HK1232003A - Mobile terminal, trade confirmation method and apparatus therefor, and smart card - Google Patents
Mobile terminal, trade confirmation method and apparatus therefor, and smart card Download PDFInfo
- Publication number
- HK1232003A HK1232003A HK17105595.9A HK17105595A HK1232003A HK 1232003 A HK1232003 A HK 1232003A HK 17105595 A HK17105595 A HK 17105595A HK 1232003 A HK1232003 A HK 1232003A
- Authority
- HK
- Hong Kong
- Prior art keywords
- transaction
- data
- request
- signed
- confirmed
- Prior art date
Links
Description
Technical Field
The invention relates to the technical field of electronic commerce safety, in particular to a mobile terminal, a transaction confirmation method and device thereof and an intelligent card.
Background
With the continuous evolution of the technology, many wireless communication technologies such as Bluetooth (Bluetooth) communication are integrated into smart cards such as a SIM (Subscriber Identity Module) Card, a USIM (universal Subscriber Identity Module) Card, a UIM (User Identity Module) Card, and a SD (Secure Digital Memory Card), so that mobile terminals such as mobile phones can communicate with the smart cards through a 7816 interface and can also communicate with the smart cards through Bluetooth connection, thereby opening up a machine-Card high-speed data channel between the mobile terminals and the smart cards, so that the smart cards not only provide telecommunication functions, but also support various new applications to be downloaded and operated through the Bluetooth channel. On the other hand, intelligent terminals such as smart phones, tablet computers and notebook computers can complete safety operations such as data encryption/decryption and signature/signature verification by utilizing Safety Element (SE) hardware in the smart card through application programs (APP), so that the APP application safety is improved.
In internet applications such as internet banking and the like which are widely applied to a PC terminal at present, functions such as transaction display, digital signature, user confirmation and the like are generally completed through an independent intelligent password KEY (USBKey), that is, a function of so-called "second-generation KEY" is completed. With the development of mobile internet applications, more and more mobile applications are realized on smart phones, and in mobile internet applications such as mobile internet banking or mobile payment, the functions of transaction display, digital signature, user confirmation and the like which are the same as those of PC terminal applications can be realized by using a single 'second generation KEY' or equipment with similar functions in a matching way with the mobile phone. However, due to the characteristic that the mobile phone is carried about, it is inconvenient to use the independent intelligent password key on the mobile phone terminal in a matching manner, and the independent intelligent password key is easy to forget to carry and lose.
At present, electronic commerce develops rapidly and more towards intellectualization and mobility, and the confirmation of transactions by using intelligent terminals such as smart phones is a necessary requirement. In the existing solution for transaction confirmation by using an intelligent terminal, if a user needs to confirm a transaction condition, the transaction condition is often displayed in an APP for processing the transaction and the user is prompted to confirm in an APP interface. Although the working process of the existing solution of the intelligent terminal can functionally complete the confirmation operation of the user on the transaction, the working process has potential safety hazard. If malicious codes such as viruses, trojans or hacking programs exist on the terminal, data input by a user on an APP interface can be intercepted and tampered, so that the transaction display seen on the surface of the user is consistent with the input of the user, but the data input by the user is tampered behind the malicious codes, the APP actually obtains the tampered data, then the APP carries out normal processing on the tampered data under the unknown condition, such as digital signature and the like, and the transaction condition seen by the user is completely different from the actual transaction condition. For example, the user sees the display "transfer XX elements to customer a" and then "confirm" the transfer, but in practice it may happen that the APP makes another transfer to the account number specified by the malicious code, and even the user's confirmation action itself may be tampered with, since the confirmation action is also done at the APP interface.
Disclosure of Invention
The invention provides a mobile terminal, a transaction confirmation method and a transaction confirmation device thereof, and an intelligent card, which can effectively prevent transaction confirmation information from being maliciously tampered.
The technical scheme of the embodiment of the invention is realized as follows:
the embodiment of the invention provides a transaction confirmation method of a mobile terminal, which comprises the following steps:
acquiring transaction data and a request to be signed/confirmed;
popping up an STK (SIM Tool Kit) menu, and displaying the transaction data to be signed/confirmed and a request in the STK menu and receiving user input;
when the user inputs and confirms to continue the transaction, the secure element SE in the smart card is used for carrying out secure operation;
and returning a safety operation result.
