[go: up one dir, main page]

CN103619020A - Mobile payment security system for wireless data private network physical isolation internet - Google Patents

Mobile payment security system for wireless data private network physical isolation internet Download PDF

Info

Publication number
CN103619020A
CN103619020A CN201310660556.9A CN201310660556A CN103619020A CN 103619020 A CN103619020 A CN 103619020A CN 201310660556 A CN201310660556 A CN 201310660556A CN 103619020 A CN103619020 A CN 103619020A
Authority
CN
China
Prior art keywords
mobile
internet
passage
network
mobile payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201310660556.9A
Other languages
Chinese (zh)
Other versions
CN103619020B (en
Inventor
朱雄关
刘晓岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Longyan Rongchuang Information Technology Co.,Ltd.
Original Assignee
Chengdu Reaches Letter Communicate Via Communication Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Reaches Letter Communicate Via Communication Equipment Co Ltd filed Critical Chengdu Reaches Letter Communicate Via Communication Equipment Co Ltd
Priority to CN201310660556.9A priority Critical patent/CN103619020B/en
Publication of CN103619020A publication Critical patent/CN103619020A/en
Priority to PCT/CN2014/087307 priority patent/WO2015085809A1/en
Application granted granted Critical
Publication of CN103619020B publication Critical patent/CN103619020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/102Route integrity, e.g. using trusted paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a mobile payment security system for the wireless data private network physical isolation internet and aims to provide a mobile payment security system which has the advantages that interactivity is strong, internet invasion can be evaded, payment information is not prone to being stolen by a trojan, internal network data transmission is secure and reliable, internet access is not affected, an SIM card can be prevented from being copied. According to the technical scheme, application systems including a payment server and an authentication device are established in a mobile payment security data network which is isolated from the internet, the mobile payment security data network links with an APN or a VPDN, wherein the APN or the VPDN is isolated from the internet and connected with a GSN mobile gateway, the payment sever account establishment, mobile phone number, IMSI number and password four-in-one binding multiple authentication through a password authentication device and a mobile phone number authentication device; when the mobile payment security data network is networked, an internet access channel is automatically disconnected; after physical isolation of the internet succeeds, graphical verification code information interaction is performed between the mobile payment security system and the mobile payment server through a base station.

