Nothing Special   »   [go: up one dir, main page]

CN108197940A - Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal - Google Patents

Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal Download PDF

Info

Publication number
CN108197940A
CN108197940A CN201810042149.4A CN201810042149A CN108197940A CN 108197940 A CN108197940 A CN 108197940A CN 201810042149 A CN201810042149 A CN 201810042149A CN 108197940 A CN108197940 A CN 108197940A
Authority
CN
China
Prior art keywords
card
mobile terminal
verified
mark
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810042149.4A
Other languages
Chinese (zh)
Inventor
张帆
张慧
张聪
刘小丽
刘泽宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Polytechnic University
Original Assignee
Wuhan Polytechnic University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Polytechnic University filed Critical Wuhan Polytechnic University
Priority to CN201810042149.4A priority Critical patent/CN108197940A/en
Publication of CN108197940A publication Critical patent/CN108197940A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention provides payment request response method, mobile terminal and the readable storage medium storing program for executing of a kind of mobile terminal, mobile terminal of the invention obtains the first TF card mark of TF card to be verified when detecting payment request;The the second TF card mark to prestore in the machine is read, the first TF card mark is compared with the second TF card mark;When the first TF card mark is identical with the second TF card mark, first movement terminal iidentification in the machine is read;Read the second mobile terminal identification to prestore in TF card to be verified;First movement terminal iidentification is compared with the second mobile terminal identification, when first movement terminal iidentification is identical with the second mobile terminal identification, it is target TF card to assert the TF card to be verified, and payment request is responded, it can avoid influencing the payment account safety of user under all kinds of situations such as mobile terminal loss, stolen and malicious code, the present invention need to only use a TF card, of low cost, and good compatibility.

