CN109729052A

CN109729052A - The method for improving mobile phone one-key safe in payment

Info

Publication number: CN109729052A
Application number: CN201711046838.4A
Authority: CN
Inventors: 金子光
Original assignee: Individual
Current assignee: Individual
Priority date: 2017-10-31
Filing date: 2017-10-31
Publication date: 2019-05-07

Abstract

Invention is related to Internet cell phone in e-commerce, Mobile banking, " digital cash " application field, specially improves the method for mobile phone one-key safe in payment.Each element that the present invention realizes is given first gives relevant definition, definition includes following element: cipher key source, key source size, added value, plain code cipher key source pointer, cipher key source addressing pointer, above-mentioned element is carried out for title, wherein: key source size generation referred to as M, in added value generation, claims m, in plain code cipher key source pointer generation, claims N, and cipher key source addressing pointer generation claims n；The cipher key source is a biggish non-ordered data set, includes all ascii characters in addition to null character in set.The key source size (generation claims M) and added value (generation claims m), set sizes M are to take 16Mb or more bigger better depending on use demand and system energy tolerances.M is when cipher key source is not recycled, and key addressing pointer still has available key selection when reaching cipher key source bottom, needs to send a plain code password source and wipes needle.

Description

The method for improving mobile phone one-key safe in payment

Technical field

The present invention relates to Internet cell phones in e-commerce, Mobile banking, " digital cash " application field, specially improves The method of mobile phone one-key safe in payment.

Technical background

Safety, is exactly the safety of user's fund, the relationship between user and bank is the password that user is issued to by bank Establish credit system.Account represents the title of user's silver cabinet, and password is exactly to open user in the key of bank's silver cabinet.Once this The fund of two loss of data, user will will cause irretrievable loss.Safety namely ensures the account and password of user Safety.The only ability safety of the safety window fund of account and password.

Due to the account of user be it is semi-over, stranger is readily available, and password is easy to reveal in use, silver Row gives each Internetbank user to provide a U-shield, and when remittance needs and just can be carried out in the presence of U-shield.U-shield not by It can play the role of being to allow steal account number cipher person and can not only use account number cipher on computer or mobile phone in the case of cracking Just money is transferred.U-shield has given user's fund finally to ensure together, while also bringing operational inconvenience to user, this is that do not have The method of method.But certain modes of payment relieve U-shield under the premise of no guarantee user account cryptosecurity, will also Bank Account Number is bundled with mobile phone.Cause to have user that fund is lost entirely overnight.

It is that account is easy to be obtained by people there is currently hidden danger, password is inputting when transaction, lets out in transmission process Reveal or be trapped decoding, password keeping is hard to tolerate easily to be forgotten, is given for change to forget Password and is sent out identifying code method to mobile phone and be easy to by cheat It utilizes, the problems such as may be obtained by mobile phone Trojan Horse in account number cipher binding mobile phone.

Summary of the invention

The present invention is to invent a kind of method for improving mobile phone one-key safe in payment, and further inherit is improved and whole Following Further aims one are closed, the insufficient section of following technologies is supplemented, reinforces weakness part, makes energy after the entire following methods of this method Enough more safe, practicalization；

Continue to improve a kind of method for adjusting key source structure with dynamic after " endless cipher key communication encryption method " combines, it can Guarantee that the key communicated every time does not repeat, and make cipher key source length reduction, no longer by third party's Encryption Platform, directly for bank It uses.A kind of completely new random cipher user ID authentication method is created using the encryption method；

Target two continues to improve the method that " method that mobile phone is connect automatically with internet computer " increases acquisition GPS, for payment Fang Zengjia attribute item is to enhance safety；

Target three designs a company of handset, to the keeping data such as cipher key source and Bank Account Number, while carrying out the works such as encryption and decryption Make.To solve the close memory hardly possible of user and avoid mobile phone safe hidden danger.

The present invention is achieved with step by the following method:

Each element that the present invention realizes is given first and gives relevant definition, and definition includes following element: cipher key source, cipher key source are big Small, added value, plain code cipher key source pointer, cipher key source addressing pointer carry out above-mentioned element for title, in which: key source size generation In referred to as M, added value generation, claim m, and plain code cipher key source pointer generation claims N, and cipher key source addressing pointer generation claims n；

The cipher key source is a biggish non-ordered data set, includes all ascii characters in addition to null character in set.

The key source size (generation claims M) and added value (generation claims m), set sizes M is according to use demand and system energy It depending on tolerances, reduces M and is at least minimal to 2Kb, take 16Mb or more bigger better in the unconfined situation of password digit.M is When cipher key source not being recycled, key addressing pointer still has available key selection when reaching cipher key source bottom, that is, one is answered Primary communication maximum number of byte chooses identical key in order to which both sides are synchronous, needs to send a plain code password source and wipes needle.

The plain code cipher key source pointer (generation claims N), N is when communicating every time to tell recipient in a position of cipher key source It sets, cipher key source addressing pointer n is stored in this position.Communication initiator generates a random number, obtains by divisor remainder of M N.Plain code pointer and cipher key source addressing pointer n length are three bytes.

The cipher key source addressing pointer (generation claims n), finds this position in cipher key source with plain code cipher key source pointer N, later The values of three bytes obtain n by divisor remainder of M.Start bit of the key that this is communicated in this, as generation in cipher key source It sets.

The present invention improves cipher key source and reduces M to 2Kb, hexadecimal 0800Hb, facilitates to program with increase extra-code Method avoid be recycled cipher key source, take added value m size be 256b, hexadecimal 0100H, plain code cipher key source pointer N and Cipher key source addressing pointer n shorten to 2 bytes.Concrete operations are that bank increases M=2Kb, a m=256b to user account data, Total hexadecimal is the cipher key source attribute column of 0900Hb byte space, content be in all users it is unique, unordered, by The character set of any ASCII composition, and by duplicate copy to user.