Description

The mobile payment safe system of wireless data private network physical isolation the Internet
Technical field
The invention relates to the Internet physically-isolated wireless data construction of professional network mobile payment security application system, guarantee information and transaction security, and the system that realizes internet access passage and secure payment application switching networking passage on mobile terminal.
Background technology
Mobile payment is that mobile network is combined with financial sector, using mobile communications network as the instrument and the means that realize mobile payment, is the financial services such as client provides commodity transaction, pays the fees, Bank Account Number management.Mobile-payment system is that each mobile phone client sets up a payment account of binding with phone number, and client can carry out transferring and paying of cash by mobile phone.The mobile terminal that mobile payment is used can be mobile phone, PDA, mobile PC etc., and its means comprise SMS, the various ways such as interactive voice answering, WAP.In mobile payment industry, whole system is comprised of a plurality of links such as consumer, commercial undertaking, payment platform operator, bank, mobile operator, cardinal principle is on mobile operation supporting platform, to build a mobile data value-added services, the phone number of mobile client is used as to associated payment account, makes mobile client carry out identity validation and transaction by mobile phone.Mobile payment access way mainly contains five kinds: the first is to utilize note (STK) mode; The second is voice mode IVR(Interactive Voice Response interactive voice response); The third is to utilize USSD mode; The 4th kind is to use wap protocol to realize; The 5th kind is to utilize WEB mode to realize.Main employing is that voice, STK and WEB mode realize at present.According to the difference of transmission means, mobile payment is mainly divided into that near field pays and remote payment, and so-called near field pays, exactly with the mode of mobile phone card-brushing by bus, do shopping etc., very convenient.Remote payment refers to: by the means of payment that sends payment instruction (as Net silver, telephone bank, mobile-phone payment etc.) or undertaken by the means of payment (as by mailing, remittance), as paid electric business in the palm of releasing in the palm, in the palm, supplement with money, in the palm, video etc. belongs to remote payment.Payment standards disunity has caused a lot of puzzlements to relevant popularization at present.It is to utilize the technology such as radio frequency, infrared or bluetooth that near field pays, realize communication and the information exchange of mobile phone and other intelligent terminals, and then completing transaction payment, specific implementation technology is as follows: (1) infrared (IR) and bluetooth: the former cost is low, is difficult for disturbed; The latter's transmission range is far away, and signal does not have directivity.(2) radio RF recognition technology (RFID) technical security is high, speed is fast and memory space is large, but its infrastructure has high input, cost is high, demanding terminal is higher.
Remote payment is to utilize wireless network, by mobile phone, to the businessman that certain commodity (or service) are provided, send to conclude the business and apply for, and completing transaction payment, specific implementation technology is as follows: (1) Interaction Voice Response technology (IVR): realize payment process with mobile phone dialing phone.Its stability and real-time are better, but because complicated operation causes consuming time longlyer, communication fee is higher, and security performance is not good, is only applicable to small amount payment.(2) Short Message Service technology (SMS): complete payment by sending note.The customer group of this mode is broad-based, and expense is low, easy operating, and regular handset all can be realized, but poor stability be can not determine the response time that note sends and receives.(3) unstructured supplementary data traffic technology (USSD): communication network is used mobile phone to send after in advance predetermined numeral or symbol, for user provides corresponding service to network user.This technical operation is simple, and transaction cost is low, have higher fail safe, but higher to demanding terminal, needs particular terminal support.(4) wireless application protocol technology (WAP): utilize mobile phone to connect Internet and complete payment.The method interactivity is strong, but due to unstable networks, causes the response speed of instruction can not determine, cost of use is higher, and needs terminal support.(5) K.Java/Brew(J2ME/ vedio on radio binary operation environment): by downloading K.Java/Brew, connect Internet.It is portable by force, consumption of network resources is low, server load is low, and interface is susceptible to user acceptance, but needs terminal equipment support.No matter which kind of technology mobile payment adopts realize, its fail safe is all to affect the key factor that can payment transaction develop.The fail safe of mobile payment relates to the security problems of the maintaining secrecy of user profile, user's fund and payment information, and its security risk facing mainly comes from wireless link, service network and terminal.The safety problem facing for solving mobile payment, from managing, generally adopts limit to control and signing mechanism; Technically, generally adopt the Transaction Information of access control technology in making to pay by disabled user, not obtained and distort, adopt identity identifying technology to realize the authentication to transaction each side, adopt digital signature technology to realize maintaining secrecy of information etc.In order to guarantee the safety of data in Internet Transmission in process of exchange, the Security Mechanism of Intra-Network of mobile-payment system palpus Erecting and improving, comprises firewall system, virus prevention system etc.; System adopts the networking structure of two nets, prevents single-point equipment fault and link failure, guarantees the unimpeded of whole network; System hardware double copies, have redundancy and load balancing mechanism, and data transmission security mechanism; To being linked into the entities such as each bank, mobile communication network element of system, do network segment isolation, guarantee that heterogeneous networks is because of the intercommunication that is all connected with mobile-payment system.The transaction security mechanism of currently available technology is by the mobile payment service authentication of flow process to user identity of opening an account, and sets up the binding relationship of user identity and phone number; Mobile operator guarantees the authentication to user mobile phone, and the legitimacy authentication to order relations, for incomplete transaction, requires commercial undertaking or payment platform operator to send punching and just asks, and cancels incomplete transaction operation.For preventing the invasion of unauthorized person to main frame, mobile payment central part is deployed in after the IP-based fire compartment wall of mobile operator network; Realize controlling mechanism, payment limit is set; The safety management of realization to account; Realization manages the security module of cryptographic algorithm, key length, secret key safety exchange, cipher code renewal time, signature algorithm etc.; Realize the security audit of transaction record and follow the tracks of, when there is dispute, can provide complete, accurate and believable transaction record to verify like this.
WEB and WAP Pages Security: whether detection system adopts the anti-exhaustive measure of login, whether safe control, digital certificate and payment cipher are independently provided, whether the page takes SQL injection, cross-site scripting attack, source code to expose and hacker hangs the strick precaution of horse and anti-tamper and anti-fishing measure; Coding safety: whether system source code and plug-in unit have been carried out to security screening, checked its examination report, whether there is coding criterion constraint system, whether source code and version have effectively been managed, checked its management system; Digital certificate application: whether internally and externally whether business and key business use electronic third-party certification authority certificate, whether use effective electronic signature, server certificate private key is effectively protected; Offline data authentication: check whether use key and certificate, static data authentication and the dynamic data authentication etc. that meet business need; Application cryptogram and card sending mechanism authentication: check application cryptogram generation, card sending mechanism authentication and key management etc.; Safe packet: whether detection messages form meets the requirements, checking message integrality, message privacy, how managing keys; Card safety: whether fail safe, the key that detects card has the depositing etc. of kind, key and PIN of key in independence, card internal security system, card; Terminal security: the security requirement of examination terminal data and equipment, and key management requirement, and check whether application terminal strictly carries out on request; Key management system: detect and how authentication center's PKI, card sending mechanism PKI and card sending mechanism symmetric key are managed; The algorithm of approval: system has adopted which kind of symmetric encipherment algorithm, rivest, shamir, adelman or hash algorithm etc., and these algorithm application are in which function of system, and detect correspondence system function; Client-side program safety: how to protect client application and configuration file, check that whether its version is up-to-date, guarantee the safety of login password and payment cipher.High speed development along with mobile Internet, mobile interconnected financial business presents great market demand, but the various illegal means such as hacker attacks, fishing website are not all the time in the safety of encroaching on the Internet finance, the problem of the threat cell phone network safety such as various pre-installed softwares, virus packing becomes increasingly conspicuous, and forms Dark Industry Link gradually.The safety of Internet application system, becomes the focus that people pay close attention to day by day.After prism door, it is found that, having in face of the U.S. government of powerful technical strength, any Internet firm comprises current Internet technology apple and the Google of top science and technology of having, as long as the information system of setting up on the internet, even if having all kinds of safety prevention measures, the security breaches that all cannot avoid information to be stolen.Safety problem in mobile-phone payment business all the time in occupation of extremely important position.On the one hand, bank need to do the encryption process user's trading password, as some significant data done to hardware encipher and corresponding log management.On the other hand, common carrier need be strengthened the safety problem in signal transmission, and anti-stop signal is intercepted and captured etc.Mobile payment is much more typical application, need to utilize multichannel to manage a plurality of application, determines the various states, application life cycles of application etc., that emphasis guarantees different application and deposit, concurrent and apply the safety etc. of exchanging visit between self safe, application.Along with virtual transaction proportion rises, security risk has also become the problem of generally worrying.Mobile-phone payment tool operation system and nonstandard application are downloaded, and fishing website, trojan horse program occur frequently, and have a strong impact on the terminal security environment of mobile payment.In addition,, if once the mobile phone paying near field is lost, the possibility of stealing brush is high.The safety problem of mobile payment is the bottleneck that can mobile payment Rapid Popularization always.The confidentiality of information, integrality, non repudiation, authenticity, payment mode, authentication, the fail safe of payment terminal (mobile phone), the legal assurance of each link of mobile payment unsound (contract signing, delivery, payment, promise breaking, after sale responsibility, return goods, pay taxes, invoice issuing, payment audit etc.