In the above scheme, the acquiring transaction data and request to be signed/confirmed includes:
receiving the transaction data to be signed/confirmed and a request directly issued by a transaction platform server through a data short message; or
And acquiring the transaction data and the request to be signed/confirmed from the smart card.
In the above scheme, the acquiring the transaction data and request to be signed/confirmed from the smart card includes:
receiving a read data notification;
the transaction data and request to be signed/validated are obtained from the smart card by means of a specified command.
In the above scheme, the "read data" notification may be from the transaction platform server or from the smart card.
In the foregoing solution, the returning the security operation result includes:
returning the safety operation result to the client APP, and sending the safety operation result to the trading platform server by the client APP; or
And directly returning the safety operation result to the trading platform server through the data short message.
The embodiment of the invention also provides a transaction confirmation device of the mobile terminal, which comprises: the system comprises a data and request acquisition module, a system STK module, a safety operation module and a result return module; wherein the content of the first and second substances,
the data and request acquisition module is used for acquiring transaction data and requests to be signed/confirmed;
the system STK module is used for popping up an STK menu, displaying the transaction data to be signed/confirmed and a request in the STK menu and receiving user input;
the safety operation module is used for carrying out safety operation by using a safety element SE in the intelligent card when the user inputs and confirms to continue the transaction;
and the result returning module is used for returning the safety operation result.
In the foregoing solution, the data and request obtaining module includes:
the short message receiving unit is used for receiving the transaction data to be signed/confirmed and a request which are directly issued by the transaction platform server through a data short message; or
And the reading smart card unit is used for acquiring the transaction data to be signed/confirmed and the request from the smart card.
In the above solution, the read smart card unit includes:
a notification receiving subunit, configured to receive a "read data" notification;
and the information acquisition subunit is used for acquiring the transaction data to be signed/confirmed and the request from the intelligent card through a specified command.
The embodiment of the invention also provides a mobile terminal, and any one transaction confirmation device in the mobile terminal is provided.
An embodiment of the present invention further provides an intelligent card, where the intelligent card includes:
the data and request receiving module is used for receiving transaction data and requests to be signed/confirmed, which are generated by a client APP;
the notification sending module is used for sending a 'read data' notification to the mobile terminal after receiving the transaction data to be signed/confirmed and the request generated by the client APP;
and the safety element module is used for assisting the mobile terminal to perform safety operation.
The invention has the advantages that the STK menu is used for displaying transaction data and a request to be signed/confirmed, so that a user can confirm operation in the STK menu, and malicious programs cannot intervene and change the display and input in the STK, so that the transaction condition seen by the user in the STK menu is the transaction information needing to be signed/confirmed, which is transmitted by a client APP through a machine-card high-speed data channel or transmitted by a transaction platform server through a data short message, if the user wants to continue the transaction, the transaction is 'confirmed' in the STK menu, otherwise, the transaction is 'cancelled'; after the user confirmation is obtained in the STK menu, the security function provided by the SE in the intelligent card can be used for signing the transaction and the like, then the mobile terminal returns the signature and the confirmation result to the client side APP through the machine-card high-speed data channel, and the client side APP sends the signature and the confirmation result to the transaction platform server through the data channel; or the mobile terminal directly returns the signature and the confirmation result to the trading platform server together through the data short message; therefore, the transaction confirmation information is effectively prevented from being maliciously tampered, and the security of the transaction is improved.
Drawings
Fig. 1 is a schematic flow chart illustrating an implementation of a transaction confirmation method of a mobile terminal according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a transaction confirmation apparatus of a mobile terminal according to an embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the embodiments and technical solutions of the present invention, the technical solutions of the present invention will be described in more detail with reference to the accompanying drawings and embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without inventive step, are within the scope of the present invention.
In the embodiment of the invention, a client APP of a transaction platform, such as a palm bank client APP, is installed in the mobile terminal. A user utilizes a client APP to send a transaction request to a transaction platform server, for example, the user uses a palm bank APP installed in a mobile phone to transfer accounts, and the user inputs information such as transfer amount and transferred account in the APP and sends the transfer request; and the palm bank APP generates transaction data and a request to be signed/confirmed according to the information input by the user.