Utilize above-mentioned carry out data encryption, decrypting process:

Data encryption process is sent, uses time number of seconds to generate a random number as seed first, generates a plain code cipher key source Pointer N, then cipher key source addressing pointer n is generated from cipher key source with this pointer, existed with the key that this pointer finds this encryption Initial position in cipher key source, the text size encrypted as needed intercept this secondary key from cipher key source, will communication text with it is close Key from first to last carries out exclusive or by every byte and produces communication ciphertext, and plain code cipher key source pointer N is then added the communication just generated Ciphertext is sent to communication object as the text of this secondary transmission.

Data decrypting process is isolated plain code cipher key source pointer N, is generated in cipher key source with N after receiving communication ciphertext Cipher key source addressing pointer n finds initial position of the key of this encryption in cipher key source with this pointer, decrypts as needed Text size intercepts this secondary key from cipher key source, and communication text is from first to last carried out exclusive or by every byte with key and is produced Urtext, it can be seen that this process is as ciphering process, the difference is that " ciphertext " that finally generates is exactly originally secondary connect " original text " received.

It is three bytes as the preferred cipher key source addressing pointer N length.

Two bytes are foreshortened to from three bytes as the preferred plain code pointer N, cipher key source addressing pointer n also contracts from three bytes It is as short as two bytes.

It needs to encrypt now with a character string as preferably described, this cipher key source M=2Kb, m=256b.

Described in preferably, the set sizes in secret key source are depending on use demand and system energy tolerances preferably 18 Position password, which is limited, produces 12K, and no limit for cryptographic digit takes at least 16Mb or more.

A method of safe and secret transaction is carried out using cipher key source encryption method is improved:

Prerequisite condition and rule before trading:

1. mobile phone user opens bank net trading account, account information includes at least account, address name, identification card number, hand Machine number, cipher key source.Bank " card " is no longer sent out to user by bank, and also there is no fixed passwords.Verifying user identity just uses aforementioned The random cipher proof method that cipher key source encryption is provided with decryption method, mobile phone user obtain special account cipher key source and are previously stored Convenient on " companion " of client's carrying and keeping；

2. mobile phone user and gathering hotel owner register in third party's connecting platform in advance, at least wrapped in registration user information attribute column Include address name, identification card number, cell-phone number, GPS, IP address, the bank of deposit, the information such as personal head portrait photo, as beneficiary GPS and IP address are indispensable, and Cash collecting equipment should be equipped with the bluetooth devices of energy broadcast GPS, activity IP address or in intranet Cash collecting equipment must when opening gathering process by the IP address currently obtained upload to third party's connecting platform filling IP belong to In property column.

3. bank, which changes tradition, provides the login mode of account number cipher, logged in using identification card number plus name instead of account, Account no longer discloses, and use when being served only for user's remittance abroad money and querying the balance imports someone identification card number when importing money Add the agreement of name account.It binds identification card number and cell-phone number only in inside to bank account, does not embody binding externally.It allows Identification card number and cell-phone number become bright number of safety.

Step 1 mobile phone obtains the GPS information of Cash collecting equipment by receiving the bluetooth devices of hotel owner, this GPS information is sent To connecting platform, connecting platform helps mobile phone to be attached with Cash collecting equipment according to the network address that GPS value finds hotel owner, thus mobile phone Information interchange can be carried out with Cash collecting equipment, and obtains hotel owner's identification card number, name from platform, and these silver-colored information of opening an account. Cash collecting equipment obtains the head portrait of mobile phone user from connecting platform, shows as the start button bitmap for transmitting information with mobile phone user On Cash collecting equipment, if there are several customers at this time, just there are several head portraits to show on Cash collecting equipment, each head portrait represents The process being connect with a mobile phone, Cash collecting equipment at this time mobile phone with maintain the connection, but there is no information interchange, mobile phone exists Wait standby bill of collecting money；

Step 2 mobile phone shopping user chooses commodity, after hotel owner's shopping bill is formed, passes through and observes trading object, selected element It hits corresponding mobile phone user's head portrait and bill is sent to payment mobile phone, it is desirable that Mobile Phone Payments；

After step 3 mobile phone receives bill, payment information is sent to company of handset, itself bank of deposit of company of handset storage Network address connect bank server, the identification card number+name of itself is sent to server by mobile phone plain code, while by hotel owner Identification card number add name, bank is sent to after beneficiary bank of deposit and bill encryption, bill payment is pressed by request bank；

Step 4 bank server finds user key source according to identity card+name of mobile phone user, and generates a random character String, encrypts this character string with cipher key source and is sent to mobile phone, the verifying password as this time mobile phone user's identity.

After step 5 mobile phone is connected to the verifying character string ciphertext of server, be sent to company of handset, company of handset to ciphertext into Row decryption generates former character string, then original text it is motionless re-encrypted is carried out to this character string with cipher key source self, while encrypting account Number, by the verifying character string encrypted and account ciphertext, the machine of fighting hand to hand is sent to bank server together.

Step 6 bank server checks whether re-encrypted, and judgment method is that plain code pointer is different, then decrypts confirmation and be No is the character string just sent out, and confirmation is that the account after re-inspection decryption is errorless, and confirmation is verified just now, bank's clothes The payment information that business device is sent by step 3 mobile phone user is remitted money to bank, payee by bill, sends money to mobile phone after completion Information is converged；

Step 7 mobile phone obtains after taking the information that device payment is completed, and successful payment is informed to the Cash collecting equipment of hotel owner；

The bank account of step 8 Cash collecting equipment inquiry self, prompts hotel owner to pay goods after confirming account, and hotel owner's hand over of goods is handed over It is readily accomplished.

Before veritifying each success communication as the preferably step 6 transaction or mobile phone and bank account and terminating password source according to Cipher key source encrypting and decrypting rule, adjust automatically key source structure form new cipher key source and use for communication next time, concrete operations Communicating pair is changed respective cipher key source as follows:, will be several since this chooses the starting point byte of key Byte is divided to two sections of tail portions and head for moving on to cipher key source, and the foundation of mobile byte number is the word of the low three-bit value of starting point byte Joint number moves on to the tail portion of cipher key source, then the head of cipher key source is moved to by low three byte numbers of that back to back byte.Through This movement adjustment, produce three new tie points, i.e. the more several bytes in head, produces a new tie point with protocephalic region, Secondly middle part chooses the previous byte of key starting point from this and produces one with the rear portion beginning for removing several bytes New tie point, third are that protocercal tail portion and several bytes of new in-migration produce a new tie point.It furthermore is exactly cipher key source The position of all bytes produces variation relative to original cipher key source, to become a new cipher key source.

