master key of cloud payment account is placed on cloud payment back-stage management, and
The application cryptogram for calculating transaction being stored in user terminal payment application software is by card master key according to some points
Scattered Factor minute sheds the limitation key come, these limitation keys restriction access times or validity period, can reduce key and be leaked
Risk of loss caused by afterwards.
But at present in existing limitation cipher key calculation method, do not tie up and using the terminal device foundation of the key
Determine relationship, this there is after limitation key is leaked in the terminal, can be propped up in other terminals using the limitation key
Operation is paid, user's monetary losses are caused.
Summary of the invention
The main purpose of the present invention is to provide a kind of payment cipher key calculation method and apparatus, it is intended to solve in the prior art
After limitation key is leaked in the terminal, delivery operation can be carried out using the limitation key in other terminals, user is caused to provide
The technical issues of gold loss.
To achieve the above object, the present invention provides a kind of payment cipher key calculation method, comprising steps of
The first facility information of terminal that payment application software is sent in terminal is received, according to first facility information of terminal
For the terminal configuring identifier;
The identifier is sent to the payment application software, and will be in the identifier and the payment application software
Payment account binding;
If detecting the more new command for updating parameter in the payment application software, the first limitation of calculating key institute is obtained
Parameter is needed, according to the parameter, the first limitation key is calculated by Encryption Algorithm;
By it is described first limitation key be sent to the payment application software, for the payment application software detect into
When the operational order of row payment, according to the identifier and the first limitation key, it is calculated by the Encryption Algorithm
Second limitation key.
Preferably, described to receive the first facility information of terminal that payment application software is sent in terminal, according to the terminal
After the step of first facility information is the terminal configuring identifier, further includes:
It is that the identifier establishes first eigenvector according to first facility information of terminal;
It is described that the identifier is sent to the payment application software and the identifier and payment application is soft
After the step of payment account in part is bound, further includes:
Determine that the instruction that detects is to update in the payment application software the more new command of parameter or to the payment
The management instruction of payment account in application software;
If the instruction detected is to receive the payment to the management instruction of payment account in the payment application software
The second facility information of terminal that application software is sent;
Second feature vector is established according to the identifier that second facility information of terminal is the terminal;
If the similarity between the first eigenvector and the second feature vector is greater than default similarity, determine
The management instruction to the payment account is executable instruction.
Preferably, described that second feature vector is established according to the identifier that second facility information of terminal is the terminal
The step of after, further includes:
Calculate the similarity between the first eigenvector and the second feature vector;
Judge whether the similarity is greater than the default similarity;
If the similarity is less than or equal to the default similarity, the management to the payment account is determined
There are risks for instruction.
Preferably, if described detect the more new command for updating parameter in the payment application software, calculating the is obtained
Parameter needed for one limitation key, according to the parameter, the step of the first limitation key is calculated by Encryption Algorithm packet
It includes:
If detecting the more new command for updating parameter in the payment application software, master key, the branch of credit card issuer are obtained
Pay card card number, Payment Card card sequence number, current time parameter and calculate it is described first limitation cipher key processes in distribute it is random
Number;
According to the master key of the credit card issuer, the Payment Card card number and the Payment Card card sequence number, calculated by encryption
The card key of the Payment Card is calculated in method;
According to the card key of the Payment Card, the time parameter and the random number, pass through the Encryption Algorithm meter
Calculation obtains the first limitation key.
Preferably, the facility information include International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address,
The terminal device model, Internet protocol address, WiFi list, central processing unit information, memory information, screen resolution and
Using installation list.
In addition, to achieve the above object, the present invention also provides a kind of payment cipher key calculation device, described device includes:
Configuration module, for receiving the first facility information of terminal for paying application software in terminal and sending, according to the end
Holding the first facility information is the terminal configuring identifier;
First sending module, for the identifier to be sent to the payment application software, and by the identifier with
Payment account binding in the payment application software;
First computing module, if being obtained for detecting the more new command for updating parameter in the payment application software
The first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for calculating the first limitation key;
Second sending module, for the first limitation key to be sent to the payment application software, for the branch
Application software is paid when detecting the operational order paid, according to the identifier and the first limitation key, passes through institute
It states Encryption Algorithm and the second limitation key is calculated.
Preferably, the payment cipher key calculation device further include:
First establishes module, for according to first facility information of terminal be the identifier establish fisrt feature to
Amount;
Determining module, for determining that the instruction detected is to update the more new command for paying parameter in application software also
It is the management instruction to payment account in the payment application software;
Receiving module, if the instruction for detecting is the management instruction to payment account in the payment application software,
Then receive the second facility information of terminal that the payment application software is sent;
Second establishes module, for establishing the second spy according to the identifier that second facility information of terminal is the terminal
Levy vector;
Determination module, if being greater than for the similarity between the first eigenvector and the second feature vector default
Similarity then determines that the management instruction to the payment account is executable instruction.