Fig. 1 is a schematic flow chart illustrating an implementation process of a transaction confirmation method of a mobile terminal according to an embodiment of the present invention, as shown in fig. 1, the method includes:
step 101, acquiring transaction data and a request to be signed/confirmed;
specifically, the mobile terminal system obtains the transaction data and request to be signed/confirmed, which are generated by the client APP of the transaction platform;
further, the acquiring transaction data and request to be signed/validated includes:
the mobile terminal receives the transaction data to be signed/confirmed and a request which are directly issued by the transaction platform server through a data short message; or
And the mobile terminal acquires the transaction data and the request to be signed/confirmed from the smart card.
Specifically, after the client side APP generates transaction data and a request to be signed/confirmed, the transaction data and the request to be signed/confirmed can be sent to a transaction platform server through a communication network, and also can be sent to the smart card through a machine card high-speed data channel.
Further, the mobile terminal obtaining the transaction data and the request to be signed/confirmed from the smart card comprises:
receiving a read data notification;
the transaction data and request to be signed/validated are obtained from the smart card by means of a specified command.
Here, the specific command relates to the kind of the mobile terminal and the smart card, the kind and the version of the operating system of the mobile terminal, and for example, the specific command may be a "Fetch command" for the smart phone and the SIM card.
The data reading notification can come from a trading platform server or an intelligent card;
specifically, as described above, after the client APP generates transaction data and a request to be signed/confirmed, the transaction data and the request to be signed/confirmed are sent to the transaction platform server through the communication network, and then the transaction platform server sends a "read data" notification to the mobile terminal after receiving the transaction data and the request to be signed/confirmed, for example, the transaction platform server sends the "read data" notification through a data short message; after the client APP generates transaction data and a request to be signed/confirmed, the transaction data and the request to be signed/confirmed are sent to the smart card through the machine-card high-speed data channel, after the smart card receives the transaction data and the request to be signed/confirmed, the smart card informs the mobile terminal to acquire the transaction data and the request to be signed/confirmed in the smart card in a mode of setting a specific response status word in a subsequent 7816 normal command response; for example, after executing the command of the mobile phone 7816, the SIM card returns an execution result in a response command, and a command status word of two bytes is carried after the response command; setting 0x9000 to indicate that the normal end is returned, and setting 0x 91mm (m represents a hexadecimal number) to indicate that data still exists on the SIM card and needs to be read by the mobile phone, the mobile phone will read 0x mm data through the Fetch command and execute the operation requested by the SIM card end (such as popping the STK menu), and then return the execution result to the SIM card through the terminalresponse command, and the SIM card decides whether to continue executing or quit the STK according to whether the execution of the mobile phone is successful. If the STK is to be exited, the SIM card will return 0x9000 in the status word, otherwise it will return 91 mm.
102, popping up an STK menu, displaying the transaction data to be signed/confirmed and a request in the STK menu, and receiving user input;
specifically, after acquiring the transaction data and the request to be signed/confirmed, the mobile terminal pops up an STK menu, and displays the transaction data and the request to be signed/confirmed in the STK menu; the user confirms the transaction in the STK menu; the mobile terminal receives information input by a user;
103, when the user inputs and confirms to continue the transaction, using a secure element SE in the smart card to carry out secure operation;
when the mobile terminal judges that the user wishes to continue the transaction according to the information input by the user, the mobile terminal uses a secure element SE in the smart card to perform secure operation, wherein the secure operation comprises the following steps: transaction signature, data encryption and decryption and the like; after the SE finishes the safety operation, a machine card high-speed data channel is used for returning the safety operation result;
step 104, returning a safety operation result;
specifically, the mobile terminal can return the safety operation result to the client side APP, and the client side APP sends the safety operation result to the transaction platform server;
or the mobile terminal directly returns the safety operation result to the trading platform server through the data short message.
And after receiving the safety operation result, the trading platform server determines whether to continue the subsequent trading process.
Here, the security operation result may be a signature/confirmation result.
Fig. 2 is a schematic structural diagram of a transaction confirmation apparatus of a mobile terminal according to an embodiment of the present invention, and as shown in fig. 2, the transaction confirmation apparatus includes: a data and request acquisition module 201, a system STK module 202, a security operation module 203 and a result return module 204; wherein the content of the first and second substances,
a data and request acquisition module 201, configured to acquire transaction data and requests to be signed/confirmed;
the system STK module 202 is configured to pop up an STK menu, and display the transaction data to be signed/confirmed and the request in the STK menu and receive user input;
the safety operation module 203 is used for using a safety element SE in the smart card to carry out safety operation when the user inputs confirmation to continue the transaction;
and a result returning module 204 for returning the safety operation result.
Further, in the transaction confirmation apparatus, the data and request obtaining module 201 includes:
the short message receiving unit is used for receiving the transaction data to be signed/confirmed and a request which are directly issued by the transaction platform server through a data short message; or
And the reading smart card unit is used for acquiring the transaction data to be signed/confirmed and the request from the smart card.
Further, in the above transaction confirmation apparatus, the read smart card unit includes:
a notification receiving subunit, configured to receive a "read data" notification;
and the information acquisition subunit is used for acquiring the transaction data to be signed/confirmed and the request from the intelligent card through a specified command.
Further, in the transaction confirmation apparatus, the result returning module 204 includes:
the return APP unit is used for returning the safety operation result to the client APP and sending the safety operation result to the transaction platform server by the client APP; or
And the return server unit is used for directly returning the safety operation result to the trading platform server through the data short message.
In practical applications, the data and request obtaining module 201, the system STK module 202, the security operation module 203, the result returning module 204, and the units thereof may be implemented by a Central Processing Unit (CPU), a Microprocessor (MPU), a Digital Signal Processor (DSP), or a Field Programmable Gate Array (FPGA) in the mobile terminal.
The invention also provides a mobile terminal, wherein any transaction confirmation device is arranged in the mobile terminal. Here, the mobile terminal may be a smart phone, a tablet computer, a notebook computer, or the like, which supports a bluetooth function.
The present invention also provides a smart card, comprising:
the data and request receiving module is used for receiving transaction data and requests to be signed/confirmed, which are generated by a client APP;
the notification sending module is used for sending a 'read data' notification to the mobile terminal after receiving the transaction data to be signed/confirmed and the request generated by the client APP;
and the safety element module is used for assisting the mobile terminal to perform safety operation.
The smart card may be a communication card of various forms and sizes, such as a standard SIM card, a USIM card, a UIM card, a micro SIM card, a nano SIM card, and the like, and the smart card needs to include a bluetooth module in addition to the main control module, for establishing bluetooth connection with the bluetooth module of the mobile terminal, so as to implement a machine-card high-speed data channel.
Each module of the communication system of this embodiment correspondingly executes the steps described in the communication method embodiment, and therefore has the same beneficial effects. In addition, it should be understood that the above-described embodiment of the communication system is merely illustrative, and the described division of the modules is only one logical function division, and other division manners may be provided in actual implementation. In addition, the modules may be coupled or communicatively connected to each other through some interfaces, and may also be in an electrical or other form.
The functional modules may or may not be physical blocks as components of a communication system, and may be located in one place or distributed on multiple network units, and may be implemented in the form of hardware or software functional blocks. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the above-mentioned embodiments are only examples of the present invention, and not intended to limit the scope of the present invention, and all equivalent structures or equivalent flow transformations made by using the contents of the specification and the drawings, such as the combination of technical features between the embodiments, or the direct or indirect application to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A transaction confirmation method of a mobile terminal, the method comprising:
acquiring transaction data and a request to be signed/confirmed;
popping up an STK menu, displaying the transaction data to be signed/confirmed and a request in the STK menu, and receiving user input;
when the user inputs and confirms to continue the transaction, the secure element SE in the smart card is used for carrying out secure operation;
and returning a safety operation result.
2. The transaction confirmation method of claim 1, wherein the obtaining transaction data and requests to be signed/confirmed comprises:
receiving the transaction data to be signed/confirmed and a request directly issued by a transaction platform server through a data short message; or
And acquiring the transaction data and the request to be signed/confirmed from the smart card.
3. The transaction confirmation method of claim 2, wherein the obtaining the transaction data and request to be signed/confirmed from the smart card comprises:
receiving a read data notification;
the transaction data and request to be signed/validated are obtained from the smart card by means of a specified command.
4. The transaction validation method of claim 3, wherein the read data notification is from the transaction platform server or from the smart card.
5. The transaction confirmation method of claim 1, wherein the returning a result of the security operation comprises:
returning the safety operation result to the client APP, and sending the safety operation result to the trading platform server by the client APP; or
And directly returning the safety operation result to the trading platform server through the data short message.
6. A transaction confirmation apparatus of a mobile terminal, the apparatus comprising: the system comprises a data and request acquisition module, a system STK module, a safety operation module and a result return module; wherein the content of the first and second substances,
the data and request acquisition module is used for acquiring transaction data and requests to be signed/confirmed;
the system STK module is used for popping up an STK menu, displaying the transaction data to be signed/confirmed and a request in the STK menu and receiving user input;
the safety operation module is used for carrying out safety operation by using a safety element SE in the intelligent card when the user inputs and confirms to continue the transaction;
and the result returning module is used for returning the safety operation result.
7. The transaction confirmation apparatus of claim 6, wherein the data and request acquisition module comprises:
the short message receiving unit is used for receiving the transaction data to be signed/confirmed and a request which are directly issued by the transaction platform server through a data short message; or
And the reading smart card unit is used for acquiring the transaction data to be signed/confirmed and the request from the smart card.
8. The transaction confirmation apparatus according to claim 7, wherein the read smart card unit comprises:
a notification receiving subunit, configured to receive a "read data" notification;
and the information acquisition subunit is used for acquiring the transaction data to be signed/confirmed and the request from the intelligent card through a specified command.
9. A mobile terminal, characterized in that it comprises a transaction confirmation device according to any of claims 6-8.
10. A smart card, comprising: module
The data and request receiving module is used for receiving transaction data and requests to be signed/confirmed, which are generated by a client APP;
the notification sending module is used for sending a 'read data' notification to the mobile terminal after receiving the transaction data to be signed/confirmed and the request generated by the client APP;
and the safety element module is used for assisting the mobile terminal to perform safety operation.
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1232003A true HK1232003A (en) | 2017-12-29 |
| HK1232003A1 HK1232003A1 (en) | 2017-12-29 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP4081921B1 (en) | Contactless card personal identification system | |
| CN111582859B (en) | Method, electronic device and medium for conducting point-of-sale transactions | |
| EP3394811B1 (en) | Method and system for enhancing the security of a transaction | |
| US10699277B2 (en) | Security for mobile payment applications | |
| US9530126B2 (en) | Secure mobile payment processing | |
| JP2025084737A (en) | Authentication for third-party digital wallet provisioning | |
| EP2884692B1 (en) | Updating software on a secure element | |
| TWI556178B (en) | Portable electronic device, method, and computer-program product for financial transaction | |
| US11126753B2 (en) | Secure processor chip and terminal device | |
| CN107451813B (en) | Payment method, payment device and payment server | |
| US9336523B2 (en) | Managing a secure transaction | |
| US11507942B2 (en) | Augmented reality card activation experience | |
| CN106899552A (en) | Authentication method, certification terminal and system | |
| CN118339573A (en) | Systems and technologies for authentication website based checkout using uniform resource locators | |
| JP2023524392A (en) | Credit payment with a tap | |
| JP2016539605A (en) | Method in network security and system in network security | |
| JP2018530054A (en) | Payment authentication method and apparatus for mobile terminal and mobile terminal | |
| GB2510431A (en) | Mobile wallet transaction system using different communication protocols | |
| TWI657389B (en) | Mobile terminal and its transaction confirmation method and device | |
| JP2017530492A (en) | Authentication system and method | |
| CN204463209U (en) | A second-generation USBKey device that uses the operator's network to transmit data | |
| CN109872148B (en) | Trusted data processing method and device based on TUI and mobile terminal | |
| HK1232003A (en) | Mobile terminal, trade confirmation method and apparatus therefor, and smart card | |
| HK1232003A1 (en) | Mobile terminal, trade confirmation method and apparatus therefor, and smart card | |
| HK40078617A (en) | Augmented reality card activation experience |