Before terminating as preferably described step 6 transaction or mobile phone and each success communication of bank account veritification, bank service Device and company of handset synchronous adjustment key source structure form new cipher key source and use for communication next time.The specific method is as follows: from this It is that starting point byte starts that key is chosen in secondary transaction, is divided into upper byte and lower byte by its front and back is arranged in, then chosen The secret key of upper and lower part at least one byte of initial point byte secret key, be classified as tail portion that two sections move on to cipher key source respectively and Head；

Wherein: the secret key byte movement rule that upper byte will move is the low three-bit value of starting point byte, (if it is more A byte) it keeps existing and puts in order (can again random), it is aligned to after cipher key source the last byte；

The secret key byte movement rule that lower byte will move is that the neutral gear of existing position byte is downward after upper byte is mobile Low three positions byte, (if it is multiple bytes) keep it is existing puts in order, these three bytes are successively shifted into arrangement At the top of to this cipher key source before first character section.

Through this movement adjustment, three new tie points are produced, i.e. several more bytes of head, with former first character section Produce a new tie point；After several bytes are removed in centre, next part is brought up, and forms a new tie point；Protocercal tail Several bytes of portion and new in-migration form a new tie point.Moving relative position locating for each byte of original cipher key source Changed after dynamic, it is a completely new cipher key source.

It is company of handset as preferred " companion "；The present invention is equipped with a company of handset to user, and company of handset is One intelligent monolithic system, inside have microprocessor, running memory and flash memory and bluetooth communication, be made into key chain, The implements not easy to lose such as bracelet, wrist-watch.Company of handset is carried out wireless communication using bluetooth and hand family mobile phone, and setting bluetooth is minimum Power keeps communication distance most short, and mobile phone is with companion using particular encryption at uniquely coupled.The function of company of handset is one is storage The bank address cipher key source and account of user, at the same can also store user other it is related link network address, cipher key source and account, and The various certificate data such as various identity documents followed by carry out data when running banking or other occasions verifying identity Encrypt and Decrypt, then started by mobile phone and bank or other equipment data exchange.Monitor the operation of cell phone application, entire agiotage Process is by the data judging mobile phone operation process decrypted according to companion.

Also be accompanied with a bluetooth devices as the preferred Cash collecting equipment, the bluetooth devices when payee networks, The device is written into the GPS measured value of Cash collecting equipment, if having its user's identical value, can adjust and then be written in right amount the device Part, and it is registered in the attribute column of the connecting platform Cash collecting equipment.Cash collecting equipment is broadcasted in Cash collecting equipment work for payment mobile phone GPS value.Broadcast adjustable be subject to of effective range does not interfere with each other with adjacent equipment.Introduce the benefit of this bluetooth equipment Have at 3 points, one is wartime contingency GPS will not be interrupted by transaction is closed, that is, no longer according to lazy GPS；The second is solving floor and going out Existing GPS overlap problem.The third is solving that the GPS accuracy that measures of mobile phone is not high and receiving unit density is big, there are also dead angles GPS etc. to ask Topic.

When as the preferred progress step 5, Cash collecting equipment obtains the head portrait of mobile phone user from connecting platform, which is Mobile phone user is when third-party platform is registered, user's head portrait photo that scene is taken pictures, and transmits opening for information as with mobile phone user Dynamic button bitmap is shown on Cash collecting equipment, if there is several customers at this time, just has several head portraits to show on Cash collecting equipment.

Be 0.5-3 meter as the bluetooth devices of the preferred company of handset or Cash collecting equipment communication effective distance, mobile phone and Companion is using particular encryption at uniquely coupled.

The characteristics of present invention comparison similar technique, is: one, improve " a kind of infinite length key internet communication encryption method ", it is special It is not to one 16Mb or more of communicating pair and to carry out corresponding lower reconciliation structure above the application attribute of identical cipher key source Adjustment.

The present invention adjusts cipher key source by dynamic, i.e., adjusts key source structure before each success communication terminates, form New cipher key source is that communication next time uses, to shorten in cipher key source length, still is able to realize " unlimited " long cipher key source.Specifically Operation communicating pair is changed respective cipher key source as follows:, will since this chooses the starting point byte of key Several bytes are divided to two sections of tail portions and head for moving on to cipher key source, and the foundation of mobile byte number is the low three-bit value of starting point byte Byte number move on to the tail portion of cipher key source, then the head of cipher key source is moved to by low three byte numbers of that back to back byte Portion.It through this movement adjustment, produces three new tie points, i.e. the more several bytes in head, produces one with protocephalic region and newly connect Contact, secondly middle part is chosen the previous byte of key starting point from this and is produced with the rear portion beginning for removing several bytes One new tie point, third are that protocercal tail portion and several bytes of new in-migration produce a new tie point.It furthermore is exactly close The position of all bytes in key source produces variation relative to original cipher key source, to become a new cipher key source.

The present invention provides account encryption method, first according to the low three-bit value ring shift left of corresponding secret key byte before encrypting, then Exclusive or encryption is carried out again, decryption method is: extensive further according to the low three-bit value ring shift right of corresponding secret key byte after progress exclusive or decryption It is again original account.This method has been known by people by solution major part account, does not handle directly encryption and exposes key instead, needs It is re-encrypted after account data is handled.

The present invention utilizes improved cipher key source encryption and decryption, innovates a kind of random cipher Authentication Method, random cipher body Part proof method is exactly the password that both sides do not arrange in advance, and when verify identity, authentication one random string of generation is with close The side of being verified is issued after choosing key encryption in key source, and the side of being verified chooses key with cipher key source self after receiving and decrypts, then uses The cipher key source of the side of being verified self again encrypts random cipher, then returns authentication, after authentication receives, first judges whether Re-encrypted, then judge whether be whether being proved to be successful from issued character string to determine, the identifying code of this method its Essence is lifetime extremely short disposal password, sends an encrypted characters string from authentication to the side of being verified -- it is i.e. disposable close Code, to the side's of being verified decryption, re-encrypt and send authentication back to, life cycle be exactly two network transfer times and one decryption and One re-encrypts the time of process.And this target -- remittance bill is proved to be successful in authentication and completes mesh at once at this time Mark -- remittance, centre do not have any gap bored.No matter process of exchange uses that interception pin mode in the prior art all Can not obtain final password within so short time, due to the particularity of this encryption method, each encrypted text with it is close The respective function relationship of text is all different, and is not to be obtained a result with a kind of algorithmic language to carry out operation, only corresponding according to lazy key Position in the ASCII of byte.It is possible that certain can be just extrapolated in the case where key is only recycled, and this method is never heavy Again use key, and using company of handset remember hundred million cipher key sources, for identifying code mistake be zero tolerance refusal guess password, as long as therefore Companion, which does not lose password, to break.Even if sending out random code with plain code, it is desirable that encryption is sent back to, is also without identical synchronisation key source It can not obtain the ciphertext of verifying password for allowing server to approve.If intercepting the ciphertext of user encryption at this time, and shield worn-out user, Ciphertext is sent by eavesdropper camouflage user orientation server, server can only be completed by that bill remittance transferred in advance by encryption Money, to complete this transaction, password is also from this failure, it is impossible to generate " interests " to appropriator, that is to say, that hijacker without Method is inserted into their bill, useless having kidnapped the disposable verifying password of user.To realize break off that malice is forced to be robbed The case where holding.

The present invention can also be generated a random string, will be used in user login services device with the authentication server true and false Family identification card number address name plain code and this random string of encryption issue server, and server presses user's body card number plus surname Name finds the cipher key source of the user, then this encryption random string decryption is returned after re-encrypted to user.User sentences Whether disconnected be re-encrypted, and verify whether be it is primary go out random string, determine true and false server, this method is exactly User gives server one disposal password, and the effect of bi-directional verification may be implemented.

Two, continue to improve " method that mobile phone is connect automatically with internet computer "；The present invention is to solve GPS location precision Insufficient problem provides a bluetooth devices to beneficiary, and the bluetooth devices are when Cash collecting equipment networks, by Cash collecting equipment GPS measured value, if having its user's identical value, can adjust and then be written in right amount the device, and be registered in connecting platform should The attribute column of Cash collecting equipment.The GPS value of Cash collecting equipment is broadcasted for payment mobile phone in Cash collecting equipment work.Broadcasting effective range can It is subject to and adjusts not interfered with each other with adjacent equipment.Before mobile phone comes Cash collecting equipment, bluetooth GPS broadcast is then arrived in mobile phone inspection, no Itself measurement GPS again, is directly accurately positioned by connecting platform with the GPS of broadcast and connects Cash collecting equipment.It solves simultaneously by GPS Closing affects, and uses Beidou signal in the future.

The present invention increases a user property column in connecting platform to mobile phone user, shines for depositing the newest head portrait of all users Piece, user provides head portrait photo when this attribute column application is opened an account, and later user cannot change self, and change needs to take by platform Business site.After mobile phone is connect with Cash collecting equipment, connecting platform provides this photo to Cash collecting equipment as Cash collecting equipment and the hand The bitmap of machine connection process button.After user connect with Cash collecting equipment, user's head portrait is indicated on receiving unit, clicks the head portrait Send bill to payment mobile phone, mobile phone just can be carried out payment.When the non-mobile phone holder Mobile Phone Payments, beneficiary is had the right Photograph picture is for future reference, loses for mobile phone and increases fund security coefficient.

Three, a company of handset is equipped with for user mobile phone；The present invention is equipped with a company of handset to user, and company of handset is One intelligent monolithic system, inside have microprocessor, running memory and flash memory and bluetooth communication, be made into key chain, The implements not easy to lose such as bracelet, wrist-watch.

Company of handset is carried out wireless communication using bluetooth and hand family mobile phone, and bluetooth minimum power is arranged, makes communication distance most Short, mobile phone is with companion using particular encryption at uniquely coupled.

The function of company of handset is one is store the cipher key source and the data such as account and various identity documents of user, followed by The Encrypt and Decrypt of data is carried out when running banking, then data exchange is started by mobile phone and bank.Monitor cell phone application Operation, entire agiotage process determine mobile phone operation process according to data by companion.

Detailed description of the invention

Fig. 1 is dynamic adjustment cipher key source configuration diagram.

Fig. 2 is the encryption of a password source string, decipherment algorithm flow diagram.

Fig. 3 is the encryption of account, decipherment algorithm process schematic.

Fig. 4 is Mobile Phone Payments transaction flow figure.

Specific embodiment

Below by embodiment, in conjunction with attached drawing, preferred specific description is used as to technical solution of the present invention:

As shown in Figure 1-3, defining following element: cipher key source, key source size, added value, plain code cipher key source pointer, cipher key source are sought Location pointer carries out above-mentioned element for title, in which: key source size generation referred to as M, added value generation claim m, plain code cipher key source pointer generation Claim N, cipher key source addressing pointer generation claims n；

The key source size (generation claims M) and added value (generation claims m), set sizes M is according to use demand and system energy Depending on tolerances, take 16Mb or more bigger better.M is when cipher key source is not recycled, and key addressing pointer reaches cipher key source bottom Still there is key that can choose when portion, the maximum number of byte that size namely one application once communicates.It is chosen in order to which both sides are synchronous Identical key needs to send a plain code password source and wipes needle.

The plain code cipher key source pointer (generation claims N), N is when communicating every time to tell recipient in a position of cipher key source It sets, cipher key source addressing pointer n is stored in this position.Communication initiator generates a random number, obtains by divisor remainder of M N.Plain code pointer length is three bytes.