Preferably, the payment cipher key calculation device further include:
Second computing module, for calculating the similarity between the first eigenvector and the second feature vector;
Judgment module, is also used to judge whether the similarity is greater than the default similarity;
The determination module, if being also used to the similarity less than or equal to the default similarity, determine described in
To the management of payment account instruction, there are risks.
Preferably, first computing module includes:
Acquiring unit, if obtaining hair fastener for detecting the more new command for updating parameter in the payment application software
Capable master key, Payment Card card number, Payment Card card sequence number, current time parameter and calculating the first limitation cipher key processes
The random number of middle distribution;
First computing unit, for the master key, the Payment Card card number and the Payment Card card according to the credit card issuer
The card key of the Payment Card is calculated by Encryption Algorithm for sequence number;
Second computing unit, for leading to according to the card key of the Payment Card, the time parameter and the random number
It crosses the Encryption Algorithm and the first limitation key is calculated.
Preferably, the facility information include International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address,
The terminal device model, Internet protocol address, WiFi list, central processing unit information, memory information, screen resolution and
Using installation list.
The identifier is sent to branch by being the terminal configuring identifier according to the facility information of terminal by the present invention
Application software is paid, and the payment account in the identifier and the payment application software is bound, in payment process, works as institute
State payment application software receive backstage send first limitation key when, according to the identifier and it is described first limitation key
The second limitation key is calculated.It realizes after the second limitation key is lost, since the identifier of each terminal is different,
Other users also can not carry out delivery operation using the second limitation key in other terminals, it is therefore prevented that limitation Key Exposure
The risk used afterwards in other terminals protects the safety of user's fund.
Detailed description of the invention
Fig. 1 is the flow diagram of present invention payment cipher key calculation method first embodiment;
If Fig. 2 is to detect the more new command for updating parameter in the payment application software in the embodiment of the present invention, obtain
The first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for taking calculating the first limitation key
A kind of flow diagram;
Fig. 3 is the flow diagram of present invention payment cipher key calculation method second embodiment;
Fig. 4 is the functional block diagram of present invention payment cipher key calculation device first embodiment;
Fig. 5 is a kind of the functional block diagram of the first computing module in the embodiment of the present invention;
Fig. 6 is the functional block diagram of present invention payment cipher key calculation device second embodiment.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present invention provides a kind of payment cipher key calculation method.
Referring to Fig.1, Fig. 1 is the flow diagram of present invention payment cipher key calculation method first embodiment.
In the present embodiment, the payment cipher key calculation method includes:
Step S10 receives the first facility information of terminal that payment application software is sent in terminal, according to the terminal first
Facility information is the terminal configuring identifier;
Terminal in application fairground downloading payment application software and installs the payment application software by its user, when described
After payment application software is installed successfully, the payment application software is scanned the terminal, acquires the terminal first and sets
Standby information, and first facility information is sent in background server.Wherein, first facility information includes but unlimited
In International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address, the terminal device model, Internet protocol
Location, WiFi list, central processing unit information, memory information, screen resolution and application installation list etc..The international movement is set
Standby mark IMEI (International Mobile Equipment Identity) is made of, each movement 15 bit digitals
Equipment has unique International Mobile Station Equipment Identification, and International Mobile Station Equipment Identification is that the whole world is unique;The international shifting
Dynamic CUSTOMER ID IMSI (International Mobile Subscriber Identity) shares 15 codings, with SIM
(Subscriber Identity Module, subscriber identification card) card or USIM (Universal Subscriber
Identity Module, Global Subscriber identification card) card correspondence;The hardware address, i.e. MAC (Media Access
Control, media access control) address, there are 6 byte lengths, indicates the identifier of each host on internet.
After the payment application software collects first facility information of terminal, by first facility information of terminal
It is sent to background server.After the background server receives first facility information of terminal, the background server
Unique identifier is configured for the terminal.Further, when the terminal detects the user by applying interface to hair
When the operational order of cloud payment account is opened in card row application, the terminal prompts the user to input on the application interface
Authentication information.After the terminal receives the authentication information of user's input, by the authentication information
Be sent to background server, the background server according to the authentication information received to the application of the user into
Row risk analysis, analyzed as a result, and the application of the user is classified according to the analysis result, directly pass through wind
Danger reduces the application of user, the application of risk high user is then needed further to verify identity information, use very high for risk
The application at family is then directly refused.
The identifier is sent to the payment application software, and the identifier and the payment is answered by step S20
It is bound with the payment account in software;
After the background server is that the terminal configures unique identifier, the background server is by the mark
The payment application software being sent in the terminal is accorded with, and the payment account of the identifier and user application is bound,
After the identifier and the payment account are bound, the background server is according to the identifier to the payment account
It is managed, only when the identifier of the terminal is consistent with the identifier that the payment account is bound, the user just may be used
It is grasped with data, download transactions voucher, the progress payment transaction etc. that execute downloading counterpart expenditure card in the payment application software
Make.After the payment application software in the terminal receives the identifier that the background server is sent, the payment application
Software encrypts the identifier.And encrypted identifier is stored in the terminal.