Description

Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal
Technical field
The present invention relates to communication and the payment request response method of computer realm more particularly to a kind of mobile terminal, move Dynamic terminal and readable storage medium storing program for executing.
Background technology
The huge facility brought along with mobile payment, mobile payment user are also faced with huge security risk.Due to All kinds of safety problems such as mobile phone is lost, stolen, payment cipher leakage, unauthorized use, viral Trojan attack, hack are led The mobile payment security problem of cause emerges in an endless stream.According to statistics, the economic loss nearly ninety percent caused by mobile payment is difficult to recover.Cause This, above-mentioned safety problem not only affects the use feeling of user, and huge economic damage is more seriously caused to user It loses.
There are following defects in payment process for mobile terminal in currently available technology:
(1) part existing scheme uses special hardware equipment, and compatibility is poor, and greatly enhances user cost.
(2) part existing scheme needs to change payment infrastructure, does not have versatility.
(3) part existing scheme uses the auth method based on biological characteristic, has limitation and security risk.Portion Existing program is divided to use biometric identity authentication method.But the identity identifying method based on biological characteristic is small in the presence of being difficult to Typeization and easily around etc. limitations, security intensity it is inadequate.(such as iris recognition have uniqueness, stability, acquisition property and The advantages that non-property invaded.But system cost is excessively high to need expensive camera due to the needs of focusing, it is difficult to by image acquisition Equipment it is compact in size)
(4) existing scheme is almost without consideration payment request and the protection question of relevant sensitization operation.
Verify mobile terminal user's using the password formula verification mode of input set of number mostly in the prior art Identity information, mode is too simple not safe enough, once under the situations such as mobile intelligent terminal is lost, stolen and malicious code, attacks The person of hitting being capable of physical operations mobile intelligent terminal.Attacker may successfully carry out payment request or even can be by holding at this time All kinds of sensitive operations such as row " update personal information, changes payment cipher, and wholesale consumption transfers accounts and withdraws the money " further result in movement The economic loss of terminal genuine owner's bigger, existing scheme account for almost without to this.
Invention content
It is a primary object of the present invention to provide a kind of payment request response method of mobile terminal, mobile terminal and can Read storage medium, it is intended to which how solution avoids influencing under all kinds of situations such as mobile terminal loss, stolen and malicious code To the payment account safety of user, current all kinds of mobile payment platforms " excessively trusting mobile terminal " are solved the problems, such as.
To achieve the above object, the present invention provides a kind of payment request response method of mobile terminal, the method packets Include following steps:
Mobile terminal obtains the first TF card mark of TF card to be verified when detecting payment request;
The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are carried out It compares;
When first TF card mark is identical with the second TF card mark, first movement terminal mark in the machine is read Know;
Read the second mobile terminal identification to prestore in the TF card to be verified;
The first movement terminal iidentification is compared with second mobile terminal identification, at first movement end When end mark is identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and to the payment Request is responded.
Preferably, the mobile terminal obtains the first TF card mark of TF card to be verified, tool when detecting payment request Body includes:
Mobile terminal detects whether TF card to be verified is inserted into the machine when detecting payment request;
When testing result is inserted into the machine for TF card to be verified, the first TF card mark of TF card to be verified is obtained.
Preferably, it is described to read the second mobile terminal identification to prestore in the TF card to be verified, it specifically includes:
The second mobile terminal identification to prestore in the TF card to be verified is obtained, by locally stored first key to institute It states the second mobile terminal identification to be decrypted, obtains second identifier in plain text;
Correspondingly, described the first movement terminal iidentification is compared with second mobile terminal identification, in institute State first movement terminal iidentification it is identical with second mobile terminal identification when, assert the TF card to be verified for target TF card, And the payment request is responded, it specifically includes:
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, the TF card to be verified is assert for target TF card, and the payment request is carried out Response.
Preferably, for the mobile terminal when detecting payment request, the first TF card for obtaining TF card to be verified identifies it Before, the method further includes:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key;
The first key is stored in the machine;
Read the first movement terminal iidentification of the machine;
The first movement terminal iidentification is encrypted by the first key, by encrypted first movement terminal iidentification Ciphertext be stored in the target TF card as the second mobile terminal identification;
The TF card mark of the target TF card is read, the TF card mark of the target TF card is deposited as the second TF card mark It is stored in described mobile terminal the machine.
Preferably, the method further includes:
Mobile terminal is sent to service when detecting sensitive operation request input by user, by sensitive operation request Device, so that server feedback verification short message corresponding with sensitive operation request.
Preferably, the mobile terminal, please by the sensitive operation when detecting sensitive operation request input by user It asks and is sent to server, so that the server feedback is with after the corresponding short message of sensitive operation request, further including:
Mobile terminal obtains the first TF card of the TF card to be verified in the verification short message for receiving the server feedback Mark;The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are compared It is right;When first TF card mark is identical with the second TF card mark, first movement terminal iidentification in the machine is read;It obtains The second mobile terminal identification to prestore in the TF card to be verified, by the first key to second mobile terminal identification It is decrypted, to obtain second identifier in plain text;
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, assert that the TF card to be verified for target TF card, is carried from the TF card to be verified The second key is taken, by verifying that short message carries out transparent encryption described in second key pair, to generate short message ciphertext;
It reads and instructs in response to short message input by user, be decrypted by short message ciphertext described in second key pair, In successful decryption, generation verification short message in plain text, and is shown the short message in plain text.
Preferably, the mobile terminal is created when detecting that target TF card is inserted into the machine in response to key input by user Instruction is built, first key is generated, specifically includes:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key and the second key;
By second key storage in the target TF card.
Preferably, the mobile terminal detects whether TF card to be verified is inserted into after the machine when detecting payment request, It further includes:
When testing result is not inserted into the machine for TF card to be verified, the testing result is shown.
In addition, to achieve the above object, the present invention also proposes a kind of mobile terminal, and the mobile terminal includes:Memory, Processor and the payment request responder for being stored in the mobile terminal that can be run on the memory and on the processor, The payment request responder of the mobile terminal is arranged for carrying out the payment request response method of mobile terminal as described above The step of.
In addition, to achieve the above object, the present invention also proposes a kind of readable storage medium storing program for executing, is deposited on the readable storage medium storing program for executing The payment request responder of mobile terminal is contained, it is real when the payment request responder of the mobile terminal is executed by processor Now the step of payment request response method of mobile terminal as described above.
The present invention provides payment request response method, mobile terminal and the computer storage media of a kind of mobile terminal, The mobile terminal of the present invention obtains the first TF card mark of TF card to be verified when detecting payment request;It reads pre- in the machine First TF card mark is compared the second TF card mark deposited with the second TF card mark;In the first TF card mark and the 2nd TF When card mark is identical, first movement terminal iidentification in the machine is read;Read the second mobile terminal mark to prestore in TF card to be verified Know;First movement terminal iidentification with the second mobile terminal identification is compared, is moved in first movement terminal iidentification and second When terminal iidentification is identical, the TF card to be verified is assert for target TF card, and payment request is responded, and then can be effective Ground prevents attack of the malicious code to mobile terminal kernel, while can avoid in mobile terminal loss, stolen and malicious code Etc. the payment account safety that user is influenced under all kinds of situations, solve at present all kinds of mobile payment platforms " excessively trust it is mobile eventually The problem of end ", the present invention need to only use a TF card, not need to additional hardware device, it is not required that mainstream payment software Payment infrastructure do any change, it is of low cost, and good compatibility, transparent can support existing and future all payment platforms
Description of the drawings
Fig. 1 is the structure diagram of the mobile terminal for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of the payment request response method first embodiment of mobile terminal of the present invention;
Fig. 3 is the flow diagram of the payment request response method second embodiment of mobile terminal of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Payment request response method and corresponding mobile terminal present invention generally provides a kind of mobile terminal, base of the present invention " mobile terminal --- TF card bidirectional identity authentication " function is introduced in TF card (Trans-flash Card), strengthens mobile payment Certification safety.
With reference to Fig. 1, Fig. 1 is the mobile terminal structure schematic diagram of hardware running environment that the embodiment of the present invention is related to.
As shown in Figure 1, the mobile terminal can include:Processor 1001, such as CPU, communication bus 1002, user interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is used to implement the connection communication between these components. User interface 1003 can include touching display screen, and optional user interface 1003 can also include the wireline interface, wireless of standard Interface.Network interface 1004 can optionally include standard wireline interface and wireless interface (such as WI-FI interfaces).Memory 1005 can be high-speed RAM memory or the memory (non-volatile memory) of stabilization, such as disk are deposited Reservoir.Memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.
It will be understood by those skilled in the art that the apparatus structure shown in Fig. 1 does not form the limit to the mobile terminal It is fixed, it can include either combining certain components or different components arrangement than illustrating more or fewer components.