In conventional art field, physical isolation is to ensure internal network security the most effective most important behave, and banking information system or government information system are all used with the physically-isolated internal network in the Internet and ensured information safety.Use is with the physically-isolated internal network in the Internet owing to having stopped the networking passage of the Internet, and any hacker cannot invade.For domestic consumer, APN(Access Point Name, APN) just in order to surf the Net on mobile phone terminal pre-configured or manual one group of parameter setting.And for mobile network, APN is for realizing user's Internet protocol IP message routing to the requisite sign of corresponding GPRS network router GGSN and external network, its effect specifically comprises: APN is as Route Distinguisher: GPRS serving GPRS support node SGSN is according to APN, to certain domain name system dns server, inquire about the GGSN IP address that this APN is corresponding, with the GGSN that determines that user should access; APN identifies as business domains: GGSN is different according to APN, and user's Business Stream is delivered to different business domains, different business domains is corresponding different service bearer networking modes, user ID obtain manner, charge mode etc.Serving GPRS support node SGSN, as GPRS/TD-SCDMA (WCDMA) core network packet-domain equipment important component part, mainly completes the functions such as routing forwarding, mobile management, session management, Logical Link Management, authentication and encryption, ticket generation and output of packet data package.SGSN is GPRS serving GPRS support node, and it provides and being connected of packet radio controller PCU by Gb Interface, carries out the management of Mobile data, as user identity identification, encrypts the functions such as compression; By Gr interface, be connected with HLR, carry out access and the access control of customer data base; It is also connected with GGSN by gn interface, provides IP packet to functions such as the transmission channel between radio-cell and protocol conversions; SGSN can also provide and be connected with the Gs interface of MSC and be connected with the Gd interface between SMSC, in order to functions such as the collaborative work of supported data business and Circuit Service and short message receiving-transmittings.SGSN coordinates with GGSN, the PS function of shared TD-SCDMA (WCDMA).When as the basic composition network element of of GPRS network, by Gb Interface, be connected with BSS.Its main effect is exactly that MS for this SGSN coverage carries out mobile management, and forwards the IP grouping of I/O, and its status is similar to the VMSC in GSM circuit network.In addition, the also integrated function that is similar to VLR in GSM network in SGSN, when user adheres in GPRS Attach(GPRS) during state, in SGSN, stored with grouping relevant user profile and positional information.When the PS domain-functionalities node of SGSN as TD-SCDMA (WCDMA) core net, it is connected with UTRAN by Iu_PS interface, and the functions such as routing forwarding, mobile management, session management, authentication and encryption in PS territory are mainly provided.The main Ti Yi of GGSN9811 China Mobile provides the earliest, be also that current user uses that the widest two APN---CMWAP, CMNET are example:
1)CMWAP?APN
CMWAP and CMNET are artificial two the GPRS access passages dividing of China Mobile.The former sets up for mobile phone WAP online, and latter is mainly to utilize GPRS service on net for PC, notebook computer, PDA etc.CMWAPAPN is main towards the business based on http protocol at the beginning of design, as WAP surfs the web, and multimedia message etc.Development along with data service, business for the non-HTML (Hypertext Markup Language) HTTP that supports to introduce gradually, WAP (wireless application protocol) WAP territory is by carrying out upgrading and configuration, develop into gradually the acquiescence business domains towards most self-operated business and cooperative business, user oriented provides the business such as multimedia message, PIM, Streaming Media, general download, news flash, music walkman, game.CMWAPAPN has been used the agent node of WAP gateway as HTTP access, can provide some miscellaneous functions by user oriented, such as exempting from defeated phone number, content conversion, adaptive anticipation etc. simultaneously.
2)CMNET?APN
CMNET is the APN arranging in order to carry out open Internet access service, and user can use any protocol access the Internet, without any controlling and restriction strategy, but does not also provide other miscellaneous functions simultaneously.While using CMNET APN, mobile terminal accesses GGSN nearby by access ground SGSN, and business data flow carries out accessing Internet after NAT address transition by fire compartment wall corresponding to GGSN.
VPDN is the abbreviation of virtual private dial-up network (VirtualPrivateDialupNetwork), its Virtual Private Dialup Network business based on dial user, utilize the bearing function of IP and other networks, in conjunction with corresponding authentication and authorization mechanism, can set up safe VPN (virtual private network).The main To enterprises of VPDN business and government administration section.Enterprise applies for after this business, only its intranet need to be arrived to internet by an access via telephone line, and user can dial Anywhere at home and use VPDN business to enter into this Virtual Private Network, safely the own needed information resources of access.User can be easily and flexibly opens an account, cancellation, the operations such as user right is set affiliated dial user voluntarily.
The current VPDN network of building in operator is divided into two kinds of fixed network VPDN and wireless VPDN, and the physical location of these two kinds of VPDN networks is different.Fixed network VPDN network is established on the internet, and all terminals are all addressable; Wireless VPDN network is located in the wireless data network of operator, isolates with the Internet, by WIFI network, cannot access; Mobile terminal connects wireless VPDN network, first will connect the APN network that this wireless VPDN carries, and the user of other APN network or networking passage cannot access this VPDN network.
Wireless VPDN network is the VPN (virtual private network) being structured on APN network, and the connection flow process of wireless VPDN network is that the APN passage of VPDN network is carried in first connection, then carries out VPDN dialing, sets up VPDN network.The networking parameter of VPDN network comprises the networking parameter of APN network and the networking parameter of VPDN of carrying.
After VPDN connects, mobile terminal can only connect VPDN network, and this is system a kind of restriction that routing management is realized in network management.Master-hand can realize APN with VPDN networks simultaneously by revising the routing table of mobile terminal operating system, and the APN simultaneously networking must be the APN network of the carrying of VPDN.
Because VPDN network is not data isolation physically, be the isolation realizing on software, its fail safe is low compared with APN network.The safety of the APN network of carrying is depended in the fail safe of VPDN network, if the APN network of carrying is physical isolation the Internet, VPDN network is exactly safe.
Although designated lane can ensure information and system safety, today that internet, applications is day by day universal, people need to take into account internet, applications and two kinds of application models of Secure Application on mobile terminal.Particularly, in mobile payment field, people need to browse commodity at network shopping mall on the one hand, need again thoroughly to ensure on the one hand the safety of transaction.
But, current mobile terminal operating system is that browser or the api interface of application program all only provide single pass internet access pattern, simultaneously, the intelligent system of mobile terminal lacks the interface of the different passage networkings of automatically switching, and makes troubles to different service application.Secure communication and the exchanges data of how to rely on public network to realize between mobile terminal and bank's Intranet become current each large enterprises' problem demanding prompt solution.Long-range access is usually directed to three parts: access terminal, access passage and Intranet application, to the not in place of these three any protections of part, all will bring potential safety hazard to whole long-range access procedure.Traditional mobile terminal access scheme based on VPN is paid close attention to the foundation of secure transmission tunnel, although provide assurance to Security Data Transmission to a certain extent, need to be at the needs of internet browsing commodity but can not solve mobile payment,, cannot meet mobile subscriber and should access the Internet requirement of Transaction Safety again.
Traditional bank paying pattern comprises bank card and UKEY payment system, is all the Trinitarian binding of account, password, bank card or UKEY, can guarantee the uniqueness paying.Current internet payment system is come as confirmation with note dynamic code substantially, and note dynamic code exists certain ageing, makes fishing website after stealing user's dynamic code, can pay by other terminal.Thereby cause the potential safety hazard of account.
Therefore guaranteeing the uniqueness paying, is the requirement of safety of payment.
In addition, the technological means of the many copying SIM cards of mobile phones of current online exposure, there is larger potential safety hazard in the payment transaction of single binding phone number.
Being becoming increasingly rampant of current Virus in Smart Phone, the simple password consisting of numeral of mobile phone wooden horse theft is very easy to, and mobile payment must be taken precautions against wooden horse stealing numerical ciphers.
In sum, the fail safe of mobile payment relates to two large divisions:
1, the fail safe of network and system
2, the fail safe of mobile terminal
Summary of the invention
The object of the invention is the weak point existing for prior art, in mobile payment network and system and mobile terminal two major parts, provide Secure Application guarantee, in network and system, provide a kind of interactivity strong, can evade the Internet invasion, payment information is difficult for by wooden horse steal, Intranet application system data transmission security is reliable, and do not affect internet access, and can anti-SIM card be replicated account, phone number, No. IMSI, the mobile payment safe system of the wireless data private network physical isolation the Internet of password quaternity binding.
Above-mentioned purpose of the present invention can reach by following measures, the mobile payment safe system of a kind of wireless data private network physical isolation the Internet, comprise paying server, phone number authentication device, code authentication equipment and the APN network or the VPDN network that are connected with GSN mobile network gateway equipment, it is characterized in that: paying server, authentication device is in interior application system is structured in the mobile payment security data network isolated with the Internet, the APN network being connected with GSN mobile gateway or VPDN network that the link of mobile payment security data network is isolated with the Internet, paying server is by code authentication equipment, phone number authentication device, set up account, phone number, No. IMSI, password quaternity binding multiple authentication, mobile terminal, when networking mobile payment security data network, automatically shuts down internet access passage, after the success of physical isolation the Internet, by base station and mobile payment server, carries out graphical verification code information interaction.
The present invention has following beneficial effect than prior art:
The present invention is on mobile terminal, and application layer is for different demands, by the network method of passage of switching, meets the handoff-security demand of Network and secure payment different application; On mobile Internet, use complete and the physically-isolated wireless data private network in the Internet, the mobile security payment system that provides phone number authentication and code authentication double authentication to build, and the method that provides mobile terminal to automatically switch networking between internet access passage and special-purpose safety of payment passage.Thoroughly stop the invasion from the Internet, and authenticate by dual safety the safety that ensures mobile payment.
Webpage, business and function that the mobile terminal application layer monitor user ' that mobile terminal comprises browser, client or application software is used, when needs carry out payment transaction, the channel switching module that the browser plug-in switching by embedded passage or client and application program are embedded, the network switching of passage, guarantee is in delivery operation process, the unique networking special mobile of mobile terminal secure payment data network, has guaranteed the safety of mobile-payment system.
The present invention uses with the physically-isolated special mobile data network in the Internet and comprises that APN or VPDN data channel ensure the information and date safety of application system.From access terminal secure transmission tunnel and three aspects of Intranet application system protection, realize three grades of depth protection of mobile terminal safety access, promoted terminal security, from source, guarantee the safety of access; High-intensity Security Data Transmission passage is provided, has guaranteed the safety of data transmission procedure; The safety of Intranet application system that adopted safe access control technique guarantee.
The present invention is by application server, authentication device in interior application system is structured in the mobile payment security data network isolated with the Internet, and the double authentication of phone number authentication and code authentication is guaranteed the binding relationship of phone number, No. IMSI, bank account and password quaternity; Mobile payment security data are used with APN or the VPDN special line of the Internet isolation and are connected with mobile network's Gateway GPRS Support Node GGSN, guarantee with the physical isolation of the Internet and carry out information interaction with mobile terminal; In process of exchange, use graphical verification code to guarantee that Transaction Information do not stolen by wooden horse; Mobile payment is used graphical verification code to guarantee that payment information is not by wooden horse steal.
Mobile security payment system is used phone number and the dual authentication of password, guarantee the separated of phone number and password, the risk of avoiding SIM cards of mobile phones to be replicated is guaranteed binding relationship and unique payment relation of account, phone number, IMSI, password quaternity simultaneously;
On mobile terminal, browser, client or application program can be according to the network switchings of passage of different application.This connection mode can avoid private data network to be directly connected with the Internet, thereby thoroughly evade the invasion from the Internet, the internet access that simultaneously guarantees mobile terminal is unaffected, can meet the Technology Need that mobile terminal switches when the different application of shopping and payment is browsed in use.
Accompanying drawing explanation
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the embodiment in the application and the feature in embodiment be combination in any mutually.
Fig. 1 is the mobile payment safe system model schematic diagram of wireless data private network physical isolation of the present invention the Internet.
Fig. 2 is that mobile terminal of the present invention is used the automatically switch system model schematic diagram of different passage networking interface of special browser.
Fig. 3 is that mobile terminal of the present invention is used the automatically switch system model schematic diagram of different passage networking interface of general browser.
Fig. 4 is that mobile terminal is used the automatically switch system model schematic diagram of different passage networking interface of embedded passage changeover program module.
Fig. 5 is that mobile terminal is used the automatically switch system model schematic diagram of different passage networking interface of autonomous channel changeover program.
Embodiment:
Embodiment 1:
Consult Fig. 1.In a most preferred embodiment described below, the mobile payment safe system of wireless data private network physical isolation the Internet, comprises that paying server, phone number authentication device, code authentication equipment, mobile payment security data network comprise the APN being connected with GSN gateway or the VPDN network of isolating with the Internet successively.Paying server, authentication device are in interior application system is structured in the mobile payment security data network isolated with the Internet, paying server is by code authentication equipment, phone number authentication device, set up account, phone number, No. IMSI, the multiple authentication pattern of password quaternity binding, through mobile payment security data network access points title APN special line and/or Virtual Private Dialup Network VPDN special line link mobile network gateway GSN; Mobile terminal, when using mobile payment service, automatically shuts down internet access passage, and networking mobile payment security network, after the success of physical isolation the Internet, carries out graphical verification code information interaction by base station and mobile payment server; Mobile payment operation is switched among the wireless data private network security payment data network process of the unique networking of mobile terminal all the time.Wherein, GGSN(Gateway GSN, gateway GSN) be mainly gateway effect, it can be connected with multiple different data network, as ISDN, PSPDN and LAN etc.In some documents, GGSN is called to GPRS router.GGSN can carry out protocol conversion the GPRS packet data package in GSM net, thereby these packet data package can be sent to the TCP/IP of far-end or network X.25.SGSN is the abbreviation of English Serving GPRS SUPPORT NODE.SGSN, as GPRS/TD-SCDMA (WCDMA) core network packet-domain equipment important component part, mainly completes the functions such as routing forwarding, mobile management, session management, Logical Link Management, authentication and encryption, ticket generation and output of packet data package.SGSN is GPRS serving GPRS support node, and it provides and being connected of packet radio controller PCU by Gb Interface, carries out the management of Mobile data, as user identity identification, encrypts the functions such as compression; By Gr interface, be connected with HLR, carry out access and the access control of customer data base; It is also connected with GGSN by gn interface, provides IP packet to functions such as the transmission channel between radio-cell and protocol conversions; SGSN can also provide and be connected with the Gs interface of MSC and be connected with the Gd interface between SMSC, in order to functions such as the collaborative work of supported data business and Circuit Service and short message receiving-transmittings.GGSN and SGSN (being collectively referred to as GSN) are used UDP2123 port snooping GTP-C message, and udp port 2152 is intercepted GTP-U message.This connection mode that above-described embodiment is described can avoid private data network to be directly connected with the Internet, thereby thoroughly evades the invasion from the Internet.
Embodiment 2: phone number binding Account Features
In Fig. 1, in the mobile payment safe system of wireless data private network physical isolation the Internet, use the system model of phone number binding function, phone number binding function system model, comprises GSN equipment and phone number authentication device successively.Mobile phone turn-offs internet access passage, networking mobile payment security network, set up communication tunnel with phone number authentication device, in setting up communication tunnel process, when mobile phone sends time domain request, mobile phone sends time domain session(Session and refers to the time interval that a terminal use and interactive system communicate, be often referred to from register the system that enters to cancellation, log off institute's elapsed time); GGSN or SGSN are first by APN APN special line and/or Virtual Private Dialup Network VPDN special line link mobile network gateway GSN, automatically user is stored in to international mobile subscriber identity IMSI in SIM card and issues phone number authentication device as a digital call calling-number paging request parameter, by phone number authentication device, realize IMSI authentication and address binding, then communicate through code authentication equipment and paying server.In the attribute calling number Calling-Station-Id territory of the object Request bag of the request that IMSI number sends in the client of phone number authentication device, when phone number authentication device server is received Request bag, therefrom take out user name, password and IMSI number, realize Trinitarian authentication.
The bottom access information that derives from chip for cell phone for No. IMSI that phone number authentication is used, is the SIM cards of mobile phones authentication information on GGSN or SGSN, irrelevant with the application layer communication of mobile terminal.
IMSI is the whole network and globally unique mobile identification number, the number distributing for mobile subscriber of unique identification in the world.SIM card authentication belongs to mobile terminal bottom hardware communication category, is all built in chip hardware inside, cannot be by software modification.Use such authentication pattern can effectively shield the falseness registration that wooden horse, virus or hacker carry out.
Embodiment 3: code authentication pattern
Consult Fig. 1.In above-described embodiment 1, the pattern of code authentication comprises numerical ciphers, or biometrics password is as fingerprint, face or pupil etc.Code authentication can be single a kind of form as numeral, can be also the stack of variform.As the form of digital adding fingerprint.
Embodiment 4: graphical verification code
In Fig. 1.In the mobile payment safe system of wireless data private network physical isolation the Internet, the mobile security payment system model that uses graphical verification code authentication, mobile security payment system model comprises mobile terminal, special data channel, authentication device and paying server.Paying server, when each mobile terminal sends transaction request, issues the graphical verification code of a random safety, as the label of transaction, in mobile terminal payment request, submits to.Adopt the graphical verification code of successively transaction can ensure that identifying code is not reproducible.Adopt the graphical verification code of random safety can effectively evade wooden horse or the invasion of virus to system.
Mobile terminal, for the network switch mode of passage of internet access and two kinds of different application of mobile payment, comprises following four kinds of system patterns:
Embodiment 5: special browser switch mode
Consult Fig. 2.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal use special browser to network system model that passage automatically switches, special browser networking passage automatic switchover system model comprises special browser and/or embedded passage changeover program client and application program and the mobile terminal networking subsystem of embedded passage changeover program.The special browser of embedded passage changeover program or client and application program are by mobile terminal networking subsystem networking passage, networking the Internet or mobile security payment data network.
The page, business and function that the special browser of embedded passage changeover program or client and application program monitor user ' are used, when running into need to use mobile payment service time, the passage changeover program that browser or client and application call are embedded, sendaisle switching command, and by mobile terminal networking subsystem networking passage, networking the Internet or mobile security payment data network.
Embedded passage changeover program is received after the order of special browser or client and application program, close current networking network, by the networking parameter modification of mobile terminal, be that browser or client and application program are specified or default APN or VPDN networking parameter, to mobile terminal networking subsystem, initiate the request of networking mobile payment security data network, after networking successfully, to browser or client and application program feedback success message, network unsuccessfully, to browser or client and application program feeding back unsuccessful message.
Special browser or client and application program are received after networking success message, use mobile payment security data network passage, carry out information interaction with mobile payment safe system; Special browser or client and application program finish after mobile payment service, call embedded passage changeover program, and mobile terminal networking passage is switched back to internet access passage.
Mobile terminal networking subsystem refers to and comprises the functions such as mobile terminal networking Parameter storage and modification, network management, networking operation at interior software and hardware system.
Embodiment 6: general browser plug-in unit pattern
Consult Fig. 3.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal use general browser plug-in unit to network system model that passage automatically switches; With general browser plug-in unit networking passage automatic switchover system model, comprise general special browser and the mobile terminal networking subsystem of the plug-in unit of embedded passage changeover program.The general special browser of the plug-in unit of embedded passage changeover program passes through mobile terminal networking subsystem, networking the Internet or mobile security payment data network.
The page that general browser monitor user ' is used, business and function, when running into need to use mobile payment service time, browser calls embedded passage and switches plug-in unit, sendaisle switching command, embedded passage switches plug-in unit to be received after general browser order, close current networking network, by the networking parameter modification of mobile terminal, be that browser is specified or default APN or VPDN networking parameter, to mobile terminal networking subsystem, initiate the request of networking mobile payment security data network, after networking successfully, to browser feedback success message, network unsuccessfully, to browser feeding back unsuccessful message.
General browser is received after networking success message, uses mobile payment security data network passage, carries out information interaction with mobile payment safe system; General browser completes after mobile payment service, calls embedded passage and switches plug-in unit, and mobile terminal networking passage is switched back to internet access passage.
Embodiment 7: embedded channel switching module mode
Consult Fig. 4.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal use the embedded channel switching module of mobile terminal to network system model that passage automatically switches, networking passage automatic switchover system model comprises application layer and mobile terminal operating system, and comprises channel switching module and mobile terminal networking subsystem with mobile terminal operating system; Application layer comprises browser, browser plug-in, client or application program; Application layer, by application programming interface API link channel switching module, is communicated with mobile terminal networking subsystem through channel switching module.
Channel switching module is to be built in mobile terminal operating system to link with mobile terminal networking subsystem, carries out the module of passage handover operation function.
The page, business and function that application layer monitor user ' is used, when running into need to use mobile payment service time, call passage and switch plug-in unit, sendaisle switching command.Application layer is received after the message of passage handover success, uses mobile payment security data network to carry out information interaction.Application layer completes after mobile payment security business, calls channel switching module, and the passage of networking switches back internet access passage.
Embodiment 8: independently passage switches software mode
Consult Fig. 5.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal is used passage independently to switch the software system model that passage automatically switches of networking, software networking passage automatic switchover system model is switched in autonomous channel, comprise application layer, passage changeover program software and mobile terminal operating system, wherein, application layer comprises browser, browser plug-in or client and application program, mobile terminal operating system comprises mobile terminal networking subsystem, application layer is switched software by application programming interface API link passage, passage switches software link mobile terminal networking subsystem and mobile terminal operating system interaction data.
Passage switching is one section needs start-up by hand, is independent of the application program outside mobile terminal operating system.After passage switching software is started manually, reside in internal memory, to application layer, provide application programming interface API, and carry out passage handover operation according to application layer instruction; Passage after application layer starts by application programming interface API Calls switches the switching that software carries out different networking passages; Passage switches software to be exited after internal memory, and the application layer programming interface API in internal memory disappears.
Above-described is only the preferred embodiments of the present invention.Should be understood that, for the person of ordinary skill of the art, under the premise without departing from the principles of the invention, can also make some distortion and improvement, such as described mobile payment security application system can be applied to mailbox, OA or other need to guarantee safe business or application system, described program can be stored in mobile terminal readable storage medium storing program for executing in addition, alternatively, each module/unit of above-described embodiment terminal can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form, also belongs to category of the present invention, and these changes and change should be considered as belonging to protection scope of the present invention.

Claims (12)

1. the mobile payment safe system of a wireless data private network physical isolation the Internet, comprise paying server, phone number authentication device, code authentication equipment and the APN network or the VPDN network that are linked with GSN mobile network gateway equipment, it is characterized in that: paying server, authentication device is in interior application system is structured in the mobile payment security data network isolated with the Internet, the APN network being connected with GSN mobile gateway or VPDN network that the link of mobile payment security data network is isolated with the Internet, paying server is by code authentication equipment, phone number authentication device, set up account, phone number, No. IMSI, password quaternity binding multiple authentication, mobile terminal, when networking mobile payment security data network, automatically shuts down internet access passage, after the success of physical isolation the Internet, by base station and mobile payment server, carries out graphical verification code information interaction.
2. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 1 the Internet, it is characterized in that: in the mobile payment safe system of wireless data private network physical isolation the Internet, use the system model of phone number binding function, mobile phone turn-offs internet access passage, networking mobile payment security network, set up communication tunnel with phone number authentication device, in setting up communication tunnel process, when mobile phone sends time domain request, GGSN or SGSN are first by APN APN special line and/or Virtual Private Dialup Network VPDN special line link mobile network gateway GSN, user is stored in to international mobile subscriber identity IMSI in SIM card and as a digital call calling-number paging request parameter, issues phone number authentication device, by phone number authentication device, realize IMSI authentication and address binding, through code authentication equipment and paying server, communicate again.
3. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 1 the Internet, is characterized in that: the pattern of code authentication comprises numerical ciphers, or biometrics password.
4. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 1 the Internet, it is characterized in that: in the mobile payment safe system of wireless data private network physical isolation the Internet, the mobile security payment system model that uses graphical verification code authentication, mobile security payment system model comprises mobile terminal, special data channel, authentication device and paying server.
5. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 4 the Internet, it is characterized in that: paying server is when each mobile terminal sends transaction request, issue the graphical verification code of a random safety, label as transaction, in mobile terminal payment request, submit to, adopt the graphical verification code of successively transaction to ensure that identifying code is not reproducible.
6. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 1 the Internet, it is characterized in that: in the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal use special browser to network system model that passage automatically switches, special browser networking passage automatic switchover system model comprises special browser and/or embedded passage changeover program client and application program and the mobile terminal networking subsystem of embedded passage changeover program.
7. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 6 the Internet, it is characterized in that: the page, business and function that the special browser of embedded passage changeover program or client and application program monitor user ' are used, when running into need to use mobile payment service time, the passage changeover program that browser or client and application call are embedded, sendaisle switching command, and by mobile terminal networking subsystem networking passage, networking the Internet or mobile security payment data network.
8. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 7 the Internet, it is characterized in that: embedded passage changeover program is received after the order of special browser or client and application program, close current networking network, by the networking parameter modification of mobile terminal, be that browser or client and application program are specified or default APN or VPDN networking parameter, to mobile terminal networking subsystem, initiate the request of networking mobile payment security data network, after networking successfully, to browser or client and application program feedback success message, network unsuccessfully, to browser or client and application program feeding back unsuccessful message.
9. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 8 the Internet, it is characterized in that: special browser or client and application program are received after networking success message, use mobile payment security data network passage, carry out information interaction with mobile payment safe system; Browser or client and application program finish after mobile payment service, call embedded passage changeover program mobile terminal networking passage is switched back to internet access passage.
10. the mobile payment safe system of wireless data private network physical isolation as claimed in claim 1 the Internet, it is characterized in that: in the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal use the embedded channel switching module of mobile terminal to network system model that passage automatically switches, networking passage automatic switchover system model comprises application layer and mobile terminal operating system, and comprises channel switching module and mobile terminal networking subsystem with mobile terminal operating system; Application layer comprises browser, browser plug-in, client or application program; Application layer, by application programming interface API link channel switching module, is communicated with mobile terminal operating system through channel switching module.
The mobile payment safe system of 11. wireless data private network physical isolation as claimed in claim 1 the Internets, it is characterized in that: in the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal is used passage independently to switch the software system model that passage automatically switches of networking, software networking passage automatic switchover system model is switched in autonomous channel, comprise application layer, passage changeover program software and mobile terminal operating system, wherein, application layer comprises browser, browser plug-in or client and application program, mobile terminal operating system comprises mobile terminal networking subsystem, application layer is switched software by application programming interface API link passage, passage switches software link mobile terminal networking subsystem and mobile terminal operating system interaction data.
The mobile payment safe system of 12. wireless data private network physical isolation as claimed in claim 1 the Internets, it is characterized in that: when passage switches after software startup, reside in internal memory, to application layer, provide application programming interface API, and carry out passage handover operation according to application layer instruction; Passage after application layer starts by application programming interface API Calls switches the switching that software carries out different networking passages; Passage switches software to be exited after internal memory, and the application layer programming interface API in internal memory disappears.
CN201310660556.9A 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet Active CN103619020B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310660556.9A CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet
PCT/CN2014/087307 WO2015085809A1 (en) 2013-12-09 2014-09-24 Mobile payment security system with wireless data private network physically isolated from internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310660556.9A CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet

Publications (2)

Publication Number Publication Date
CN103619020A true CN103619020A (en) 2014-03-05
CN103619020B CN103619020B (en) 2017-02-08

Family

ID=50169724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310660556.9A Active CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet

Country Status (2)

Country Link
CN (1) CN103619020B (en)
WO (1) WO2015085809A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015085809A1 (en) * 2013-12-09 2015-06-18 成都达信通通讯设备有限公司 Mobile payment security system with wireless data private network physically isolated from internet
CN104821992A (en) * 2015-05-25 2015-08-05 广东欧珀移动通信有限公司 Method and device for automatically switching network connection type of mobile phone
WO2015188718A1 (en) * 2014-06-10 2015-12-17 北京奇虎科技有限公司 Mobile terminal-based payment method and apparatus, and mobile terminal
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container
CN107274178A (en) * 2017-07-21 2017-10-20 广东欧珀移动通信有限公司 Network switching method and related products
CN107528739A (en) * 2017-09-21 2017-12-29 中国银联股份有限公司 A kind of terminal monitoring management method and device
CN108769959A (en) * 2018-04-11 2018-11-06 南京熊猫通信科技有限公司 A kind of communication terminal near field identifying system and method based on microcell base station
CN109246104A (en) * 2018-09-12 2019-01-18 合肥开元埃尔软件股份有限公司 A kind of safety moving police service platform towards high secure environment
CN111490988A (en) * 2020-04-10 2020-08-04 海南简族信息技术有限公司 A data transmission method, apparatus, device and computer-readable storage medium
WO2020186673A1 (en) * 2019-03-21 2020-09-24 上海风汇网络科技有限公司 Value transmission system and method based on dns domain name system, and dns server
CN112073375A (en) * 2020-08-07 2020-12-11 中国电力科学研究院有限公司 Isolation device and isolation method suitable for power Internet of things client side
CN112154634A (en) * 2018-05-18 2020-12-29 瑞典爱立信有限公司 Application Access Control
CN113962680A (en) * 2020-07-20 2022-01-21 中移(上海)信息通信科技有限公司 A payment method, device, equipment and computer storage medium
CN118200058A (en) * 2024-05-17 2024-06-14 广东省电信规划设计院有限公司 Multi-factor authentication method and system based on physical isolation channel

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109754270B (en) * 2019-03-08 2023-04-07 重庆市微导科技有限公司 One-stop vehicle terminal
US11928665B2 (en) 2020-07-21 2024-03-12 Mastercard International Incorporated Methods and systems for facilitating a payment transaction over a secure radio frequency connection
CN112327736B (en) * 2020-09-14 2022-05-31 广东联凯智能科技有限公司 Embedded programmable module for electronic products
CN112543178A (en) * 2020-10-26 2021-03-23 西安交大捷普网络科技有限公司 Detection method for web page Trojan
CN114493616A (en) * 2022-02-16 2022-05-13 中银金融科技有限公司 Data processing method and device and electronic equipment
CN116132481B (en) * 2023-02-16 2024-11-05 云南省烟草公司大理州公司 Tobacco logistics business end collaboration device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
CN1578487A (en) * 2003-07-28 2005-02-09 华为技术有限公司 Method for mobile terminal switching in packet network
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN201846357U (en) * 2010-07-30 2011-05-25 杭州茵缌特科技有限公司 Security network architecture for non-field industries
CN103093346A (en) * 2011-10-31 2013-05-08 深圳光启高等理工研究院 Mobile terminal payment method and mobile terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110069911A (en) * 2009-12-18 2011-06-24 에스케이 텔레콤주식회사 Financial payment service method and system using sticker card
CN103347273A (en) * 2013-07-02 2013-10-09 北京播思无线技术有限公司 Device and method for automatically selecting optimal transmission mode according to service requirements
CN103618736A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Safety application system for mobile terminal to automatically switch between different channel networking interfaces
CN103619020B (en) * 2013-12-09 2017-02-08 成都达信通通讯设备有限公司 Mobile payment security system for wireless data private network physical isolation internet

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
CN1578487A (en) * 2003-07-28 2005-02-09 华为技术有限公司 Method for mobile terminal switching in packet network
CN201846357U (en) * 2010-07-30 2011-05-25 杭州茵缌特科技有限公司 Security network architecture for non-field industries
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN103093346A (en) * 2011-10-31 2013-05-08 深圳光启高等理工研究院 Mobile terminal payment method and mobile terminal

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015085809A1 (en) * 2013-12-09 2015-06-18 成都达信通通讯设备有限公司 Mobile payment security system with wireless data private network physically isolated from internet
WO2015188718A1 (en) * 2014-06-10 2015-12-17 北京奇虎科技有限公司 Mobile terminal-based payment method and apparatus, and mobile terminal
CN104821992A (en) * 2015-05-25 2015-08-05 广东欧珀移动通信有限公司 Method and device for automatically switching network connection type of mobile phone
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container
WO2017113584A1 (en) * 2015-12-31 2017-07-06 宇龙计算机通信科技(深圳)有限公司 Security control method and system for container of terminal
CN107274178A (en) * 2017-07-21 2017-10-20 广东欧珀移动通信有限公司 Network switching method and related products
CN107274178B (en) * 2017-07-21 2020-07-17 Oppo广东移动通信有限公司 Network switching method and related product
CN107528739A (en) * 2017-09-21 2017-12-29 中国银联股份有限公司 A kind of terminal monitoring management method and device
CN107528739B (en) * 2017-09-21 2021-04-16 中国银联股份有限公司 A terminal monitoring and management method and device
CN108769959A (en) * 2018-04-11 2018-11-06 南京熊猫通信科技有限公司 A kind of communication terminal near field identifying system and method based on microcell base station
CN112154634A (en) * 2018-05-18 2020-12-29 瑞典爱立信有限公司 Application Access Control
US11785013B2 (en) 2018-05-18 2023-10-10 Telefonaktiebolaget Lm Ericsson (Publ) Application program access control
CN109246104B (en) * 2018-09-12 2021-06-08 安徽中科数盾科技有限公司 Security mobile police service system oriented to high-confidentiality environment
CN109246104A (en) * 2018-09-12 2019-01-18 合肥开元埃尔软件股份有限公司 A kind of safety moving police service platform towards high secure environment
WO2020186673A1 (en) * 2019-03-21 2020-09-24 上海风汇网络科技有限公司 Value transmission system and method based on dns domain name system, and dns server
CN111490988A (en) * 2020-04-10 2020-08-04 海南简族信息技术有限公司 A data transmission method, apparatus, device and computer-readable storage medium
CN111490988B (en) * 2020-04-10 2022-07-15 海南简族信息技术有限公司 Data transmission method, device, equipment and computer readable storage medium
CN113962680A (en) * 2020-07-20 2022-01-21 中移(上海)信息通信科技有限公司 A payment method, device, equipment and computer storage medium
CN112073375A (en) * 2020-08-07 2020-12-11 中国电力科学研究院有限公司 Isolation device and isolation method suitable for power Internet of things client side
CN112073375B (en) * 2020-08-07 2023-09-26 中国电力科学研究院有限公司 An isolation device and isolation method suitable for the client side of the power Internet of Things
CN118200058A (en) * 2024-05-17 2024-06-14 广东省电信规划设计院有限公司 Multi-factor authentication method and system based on physical isolation channel

Also Published As

Publication number Publication date
WO2015085809A1 (en) 2015-06-18
CN103619020B (en) 2017-02-08

Similar Documents

Publication Publication Date Title
CN103619020B (en) Mobile payment security system for wireless data private network physical isolation internet
EP1058872B1 (en) Method, arrangement and apparatus for authentication through a communications network
KR102646565B1 (en) Processing electronic tokens
CN104158824B (en) Genuine cyber identification authentication method and system
WO2015085808A1 (en) Secure application system with mobile terminal automatically switching different channel networking interfaces
CN102202306B (en) Mobile security authentication terminal and method
EP3813403A1 (en) Mobile phone takeover protection system and method
CN105307108A (en) Internet of things information interactive communication method and system
CN104735027B (en) A kind of safety certifying method and authentication server
CN101986598B (en) Authentication method, server and system
CN106716956A (en) Cloud end operation interface sharing method, related device and system
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
RU2625949C2 (en) Method and system using cyber identifier for ensuring protected transactions
CN106790251A (en) User access method and subscriber access system
CN103401686A (en) User Internet identity authentication system and application method thereof
CN109587683B (en) Method and system, application program and terminal information database for SMS anti-monitoring
CN101330756B (en) Intelligent network business implementing system and method for preventing user identification from being stolen
CN102149079A (en) Method, device and system for obtaining user identity identifier
CN100429957C (en) Indentifying method for telecommunication smart card and terminal
CN110636501B (en) Mobile position information hiding method and system
CN101763482A (en) Method of internet computer software lock and service system thereof
TW201017462A (en) A far-end control method with security mechanism
Nobu et al. Implementation of a User Account Provisioning System Based on NFC for Public Wi-Fi Services
JP2016514871A (en) Financial transaction system via USSD network using mobile devices
CN118803730A (en) 5G message account opening method, device, electronic device, storage medium and program product

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20201221

Address after: No. 305, 3 / F, building 1, Cambridge business district, No. 6, Longgong Road, Longyan economic and Technological Development Zone, Longyan City, Fujian Province

Patentee after: Longyan Rongchuang Information Technology Co.,Ltd.

Address before: No.1302, 1st floor, building 13, no.282, Jinji North Road, Wuhou District, Chengdu City, Sichuan Province 610041

Patentee before: CHENGDU DAXINTONG COMMUNICATIONS EQUIPMENT Co.,Ltd.

TR01 Transfer of patent right