Step S30 obtains the first limit of calculating if detecting the more new command for updating parameter in the payment application software
The first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for key processed;
The first limitation key is sent to the payment application software, for the payment application software by step S40
When detecting the operational order paid, according to the identifier and the first limitation key, pass through the Encryption Algorithm
The second limitation key is calculated.
When the background server, which detects, updates the more new command of parameter in the payment application software, such as detect
The operational order that the user is paid in the payment application software, or detect the user and change the payment
When the account of account and/or password etc. instruct, parameter needed for the background server obtains calculating the first limitation key, and according to
It is close that the first limitation is calculated by 3DES (triple Data Encryption Standard) Encryption Algorithm in the parameter
Key.Wherein, the limitation key is to download to from the background server restricted in the terminal beyond the clouds in payment process
Access times and there is the key information using validity period, for calculating application cryptogram information in the cloud payment process.Institute
It states background server and limits the payment application software that key is sent in the terminal for calculating resulting described first.When described
After payment application software in terminal receives the first limitation key that the background server is sent, and detect described
When user is using the operational order paid, key is limited according to the identifier of the terminal of its storage and described first,
Corresponding second limitation key is calculated by the 3DES encryption algorithm.Further, when the payment application software meter
After calculation obtains the second limitation key, the transaction data in Payment Card in application transaction counter, the application transaction are obtained
The value range of counter is 0000~FFFF (maximum value is 65535), when the Payment Card write-in that bank is issued for it is personal
After changing data, the initial value of the application transaction counter of the Payment Card is 0000, uses the payment when the user is every
At card transaction one time, the numerical value in the application transaction counter is correspondingly increased 1.The payment application software is according to
Transaction data and the second limitation key in application transaction counter, are calculated one by the 3DES encryption algorithm
Temporary key.When the payment application software obtains the temporary key, the transaction data of counterpart expenditure account is obtained, according to
It is close that corresponding application is calculated by the 3DES encryption algorithm in the transaction data of the payment account and the temporary key
Text.After the payment application software obtains the application cryptogram, the application cryptogram is sent to the background server.
After the background server receives the application cryptogram, the application cryptogram is verified, to complete this time to trade.
The identifier is sent to by the present embodiment by being the terminal configuring identifier according to the facility information of terminal
Application software is paid, and the payment account in the identifier and the payment application software is bound, in payment process, when
It is close according to the identifier and first limitation when payment application software receives the first limitation key that backstage is sent
The second limitation key is calculated in key.It realizes after the second limitation key is lost, since the identifier of each terminal is different
Sample, other users also can not carry out delivery operation using the second limitation key in other terminals, it is therefore prevented that limitation key
The risk used after leakage in other terminals protects the safety of user's fund.
Referring to Fig. 2, if Fig. 2 is to detect the update update for paying parameter in application software in the embodiment of the present invention to refer to
It enables, then parameter needed for obtaining calculating the first limitation key, according to the parameter, first limit is calculated by Encryption Algorithm
A kind of flow diagram of key processed.
In the present embodiment, the step S30 includes:
Step S31 obtains the master of credit card issuer if detecting the more new command for updating parameter in the payment application software
It is distributed in key, Payment Card card number, Payment Card card sequence number, current time parameter and calculating the first limitation cipher key processes
Random number;
Step S32 leads to according to the master key of the credit card issuer, the Payment Card card number and the Payment Card card sequence number
Cross the card key that the Payment Card is calculated in Encryption Algorithm;
Step S33 is added according to the card key of the Payment Card, the time parameter and the random number by described
The first limitation key is calculated in close algorithm.
When the background server, which detects the user, updates the more new command of parameter in the payment application software,
The background server obtains master key, Payment Card card number, Payment Card card sequence number, the current time parameter and meter of credit card issuer
Calculate the random number distributed in the first limitation cipher key processes.The current time parameter is that the user uses the payment
The time that application software is traded.The background server according to the master key of the credit card issuer, the Payment Card card number and
The card key of the Payment Card is calculated by the 3DES encryption algorithm for the Payment Card card sequence number.After described
When the card key of the Payment Card is calculated in platform server, the background server is close according to the card of the Payment Card
The first limitation key is calculated by the 3DES encryption algorithm in key, the time parameter and the random number.
It is the flow diagram of present invention payment cipher key calculation method second embodiment referring to Fig. 3, Fig. 3, based on the present invention
It pays cipher key calculation method first embodiment and proposes present invention payment cipher key calculation method second embodiment.