As shown in Figure 1, operating system, network communication module, Subscriber Interface Module SIM can be included in the memory 1005 And the payment request responder of mobile terminal.It should be noted that the mobile terminal in the present embodiment can be mobile phone.
In mobile terminal shown in Fig. 1, network interface 1004 is mainly used for data communication;User interface 1003 is mainly used In facilitating user data interaction is carried out with intelligent terminal;Mobile terminal of the present invention calls memory by processor 1001 The payment request responder of the mobile terminal stored in 1005, and perform following operate:
Mobile terminal obtains the first TF card mark of TF card to be verified when detecting payment request;
The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are carried out It compares;
When first TF card mark is identical with the second TF card mark, first movement terminal mark in the machine is read Know;
Read the second mobile terminal identification to prestore in the TF card to be verified;
The first movement terminal iidentification is compared with second mobile terminal identification, at first movement end When end mark is identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and to the payment Request is responded.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
Mobile terminal detects whether TF card to be verified is inserted into the machine when detecting payment request;
When testing result is inserted into the machine for TF card to be verified, the first TF card mark of TF card to be verified is obtained.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
The second mobile terminal identification to prestore in the TF card to be verified is obtained, by locally stored first key to institute It states the second mobile terminal identification to be decrypted, obtains second identifier in plain text;
Correspondingly, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, the TF card to be verified is assert for target TF card, and the payment request is carried out Response.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key;
The first key is stored in the machine;
Read the first movement terminal iidentification of the machine;
The first movement terminal iidentification is encrypted by the first key, by encrypted first movement terminal iidentification Ciphertext be stored in the target TF card as the second mobile terminal identification;
The TF card mark of the target TF card is read, the TF card mark of the target TF card is deposited as the second TF card mark It is stored in described mobile terminal the machine.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
Mobile terminal is sent to service when detecting sensitive operation request input by user, by sensitive operation request Device, so that server feedback verification short message corresponding with sensitive operation request.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
Mobile terminal obtains the first TF card of the TF card to be verified in the verification short message for receiving the server feedback Mark;The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are compared It is right;When first TF card mark is identical with the second TF card mark, first movement terminal iidentification in the machine is read;It obtains The second mobile terminal identification to prestore in the TF card to be verified, by the first key to second mobile terminal identification It is decrypted, to obtain second identifier in plain text;
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, assert that the TF card to be verified for target TF card, is carried from the TF card to be verified The second key is taken, by verifying that short message carries out transparent encryption described in second key pair, to generate short message ciphertext;
It reads and instructs in response to short message input by user, be decrypted by short message ciphertext described in second key pair, In successful decryption, generation verification short message in plain text, and is shown the short message in plain text.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key and the second key;
By second key storage in the target TF card.
Further, the payment request for calling the mobile terminal stored in memory 1005 by processor 1001 responds journey Sequence goes back and performs following operation:
When testing result is not inserted into the machine for TF card to be verified, the testing result is shown.
The mobile terminal of the present embodiment obtains the first TF card mark of TF card to be verified when detecting payment request;It reads The second TF card to prestore in the machine is taken to identify, the first TF card mark is compared with the second TF card mark;In the first TF card mark When knowing identical with the second TF card mark, first movement terminal iidentification in the machine is read;Read second to prestore in TF card to be verified Mobile terminal identification;First movement terminal iidentification is compared with the second mobile terminal identification, in first movement terminal iidentification When identical with the second mobile terminal identification, the TF card to be verified is assert for target TF card, and payment request is responded, into And attack of the malicious code to mobile terminal kernel can be effectively prevented, while can avoid in mobile terminal loss, be stolen Payment account safety with user is influenced under all kinds of situations such as malicious code, solves current all kinds of mobile payment platforms " excessively Trust mobile terminal " the problem of, the present invention need to only use a TF card, not need to additional hardware device, it is not required that master The payment infrastructure of stream payment software does any change, of low cost, and good compatibility, transparent can support existing and future institute There is payment platform.
With reference to Fig. 2, based on hardware above running environment, a kind of payment request response method of mobile terminal of the present invention is proposed Embodiment;
First implementation process diagram of the payment request response method of mobile terminal of the present invention,
The payment request response method of the mobile terminal the described method comprises the following steps:
Step S10:Mobile terminal obtains the first TF card mark of TF card to be verified when detecting payment request;
It should be noted that the mobile terminal of the present embodiment, in payment process, user needs a TF card or SD card (Secure Digital Memory) is used cooperatively, i.e., the present embodiment is other than needing a TF card or a SD card, nothing Need any other hardware device, good compatibility, cheap (such as only more than ten yuan of a kind of commercial TF card or SD card), user Just.And then before the step S10, need to carry out TF card and the initial configuration of mobile terminal;Initial configuration only needs It carries out once, configuration can normal use after completing.
It will be appreciated that the present embodiment introduces a TF card, a pair of " mobile terminal-TF card " between the two is constructed Answer binding relationship.Introduced TF card is used only for mobile payment security enhancing, for not having except the application except mobile payment There is any influence, usually mobile terminal genuine owner separately stores TF card with mobile terminal, can be carried out without TF card Any operation in addition to mobile payment.When carrying out mobile payment (or with the relevant sensitive operation of mobile payment), initiate People must provide the TF card, to pass through " mobile terminal-TF card " bidirectional identity authentication.Bidirectional identity authentication is only passed through, has moved The kernel of dynamic terminal, which is just let pass, carries out the mobile payment operation of next step;In addition, if sensitive operation involved in operation (such as more New individual information changes payment cipher, carry out wholesale consumption, transfer accounts with enchashment etc.), server receives mobile terminal transmission Sensitive operation is asked, and verification short message corresponding with sensitive operation request is fed back to the mobile terminal, if mobile terminal energy Enough to pass through " mobile terminal-TF card " bidirectional identity authentication, then the cleartext information for verifying short message can be showed initiation by mobile terminal The mobile payment operation of the promoter of sensitive operation, otherwise kernel refusal next step, and refuse to provide the plaintext letter of verification short message It ceases to operation promoter.
Before the step S10, the initial configuration of TF card and mobile terminal the specific steps are:Mobile terminal is being examined It when measuring target TF card and being inserted into the machine, creates and instructs in response to key input by user, generate first key;It is close by described first Key is stored in the machine;Read the first movement terminal iidentification of the machine;By the first key to the first movement terminal mark Know encryption, the target TF card is stored in using the ciphertext of encrypted first movement terminal iidentification as the second mobile terminal identification In;The TF card mark of the target TF card is read, the TF card mark of the target TF card is stored in as the second TF card mark In described mobile terminal the machine.It will be appreciated that initialization program reads hardware information H (i.e. first shiftings of mobile terminal the machine Dynamic terminal iidentification), after mobile terminal creates instruction in response to key input by user, it can generate for first movement terminal mark Know the encrypted first key K of Hkhc, for the second key K of transparent encryption and decryption, (the second secret key K is mainly used for testing for random generation It demonstrate,proves short message and carries out transparent encryption and decryption in real time, specific steps can be in the payment request response method of the following mobile terminals of the present invention It is illustrated in second embodiment);Then, initialization program reads configuration information C input by user.Obtain first key Kkhc Later, pass through the first key KkhcBy the hardware information H (i.e. first movement terminal iidentification) of mobile terminal the machine, second close Key K and configuration information C this three encrypt and are hidden into target TF card (including by encrypted first movement terminal iidentification The ciphertext of H is stored in as the second mobile terminal identification H` in the target TF card).Mobile terminal can read the target simultaneously The CID (i.e. the first TF card mark) of TF card and be stored in configuration information C " verification short message number source and verify it is short Letter judgement word ", and the two is saved in the kernel file File of mobile terminal.By to Yaffs2 file system drivers into Row safety enhancing, the present embodiment can ensure that kernel file File is not illegally read and distorted.
It should be noted that as a kind of example, select here TF card CID (Card IDentification) as The identification information of TF card, i.e. hardware information of each unique identification number of TF card as TF card.By the target TF The first TF card mark CID of card is stored in described mobile terminal the machine and is defined as the second TF card mark CID`.
In the concrete realization, the kernel F of the mobile terminal of the present embodiment may include " TF card secure storage a key Generating algorithm module ", the virtual module is for generating the second key K, the first movement terminal iidentification H, described match Used encryption key first key K when confidence ceases C enciphering hidings to TF cardkhc
In order to realize secure storage in general commercial TF card, this programme employs the double of " encryption+file system is hidden " Weight protection scheme.It is specifically, " transparent encryption and decryption key K, user terminal hardware information H, relevant configuration information C " etc. is important After information encryption, it is hidden in the file system of TF card, wherein:Encryption above " transparent encryption and decryption key K, user terminal Hardware information H, relevant configuration information C " algorithm use domestic symmetric encipherment algorithm SM4;Encryption " transparent encryption and decryption key K, is used The first key K of family terminal hardware information H, relevant configuration information C "khcGenerating algorithm is hard-coded in kernel, and key is given birth to Parameter into algorithm is related to " hardware information of TF card and mobile intelligent terminal ".