The present invention improves cipher key source and at least reduces M to 2Kb, hexadecimal 0800Hb, facilitates for programming additional with increasing The method of code avoids that cipher key source is recycled, and taking added value m size is 256b, hexadecimal 0100H.Concrete operations are silver Row increases M=2Kb, a m=256b to user account data, amounts to the cipher key source attribute that hexadecimal is 0900Hb byte space Column, content are character set that is unique, unordered in all users, being made of any ASCII, and by duplicate copy to use Family.

Utilize above-mentioned carry out data encryption, decrypting process:

Data encryption process is sent, uses time number of seconds to generate a random number as seed first, generates a plain code cipher key source Pointer N, then cipher key source addressing pointer n is generated from cipher key source with this pointer, existed with the key that this pointer finds this encryption Initial position in cipher key source, the text size encrypted as needed intercept this secondary key from cipher key source, will communication text with it is close Key from first to last carries out exclusive or by every byte and produces communication ciphertext, and plain code cipher key source pointer N is then added the communication just generated Ciphertext gives mobile phone as the text of this secondary transmission and is sent to communication object.

Data decrypting process: after receiving communication ciphertext, plain code cipher key source pointer N is isolated, is generated in cipher key source with N Cipher key source addressing pointer n finds initial position of the key of this encryption in cipher key source with this pointer, encrypts as needed Text size intercepts this secondary key from cipher key source, and communication text is from first to last carried out exclusive or by every byte with key and is produced Urtext, it can be seen that for this process as ciphering process, " ciphertext " finally generated is exactly this secondary received communication " original text "；

It is three bytes as the preferred cipher key source addressing pointer length.

Two bytes are foreshortened to from three bytes as the preferred plain code pointer, cipher key source addressing pointer also shortens from three bytes To two bytes.

It is company of handset as preferred " companion "；The present invention is equipped with a company of handset to user, and company of handset is One intelligent monolithic system, inside have microprocessor, running memory and flash memory and bluetooth communication, be made into key chain, The implements not easy to lose such as bracelet, wrist-watch.Company of handset is carried out wireless communication using bluetooth and hand family mobile phone, and setting bluetooth is minimum Power keeps communication distance most short, and mobile phone is with companion using particular encryption at uniquely coupled.The function of company of handset is one is storage User's opens bank address, cipher key source and account, at the same can also store user other in relation to the network address that links, cipher key source and account Number and the various certificate data such as various identity documents, followed by when running banking or other occasions verifying identity into The Encrypt and Decrypt of row data, then started by mobile phone and bank or other equipment data exchange.The operation of cell phone application is monitored, entirely Agiotage process is by the data judging mobile phone operation process decrypted according to companion.

Also be accompanied with a bluetooth devices as the preferred gathering machine, the bluetooth devices in payee's networking, The device is written into the GPS measured value of Cash collecting equipment, if having its user's identical value, can adjust and then be written in right amount the device Part, and it is registered in the category column of the connecting platform Cash collecting equipment.Cash collecting equipment is broadcasted in Cash collecting equipment work for payment mobile phone GPS value.Broadcast adjustable be subject to of effective range does not interfere with each other with adjacent equipment.

The present invention compare similar technique the characteristics of be: one, improve " a kind of endless cipher key communication encryption method " and It improves " the close internet communication encryption method of endless ", especially gives communicating pair one 16Mb or more, cipher key source physics is long Degree narrows down to 2Kb, to adapt to bank server as one attribute column of user, but adjusts key source structure after each Method realize " endless cipher key source " intension.

Data encryption of the present invention, decrypting process embodiment are as follows:

Citing now: 1 bank electronic transaction, bank server produce 1 random string and are " o;Ap zvg5pm " conduct The disposal password of verifying user needs to encrypt, as shown in Figure 1, this cipher key source M=2Kb, m=256b.Generate key and close Text and decryption are reduced to the process of password string；

The first step, generates a random number, and 32410, second step generates plain code and wipes needle N, N=32410- int (32410/2048) X 2048=1690, hexadecimal are 069A H；

Third step generates addressing pointer, and the content that 069A and 069B composition is found from password source is 03B3BH, and the decimal system is 15163, n=15163-int (15163/2048) x 2048=827, hexadecimal is 033BH.Here it is this secondary keys Starting point.This secondary key be " 05Eh, 099h, 003h, 060h, 06Ch, 063h, 024h, 037h, 0F3h, 08B0, 08Ch ", hexadecimal text is: 06Fh, 03Bh, 061h, 070h, 020h, 070h, 067h, 035h, 070h, 06Dh

Encryption generates ciphertext 05Eh XOR 06Fh=031h ... 08Ch XOR 06Dh=0E1h

Ciphertext is: " 031h, 0A2h, 062h, 010h, 04Ch, 019h, 052h, 050h, 0C6h, 0FBh, 0E1h "

Plain code pointer 0695h is sent to mobile phone plus ciphertext, after mobile phone receives, pass data to company of handset, mobile phone companion Companion isolates plain code pointer N and ciphertext, and the position of plain code pointer is found in the cipher key source of the corresponding bank stored from company of handset, Because cipher key source is identical as bank, the value of the position 0694h should be 03b3bh, and following decrypting process is consistent with encryption way.The above institute Stating such as attached drawing 2, the left side is ciphering process, and the right is decrypting process, after company of handset decryption, by decryption obtain data again by with On encryption method re-encrypted, then send the plain code pointer N of re-encrypted encryption text to mobile phone, mobile phone issues this data Bank server.Bank server determines user validation.

It is indicated in attached drawing 1 after the completion of primary communication, also at the same time as an example of dynamic adjustment.It is chosen on figure close The starting point of key is 033BH, and content 05EH, low three are 6,6 bytes since 033BH to 0340H is moved to close Key source tail portion, immediately serial number is 0341H after six bytes, and content 024H, low level is 4, by 4 of this 0341H to 0344h Byte moves on to cipher key source head, and before the attached drawing left side is adjustment, the right is adjustment result.This adjustment bank server and mobile phone companion Companion carries out simultaneously, is started to carry out one-time authentication communication, this errorless sign off after the completion by bank server.

Random code proof method of the invention, is the extremely short disposal password of service life, and verifier is randomly generated a password and adds After close, since issuing authenticatee on internet, after authenticatee obtains, decryption, which re-encrypts, is returned to verifier, to verifying Until person receives, validity period is exactly two transmission of network and an enciphering and deciphering algorithm time, and the service life is in Millisecond.Essence is verifying Whether communicating pair has identical and synchronous adjustment a cipher key source.Because of password used in this verification process and key It is all to be randomly generated and first use, so just there is no intercepted and the problem of crack.Intercept decryption obtain data be in order to It applies next time.And the two data of this method will not occur in application next time.Except it is non-obtrusive break server or steal Company of handset to user obtains cipher key source.Company of handset is closed mini system, and execution simple function has effectively prevented black The invasion of objective wooden horse is possible, and the whole operation authentication process itself of payment is carried out by company of handset, and mobile phone only serves transmission With receive encrypted ciphertext signal, therefore can be used in public WIFI occasion.Company of handset has biggish memory space, It can store all bank address accounts of user and cipher key source, while can also store the various user certificates such as identity card and user is each The application network address account and cipher key source at place, the gate inhibition's cipher key source got started everywhere.Companion cooperates mobile phone that can become real " master key Spoon ".There are also further open the potentiality utilized for company of handset.

As the encryption process for shown in an example figure 3 being an account.

An existing account: 6,221 8,833 8,010 2,387 056；Their ASCII character is: 04eh, 04ah, 04ah, 049h, 050h, 050h, 04bh, 04bh, 050h, 048h, 049h, 048h, 04ah, 04bh, 050h, 04fh, 048h, 04dh , 04eh；Choosing 19 characters of the attached drawing 1 since 033bh is key, 05eh, 099h, 003h, 060h, 06ch, 063h, 024h, 037h, 0f3h, 08bh, 08ch, 09dh, 04bh, 08ch, 06ch, 08fh, 038h, 055h, 096h；Low three of corresponding key are respectively: 6,1,3,0,4,3,4,3,4,7, 3, 3, 4, 5, 3, 4, 4, 7, 0, 5, 6；Corresponding account character cycle is moved to left by these values, result 093h, 094h, 052h, 049h, 005h, 082h, 0b4h, 0a5h, 082h, 042h, 094h, 009h, 052h, 0b4h, 005h, 0a7h, 048h, 0a9h, 093h；Two groups of data successively exclusive or ciphertext are as follows: 0cdh, 00dh, 051,029h, 069h, 0e1h, 090h, 092h, 071h, 0c9h, 018h, 094h, 019h, 038h, 069h, 028h, 070h, 0fch, 005h, as shown in the attached drawing left side.

Decrypting process such as attached drawing is the inverse process of encryption as shown in 2 the right.

Step 1 mobile phone obtains the GPS information of Cash collecting equipment by receiving the bluetooth devices of hotel owner, this GPS information is sent to company Connect platform, connecting platform helps mobile phone to be attached with Cash collecting equipment according to the network address that GPS value finds hotel owner, so that mobile phone can be with Information interchange is carried out with Cash collecting equipment, and obtains hotel owner's identification card number, name from platform, and these silver-colored information of opening an account.Gathering Equipment obtains the head portrait of mobile phone user from connecting platform, is shown in receipts as the start button bitmap for transmitting information with mobile phone user In money equipment, if there is several customers at this time, just there are several head portraits to show on Cash collecting equipment, each head portrait represent with The process of one mobile phone connection, Cash collecting equipment mobile phone and maintain the connection at this time, but not information interchange, mobile phone are waiting It collects money standby bill；

It carries out transaction in step 6 or mobile phone and bank account is veritified before each success communication terminates, bank server and mobile phone companion Companion's synchronous adjustment key source structure forms new cipher key source and uses for communication next time.The specific method is as follows: choosing from this transaction The starting point byte of key starts, and is divided to several bytes to two sections of tail portions and head for moving on to cipher key source, is moved to the byte of tail portion Several foundations is the low three-bit value of starting point byte, is arranged successively after cipher key source the last byte.It is moved to head The foundation of byte number is the low three-bit value for just having removed that back to back byte of several bytes.You are secondary to be arranged in cipher key source first Before byte.Through this movement adjustment, three new tie points are produced, i.e. several more bytes of head, with former first character Section produces a new tie point；After several bytes are removed in centre, next part is brought up, and forms a new tie point；It is former Several bytes of tail portion and new in-migration form a new tie point.Relative position locating for each byte of original cipher key source is set to exist Changed after movement, it is a completely new cipher key source.

The shopping course of payment of the example of this method is as follows, as shown in figure 4, shopping course of payment scene: certain food market vegetable Before the position of vegetable stall, poplar stall owner and client Zhang San, king five, Li Si etc..Stall owner uses plate as Cash collecting equipment, Zhang San, five Li Si of king Mobile Phone Payments are used, and three people's Mobile Phone Payments APP have turned on.Three people have been connected automatically to the cashing machine of poplar stall owner -- It is herein plate, shows the head portrait of Zhang San, Li Si and king five respectively on stall owner's plate, at this time the respective picking commodities of three people.

Li Si picks the commodity such as tomato, cauliflower, pumpkin, celery and transfers to poplar stall owner to be weighed and input plate formation account Single, poplar stall owner clicks the small head portrait of Li Si on plate, the mobile phone prompt tone of Li Si payment xxx xx member, and Li Si presses after verifying Key of paying the bill completes payment.Poplar stall owner's plate prompt money has been received, and goods is please paid.Li Si connects goods and leaves.

It is shopping payment external procedure above, network payment internal procedure detailed annotation is as follows:

Li Si's mobile phone, which is marched into the arena, opens payment APP, and before coming poplar stall owner stand, mobile phone can be with " mobile phone and internet set computer certainly Dynamic connection method ", the GPS value of the bluetooth devices broadcast of poplar stall owner is received, which is sent to connecting platform, it is flat in connection Platform is connected under helping -- on the tablet computer of poplar stall owner.The tablet computer of poplar stall owner obtains the small of a Li Si from connecting platform Head portrait is shown on the connection button communicated with Li Si.Bill forms rear poplar stall owner and clicks the small head portrait of Li Si, and bill, poplar are spread out Owner identification card number+name, the bank of deposit are transmitted to Li Si's mobile phone, are all plain code transmission.Li Si's mobile phone speech simultaneously prompts to show this pair Fund, Li Si press payment key, it is desirable that bank remits money to poplar stall owner by Li Si's requirement, and Li Si's mobile phone shows and this time pays after bank transfer Amount of money and account balance, mobile phone inform that Cash collecting equipment money has converged, and Cash collecting equipment inquiry bank account is simultaneously shown on Cash collecting equipment Money has arrived account, this transaction of hand over of goods terminates.Process is as shown in Fig. 4.

Claims

1. the present invention is achieved with step by the following method:

The cipher key source is a biggish non-ordered data set, includes all ascii characters in addition to null character in set；

The key source size (generation claims M) and added value (generation claims m)；

M is when cipher key source is not recycled, and key addressing pointer still has available key selection when reaching cipher key source bottom, that is, The primary communication maximum number of byte of one application chooses identical key in order to which both sides are synchronous, needs to send a plain code password source Wipe needle；

The plain code cipher key source pointer (generation claims N), N be to tell recipient in a position of cipher key source when communicating every time, Cipher key source addressing pointer n is stored in this position；

Communication initiator generates a random number, obtains N by divisor remainder of M；

Plain code pointer and cipher key source addressing pointer n length are three bytes；

The cipher key source addressing pointer (generation claims n), finds this position in cipher key source with plain code cipher key source pointer N, and later three The value of a byte obtains n by divisor remainder of M；

Initial position of the key that this is communicated in this, as generation in cipher key source；

The present invention improves cipher key source diminution M and is at least minimal to 2Kb, hexadecimal 0800Hb, facilitates for programming additional with increasing The method of code avoids that cipher key source is recycled, and taking added value m size is 256b, hexadecimal 0100H, plain code cipher key source pointer N and cipher key source addressing pointer n shorten to 2 bytes；

Concrete operations are that bank increases M=2Kb, a m=256b to user account data, and amounting to hexadecimal is 0900Hb word The cipher key source attribute column in space is saved, content is character set that is unique, unordered in all users, being made of any ASCII, And by duplicate copy to user；

It utilizes above-mentioned carry out data encryption, decrypting process: sending data encryption process, time number of seconds is used to generate as seed first One random number is generated a plain code cipher key source pointer N, then is generated cipher key source addressing pointer n from cipher key source with this pointer, with This pointer finds initial position of the key of this encryption in cipher key source, and the text size encrypted as needed is from cipher key source This secondary key is intercepted, communication text and key are from first to last subjected to exclusive or by every byte and produce communication ciphertext, it then will be bright Code cipher key source pointer N adds the communication ciphertext just generated to be sent to communication object as the text of this secondary transmission；

Data decrypting process isolates plain code cipher key source pointer N, generates key in cipher key source with N after receiving communication ciphertext Source addressing pointer n finds initial position of the key of this encryption in cipher key source, the text decrypted as needed with this pointer Length intercepts this secondary key from cipher key source, will communication text and key from first to last by every byte progress exclusive or produce it is original Text, it can be seen that this process is as ciphering process, the difference is that " ciphertext " that finally generates is exactly that this is secondary received " original text ".

2. being three bytes as the preferred cipher key source addressing pointer N length, the plain code pointer N foreshortens to two from three bytes Byte, cipher key source addressing pointer n also foreshorten to two bytes from three bytes.

3. a kind of method for carrying out safe and secret transaction using cipher key source encryption method is improved:

Prerequisite condition and rule before trading:

Mobile phone user opens bank net trading account, and account information includes at least account, address name, identification card number, mobile phone Number, bank " card " is no longer sent out to user by cipher key source, bank, and also there is no fixed password, verifying user identity just uses aforementioned close The random cipher proof method that the encryption of key source is provided with decryption method, mobile phone user obtain special account cipher key source and are previously stored just In on " companion " that client carries and takes care of；

Mobile phone user and gathering hotel owner register in third party's connecting platform in advance, include at least in registration user information attribute column Address name, identification card number, cell-phone number, GPS, IP address, the bank of deposit, the information such as personal head portrait photo, as beneficiary GPS and IP address are indispensable, and Cash collecting equipment should be equipped with the bluetooth devices of energy broadcast GPS, activity IP address or in intranet Cash collecting equipment must when opening gathering process by the IP address currently obtained upload to third party's connecting platform filling IP belong to Property column in, account no longer discloses, and is served only for user's remittance abroad money and use when querying the balance, and makes identification card number and cell-phone number to silver Row account is only bound internal, does not embody binding externally, and identification card number and cell-phone number is allowed to become safe bright number；

Step 1, mobile phone obtains the GPS information of Cash collecting equipment by receiving the bluetooth devices of hotel owner, this GPS information is sent to company Connect platform, connecting platform helps mobile phone to be attached with Cash collecting equipment according to the network address that GPS value finds hotel owner, so that mobile phone can be with Information interchange is carried out with Cash collecting equipment, and obtains hotel owner's identification card number, name from platform, and these silver-colored information of opening an account, gathering Equipment obtains the head portrait of mobile phone user from connecting platform, is shown in receipts as the start button bitmap for transmitting information with mobile phone user In money equipment, if there is several customers at this time, just there are several head portraits to show on Cash collecting equipment, each head portrait represent with The process of one mobile phone connection, Cash collecting equipment mobile phone and maintain the connection at this time, but not information interchange, mobile phone are waiting It collects money standby bill；

Step 2, mobile phone shopping user chooses commodity, after hotel owner's shopping bill is formed, passes through and observes trading object, selected element It hits corresponding mobile phone user's head portrait and bill is sent to payment mobile phone, it is desirable that Mobile Phone Payments；

Step 3, after mobile phone receives bill, payment information is sent to company of handset, the silver of itself opening an account of company of handset storage Capable network address connects bank server, and the identification card number+name of itself is sent to server by mobile phone plain code, while by shop The identification card number of family adds name, and bank is sent to after beneficiary bank of deposit and bill encryption, and bill payment is pressed by request bank；

Step 4, bank server finds user key source according to identity card+name of mobile phone user, and generates a random words Symbol string, encrypts this character string with cipher key source and is sent to mobile phone, the verifying password as this time mobile phone user's identity；

Step 5, after mobile phone is connected to the verifying character string ciphertext of server, it is sent to company of handset, company of handset solves ciphertext The former character string of close generation, then original text it is motionless re-encrypted is carried out to this character string with cipher key source self, while encrypting account, general The machine of fighting hand to hand is sent to bank server to the verifying character string and account ciphertext encrypted together；

Step 6, bank server checks whether re-encrypted, and judgment method is that plain code pointer is different, then decrypts and be confirmed whether It is the character string just sent out, confirmation is that the account after re-inspection decryption is errorless, and confirmation is verified just now, bank service The payment information that device is sent by step 3 mobile phone user is remitted money to bank, payee by bill, has sent money to mobile phone after completion Remittance information；

Step 7, mobile phone obtains after taking the information that device payment is completed, and successful payment is informed to the Cash collecting equipment of hotel owner；

Step 8, the bank account of Cash collecting equipment inquiry self, prompts hotel owner to pay goods after confirming account, and hotel owner's hand over of goods is handed over It is readily accomplished.

4. veritifying each success communication with bank account as preferably described step 6 transaction or mobile phone terminates preceding password source according to close Key source encrypting and decrypting rule, adjust automatically key source structure form new cipher key source and use for communication next time, and concrete operations are logical Letter both sides are changed respective cipher key source as follows: since this chooses the starting point byte of key, by several words Section is divided to two sections of tail portions and head for moving on to cipher key source, and the foundation of mobile byte number is the byte of the low three-bit value of starting point byte Number moves on to the tail portion of cipher key source, then the head of cipher key source is moved to by low three byte numbers of that back to back byte；Through this Mobile adjustment, produce three new tie points, i.e. the more several bytes in head, produces a new tie point with protocephalic region, The previous byte of key starting point is chosen from this and produces one newly with the rear portion beginning for removing several bytes in secondary middle part Tie point, third is that several bytes of protocercal tail portion and new in-migration produce a new tie point；

Furthermore be exactly that the positions of all bytes of cipher key source produces variation relative to original cipher key source, thus become one it is new Cipher key source.

5. before terminating as preferably described step 6 transaction or mobile phone and each success communication of bank account veritification, bank server With company of handset synchronous adjustment key source structure, forms new cipher key source and used for communication next time；The specific method is as follows: from this It is that starting point byte starts that key is chosen in transaction, is divided into upper byte and lower byte by its front and back is arranged in, then choose starting The secret key of upper and lower part at least one byte of point byte secret key, is classified as the tail portion and head that two sections move on to cipher key source respectively Portion；

The secret key byte movement rule that lower byte will move is that the neutral gear of existing position byte is downward after upper byte is mobile Low three positions byte, (if it is multiple bytes) keep it is existing puts in order, these three bytes are successively shifted into arrangement At the top of to this cipher key source before first character section；Through this movement adjustment, three new tie points are produced, i.e. head is how several A byte produces a new tie point with former first character section；After several bytes are removed in centre, next part is brought up, shape At a new tie point；Several bytes of protocercal tail portion and new in-migration form a new tie point；Make original cipher key source each Relative position locating for byte is changed after movement, it is a completely new cipher key source.

6. being company of handset as preferably described " companion "；The present invention is equipped with a company of handset to user, and company of handset is one A intelligence monolithic system, inside has microprocessor, running memory and flash memory and bluetooth communication, is made into key chain, hand The implements not easy to lose such as ring, wrist-watch；Company of handset is carried out wireless communication using bluetooth and hand family mobile phone, and bluetooth least work is arranged Rate keeps communication distance most short, and mobile phone is with companion using particular encryption at uniquely coupled；The function of company of handset is one is storage is used The bank address cipher key source and account at family, at the same can also store user other it is related link network address, cipher key source and account, and it is each The various certificate data such as kind identity document followed by carry out data when running banking or other occasions verifying identity Encrypt and Decrypt, then started by mobile phone and bank or other equipment data exchange, monitor the operation of cell phone application, entire agiotage Process is by the data judging mobile phone operation process decrypted according to companion.

7. being also accompanied with a bluetooth devices as the preferred Cash collecting equipment, which, will when payee networks The device is written in the GPS measured value of Cash collecting equipment, if having its user's identical value, can adjust and then be written in right amount the device Part, and it is registered in the attribute column of the connecting platform Cash collecting equipment, Cash collecting equipment is broadcasted in Cash collecting equipment work for payment mobile phone GPS value, the bluetooth devices communication effective distance of company of handset or Cash collecting equipment is 0.5-3 meter, and mobile phone uses specific with companion It is encrypted to uniquely coupled.

8. when as the preferred progress step 5, Cash collecting equipment obtains the head portrait of mobile phone user from connecting platform, which is hand Machine user is when third-party platform is registered, user's head portrait photo that scene is taken pictures, as the starting for transmitting information with mobile phone user Button bitmap is shown on Cash collecting equipment, if there is several customers at this time, just has several head portraits to show on Cash collecting equipment.

9. needing to encrypt now with a character string as preferably described, this cipher key source M=2Kb, m=256b.

10. the set sizes in secret key source are preferably 18 depending on use demand and system energy tolerances as preferably described Password, which is limited, produces 12K, and no limit for cryptographic digit takes at least 16Mb or more.