In the present embodiment, the payment cipher key calculation method further include:
Step S50 is that the identifier establishes first eigenvector according to first facility information of terminal;
When the background server obtains unique identifier of the terminal, the background server is by the terminal
First facility information is standardized.Since the form of expression of certain information in first facility information of terminal is different
It causes, it is lack of standardization, it is therefore desirable to first facility information of terminal is standardized, first facility information of terminal is made
It is indicated in the form of defined.The background server will be standardized after the first facility information of the terminal as institute
State the corresponding first eigenvector of the unique identifier of terminal.Further, institute is deleted when the user executes the terminal
State payment application software operation, when the unique identifier stored in the terminal being caused to be deleted, when the user again
When installing the payment application software using the terminal downloads, the background server obtains the payment reinstalled using soft
The feature vector of part calculates the similarity between the feature vector of the terminal and the feature vector before deletion, according to described
Similarity restores the identifier of the terminal when the similarity is greater than certain numerical value to restore the identifier of the terminal;
When the similarity is less than or equal to the similarity, the identifier of the terminal is reacquired.
Step S60 determines that the instruction that detects is to update in the payment application software the more new command of parameter or right
The management instruction of payment account in the payment application software;
Step S70, if the instruction detected is received to the management instruction of payment account in the payment application software
The second facility information of terminal that the payment application software is sent;
Step S80 establishes second feature vector according to the identifier that second facility information of terminal is the terminal;
The background server determines that the operational order for detecting the user is that the user updates the payment application
The more new command of parameter or the user instruct the management of payment account in the payment application software in software.Work as institute
When stating operational order to be the user instructing the management of payment account in the payment application software, props up and pay a bill as described in changing
The state at family or download transactions voucher etc., the payment application software in the terminal acquire second facility information of terminal,
And second facility information of terminal is sent to the background server.It is soft that the background server receives the payment application
The second facility information of the terminal that part is sent establishes the according to the identifier that second facility information of terminal is the terminal
Two feature vectors.Second facility information includes but is not limited to International Mobile Station Equipment Identification, international mobile subscriber identity, hard
Part address, the terminal device model, Internet protocol address, WiFi list, central processing unit information, memory information, screen
Resolution ratio and application installation list.
Step S90, if the similarity between the first eigenvector and the second feature vector is similar greater than presetting
Degree then determines that the management instruction to the payment account is executable instruction.
It is described when the similarity between the first eigenvector and the second feature vector is greater than default similarity
Background server determines operational order of the user to the operational order for paying payment account in application software for safety.
The default similarity can be set to 85%, 90% or 95%, such as when the default similarity is 90%, when described the
When similarity between one feature vector and the second feature vector is greater than 90%.The background server determines the user
Management instruction to the payment account is executable instruction.
Further, the payment cipher key calculation method further include:
Calculate the similarity between the first eigenvector and the second feature vector;
Judge whether the similarity is greater than the default similarity;
If the similarity is less than or equal to the default similarity, the management to the payment account is determined
There are risks for instruction.
Further, the background server calculates the phase between the first eigenvector and the second feature vector
Like degree, judge the similarity between the first eigenvector and the second feature vector whether be greater than it is described preset it is similar
Degree, when the similarity between the first eigenvector and the second feature vector is less than or equal to the default similarity
When, the background server determines management instruction of the user to the payment account, and there are risks.
The present embodiment according to the similarity between feature vector by determining user to propping up in the payment application software
The enforceability that the management at family of paying a bill instructs, improves the safety of cloud payment.
The present invention further provides a kind of payment cipher key calculation devices.
It is the functional block diagram of present invention payment cipher key calculation device first embodiment referring to Fig. 4, Fig. 4.
In the present embodiment, the payment cipher key calculation device includes:
Configuration module 10, for receiving the first facility information of terminal for paying application software in terminal and sending, according to described
The first facility information of terminal is the terminal configuring identifier;
Terminal in application fairground downloading payment application software and installs the payment application software by its user, when described
After payment application software is installed successfully, the payment application software is scanned the terminal, acquires the terminal first and sets
Standby information, and first facility information is sent in background server.Wherein, first facility information includes but unlimited
In International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address, the terminal device model, Internet protocol
Location, WiFi list, central processing unit information, memory information, screen resolution and application installation list etc..The international movement is set
Standby mark IMEI (International Mobile Equipment Identity) is made of, each movement 15 bit digitals
Equipment has unique International Mobile Station Equipment Identification, and International Mobile Station Equipment Identification is that the whole world is unique;The international shifting
Dynamic CUSTOMER ID IMSI (International Mobile Subscriber Identity) shares 15 codings, with SIM
(Subscriber Identity Module, subscriber identification card) card or USIM (Universal Subscriber
Identity Module, Global Subscriber identification card) card correspondence;The hardware address, i.e. MAC (Media Access
Control, media access control) address, there are 6 byte lengths, indicates the identifier of each host on internet.
After the payment application software collects first facility information of terminal, by first facility information of terminal
It is sent to background server.After the background server receives first facility information of terminal, the background server
Unique identifier is configured for the terminal.Further, when the terminal detects the user by applying interface to hair
When the operational order of cloud payment account is opened in card row application, the terminal prompts the user to input on the application interface
Authentication information.After the terminal receives the authentication information of user's input, by the authentication information
Be sent to background server, the background server according to the authentication information received to the application of the user into
Row risk analysis, analyzed as a result, and the application of the user is classified according to the analysis result, directly pass through wind
Danger reduces the application of user, the application of risk high user is then needed further to verify identity information, use very high for risk
The application at family is then directly refused.