The scheme of " encryption+file system is hidden " duplicate protection scheme storage with high safety is used in general commercial TF card It is as follows:Firstly, for random file system, in order to indicate whether basic unit of storage can be used for storing data, file system Can using the data structure for being referred to as bitmap (bitmap) come to each storage unit into line flag.To use FAT32 files For the TF card of system, the minimum basic unit of storage of FAT32 file system is " cluster ".Data can be stored for each " cluster ", there are one one-to-one bit in " bitmap " data structure of FAT32 file system to be used for whether indicating " cluster " It can be used for that data are written, such as " 0 " represents that the cluster is used, and " 1 ", which represents that the cluster is not used, can be used for that number is written According to.For this purpose, it can randomly choose cluster artificially flag bit " 0 " of certain flag bits for " 1 ", so that FAT32 files system System will not reuse these clusters.Then, the bitmap number information of selected these " clusters " is recorded in configuration information C, And these clusters are arrived into the storage of encrypted " transparent encryption and decryption key K, user terminal hardware information H, relevant configuration information C " information In the middle.Hereby it is achieved that by important informations such as " transparent encryption and decryption key K, user terminal hardware information H, relevant configuration information C " The purpose of TF card is hidden in after encryption.
It should be pointed out that in the present embodiment, to encrypt " transparent the second key of encryption and decryption K, first movement terminal mark The key schedule for knowing the important informations such as H, relevant configuration information C " is hard-coded in kernel, and safety is can to ensure , the reason is as follows that:If attacker will attack above-mentioned encryption key generating algorithm, it is necessary first to break through kernel, secondly It needs in the above-mentioned algorithmic code of interior nuclear location, then also needs to that after conversed analysis code function attack could be implemented.If it adopts The difficulty of attack can be further increased with existing kernel protection measure (such as address is randomized, Code obfuscation etc.).Particularly, such as It is preceding described, during attack, due to parameter and " the hardware information H of TF card and mobile terminal " of encryption key generating algorithm Correlation, attacker, which also needs to acquisition TF card, can just finally achieve attack.Meanwhile the present embodiment is that the file system based on TF card will Important information is hidden in TF card, thus can't influence the use of TF card.In other words, which still can be as common The same reading and writing data of TF card, completely without any exception.Attacker be difficult to differentiate between concealing in this programme the TF card of information with it is general Logical TF card, this has further ensured the safety of institute's hiding data.Specifically, generation first key Kkhc is whole with TF card and movement The hardware information H at end is parameter, using the key schedule of autonomous Design.As a kind of example, the present embodiment using CID as TF card hardware information parameter, using (International Mobile Equipment Identity, the world are mobile as IMEI Device identity), ISMI (International Mobile Subscriber Identification Number, the world move Dynamic CUSTOMER ID), hardware information parameters of the telephone number Phone Number as mobile terminal, and provide a kind of feasible Key schedule is following (in formula | | represent character string connection):
KKHC=HASH (CID | | HASH (IEMI | | HASH (ISMI | | HSAH (PHONE NUMBER))))
HASH represents hash algorithm in above formula, and the present embodiment selects domestic SM3 hash algorithms.Due to first key KkhcIt is close Key generating algorithm is generated using the hardware information of TF card and mobile terminal as parameter, therefore even if attacker obtains (by attacking kernel) Obtained KkhcThe specific implementation code of key schedule as long as it can not obtain TF card, still cannot generate Kkhc, so as to add It is close be hidden in the second key K described in TF card, the first movement terminal iidentification H, the configuration information C KHC information be peace Complete.
In the concrete realization, the kernel F of mobile terminal, can be to the payment when detecting payment request by the step S10 Request is intercepted;Then detect whether TF card to be verified is inserted into the machine, when testing result is inserted into the machine for TF card to be verified, Obtain the first TF card mark CID of TF card to be verified.When testing result is not inserted into the machine for TF card to be verified, to the detection As a result it is shown, the promoter of payment request to be reminded to be inserted into TF card to be verified to mobile terminal the machine.
Step S20:The the second TF card mark to prestore in the machine is read, by first TF card mark and second TF card Mark is compared;
Step S30:When first TF card mark is identical with the second TF card mark, first movement in the machine is read Terminal iidentification;
It will be appreciated that after kernel F intercepts the payment request, it can read what is prestored in mobile terminal the machine immediately CID` (the second TF card mark) CID (the first TF card mark) is compared with CID` (the second TF card mark), in CID and CID When ` is identical, then it may be characterized as the mobile terminal and actively the SD to be verified be proved to be successful, it will be appreciated that is " mobile to complete Unidirectional authentication in terminal-TF card bi-directional verification ", then the processor of mobile terminal read first movement terminal mark in the machine Know H.
Step S40:Read the second mobile terminal identification to prestore in the TF card to be verified;
In the concrete realization, the second mobile terminal identification H` to prestore in TF card to be verified described in acquisition for mobile terminal, by Mobile terminal passes through locally stored first key KkhcThe second mobile terminal identification H` is decrypted, obtains the second mark Know plaintext H`;
Step S50:The first movement terminal iidentification is compared with second mobile terminal identification, described When one mobile terminal identification is identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and right The payment request is responded.
It should be noted that TF card should be completed the certification of mobile terminal by TF card.But if by TF Card completes the certification to mobile terminal, and TF card is needed to have computing capability, use can be greatly increased using the TF card with computing capability The cost payout at family.On the other hand, realize that its safety is also TF card to the authentication of mobile terminal by mobile terminal itself It can ensure, this is because information comparison during above-mentioned verification is realized in kernel, when kernel is compiled as binary system After code, if attacker will attack above-mentioned verification comparison function, it is necessary first to kernel is broken through, then in kernel The code that above-mentioned verification compares is positioned, finally also wants just reach attack after conversed analysis code function.Using existing interior Nuclear protection measure (such as address randomization, Code obfuscation) can further increase the difficulty of attack.
In the concrete realization, the first movement terminal iidentification H is compared with the second identifier plaintext H`, in institute State first movement terminal iidentification H it is identical with the second identifier plaintext H` when, then may be characterized as the SD to be verified actively to institute It states mobile terminal and is proved to be successful (actually executive agent is still the mobile terminal), that is, complete " mobile terminal-TF card Bi-directional verification in bi-directional verification " assert the TF card to be verified for target TF card, that is, the promoter for illustrating payment request is to move Dynamic terminal is really owner, and the payment request is responded.
The mobile terminal of the present embodiment obtains the first TF card mark of TF card to be verified when detecting payment request;It reads The second TF card to prestore in the machine is taken to identify, the first TF card mark is compared with the second TF card mark;In the first TF card mark When knowing identical with the second TF card mark, first movement terminal iidentification in the machine is read;Read second to prestore in TF card to be verified Mobile terminal identification;First movement terminal iidentification is compared with the second mobile terminal identification, in first movement terminal iidentification When identical with the second mobile terminal identification, the TF card to be verified is assert for target TF card, and payment request is responded, into And attack of the malicious code to mobile terminal kernel can be effectively prevented, while can avoid in mobile terminal loss, be stolen Payment account safety with user is influenced under all kinds of situations such as malicious code, solves current all kinds of mobile payment platforms " excessively Trust mobile terminal " the problem of, the present invention need to only use a TF card, not need to additional hardware device, it is not required that master The payment infrastructure of stream payment software does any change, of low cost, and good compatibility, transparent can support existing and future institute There is payment platform.
With reference to figure 3, Fig. 3 is the second embodiment flow diagram of the payment request response method of mobile terminal of the present invention; First of payment request response method based on mobile terminal of the present invention implements to propose that the payment request of mobile terminal of the present invention is rung The second of induction method implements to propose
In the present embodiment, after the step S50, the method further includes:Mobile terminal is detecting user's input Sensitive operation request when, by the sensitive operation request be sent to server so that the server feedback with it is described quick Feel the corresponding verification short message of operation requests.
In the concrete realization, the kernel F of mobile terminal can ask the sensitive operation when detecting sensitive operation request It is intercepted.
Further, the mobile terminal is when detecting sensitive operation request input by user, by the sensitive operation Request is sent to server, so that after server feedback verification short message corresponding with sensitive operation request, also Including:
Step S60:Mobile terminal obtains the TF card to be verified in the verification short message for receiving the server feedback First TF card identifies, and reads the second TF card mark to prestore in the machine, by first TF card mark and second TF card Mark is compared, and when first TF card mark is identical with the second TF card mark, it is whole to read first movement in the machine End mark, obtains the second mobile terminal identification to prestore in the TF card to be verified, by the first key to described second Mobile terminal identification is decrypted, to obtain second identifier in plain text;
It will be appreciated that the sensitive operation request that server receives mobile terminal transmission (such as updates personal information, more Change payment cipher, carry out wholesale consumption, transfer accounts with enchashment etc.), feedback is corresponding with sensitive operation request to verify short message extremely The mobile terminal;Mobile terminal can be performed directly and " be moved in the verification short message for receiving the server feedback in step S60 The step of dynamic terminal-TF card " bidirectional identity authentication;