First sending module 20, for the identifier to be sent to the payment application software, and by the identifier
It is bound with the payment account in the payment application software;
After the background server is that the terminal configures unique identifier, the background server is by the mark
The payment application software being sent in the terminal is accorded with, and the payment account of the identifier and user application is bound,
After the identifier and the payment account are bound, the background server is according to the identifier to the payment account
It is managed, only when the identifier of the terminal is consistent with the identifier that the payment account is bound, the user just may be used
It is grasped with data, download transactions voucher, the progress payment transaction etc. that execute downloading counterpart expenditure card in the payment application software
Make.After the payment application software in the terminal receives the identifier that the background server is sent, the payment application
Software encrypts the identifier.And encrypted identifier is stored in the terminal.
First computing module 30, if being obtained for detecting the more new command for updating parameter in the payment application software
The first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for taking calculating the first limitation key;
Second sending module 40, for the first limitation key to be sent to the payment application software, for described
When payment application software detects the operational order paid, according to the identifier and the first limitation key, pass through
The second limitation key is calculated in the Encryption Algorithm.
When the background server, which detects, updates the more new command of parameter in the payment application software, such as detect
The operational order that the user is paid in the payment application software, or detect the user and change the payment
When the account of account and/or password etc. instruct, parameter needed for the background server obtains calculating the first limitation key, and according to
It is close that the first limitation is calculated by 3DES (triple Data Encryption Standard) Encryption Algorithm in the parameter
Key.Wherein, the limitation key is to download to from the background server restricted in the terminal beyond the clouds in payment process
Access times and there is the key information using validity period, for calculating application cryptogram information in the cloud payment process.Institute
It states background server and limits the payment application software that key is sent in the terminal for calculating resulting described first.When described
After payment application software in terminal receives the first limitation key that the background server is sent, and detect described
When user is using the operational order paid, key is limited according to the identifier of the terminal of its storage and described first,
Corresponding second limitation key is calculated by the 3DES encryption algorithm.Further, when the payment application software meter
After calculation obtains the second limitation key, the transaction data in Payment Card in application transaction counter, the application transaction are obtained
The value range of counter is 0000~FFFF (maximum value is 65535), when the Payment Card write-in that bank is issued for it is personal
After changing data, the initial value of the application transaction counter of the Payment Card is 0000, uses the payment when the user is every
At card transaction one time, the numerical value in the application transaction counter is correspondingly increased 1.The payment application software is according to
Transaction data and the second limitation key in application transaction counter, are calculated one by the 3DES encryption algorithm
Temporary key.When the payment application software obtains the temporary key, the transaction data of counterpart expenditure account is obtained, according to
It is close that corresponding application is calculated by the 3DES encryption algorithm in the transaction data of the payment account and the temporary key
Text.After the payment application software obtains the application cryptogram, the application cryptogram is sent to the background server.
After the background server receives the application cryptogram, the application cryptogram is verified, to complete this time to trade.
The identifier is sent to by the present embodiment by being the terminal configuring identifier according to the facility information of terminal
Application software is paid, and the payment account in the identifier and the payment application software is bound, in payment process, when
It is close according to the identifier and first limitation when payment application software receives the first limitation key that backstage is sent
The second limitation key is calculated in key.It realizes after the second limitation key is lost, since the identifier of each terminal is different
Sample, other users also can not carry out delivery operation using the second limitation key in other terminals, it is therefore prevented that limitation key
The risk used after leakage in other terminals protects the safety of user's fund.
It is a kind of the functional block diagram of the first computing module in the embodiment of the present invention referring to Fig. 5, Fig. 5.
In the present embodiment, first computing module 30 includes:
Acquiring unit 31, if obtaining hair for detecting the more new command for updating parameter in the payment application software
Block master key, Payment Card card number, Payment Card card sequence number, current time parameter and calculating the first limitation key mistake of row
The random number distributed in journey;
First computing unit 32, for the master key, the Payment Card card number and the Payment Card according to the credit card issuer
The card key of the Payment Card is calculated by Encryption Algorithm for card sequence number;
Second computing unit 33, for according to the card key of the Payment Card, the time parameter and the random number,
The first limitation key is calculated by the Encryption Algorithm.
When the background server, which detects the user, updates the more new command of parameter in the payment application software,
The background server obtains master key, Payment Card card number, Payment Card card sequence number, the current time parameter and meter of credit card issuer
Calculate the random number distributed in the first limitation cipher key processes.Master key of the background server according to the credit card issuer, institute
Payment Card card number and the Payment Card card sequence number are stated, the card of the Payment Card is calculated by the 3DES encryption algorithm
Key.When the card key of the Payment Card is calculated in the background server, the background server is according to the branch
Card key, the time parameter and the random number for paying card, are calculated described first by the 3DES encryption algorithm
Limit key.
It is the functional block diagram of present invention payment cipher key calculation device second embodiment referring to Fig. 6, Fig. 6, based on this
Invention payment cipher key calculation device first embodiment proposes present invention payment cipher key calculation device second embodiment.
In the present embodiment, the payment cipher key calculation device includes:
First establishes module 50, for according to first facility information of terminal be the identifier establish fisrt feature to
Amount;
When the background server obtains unique identifier of the terminal, the background server is by the terminal
First facility information is standardized.Since the form of expression of certain information in first facility information of terminal is different
It causes, it is lack of standardization, it is therefore desirable to first facility information of terminal is standardized, first facility information of terminal is made
It is indicated in the form of defined.The background server will be standardized after the first facility information of the terminal as institute
State the corresponding first eigenvector of the unique identifier of terminal.Further, institute is deleted when the user executes the terminal
State payment application software operation, when the unique identifier stored in the terminal being caused to be deleted, when the user again
When installing the payment application software using the terminal downloads, the background server obtains the payment reinstalled using soft
The feature vector of part calculates the similarity between the feature vector of the terminal and the feature vector before deletion, according to described
Similarity restores the identifier of the terminal when the similarity is greater than certain numerical value to restore the identifier of the terminal;
When the similarity is less than or equal to the similarity, the identifier of the terminal is reacquired.
Determining module 60, for determining that the instruction detected is to update the more new command of parameter in the payment application software
Or the management of payment account in the payment application software is instructed;
Receiving module 70, if the instruction for detecting is referred to the management of payment account in the payment application software
It enables, then receives the second facility information of terminal that the payment application software is sent;
Second establishes module 80, for establishing second according to the identifier that second facility information of terminal is the terminal
Feature vector;
The background server determines that the operational order for detecting the user is that the user updates the payment application
The more new command of parameter or the user instruct the management of payment account in the payment application software in software.Work as institute
When stating operational order to be the user instructing the management of payment account in the payment application software, props up and pay a bill as described in changing
The state at family or download transactions voucher etc., the payment application software in the terminal acquire second facility information of terminal,
And second facility information of terminal is sent to the background server.It is soft that the background server receives the payment application
The second facility information of the terminal that part is sent establishes the according to the identifier that second facility information of terminal is the terminal
Two feature vectors.Second facility information includes but is not limited to International Mobile Station Equipment Identification, international mobile subscriber identity, hard
Part address, the terminal device model, Internet protocol address, WiFi list, central processing unit information, memory information, screen
Resolution ratio and application installation list.
Determination module 90, if being greater than for the similarity between the first eigenvector and the second feature vector pre-
If similarity, then determine that the management instruction to the payment account is executable instruction.
It is described when the similarity between the first eigenvector and the second feature vector is greater than default similarity
Background server determines operational order of the user to the operational order for paying payment account in application software for safety.
The default similarity can be set to 85%, 90% or 95%, such as when the default similarity is 90%, when described the
When similarity between one feature vector and the second feature vector is greater than 90%.The background server determines the user
Management instruction to the payment account is executable instruction.
Further, the payment cipher key calculation device further include:
Second computing module, for calculating the similarity between the first eigenvector and the second feature vector;
Judgment module, is also used to judge whether the similarity is greater than the default similarity;
The determination module 90 determines institute if being also used to the similarity less than or equal to the default similarity
Stating the instruction of the management to the payment account, there are risks.
Further, the background server calculates the phase between the first eigenvector and the second feature vector
Like degree, judge the similarity between the first eigenvector and the second feature vector whether be greater than it is described preset it is similar
Degree, when the similarity between the first eigenvector and the second feature vector is less than or equal to the default similarity
When, the background server determines management instruction of the user to the payment account, and there are risks.
The present embodiment according to the similarity between feature vector by determining user to propping up in the payment application software
The enforceability that the management at family of paying a bill instructs, improves the safety of cloud payment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes
Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of payment cipher key calculation method, which is characterized in that the payment cipher key calculation method the following steps are included:
The first facility information of terminal that payment application software is sent in terminal is received, is institute according to first facility information of terminal
State terminal configuring identifier;
The identifier is sent to the payment application software, and by the branch in the identifier and the payment application software
Pay a bill family binding;
If detecting the more new command for updating parameter in the payment application software, ginseng needed for obtaining calculating the first limitation key
The first limitation key is calculated by Encryption Algorithm according to the parameter in number;
The first limitation key is sent to the payment application software, is propped up so that the payment application software detects
When the operational order paid, according to the identifier and the first limitation key, second is calculated by the Encryption Algorithm
Limit key.