In the concrete realization, the kernel F of the mobile terminal of the present embodiment may include that one " is enhanced based on communication security Sensitive short message safety enhancing module ", which is used to carry out safety to (3G/4G/5G) of mobile terminal communication driving Enhancing so that after it receives short message, whether the automatic decision short message is sensitive short message (i.e. described verification short message), and to sensitive short The automatic encryption of letter.This include both sides work, when how automatic identification sensitivity short message;Second is that how short message reading content, And sensitive short message is encrypted automatically (corresponding following step S70).
The present embodiment can judge that sensitive short message is included in terms of two in terms of two.Specifically, first, from short The number source of letter judges.In general, paying logical, bank etc. including Alipay, wealth, there is its specific telephone number.For example, payment Treasured is 95188, and the note number of China Merchants Bank is 95555 etc..Therefore, if source is these exclusive telephone numbers, sentence It is set to important short message.Secondly, judge from the content of short message.If the content of short message contains sensitive word, such as:Verification, branch It pays, consume, transferring accounts, (sensitive word is merely illustrative herein, real for the keywords such as account, password, mailbox, RMB, dollar, Alipay Can additions and deletions as needed in the use of border), then it is determined as important short message.These are indicating the short message number of sensitive short message And keyword, all memory blocks are in configuration file C, and with " transparent encryption and decryption key K, user terminal hardware information H, correlation TF card is hidden in after the form encryption of configuration information C ".When system initializes for the first time, configuration information C by mobile terminal from It is dynamic to be read into kernel, by being stored after kernel Extracting Information in some file File, and based on aforementioned Yaffs2 file system Safety enhancing is protected, and to ensure file File other than kernel, any user's (or process) is all invisible, and without appointing What reading and writing, the access rights performed.In this way, once mobile terminal receives new short message, kernel will be according in file File Whether information automatic identification is sensitive short message, and sensitive short message is encrypted.
Step S70:The first movement terminal iidentification with the second identifier is compared in plain text, is moved described first When dynamic terminal iidentification is identical with second identifier plaintext, the identification TF card to be verified is target TF card, from described to be verified The second key is extracted in TF card, by verifying that short message carries out transparent encryption described in second key pair, to generate short message ciphertext;
It should be noted that it is related in a kind of first embodiment of the payment request response method of above-mentioned mobile terminal In the sport technique segment of TF card and the initial configuration of mobile terminal, specifically include:Mobile terminal is detecting the insertion of target TF card During the machine, create and instruct in response to key input by user, generation first key KkhcWith the second key K, pass through first key KkhcSecond key K is encrypted, and the second key K after being encrypted is stored in the target TF card.Wherein, it is described Second key K is used to carry out transparent encryption to the verification short message, to generate short message ciphertext;
It will be appreciated that in step S70, only when by " mobile terminal-TF card " bidirectional identity authentication, can just perform By verifying that short message carries out transparent encryption described in second key pair, the step of to generate short message ciphertext.Specifically, first by Mobile terminal passes through locally stored first key KkhcThe the second key K stored in the TF card to be verified is decrypted, into And the second key K can be extracted from the TF card to be verified;If locally stored first key KkhcTo the TF to be verified Failure is decrypted in the second key K stored in card, then the second key K can not be extracted from the TF card to be verified, can not be held Row is described to be performed by verifying the step of short message carries out transparent encryption described in second key pair.In addition, if mobile terminal It being not inserted into TF card or is extracted again after TF card is inserted into, the verification short message will not show user at this time, that is, Say that user can not obtain the verification short message, and mobile terminal can prompt the correct TF card progress of user's insertion " mobile whole End-TF card " bidirectional identity authentication.In addition, if not over " mobile terminal-TF card " bidirectional identity authentication (such as user TF card can not be provided), then mobile terminal can verify that short message (i.e. sensitive short message) storage is non-genuine after enhancing to safety by described Server is retracted into the catalogue that user can not read or by the verification short message, in a word if not over " mobile whole End-TF card " bidirectional identity authentication, the currently used person of mobile terminal can not read the verification short message.
In the concrete realization, the kernel F of the mobile terminal of the present embodiment may include one " based on Yaffs2 files system The transparent encryption/decryption module that system enhances safely ".
The virtual module carries out safe enhancing for the Yaffs2 file system drivers general to mobile terminal, realizes transparent Encryption and decryption technology.Specifically, by enhancing Yaffs2 file system drivers so that:All plaintext sensitive datas are written to When mobile terminal, it can be automatically encrypted as ciphertext.(corresponding following step when all encrypted cipher texts are read by a user S80), bidirectional identity authentication is first carried out, only bidirectional identity authentication passes through, and just can decrypt above-mentioned ciphertext to supply in plain text automatically User reads;Otherwise it is non-decrypting, still it is presented to the user in the form of ciphertext.Based on the module, all relevant sensitivities of payment Information can be stored securely on mobile terminal.It should be noted that the transparent encryption and decryption of the present embodiment is using domestic right Claim Encryption Algorithm SM4;Transparent encryption and decryption key K (i.e. the second key K) is stored securely in TF card.
In the concrete realization, locally stored first key K is passed through by mobile terminal first in step S70khcIt is treated to described The the second key K stored in verification TF card is decrypted, and then the second key K can be extracted from the TF card to be verified;It needs It is extracted again later it is noted that if mobile terminal is not inserted into TF card or is inserted into TF card, at this time the verification short message User will not be showed, that is to say, that user can not obtain the verification short message, and mobile terminal can prompt user to insert Enter correct TF card and carry out " mobile terminal-TF card " bidirectional identity authentication;A real-life example is lifted, such as mobile whole The genuine owner at end (i.e. smart mobile phone) goes to an eating and drinking establishment to eat a bowl of nooldes, can carry out barcode scanning payment by mobile terminal, that The genuine owner of this mobile terminal can be inserted into the TF card of oneself first when paying the bill for this bowl face barcode scanning, payment TF card is extracted after success;The genuine owner of this mobile terminal may forget mobile phone above dining table after eating up face later , after which is found by the non-genuine owner of another person, if this non-genuine owner is updated personal information, Wholesale consumption is transferred accounts with enchashment sensitivity when operation requests, can prompt user be inserted into correct TF card carry out " mobile terminal- TF card " bidirectional identity authentication, and then the sensitive operation of the non-genuine owner of mobile terminal can be intercepted when mobile terminal is lost Request;Specification is needed, this implementation only possesses mobile terminal, correct target TF simultaneously in the user of mobile terminal When card and modification logging/payment cipher, user could carry out delivery operation and sensitive operation.
Step S80:In response to short message input by user read instruct, by short message ciphertext described in second key pair into Row decryption, in successful decryption, generation verification short message in plain text, and is shown the short message in plain text.
It should be noted that the mobile terminal of the present embodiment is reading instruction in response to short message input by user, it can again Perform " mobile terminal-TF card " bidirectional identity authentication, it is therefore an objective to further ensure the peace of the payment of mobile terminal genuine owner If entirely it will be appreciated that by " mobile terminal-TF card " bidirectional identity authentication, by the second key K to the short message Ciphertext is decrypted, and in successful decryption, generation verification short message in plain text, and is shown the short message in plain text, that is, provides and test The cleartext information of short message is demonstrate,proved to the promoter for initiating sensitive operation;" if mobile terminal-TF card " bidirectional identity authentication fails, no The step of being decrypted described in the step S80 by short message ciphertext described in second key pair is performed, it is described mobile whole The mobile payment operation of kernel refusal next step is held, and the cleartext information for refusing to provide verification short message is returned to operation promoter Sensitive short message ciphertext to operation promoter person, operation promoter due to can not obtain in plain text, thus can not mobile payment put down Platform can not complete sensitive operation by verification.
In the concrete realization, continue by taking above-mentioned scene as an example, for example the genuine owner of the mobile terminal prepares wholesale turn Account, then correct TF card must be inserted into after the mobile terminal is verified by he first, and mobile terminal can just pass through described Two key K carry out transparent encryption generation short message ciphertext to the verification short message, if user wants to read the short message ciphertext, although Step S70 before saying has verified that success, but primary " mobile terminal-TF card " bidirectional identification still can be performed inside program Certification (purpose is the safety of the further payment for ensureing mobile terminal genuine owner), such as user extract TF card suddenly, so Mobile terminal reads the short message ciphertext again afterwards, encrypted in short message ciphertext in this way, but since TF card has been extracted, it can not Short message reading ciphertext, only in " mobile terminal-TF card " bidirectional identity authentication by later, just performing through second key The short message ciphertext is decrypted, in successful decryption, generation verification short message in plain text, and is shown the short message in plain text The step of.That is, when user wants to read encrypted short message ciphertext, and though SD whether be inserted into mobile terminal or Whether the TF card for being inserted into mobile terminal is correct, can all carry out " mobile terminal-TF card " bidirectional identity authentication again and again, it is therefore an objective to Further ensure the safety of the payment of mobile terminal genuine owner.
It should be noted that the present embodiment is in order to which the specifying information of short message reading is to determine whether sensitive short message, and real Now to the transparent encryption of sensitive short message content, need to carry out safe enhancing to communication driving (3G/4G/5G), in the concrete realization, By taking the mobile terminal is the mobile phone of Android operation system as an example:First, Android platform uses application processor (CPU)+base The framework of microarray strip (Modem), CPU are ordered by AT (ATtention) and interacted with Modem, realization telephone call and short A series of traffic operations such as letter transmitting-receiving.Since the modem that each manufacturer uses may be different, the communication protocol of use is (such as GSM/CDMA etc.) may also be different, therefore, Android has built radio interface layer RIL (Radio Interface Layer), By the conversion of RIL layer protocols, different Modem is abstracted as unified object and is responsible for upper strata.In this way, Android platform In communication actually formed by three layers:Top layer is application layer, and centre is radio interface layer RIL (Radio Interface Layer), lowest level is Modem hardware layers.Undermost Modem is treated as a serial equipment, and CPU with Modem by connecting The serial ports connect is based on AT orders, and (Modem of USB interface is also similar, is only simulated in USB interface with Modem communications One serial ports).Therefore, since undermost Modem drivings are substantially exactly a simple serial port drive, not to phone Or SMS function does any processing, then if to realize the automatic identification to sensitive short message and transparent encryption and decryption, energy " bottom " software layer enough started with is exactly Android radio interface layers RIL.
RIL layers of local source code mainly include following three pieces under hardware/ril catalogues:(a) ./rild catalogues.This A catalogue is the finger daemon of RIL, is mainly responsible for and opens RIL dynamic bases, performs the groundworks such as initialization RIL.(b)./ Libril catalogues.This catalogue contains the publicly-owned operation library function collection of RIL.(c) ./reference-ril catalogues.This mesh Record contains the specific RIL processing collection of functions of manufacturer:Since the Modem that different mobile terminal uses may be different, in RIL public affairs On the basis of having RIL operations library, different vendor realizes the specific RIL processing collection of functions of manufacturer.In conclusion it needs to manufacturer Specific RIL processing collections of functions (./reference-ril catalogues) carry out safe enhancing.
And two major class can be divided by being used for the AT Command Set to communicate with Modem:It is (Solicited) of active request and passive (Unsolicited) of request.For example, it is active (Solicited) to make a phone call and send short message;Answerphone and reception Short message is passive (Unsolicited).Obviously, it is corresponding to be processed to sensitive short message automatic identification and transparent encryption and decryption It is the AT command functions of passive (Unsolicited).In this process, at_open () function in RIL establish CPU with The channel to communicate between Modem;Based on this channel, readerLoop ()->Readline () function reading usb turns serial ports and sets Standby upper various AT orders simultaneously return to an order constant pointer;ProcessLine () function parses transmitted AT orders. Finally, passive request command (reaching the AT orders such as SMS confirmation CNMA as new) parsing is handled by a specific function.Root According to different manufacturers, the name of this specific function is different.
For example, on our experimental development board of multi, after Modem receives short message, if this short message is written to SIM by request In card, then sms_write_2_sim () function can be called.Sms_write_2_sim () then calls send_sms_cmd () function is ready for sending (second input parameter of send_sms_cmd () in the AT orders to Modem of CMGW write-in short messages Exactly received short message).Next, send_sms_cmd () carries out write-in thread to call send_ after locking mutual exclusion Sms_cmd_full () function finally calls write systems that completion write-in short message is called to arrive in write_line () function The AT orders of SIM card are sent.Later, short message will be written in database by RIL upper stratas.Therefore, for newly receiving Short message according to above-mentioned function calling relationship, may finally increase security logic, i.e., in write_line () function:Parsing institute The particular content of the short message received identifies whether to be sensitive short message, and automatic to sensitive short message according to the particular content of short message Encrypt (then without any processing to non-sensitive short message), recall later write systems call by short message be written to SIM card work as In.It is achieved in automatic identification and the transparent encryption work to sensitive short message.
The method to sensitive short message content transparent encryption is presented above.Transparent decryption is the inverse process of transparent encryption, only Similar Android radio interface layer RIL is handled.
The mobile terminal of the present embodiment makes mobile intelligent terminal using target TF card during entire sensitive operation The carry out authentication of user, and protection is encrypted to sensitive short message, can further avoid losing in mobile terminal, The payment account security risk brought under all kinds of situations such as stolen and malicious code to mobile terminal genuine owner.
In addition, the embodiment of the present invention also proposes a kind of readable storage medium storing program for executing, movement is stored on the readable storage medium storing program for executing The payment request responder of terminal realizes following behaviour when the payment request responder of the mobile terminal is executed by processor Make:
Mobile terminal obtains the first TF card mark of TF card to be verified when detecting payment request;
The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are carried out It compares;
When first TF card mark is identical with the second TF card mark, first movement terminal mark in the machine is read Know;
Read the second mobile terminal identification to prestore in the TF card to be verified;
The first movement terminal iidentification is compared with second mobile terminal identification, at first movement end When end mark is identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and to the payment Request is responded.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
Mobile terminal detects whether TF card to be verified is inserted into the machine when detecting payment request;
When testing result is inserted into the machine for TF card to be verified, the first TF card mark of TF card to be verified is obtained.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
The second mobile terminal identification to prestore in the TF card to be verified is obtained, by locally stored first key to institute It states the second mobile terminal identification to be decrypted, obtains second identifier in plain text;
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, the TF card to be verified is assert for target TF card, and the payment request is carried out Response.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key;
The first key is stored in the machine;
Read the first movement terminal iidentification of the machine;
The first movement terminal iidentification is encrypted by the first key, by encrypted first movement terminal iidentification Ciphertext be stored in the target TF card as the second mobile terminal identification;
The TF card mark of the target TF card is read, the TF card mark of the target TF card is deposited as the second TF card mark It is stored in described mobile terminal the machine.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
Mobile terminal is sent to service when detecting sensitive operation request input by user, by sensitive operation request Device, so that server feedback verification short message corresponding with sensitive operation request.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
Receive the verification short message of the server feedback;
The second key is extracted from the TF card to be verified, it is transparent by verifying that short message carries out described in second key pair Encryption, to generate short message ciphertext;
It reads and instructs in response to short message input by user, obtain the first TF card mark of the TF card to be verified;
The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are carried out It compares;
When first TF card mark is identical with the second TF card mark, first movement terminal mark in the machine is read Know;
The second mobile terminal identification to prestore in the TF card to be verified is obtained, by the first key to described second Mobile terminal identification is decrypted, to obtain second identifier in plain text;
The first movement terminal iidentification is compared in plain text with the second identifier, in the first movement terminal mark When knowing identical with the second identifier plaintext, it is target TF card to assert the TF card to be verified;
It is decrypted by short message ciphertext described in second key pair, in successful decryption, generation verification short message plaintext, And the short message is shown in plain text.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation First key and the second key;
By second key storage in the target TF card.
Further, following operation is realized when the payment request responder of the mobile terminal is executed by processor:
When testing result is not inserted into the machine for TF card to be verified, the testing result is shown.
The mobile terminal of the present embodiment obtains the first TF card mark of TF card to be verified when detecting payment request;It reads The second TF card to prestore in the machine is taken to identify, the first TF card mark is compared with the second TF card mark;In the first TF card mark When knowing identical with the second TF card mark, first movement terminal iidentification in the machine is read;Read second to prestore in TF card to be verified Mobile terminal identification;First movement terminal iidentification is compared with the second mobile terminal identification, in first movement terminal iidentification When identical with the second mobile terminal identification, the TF card to be verified is assert for target TF card, and payment request is responded, into And attack of the malicious code to mobile terminal kernel can be effectively prevented, while can avoid in mobile terminal loss, be stolen Payment account safety with user is influenced under all kinds of situations such as malicious code, solves current all kinds of mobile payment platforms " excessively Trust mobile terminal " the problem of, the present invention need to only use a TF card, not need to additional hardware device, it is not required that master The payment infrastructure of stream payment software does any change, of low cost, and good compatibility, transparent can support existing and future institute There is payment platform.
It should be noted that herein, term " comprising ", "comprising" or its any other variant are intended to non-row His property includes, so that process, method, article or system including a series of elements not only include those elements, and And it further includes other elements that are not explicitly listed or further includes intrinsic for this process, method, article or system institute Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including this Also there are other identical elements in the process of element, method, article or system.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
It these are only the preferred embodiment of the present invention, be not intended to limit the scope of the invention,
It should be noted that since NFC technique does not become the standard configuration of all mobile intelligent terminals, it is used as one Kind example, this patent describe the method for this patent using commercial TF card as additional hardware.But one of convenience, This patent is recommended TF card to be replaced to realize TF as additional hardware using nfc card on the mobile intelligent terminal with NFC frameworks The institute of card is functional.This patent does not repel the method using nfc card or other facility hardware, also belongs to this patent Protection domain.
In addition, every equivalent structure or equivalent flow shift made using description of the invention and accompanying drawing content or straight It connects or is used in other related technical areas indirectly, be included within the scope of the present invention.

Claims (10)

1. a kind of payment request response method of mobile terminal, which is characterized in that the method includes:
Mobile terminal obtains the first TF card mark of TF card to be verified when detecting payment request;
The the second TF card mark to prestore in the machine is read, first TF card mark and second TF card mark are compared It is right;
When first TF card mark is identical with the second TF card mark, first movement terminal iidentification in the machine is read;
Read the second mobile terminal identification to prestore in the TF card to be verified;
The first movement terminal iidentification is compared with second mobile terminal identification, in the first movement terminal mark When knowing identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and to the payment request It is responded.
2. the method as described in claim 1, which is characterized in that the mobile terminal when detecting payment request, treat by acquisition It verifies the first TF card mark of TF card, specifically includes:
Mobile terminal detects whether TF card to be verified is inserted into the machine when detecting payment request;
When testing result is inserted into the machine for TF card to be verified, the first TF card mark of TF card to be verified is obtained.
3. the method as described in claim 1, which is characterized in that described to read the second movement to prestore in the TF card to be verified Terminal iidentification specifically includes:
The second mobile terminal identification to prestore in the TF card to be verified is obtained, by locally stored first key to described Two mobile terminal identifications are decrypted, and obtain second identifier in plain text;
Correspondingly, described the first movement terminal iidentification is compared with second mobile terminal identification, described When one mobile terminal identification is identical with second mobile terminal identification, the TF card to be verified is assert for target TF card, and right The payment request is responded, and is specifically included:
The first movement terminal iidentification and the second identifier are compared in plain text, the first movement terminal iidentification with When the second identifier is identical in plain text, the TF card to be verified is assert for target TF card, and the payment request is responded.
4. such as claim 1-3 any one of them methods, which is characterized in that the mobile terminal is detecting payment request When, obtain TF card to be verified the first TF card mark before, the method further includes:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation first Key;
The first key is stored in the machine;
Read the first movement terminal iidentification of the machine;
The first movement terminal iidentification is encrypted by the first key, by the close of encrypted first movement terminal iidentification Text is stored in as the second mobile terminal identification in the target TF card;
The TF card mark of the target TF card is read, the TF card mark of the target TF card is stored in as the second TF card mark In described mobile terminal the machine.
5. method as claimed in claim 4, which is characterized in that the method further includes:
Mobile terminal is sent to server when detecting sensitive operation request input by user, by sensitive operation request, So that server feedback verification short message corresponding with sensitive operation request.
6. method as claimed in claim 5, which is characterized in that the mobile terminal is detecting sensitive operation input by user During request, sensitive operation request is sent to server, so that the server feedback is asked with the sensitive operation After corresponding short message, further include:
Mobile terminal obtains the first TF card mark of the TF card to be verified in the verification short message for receiving the server feedback Know;The the second TF card mark to prestore in the machine is read, first TF card mark is compared with second TF card mark; When first TF card mark is identical with the second TF card mark, first movement terminal iidentification in the machine is read;Obtain institute State the second mobile terminal identification to prestore in TF card to be verified, by the first key to second mobile terminal identification into Row decryption, to obtain second identifier in plain text;
The first movement terminal iidentification and the second identifier are compared in plain text, the first movement terminal iidentification with When the second identifier is identical in plain text, the TF card to be verified is assert for target TF card, and the is extracted from the TF card to be verified Two keys, by verifying that short message carries out transparent encryption described in second key pair, to generate short message ciphertext;
It reads and instructs in response to short message input by user, be decrypted, solved by short message ciphertext described in second key pair During close success, generation verification short message in plain text, and is shown the short message in plain text.
7. method as claimed in claim 6, which is characterized in that the mobile terminal is detecting that target TF card is inserted into the machine When, it creates and instructs in response to key input by user, generate first key, specifically include:
Mobile terminal is created in response to key input by user and is instructed when detecting that target TF card is inserted into the machine, generation first Key and the second key;
By second key storage in the target TF card.
8. method as claimed in claim 2, which is characterized in that the mobile terminal when detecting payment request, treat by detection Whether verification TF card is inserted into after the machine, further includes:
When testing result is not inserted into the machine for TF card to be verified, the testing result is shown.
9. a kind of mobile terminal, which is characterized in that the mobile terminal includes:Memory, processor and it is stored in the storage On device and the payment request responder of mobile terminal that can run on the processor, the payment request of the mobile terminal Responder is arranged for carrying out the step of the payment request response method such as mobile terminal described in any item of the claim 1 to 8 Suddenly.
10. a kind of readable storage medium storing program for executing, which is characterized in that the payment request of mobile terminal is stored on the readable storage medium storing program for executing Responder is realized when the payment request responder of the mobile terminal is executed by processor as any in claim 1 to 8 The step of payment request response method of mobile terminal described in.
CN201810042149.4A 2018-01-17 2018-01-17 Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal Pending CN108197940A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810042149.4A CN108197940A (en) 2018-01-17 2018-01-17 Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810042149.4A CN108197940A (en) 2018-01-17 2018-01-17 Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal

Publications (1)

Publication Number Publication Date
CN108197940A true CN108197940A (en) 2018-06-22

Family

ID=62589542

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810042149.4A Pending CN108197940A (en) 2018-01-17 2018-01-17 Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal

Country Status (1)

Country Link
CN (1) CN108197940A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110599356A (en) * 2019-09-16 2019-12-20 上海保险交易所股份有限公司 Insurance underwriting method and system and computer storage medium
CN111292091A (en) * 2020-03-04 2020-06-16 支付宝(杭州)信息技术有限公司 Verification method, device and equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577906A (en) * 2009-06-12 2009-11-11 大唐微电子技术有限公司 Smart card and terminal capable of realizing machine card security authentication
CN101621790A (en) * 2009-07-08 2010-01-06 中兴通讯股份有限公司 Lock-card locking method and device for wireless communication
CN101964978A (en) * 2010-10-26 2011-02-02 郑州信大捷安信息技术有限公司 Reinforcement method for strengthening safety of mobile terminal system on basis of safe TF card
CN102204298A (en) * 2011-05-31 2011-09-28 华为终端有限公司 Method for interlocking between machine and card, user identification module card and terminal
CN104615944A (en) * 2015-01-09 2015-05-13 天脉聚源(北京)科技有限公司 Method and device for encrypting and decrypting files
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN106228058A (en) * 2016-07-28 2016-12-14 努比亚技术有限公司 A kind of information processing method and equipment
CN106375997A (en) * 2016-08-22 2017-02-01 努比亚技术有限公司 Terminal control device, method and terminal

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101577906A (en) * 2009-06-12 2009-11-11 大唐微电子技术有限公司 Smart card and terminal capable of realizing machine card security authentication
CN101621790A (en) * 2009-07-08 2010-01-06 中兴通讯股份有限公司 Lock-card locking method and device for wireless communication
CN101964978A (en) * 2010-10-26 2011-02-02 郑州信大捷安信息技术有限公司 Reinforcement method for strengthening safety of mobile terminal system on basis of safe TF card
CN102204298A (en) * 2011-05-31 2011-09-28 华为终端有限公司 Method for interlocking between machine and card, user identification module card and terminal
CN104615944A (en) * 2015-01-09 2015-05-13 天脉聚源(北京)科技有限公司 Method and device for encrypting and decrypting files
CN105610671A (en) * 2016-01-11 2016-05-25 北京奇虎科技有限公司 Terminal data protection method and device
CN106228058A (en) * 2016-07-28 2016-12-14 努比亚技术有限公司 A kind of information processing method and equipment
CN106375997A (en) * 2016-08-22 2017-02-01 努比亚技术有限公司 Terminal control device, method and terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110599356A (en) * 2019-09-16 2019-12-20 上海保险交易所股份有限公司 Insurance underwriting method and system and computer storage medium
CN110599356B (en) * 2019-09-16 2022-12-16 上海保险交易所股份有限公司 Insurance underwriting method and system and computer storage medium
CN111292091A (en) * 2020-03-04 2020-06-16 支付宝(杭州)信息技术有限公司 Verification method, device and equipment

Similar Documents

Publication Publication Date Title
CA2838763C (en) Credential authentication methods and systems
CN101272237B (en) Method and system for automatically generating and filling login information
CN103310169B (en) A kind of method protecting SD card data and protection system
CA2665961C (en) Method and system for delivering a command to a mobile device
CN113711211A (en) First-factor contactless card authentication system and method
CN104320389B (en) A kind of fusion identity protection system and method based on cloud computing
CN103812649B (en) Method and system for safety access control of machine-card interface, and handset terminal
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
CN105975867B (en) A kind of data processing method
CN108965222A (en) Identity identifying method, system and computer readable storage medium
CN103390026A (en) Mobile intelligent terminal security browser and working method thereof
KR20070048815A (en) System and method for the one-time password authentication by using a smart card and/or a mobile phone including a smart-card chip
CN102930435A (en) Authentication method and system for mobile payment
CN107615294A (en) A kind of identifying code short message display method and mobile terminal
CN106686585A (en) Binding method and system
CN108256302A (en) Data Access Security method and device
EP1046976B1 (en) Method and apparatus for enabling a user to authenticate a system prior to providing any user-privileged information
CN108092764A (en) A kind of cipher management method, equipment and the device with store function
CN108197940A (en) Payment request response method, mobile terminal and the readable storage medium storing program for executing of mobile terminal
CN106685945A (en) Service request processing method, verifying method of service handling number, and terminal thereof
JP2005215870A (en) Single sign-on method and system using rfid
EP2985712B1 (en) Application encryption processing method, apparatus, and terminal
KR101221728B1 (en) The certification process server and the method for graphic OTP certification
Hossain et al. Implementing Biometric or Graphical Password Authentication in a Universal Three-Factor Authentication System
CN105072084B (en) The method for building up of mobile terminal and external equipment data connection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180622

RJ01 Rejection of invention patent application after publication