2. payment cipher key calculation method as described in claim 1, which is characterized in that pay application software in the reception terminal
The first facility information of terminal of transmission, according to first facility information of terminal be the terminal configuring identifier the step of it
Afterwards, further includes:
It is that the identifier establishes first eigenvector according to first facility information of terminal;
It is described that the identifier is sent to the payment application software, and will be in the identifier and the payment application software
Payment account binding the step of after, further includes:
Determine that the instruction detected is to update the more new command of parameter in the payment application software or apply to the payment
The management instruction of payment account in software;
If the instruction detected is the management instruction to payment account in the payment application software, the payment application is received
The second facility information of terminal that software is sent;
Second feature vector is established according to the identifier that second facility information of terminal is the terminal;
If the similarity between the first eigenvector and the second feature vector, which is greater than, presets similarity, described in judgement
Management instruction to the payment account is executable instruction.
3. payment cipher key calculation method as claimed in claim 2, which is characterized in that described to be believed according to second equipment of terminal
After the step of breath establishes second feature vector for the identifier of the terminal, further includes:
Calculate the similarity between the first eigenvector and the second feature vector;
Judge whether the similarity is greater than the default similarity;
If the similarity is less than or equal to the default similarity, determine that the management to the payment account instructs
There are risks.
4. payment cipher key calculation method as described in claim 1, which is characterized in that if described detect updates the payment and answer
With the more new command of parameter in software, then parameter needed for obtaining calculating the first limitation key is calculated according to the parameter by encryption
Method be calculated it is described first limitation key the step of include:
If detecting the more new command for updating parameter in the payment application software, master key, the Payment Card of credit card issuer are obtained
The random number distributed in card number, Payment Card card sequence number, current time parameter and calculating the first limitation cipher key processes;
According to the master key of the credit card issuer, the Payment Card card number and the Payment Card card sequence number, pass through Encryption Algorithm meter
Calculation obtains the card key of the Payment Card;
According to the card key of the Payment Card, the time parameter and the random number, calculated by the Encryption Algorithm
To the first limitation key.
5. such as the described in any item payment cipher key calculation methods of Claims 1-4, which is characterized in that the facility information includes
International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address, the terminal device model, Internet protocol address,
WiFi list, central processing unit information, memory information, screen resolution and application installation list.
6. a kind of payment cipher key calculation device, which is characterized in that the payment cipher key calculation device includes:
Configuration module, for receiving the first facility information of terminal for paying application software in terminal and sending, according to the terminal the
One facility information is the terminal configuring identifier;
First sending module, for the identifier to be sent to the payment application software, and by the identifier with it is described
Pay the payment account binding in application software;
First computing module, if obtaining calculating for detecting the more new command for updating parameter in the payment application software
The first limitation key is calculated by Encryption Algorithm according to the parameter in parameter needed for first limitation key;
Second sending module, for the first limitation key to be sent to the payment application software, so that the payment is answered
When detecting the operational order paid with software, according to the identifier and the first limitation key, added by described
The second limitation key is calculated in close algorithm.
7. payment cipher key calculation device as claimed in claim 6, which is characterized in that the payment cipher key calculation device also wraps
It includes:
First establishes module, for being that the identifier establishes first eigenvector according to first facility information of terminal;
Determining module, for determining that the instruction that detects is to update in the payment application software the more new command of parameter or right
The management instruction of payment account in the payment application software;
Receiving module, if the instruction for detecting is connect to the management instruction of payment account in the payment application software
Receive the second facility information of terminal that the payment application software is sent;
Second establishes module, for according to second facility information of terminal be the terminal identifier establish second feature to
Amount;
Determination module, if similar greater than presetting for the similarity between the first eigenvector and the second feature vector
Degree then determines that the management instruction to the payment account is executable instruction.
8. payment cipher key calculation device as claimed in claim 7, which is characterized in that the payment cipher key calculation device also wraps
It includes:
Second computing module, for calculating the similarity between the first eigenvector and the second feature vector;
Judgment module, is also used to judge whether the similarity is greater than the default similarity;
The determination module determines described to institute if being also used to the similarity less than or equal to the default similarity
State payment account management instruction there are risks.
9. payment cipher key calculation device as claimed in claim 6, which is characterized in that first computing module includes:
Acquiring unit, if obtaining credit card issuer for detecting the more new command for updating parameter in the payment application software
Divide in master key, Payment Card card number, Payment Card card sequence number, current time parameter and calculating the first limitation cipher key processes
The random number matched;
First computing unit, for the master key, the Payment Card card number and the Payment Card card sequence according to the credit card issuer
Number, the card key of the Payment Card is calculated by Encryption Algorithm;
Second computing unit, for passing through institute according to the card key of the Payment Card, the time parameter and the random number
It states Encryption Algorithm and the first limitation key is calculated.
10. such as the described in any item payment cipher key calculation devices of claim 6 to 9, which is characterized in that the facility information includes
International Mobile Station Equipment Identification, international mobile subscriber identity, hardware address, the terminal device model, Internet protocol address,
WiFi list, central processing unit information, memory information, screen resolution and application installation list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511030922.8A CN105678543B (en) | 2015-12-31 | 2015-12-31 | Pay cipher key calculation method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511030922.8A CN105678543B (en) | 2015-12-31 | 2015-12-31 | Pay cipher key calculation method and apparatus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105678543A CN105678543A (en) | 2016-06-15 |
| CN105678543B true CN105678543B (en) | 2019-11-29 |
Family
ID=56298377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511030922.8A Active CN105678543B (en) | 2015-12-31 | 2015-12-31 | Pay cipher key calculation method and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105678543B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106357663A (en) * | 2016-09-30 | 2017-01-25 | 中国银联股份有限公司 | Data encryption method for host card emulation (HCE) mode |
| CN109754511B (en) * | 2019-01-14 | 2021-05-14 | 深圳前海微众银行股份有限公司 | Shopping cart equipment firmware updating method, system, platform, gateway and storage medium |
| CN117314430B (en) * | 2023-11-22 | 2024-03-01 | 山东同其万疆科技创新有限公司 | Payment data monitoring method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841416A (en) * | 2009-12-31 | 2010-09-22 | 北京握奇数据系统有限公司 | Method, device and system for realizing mobile phone bank |
| CN102402746A (en) * | 2010-09-09 | 2012-04-04 | 深圳市财付通科技有限公司 | Method, device and system for mobile payment safety validation |
| CN103400269A (en) * | 2013-07-24 | 2013-11-20 | 江苏晓山信息产业股份有限公司 | Smart community home gateway-based safety payment method |
| CN104504567A (en) * | 2014-12-23 | 2015-04-08 | 城联数据有限公司 | Recharge method and device of micro-payment card |
| CN104753675A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Information verification method, and electronic payment method, terminal, server and system |
| CN105046486A (en) * | 2015-07-17 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | NFC-based mobile payment method and device |
-
2015
- 2015-12-31 CN CN201511030922.8A patent/CN105678543B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841416A (en) * | 2009-12-31 | 2010-09-22 | 北京握奇数据系统有限公司 | Method, device and system for realizing mobile phone bank |
| CN102402746A (en) * | 2010-09-09 | 2012-04-04 | 深圳市财付通科技有限公司 | Method, device and system for mobile payment safety validation |
| CN103400269A (en) * | 2013-07-24 | 2013-11-20 | 江苏晓山信息产业股份有限公司 | Smart community home gateway-based safety payment method |
| CN104753675A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Information verification method, and electronic payment method, terminal, server and system |
| CN104504567A (en) * | 2014-12-23 | 2015-04-08 | 城联数据有限公司 | Recharge method and device of micro-payment card |
| CN105046486A (en) * | 2015-07-17 | 2015-11-11 | 百度在线网络技术(北京)有限公司 | NFC-based mobile payment method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105678543A (en) | 2016-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104601327B (en) | A kind of safe verification method, relevant device and system | |
| US10515352B2 (en) | System and method for providing diverse secure data communication permissions to trusted applications on a portable communication device | |
| US20150046323A1 (en) | Method and system for local evaluation of computer | |
| US20140143108A1 (en) | Mobile device provisioning framework system | |
| CN105678543B (en) | Pay cipher key calculation method and apparatus | |
| CN104469736B (en) | A kind of data processing method, server and terminal | |
| CN104268756A (en) | Mobile payment method and system | |
| AU2015230197A1 (en) | Method of controlling access to a reserve zone with control of the validity of an access entitlement installed in the memory of a mobile terminal | |
| CN104363589A (en) | Identity authentication method, device and terminal | |
| CN106203021A (en) | The application login method of a kind of many certification modes integration and system | |
| CN108228211A (en) | Smart card, the method and system of intelligent card data security update | |
| CN107948970A (en) | System of real name method of network entry, system and the mobile terminal of subordinate terminal | |
| CN104821951B (en) | A kind of method and apparatus of secure communication | |
| EP3104635B1 (en) | Method for an improved installation of a secure-element-related service application in a secure element being located in a communication device, system and telecommunications network for an improved installation of a secure-element-related service application in a secure element being located in a communication device, program comprising a computer readable program code, and computer program product | |
| US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
| CN106888448B (en) | Application downloading method, secure element and terminal | |
| CN105743651A (en) | Method and apparatus for utilizing card application in chip security domain, and application terminal | |
| CN105574720A (en) | Secure information processing method and secure information processing apparatus | |
| US20140136421A1 (en) | Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof | |
| CN103475661A (en) | Method and system for safely obtaining authentication programs | |
| CN102999839A (en) | Cloud platform and virtual SE (security element) based electronic currency security payment system and cloud platform and virtual SE based electronic currency security payment method | |
| CN102685704B (en) | Method and system for mobile phone trading | |
| CN108133142A (en) | A kind of mobile device remote connection and the method for manipulation PC machine | |
| CN105678542A (en) | Payment business interaction method, payment terminal and payment cloud terminal | |
| CN106651366A (en) | Mobile terminal and transaction confirmation method and device thereof, and smart card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |