[go: up one dir, main page]

WO2012048538A1 - Near field communication (nfc) mobile terminal and method for implementing nfc secure payment - Google Patents

Near field communication (nfc) mobile terminal and method for implementing nfc secure payment Download PDF

Info

Publication number
WO2012048538A1
WO2012048538A1 PCT/CN2011/070238 CN2011070238W WO2012048538A1 WO 2012048538 A1 WO2012048538 A1 WO 2012048538A1 CN 2011070238 W CN2011070238 W CN 2011070238W WO 2012048538 A1 WO2012048538 A1 WO 2012048538A1
Authority
WO
WIPO (PCT)
Prior art keywords
nfc
chip
module
communication data
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2011/070238
Other languages
French (fr)
Chinese (zh)
Inventor
陈建强
吴红
杨小明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2012048538A1 publication Critical patent/WO2012048538A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/20Near-field transmission systems, e.g. inductive or capacitive transmission systems characterised by the transmission technique; characterised by the transmission medium
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B5/00Near-field transmission systems, e.g. inductive or capacitive transmission systems
    • H04B5/70Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Definitions

  • the present invention relates to the field of communications, and in particular to an NFC (Near Field)
  • NFC is a new technology based on the integration of Radio Frequency Identification (RFID) and interconnection technologies. It is a short-range wireless communication technology. It integrates a contactless card reader, contactless smart card and point-to-point function on a single chip. It can operate in the frequency range of 13.56MHz, can establish the connection between devices in the range of about 10cm, and the transmission rate It can reach 106Kbit/s, 212Kbit/s, or 424Kbit/s, and is expected to increase to over 848Kbit/s in the future.
  • RFID Radio Frequency Identification
  • NFC terminals mainly have three working modes: (1) Active mode: In this mode, the NFC terminal acts as a card reader, and actively sends out its own RF signal to identify and read/write other NFC devices; (2) Passive mode : In this mode, the NFC terminal can simulate a card being read/written, which only passively responds in the RF field emitted by other devices; (3) Two-way mode: In this mode, both parties actively send RF signals to establish Peer-to-peer communication.
  • NFC can quickly establish wireless communication between various devices over a short distance. It can be used as a virtual connector to exchange data between any two wireless devices. It also enables devices to communicate over longer distances or to transmit data at higher rates by initializing Bluetooth, 802.11, and other wireless protocols on the device. In addition to information transfer, NFC devices can act as a secure gateway in the connected world, allowing users to store or receive information at any time, whether at home or on the move. As long as the two NFC devices are brought together, they automatically start the network communication function, and the user does not need to set the installation program separately, thereby implementing the electronic wallet and ID card functions such as contactless mobile payment and identification.
  • the software encryption method is mainly used, that is, the transmitted data is encrypted by an encryption algorithm.
  • the implementation of such software can be easily cracked.
  • the decryption software can easily obtain the encryption algorithm used, and the user's personal information (ie, user information) can still be easily cracked. The user's personal information was stolen, and even the entire NFC system was attacked.
  • a primary object of the present invention is to provide an NFC mobile terminal and an NFC secure payment implementation method thereof, so as to at least solve the above-mentioned mobile payment process using the NFC mobile terminal for NFC technology, the user's personal information is easily stolen. problem.
  • an NFC mobile terminal including: a baseband processing chip, an NFC module, and a hardware encryption chip, wherein a hardware encryption chip is connected between the baseband processing chip and the NFC module for When the NFC mobile terminal uses the baseband processing chip and the NFC module to perform NFC payment, the encryption data is used to encrypt the communication data between the baseband processing chip and the NFC module; wherein, the encryption algorithm is automatically melted after being written into the hardware encryption chip. Read status.
  • the hardware encryption chip includes: a data storage module, configured to store preset encrypted information, wherein the preset encrypted information is automatically blown into an unreadable state after being preset; the monitoring program module is configured to monitor the encrypted communication.
  • a central processing module configured to determine whether the encrypted communication data is legal according to the preset encryption information, and block the between the baseband processing chip and the NFC module if it is determined that the encrypted communication data is illegal communication. Further, the monitoring program module is further configured to determine whether the encrypted communication data includes user information; the central processing module is further configured to determine the encrypted communication by determining whether the encrypted information in the user information matches the preset encrypted information. Whether the data is legal. Further, the central processing module is further configured to: when determining that the encrypted information in the user information does not match the preset encrypted information, by closing the first interface and the hardware encryption chip and the NFC module connected to the baseband processing chip by the hardware encryption chip The second interface of the connection blocks communication between the baseband processing chip and the NFC module.
  • the central processing module is further configured to: after determining that the encrypted information in the user information matches the preset encrypted information, the control monitoring program module continues to monitor the encrypted communication data between the baseband processing chip and the NFC module.
  • the first interface of the hardware encryption chip and the baseband processing chip is connected, and the second interface of the hardware encryption chip and the NFC module is an SDIO interface or an SPI interface. Further, the hardware encryption chip is non-reproducible.
  • a method for implementing NFC secure payment of an NFC mobile terminal including: in an NFC mobile terminal using a baseband processing chip and an NFC module for NFC payment, the hardware encryption chip uses an encryption algorithm pair The communication data between the baseband processing chip and the NFC module is encrypted; wherein the hardware encryption chip is connected between the baseband processing chip and the NFC module; the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip. Further, after the hardware encryption chip encrypts the communication data between the baseband processing chip and the NFC module by using an encryption algorithm, the foregoing method further includes: the hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information.
  • the preset encryption information is automatically blown into an unreadable state after being preset; in the case that the encrypted communication data is determined to be illegal, the hardware encryption chip blocks communication between the baseband processing chip and the NFC module. Further, the hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information: the hardware encryption chip determines whether the encrypted communication data includes user information; and when the hardware encryption chip determines that the communication data includes the user In the information, it is determined whether the encrypted communication data is legal by judging whether the encrypted information in the user information matches the preset encrypted information.
  • the communication data is encrypted on the hardware circuit (ie, the hardware chip), and any data (including encryption) is written.
  • Algorithm After the hardware encryption chip, the data is automatically melted and unreadable, which solves the problem that the user's personal information is easily stolen during the use of the NFC payment process, thereby Compared with software encryption, it is safer and more reliable. Even when the NFC system is attacked, it can ensure that the user's personal information can still be effectively protected.
  • FIG. 1 is a schematic diagram of an NFC mobile terminal according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a hardware encryption chip in an NFC mobile terminal according to a preferred embodiment of the present invention
  • FIG. 4 is a schematic diagram of a process for implementing NFC security defense during an NFC payment process by an NFC mobile terminal according to a preferred embodiment of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION
  • the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
  • 1 is a schematic diagram of an NFC mobile terminal according to an embodiment of the present invention, including: a baseband processing chip 10, an NFC module 20, and a hardware encryption chip 30, wherein the hardware encryption chip 30 is connected to the baseband processing chip 10 and the NFC module 20.
  • the baseband processing chip 10 and the NFC are used by using a pre-written local encryption algorithm.
  • the communication data between the modules 20 is encrypted; wherein the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip 30.
  • the communication data is encrypted on the hardware circuit (ie, the hardware chip), and any data is written (including the encryption algorithm).
  • the hardware encryption chip After the hardware encryption chip, the data is automatically melted and unreadable, which solves the problem that the user's personal information is easily stolen during the use of the NFC payment process.
  • the hardware encryption method of the example is more secure and reliable than the software encryption method, and even when the NFC system is attacked, the user's personal information can be effectively protected.
  • the above NFC mobile terminal may be a mobile phone or the like.
  • 2 is a schematic diagram of a hardware encryption chip in an NFC mobile terminal according to a preferred embodiment of the present invention, in order to further avoid the NFC mobile terminal in the process of performing NFC payment, related communication data, especially user information (including user identification code, payment) As shown in FIG.
  • the hardware encryption chip 30 may further include: a data storage module 302, configured to store preset encrypted information, where the preset encrypted information is in the case of the personal information of the account, etc. After the preset is automatically blown into an unreadable state; the monitoring program module 304 is configured to monitor the encrypted communication data after the NFC mobile terminal encrypts the received communication data; and the central processing module 306 is configured to use the data storage module 302.
  • the preset encrypted information stored therein determines whether the encrypted communication data is legal (ie, whether the communication between the baseband processing chip 10 and the NFC module 20 is legal), and determines that the encrypted communication data is illegal.
  • the monitoring program module 304 can also be used to determine whether the encrypted communication data includes user information.
  • the central processing module 306 can also be used to determine the user information. Whether the encrypted information matches the preset encrypted information stored in the data storage module 302 determines whether the encrypted communication data is legal. Obviously, when it is determined to be a match, the user information is considered to meet the encryption requirement, that is, the encrypted communication data is considered to be legal, and conversely, the user information is considered not to meet the encryption requirement, that is, the encrypted communication data is considered to be illegal.
  • the central processing module 306 is further used to determine whether the encrypted communication data is legal by determining whether the encrypted information in the user information matches the preset encryption information stored in the data storage module 302. In the case where it is determined that the encrypted information in the user information does not match the preset encrypted information stored in the data storage module 302 (ie, the encrypted communication data is illegal), the hardware encryption chip 30 and the baseband processing chip 10 are turned off. The connected first interface and the second interface of the hardware encryption chip 30 and the NFC module 20 are connected to block communication between the baseband processing chip 10 and the NFC module 20.
  • a clock signal or a data line between interfaces may be physically blocked to prevent the personal information of the user on the end user side from being read by the illegal NFC system.
  • the central processing module 306 is further configured to: when determining that the encrypted information in the user information matches the preset encrypted information stored in the data storage module 302, the control monitor module 304 continues to monitor the baseband processing chip 10 and the NFC module.
  • the encrypted communication data between 20 keeps the normal communication between the two.
  • the hardware encryption chip 30 when operating in the blocking mode, communication between the baseband processing chip 10 and the NFC module 20 is blocked; when operating in the normal operating mode, the hardware encryption chip 30 is in the baseband processing chip 10 and the NFC module 20 It plays the role of communication monitoring (that is, monitoring the communication data between the two), and monitors whether the data transmission between the two meets the requirements of the encrypted information (that is, whether it is legal).
  • the interface of the hardware encryption chip 30 in order to facilitate communication with the baseband processing chip 10 and the NFC module 20, the interface of the hardware encryption chip 30: the first interface connected to the baseband processing chip 10 and the second interface connected to the NFC module 20 may be currently used.
  • the SDIO (Secure Digital Input and Output) interface can also be the current general-purpose SPI (High Speed Synchronous Serial) interface.
  • the monitoring program module in the above embodiment may be implemented by using a software program, or may be implemented by using hardware. It can be selectively implemented according to actual needs.
  • the encryption algorithm in the hardware encryption chip 30, the storage of the monitor module 304, and the storage of the preset encryption information should have anti-attack capability, and cannot be known and changed from outside the chip after being written into the hardware encryption chip.
  • Program and data content, and hardware encryption chip 30 has non-reproducible characteristics.
  • the hardware encryption chip 30 may further include a monitoring program storage module and an interface module.
  • the monitoring program storage module is configured to store the monitoring program; the interface module includes the first interface and the second interface, and is respectively connected to the interface of the baseband control chip 10 and the interface of the NFC module 20.
  • the hardware encryption chip 30 After receiving the communication data from the baseband processing chip 10 or the NFC module 20, the hardware encryption chip 30 first encrypts the communication data by using a local encryption algorithm, and then performs correlation by running a monitoring program stored in the monitoring program storage module. Data processing and control processing work, and communication between the baseband processing chip 10 and the NFC module 20 is controlled by the interface module.
  • the hardware encryption chip 30 monitors the communication between the baseband processing chip 10 and the NFC module 20 and obtains user identification related data (ie, user information) therefrom, it is preset with the data storage module 302.
  • the data in i.e., the encrypted information
  • the normal communication of the NFC module 20 is controlled based on the result of the discrimination.
  • 3 is a flowchart of an implementation method of an NFC secure payment of an NFC mobile terminal according to an embodiment of the present invention. As shown in FIG.
  • the implementation method includes the following steps: Step S302: In the process of performing NFC payment by the NFC mobile terminal using the baseband processing chip and the NFC module, the hardware encryption chip encrypts the communication data between the baseband processing chip and the NFC module by using a pre-written local encryption algorithm; The hardware encryption chip is connected between the baseband processing chip and the NFC module; the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip; and in step S304, the hardware encryption chip determines whether the encrypted communication data is based on the locally preset encryption information.
  • the hardware encryption chip blocks the baseband processing chip and the NFC module when it is determined that the encrypted communication data is illegal Communication.
  • the step S304 may include: the hardware encryption chip determines whether the encrypted communication data includes user information; and when the hardware encryption chip determines that the communication data includes the user information, determining the encryption information and the preset in the user information. Whether the encrypted information matches to determine whether the encrypted communication data is legal.
  • the step S406 includes: after determining that the encryption information in the user information does not match the preset encryption information, the hardware encryption chip closes the first interface connected to the baseband processing chip by the hardware encryption chip and The second interface of the hardware encryption chip and the NFC module blocks communication between the baseband processing chip and the NFC module. Moreover, in the case where it is determined that the encrypted information in the user information matches the preset encrypted information, the encrypted communication data between the baseband processing chip and the NFC module can be continuously monitored.
  • the process of implementing the NFC security defense in the NFC payment process of the NFC mobile terminal in the above embodiment of the present invention is described in detail below.
  • Step S402 the hardware encryption chip is powered on, and the monitoring program stored in the monitoring program storage module on the hardware encryption chip starts to run; in step S404, the monitoring program works in the normal working mode, and the monitoring program opens the communication interface (including the first interface and a second interface;), allowing normal communication between the NFC module and the baseband processing chip; Step S406, the hardware encryption chip encrypts the communication data between the NFC module and the baseband processing chip by using an encryption algorithm pre-written to the local; The monitoring program monitors the encrypted communication data; and in step S410, the monitoring program determines whether the encrypted communication data includes a user identification code or personal information related data (ie, user information) by determining the type of the encrypted communication data, and if Then, the process proceeds to step S412.
  • step S412 the central processing module identifies the user information with the data preset in the data storage module (ie, the preset encryption information), according to the authentication result.
  • the process proceeds to step S414, the otherwise, continue to monitor the process returns to step S408; in particular, whether the encrypted information with the preset user information in the encrypted information data storage module matches.
  • the user's personal information can also be secured. From the above description, it can be seen that the present invention achieves the following technical effects: by adding a hardware encryption chip between the end user side (ie, the baseband processing chip) and the NFC module, on the hardware circuit (ie, the hardware chip) Encryption of communication data, the data is automatically fused and unreadable after writing any data (including an encryption algorithm) to the hardware encryption chip, thereby solving the problem that the user's personal information is easily stolen during the use of the NFC payment process, thereby Compared with software encryption, it is safer and more reliable. Even when the NFC system is attacked, it can ensure that the user's personal information can still be effectively protected.
  • modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be executed by a computing device
  • the program code is implemented so that they can be stored in the storage device by the computing device, and in some cases, the steps shown or described can be performed in a different order than here, or they can be separately produced.
  • the individual integrated circuit modules are implemented, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a Near Field Communication (NFC) mobile terminal and a method for implementing NFC secure payment, wherein, the NFC mobile terminal includes: a base band processing chip, a NFC module and a hardware encryption chip, wherein, the hardware encryption chip, which is connected between the base band processing chip and the NFC module, is used to encrypt communication data between the base band processing chip and the NFC module using an encryption algorithm in the process that the NFC mobile terminal implements the NFC payment using the base band processing chip and the NFC module; wherein, the hardware encryption chip is automatically fused and becomes an unreadable state after the encryption algorithm is written into it. It can be ensured that user's personal information can be still effectively protected via the present invention.

Description

NFC移动终端及其 NFC安全支付的实现方法 技术领域 本发明涉及通信领域, 具体而言, 涉及一种 NFC ( Near Field  TECHNICAL FIELD The present invention relates to the field of communications, and in particular to an NFC (Near Field)

Communication, 近 3巨离无线通信 )移动终端及其 NFC安全支付的实现方法。 背景技术 Communication, nearly 3 large-scale wireless communication) mobile terminal and its implementation of NFC secure payment. Background technique

NFC是一种在无线射频识别 (Radio Frequency Identification, RFID ) 和 互联技术的基础上融合演变而来的新技术, 是一种短距离无线通信技术。 它 在单一芯片上集成了非接触式读卡器、 非接触式智能卡和点对点的功能, 可 以运行在 13.56MHz的频率范围内, 能在大约 10cm的范围内建立设备之间 的连接, 并且传输速率可达到 106Kbit/s、 212Kbit/s、 或 424Kbit/s, 预计未来 可提高到 848Kbit/s以上。 目前, NFC终端主要有三种工作模式: ( 1 )主动模式: 在该模式下 NFC 终端作为一个读卡器, 主动发出自己的射频信号去识别和读 /写别的 NFC设 备; (2 )被动模式: 在该模式下, NFC终端可以模拟成一个卡被读 /写, 它只 在其他设备发出的射频场中被动响应; (3 ) 双向模式: 在该模式下, 双方都 主动发出射频信号来建立点对点的通信。 NFC is a new technology based on the integration of Radio Frequency Identification (RFID) and interconnection technologies. It is a short-range wireless communication technology. It integrates a contactless card reader, contactless smart card and point-to-point function on a single chip. It can operate in the frequency range of 13.56MHz, can establish the connection between devices in the range of about 10cm, and the transmission rate It can reach 106Kbit/s, 212Kbit/s, or 424Kbit/s, and is expected to increase to over 848Kbit/s in the future. At present, NFC terminals mainly have three working modes: (1) Active mode: In this mode, the NFC terminal acts as a card reader, and actively sends out its own RF signal to identify and read/write other NFC devices; (2) Passive mode : In this mode, the NFC terminal can simulate a card being read/written, which only passively responds in the RF field emitted by other devices; (3) Two-way mode: In this mode, both parties actively send RF signals to establish Peer-to-peer communication.

NFC可以在短距离范围内快速地建立各种设备之间的无线通信, 可作为 一种虚拟连接器, 可以满足任意两个无线设备间的数据交换。 它还能通过初 始化设备上的蓝牙、 802.11等无线协议, 使设备能在更远距离上通信, 或以 更高速率传输数据。 除了信息传输之外, NFC设备可以在联网世界中作为一 个安全的网关, 让用户无论是在家中还是在移动中, 都能随时储存或接收各 种信息。 只要将两个 NFC设备靠拢, 它们便会自动启动网络通信功能, 用户 无需另行设定安装程序, 从而实现非接触式移动支付、 身份识别等电子钱包 和身份证功能。 随着手机等移动终端的普及和 3G ( the 3rd Generation Mobile Communications, 第三代移动通信) 时代移动新业务的开展, 在手机等移动 终端上釆用 NFC非接触式移动支付也成为了一种趋势。 在相关技术中, 使用 NFC移动终端进行基于 NFC技术的移动支付时, 通常需要使用用户的个人信息, 这样, 就对使用的安全性提出了极高的要求。 即, 在使用 NFC支付时, 通常会遇到数据破坏、 数据篡改、 数据插入以及第 三方插入式攻击等安全威胁, NFC移动终端用户侧的个人信息艮容易遭到盗 取。 为了解决在上述使用 NFC移动终端进行 NFC技术的移动支付时, 用户 的个人信息容易遭到盗取的问题, 目前主要釆用软件加密方式, 即, 通过加 密算法对传送的数据进行加密。 但是, 这种软件的实现方式很容易被破解, 例如, 通过解密软件就能够很容易地获取到所使用的加密算法, 仍然能够很 容易地破解得到用户的个人信息(即, 用户信息), 从而导致用户的个人信息 被盗取, 甚至整个 NFC系统都遭到攻击。 发明内容 本发明的主要目的在于提供一种 NFC移动终端及其 NFC安全支付的实 现方法, 以至少解决上述的使用 NFC移动终端进行 NFC技术的移动支付过 程中, 用户的个人信息容易被盗取的问题。 才艮据本发明的一个方面, 提供了一种 NFC移动终端, 包括: 基带处理芯 片、 NFC模块和硬件加密芯片, 其中, 硬件加密芯片, 连接在基带处理芯片 和 NFC模块之间,用于在 NFC移动终端使用基带处理芯片和 NFC模块进行 NFC支付的过程中, 使用加密算法对基带处理芯片和 NFC模块之间的通讯 数据进行加密; 其中, 加密算法在写入硬件加密芯片后自动熔断为不可读状 态。 进一步地, 硬件加密芯片包括: 数据存储模块, 用于存储预置的加密信 息, 其中, 预置的加密信息在预置后自动熔断为不可读状态; 监控程序模块, 用于监控加密后的通讯数据; 中央处理模块, 用于才艮据预置的加密信息判断 加密后的通讯数据是否合法, 并在确定加密后的通讯数据不合法的情况下, 阻断基带处理芯片和 NFC模块之间的通讯。 进一步地, 监控程序模块还用于判断加密后的通讯数据中是否包含有用 户信息; 中央处理模块还用于通过判断用户信息中的加密信息与预置的加密 信息是否匹配来判断加密后的通讯数据是否合法。 进一步地, 中央处理模块还用于在确定用户信息中的加密信息与预置的 加密信息不匹配的情况下, 通过关闭硬件加密芯片与基带处理芯片连接的第 一接口和硬件加密芯片与 NFC模块连接的第二接口, 阻断基带处理芯片和 NFC模块之间的通讯。 进一步地, 中央处理模块还用于在确定用户信息中的加密信息与预置的 加密信息匹配的情况下,控制监控程序模块继续监控基带处理芯片和 NFC模 块之间的加密后的通讯数据。 进一步地, 硬件加密芯片与基带处理芯片连接的第一接口以及硬件加密 芯片与 NFC模块连接的第二接口为 SDIO接口或者为 SPI接口。 进一步地, 硬件加密芯片具有不可复制性。 根据本发明的另一方面, 提供了一种 NFC移动终端的 NFC安全支付的 实现方法, 包括: 在 NFC移动终端使用基带处理芯片和 NFC模块进行 NFC 支付的过程中,硬件加密芯片使用加密算法对基带处理芯片和 NFC模块之间 的通讯数据进行加密; 其中,硬件加密芯片连接在基带处理芯片和 NFC模块 之间; 加密算法在写入硬件加密芯片后自动熔断为不可读状态。 进一步地,在硬件加密芯片使用加密算法对基带处理芯片和 NFC模块之 间的通讯数据进行加密之后, 上述的方法还包括: 硬件加密芯片根据本地预 置的加密信息判断加密后的通讯数据是否合法, 其中, 预置的加密信息在预 置后自动熔断为不可读状态; 在确定加密后的通讯数据为不合法的情况下, 硬件加密芯片阻断基带处理芯片和 NFC模块之间的通讯。 进一步地, 硬件加密芯片根据本地预置的加密信息判断加密后的通讯数 据是否合法包括: 硬件加密芯片判断加密后的通讯数据中是否包含有用户信 息; 当硬件加密芯片确定通讯数据中包含有用户信息时, 通过判断用户信息 中的加密信息与预置的加密信息是否匹配来判断加密后的通讯数据是否合 法。 通过本发明, 通过在终端用户侧(即, 基带处理芯片)和 NFC模块之间 加入硬件加密芯片, 在硬件电路(即, 硬件芯片) 上实现通讯数据的加密, 在写入任何数据 (包括加密算法) 到该硬件加密芯片后该数据即自动熔断不 可读, 解决了在使用 NFC支付过程中用户的个人信息易被盗取的问题, 从而 相比于软件加密方式更加安全和可靠, 即使在 NFC系统被攻击的情况下, 也 可以确保用户的个人信息依然可以得到有效地保护。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是才艮据本发明实施例的 NFC移动终端的示意图; 图 2是根据本发明优选实施例的 NFC移动终端中的硬件加密芯片的示意 图; 图 3是根据本发明实施例的 NFC移动终端的 NFC安全支付的实现方法 的流程图; 图 4是根据本发明优选实施例的 NFC移动终端在进行 NFC支付过程中 实现 NFC安全防范的过程示意图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在 不冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 图 1是才艮据本发明实施例的 NFC移动终端的示意图, 包括: 基带处理芯 片 10、 NFC模块 20和硬件加密芯片 30 , 其中, 硬件加密芯片 30, 连接在基带处理芯片 10和 NFC模块 20之间, 用于 在 NFC移动终端使用基带处理芯片 10和 NFC模块 20进行 NFC支付 (即, NFC非接触式移动支付)的过程中, 使用预先写入本地的加密算法对基带处 理芯片 10和 NFC模块 20之间的通讯数据进行加密; 其中,加密算法在写入 硬件加密芯片 30后自动熔断为不可读状态。 本实施例通过在终端用户侧(即, 基带处理芯片)和 NFC模块之间加入 硬件加密芯片, 在硬件电路 (即, 硬件芯片) 上实现通讯数据的加密, 在写 入任何数据 (包括加密算法)到该硬件加密芯片后该数据即自动熔断不可读, 解决了在使用 NFC支付过程中用户的个人信息易被盗取的问题。使用本实施 例的硬件加密方式相比于软件加密方式更加安全和可靠,即使在 NFC系统被 攻击的情况下, 也可以确保用户的个人信息依然可以得到有效地保护。 优选地, 上述的 NFC移动终端可以为手机等。 图 2是根据本发明优选实施例的 NFC移动终端中的硬件加密芯片的示意 图, 为了进一步避免 NFC移动终端在进行 NFC支付的过程中, 相关通讯数 据, 特别是用户信息 (包括用户识别码、 支付账号等个人信息)被破坏、 篡 改、 插入等, 如图 2所示, 硬件加密芯片 30还可以进一步包括: 数据存储 模块 302 , 用于存储预置的加密信息, 其中, 预置的加密信息在预置后自动 熔断为不可读状态; 监控程序模块 304 , 用于在 NFC移动终端对接收到的通 讯数据进行加密后, 监控加密后的通讯数据; 中央处理模块 306 , 用于根据 数据存储模块 302中存储的预置的加密信息判断上述加密后的通讯数据是否 合法 (即, 判断基带处理芯片 10与 NFC模块 20之间的通讯是否合法), 并 在确定该加密后的通讯数据不合法的情况下, 阻断基带处理芯片 10和 NFC 模块 20之间的通讯 (即, 基带处理芯片 10和 NFC模块 20之间的非法通讯 进行阻断;)。 在如图 1所示的 NFC移动终端中 ,监控程序模块 304还可以用于判断上 述加密后的通讯数据中是否包含有用户信息; 则中央处理模块 306还可以用 于通过判断该用户信息中的加密信息与数据存储模块 302中存储的预置的加 密信息是否匹配来判断加密后的通讯数据是否合法。 显然, 在确定为匹配的 情况下, 认为用户信息符合加密要求, 即, 认为加密后的通讯数据是合法的, 反之, 认为用户信息不符合加密要求, 即, 认为加密后的通讯数据不合法。 在上述通过判断该用户信息中的加密信息与数据存储模块 302中存储的 预置的加密信息是否匹配来判断加密后的通讯数据是否合法的优选实施例 中, 此时, 中央处理模块 306还用于在确定该用户信息中的加密信息与数据 存储模块 302中存储的预置的加密信息不匹配的情况下 (即加密后的通讯数 据不合法), 通过关闭硬件加密芯片 30与基带处理芯片 10连接的第一接口 和硬件加密芯片 30与 NFC模块 20连接的第二接口, 阻断基带处理芯片 10 和 NFC模块 20之间的通讯。 例如, 在具体实施过程中, 可以釆用物理方式 阻断接口间的时钟信号或者数据线等, 以防止终端用户侧的用户的个人信息 被非法 NFC系统读取。 并且, 中央处理模块 306还用于在确定该用户信息中的加密信息与数据 存储模块 302中存储的预置的加密信息匹配的情况下,控制监控程序模块 304 继续监控基带处理芯片 10和 NFC模块 20之间的加密后的通讯数据,保持这 两者之间的正常通讯。 显然, 由上述的实施例可知: 硬件加密芯片 30可以才艮据监控情况, 工 作在正常工作模式或者阻断模式下。 其中, 当工作在阻断模式下时, 基带处 理芯片 10和 NFC模块 20之间的通讯被阻断; 在工作在正常工作模式下时, 硬件加密芯片 30在基带处理芯片 10和 NFC模块 20之间起到通讯监听的作 用 (即, 监控两者之间的通讯数据), 监听两者之间的数据传输是否符合加密 信息的要求 (也即是否合法)。 优选地, 为了便于与基带处理芯片 10和 NFC模块 20进行通信, 上述硬 件加密芯片 30的接口:与基带处理芯片 10连接的第一接口以及与 NFC模块 20连接的第二接口可以为现行通用的 SDIO ( Secure Digital Input and Output, 安全数字输入输出)接口, 也可以为现行通用的 SPI (高速同步串行)接口。 上述实施例中的监控程序模块在实际实施时, 可以选择使用软件程序来 实现,也可以选择使用硬件来实现。 可以根据实际需求来进行选择性的实施。 硬件加密芯片 30中的加密算法、 监控程序模块 304的存储和预置的加 密信息的存储应该具有抗攻击能力, 在写入到硬件加密芯片中后从芯片外部 无法得知和更改存储在其中的程序和数据内容, 并且, 硬件加密芯片 30具 有不可复制的特性。 在实际实施的过程中, 当上述的监控程序模块 304为一种监控程序的软 件时, 硬件加密芯片 30中的还可以包括监控程序存储模块和接口模块。 其 中, 监控程序存储模块用于存储该监控程序; 接口模块即包括上述的第一接 口和第二接口, 分别与基带控制芯片 10的接口和 NFC模块 20的接口相连。 硬件加密芯片 30在接收到来自基带处理芯片 10或 NFC模块 20的通讯数据 后, 首先使用本地的加密算法对该通讯数据进行加密, 然后通过运行存储在 监控程序存储模块中的监控程序, 进行相关数据处理和控制处理工作, 并且 通过接口模块控制基带处理芯片 10和 NFC模块 20之间的通讯。当硬件加密 芯片 30监听到基带处理芯片 10和 NFC模块 20之间的通讯并从中获取到用 户识别相关的数据 (即, 用户信息) 时, 就将其与预置在数据存储模块 302 中的数据 (即, 加密信息) 进行鉴别, 根据鉴别结果来控制 NFC模块 20的 正常通讯。 结合如图 1所示的 NFC移动终端, 图 3是才艮据本发明实施例的 NFC移 动终端的 NFC安全支付的实现方法的流程图, 如图 3所示, 该实现方法包括 以下步 4聚: 步骤 S302, 在 NFC移动终端使用基带处理芯片和 NFC模块进行 NFC 支付的过程中, 硬件加密芯片使用预先写入本地的加密算法对基带处理芯片 和 NFC模块之间的通讯数据进行加密; 其中,硬件加密芯片连接在基带处理 芯片和 NFC模块之间;加密算法在写入硬件加密芯片后自动熔断为不可读状 态; 步骤 S304,硬件加密芯片根据本地预置的加密信息判断加密后的通讯数 据是否合法, 其中, 预置的加密信息在预置后自动熔断为不可读状态; 步骤 S306 , 在确定加密后的通讯数据为不合法的情况下, 硬件加密芯片 阻断基带处理芯片和 NFC模块之间的通讯。 优选地, 步骤 S304中可以包括: 硬件加密芯片判断加密后的通讯数据 中是否包含有用户信息;当硬件加密芯片确定通讯数据中包含有用户信息时 , 通过判断用户信息中的加密信息与预置的加密信息是否匹配来判断加密后的 通讯数据是否合法。 优选地, 步 4聚 S306可以包括: 在确定上述用户信息中的加密信息与上 述预置的加密信息不匹配的情况下, 硬件加密芯片通过关闭硬件加密芯片与 基带处理芯片连接的第一接口以及硬件加密芯片与 NFC模块连接的第二接 口, 阻断基带处理芯片和 NFC模块之间的通讯。 并且, 在确定上述用户信息中的加密信息与上述预置的加密信息匹配的 情况下, 可以继续监控基带处理芯片和 NFC模块之间的加密后的通讯数据。 下面详细介绍 居本发明上述实施例的 NFC移动终端在进行 NFC支付 过程中实现 NFC安全防范的过程, 图 4是才艮据本发明优选实施例的 NFC移 示, 包括如下几个步骤: 步骤 S402 , 硬件加密芯片上电, 存储在硬件加密芯片上的监控程序存储 模块中的监控程序开始运行; 步骤 S404,监控程序工作在正常工作模式下,监控程序打开通讯接口(包 括第一接口和第二接口;), 允许 NFC模块与基带处理芯片之间的正常通讯; 步骤 S406, 硬件加密芯片使用预先写入到本地的加密算法加密 NFC模 块与基带处理芯片之间的通讯数据; 步骤 S408, 监控程序监控上述的加密后的通讯数据; 步骤 S410 ,监控程序通过判断加密后的通讯数据的类型来判断加密后的 通讯数据中是否包含用户识别码或个人信息相关数据 (即用户信息), 若是, 则进入步骤 S412, 若否, 则返回步骤 S408继续监控; 步骤 S412 , 中央处理模块将用户信息与预置在数据存储模块中的数据 (即, 预置的加密信息)进行鉴别, 根据鉴别结果来控制 NFC模块的正常通 讯; 若鉴别结果为不符合加密要求, 则进入步骤 S414, 否则, 返回步骤 S408 继续监控; 具体地, 判断用户信息中的加密信息与预置在数据存储模块中的加密信 息是否匹配。 步骤 S414 , 判定 NFC系统为非法, 监控程序进入阻断模式, 硬件加密 芯片对接口间的通讯进行阻断, NFC模块和基带处理芯片之间就会无法正常 通讯, NFC模块的使用被屏蔽,终端用户的个人信息也就可以得到安全保护。 从以上的描述中, 可以看出, 本发明实现了如下技术效果: 通过在终端 用户侧(即, 基带处理芯片)和 NFC模块之间加入硬件加密芯片, 在硬件电 路(即, 硬件芯片) 上实现通讯数据的加密, 在写入任何数据 (包括加密算 法)到该硬件加密芯片后该数据即自动熔断不可读, 解决了在使用 NFC支付 过程中用户的个人信息易被盗取的问题, 从而相比于软件加密方式更加安全 和可靠, 即使在 NFC系统被攻击的情况下, 也可以确保用户的个人信息依然 可以得到有效地保护。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可 以用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布 在多个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程 序代码来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 并 且在某些情况下, 可以以不同于此处的顺序执行所示出或描述的步骤, 或者 将它们分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作 成单个集成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件 结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的^"神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 NFC can quickly establish wireless communication between various devices over a short distance. It can be used as a virtual connector to exchange data between any two wireless devices. It also enables devices to communicate over longer distances or to transmit data at higher rates by initializing Bluetooth, 802.11, and other wireless protocols on the device. In addition to information transfer, NFC devices can act as a secure gateway in the connected world, allowing users to store or receive information at any time, whether at home or on the move. As long as the two NFC devices are brought together, they automatically start the network communication function, and the user does not need to set the installation program separately, thereby implementing the electronic wallet and ID card functions such as contactless mobile payment and identification. With the popularity of mobile phones and other mobile terminals and 3G (the 3 rd Generation Mobile Communications , the third generation mobile communication) to carry out new era of mobile services, Bian on mobile phones and other mobile terminals with NFC contactless mobile payment has become a trend. In the related art, when an NFC-based mobile payment is performed using an NFC mobile terminal, it is usually necessary to use the user's personal information, and thus, an extremely high requirement is imposed on the security of use. That is, when using NFC payment, security threats such as data corruption, data tampering, data insertion, and third-party plug-in attacks are often encountered, and personal information on the user side of the NFC mobile terminal is easily stolen. In order to solve the problem that the user's personal information is easily stolen in the above-mentioned mobile payment using the NFC mobile terminal using the NFC mobile terminal, the software encryption method is mainly used, that is, the transmitted data is encrypted by an encryption algorithm. However, the implementation of such software can be easily cracked. For example, the decryption software can easily obtain the encryption algorithm used, and the user's personal information (ie, user information) can still be easily cracked. The user's personal information was stolen, and even the entire NFC system was attacked. SUMMARY OF THE INVENTION A primary object of the present invention is to provide an NFC mobile terminal and an NFC secure payment implementation method thereof, so as to at least solve the above-mentioned mobile payment process using the NFC mobile terminal for NFC technology, the user's personal information is easily stolen. problem. According to an aspect of the present invention, an NFC mobile terminal is provided, including: a baseband processing chip, an NFC module, and a hardware encryption chip, wherein a hardware encryption chip is connected between the baseband processing chip and the NFC module for When the NFC mobile terminal uses the baseband processing chip and the NFC module to perform NFC payment, the encryption data is used to encrypt the communication data between the baseband processing chip and the NFC module; wherein, the encryption algorithm is automatically melted after being written into the hardware encryption chip. Read status. Further, the hardware encryption chip includes: a data storage module, configured to store preset encrypted information, wherein the preset encrypted information is automatically blown into an unreadable state after being preset; the monitoring program module is configured to monitor the encrypted communication. Data; a central processing module, configured to determine whether the encrypted communication data is legal according to the preset encryption information, and block the between the baseband processing chip and the NFC module if it is determined that the encrypted communication data is illegal communication. Further, the monitoring program module is further configured to determine whether the encrypted communication data includes user information; the central processing module is further configured to determine the encrypted communication by determining whether the encrypted information in the user information matches the preset encrypted information. Whether the data is legal. Further, the central processing module is further configured to: when determining that the encrypted information in the user information does not match the preset encrypted information, by closing the first interface and the hardware encryption chip and the NFC module connected to the baseband processing chip by the hardware encryption chip The second interface of the connection blocks communication between the baseband processing chip and the NFC module. Further, the central processing module is further configured to: after determining that the encrypted information in the user information matches the preset encrypted information, the control monitoring program module continues to monitor the encrypted communication data between the baseband processing chip and the NFC module. Further, the first interface of the hardware encryption chip and the baseband processing chip is connected, and the second interface of the hardware encryption chip and the NFC module is an SDIO interface or an SPI interface. Further, the hardware encryption chip is non-reproducible. According to another aspect of the present invention, a method for implementing NFC secure payment of an NFC mobile terminal is provided, including: in an NFC mobile terminal using a baseband processing chip and an NFC module for NFC payment, the hardware encryption chip uses an encryption algorithm pair The communication data between the baseband processing chip and the NFC module is encrypted; wherein the hardware encryption chip is connected between the baseband processing chip and the NFC module; the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip. Further, after the hardware encryption chip encrypts the communication data between the baseband processing chip and the NFC module by using an encryption algorithm, the foregoing method further includes: the hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information. The preset encryption information is automatically blown into an unreadable state after being preset; in the case that the encrypted communication data is determined to be illegal, the hardware encryption chip blocks communication between the baseband processing chip and the NFC module. Further, the hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information: the hardware encryption chip determines whether the encrypted communication data includes user information; and when the hardware encryption chip determines that the communication data includes the user In the information, it is determined whether the encrypted communication data is legal by judging whether the encrypted information in the user information matches the preset encrypted information. By the present invention, by adding a hardware encryption chip between the end user side (ie, the baseband processing chip) and the NFC module, the communication data is encrypted on the hardware circuit (ie, the hardware chip), and any data (including encryption) is written. Algorithm) After the hardware encryption chip, the data is automatically melted and unreadable, which solves the problem that the user's personal information is easily stolen during the use of the NFC payment process, thereby Compared with software encryption, it is safer and more reliable. Even when the NFC system is attacked, it can ensure that the user's personal information can still be effectively protected. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a schematic diagram of an NFC mobile terminal according to an embodiment of the present invention; FIG. 2 is a schematic diagram of a hardware encryption chip in an NFC mobile terminal according to a preferred embodiment of the present invention; A flowchart of a method for implementing NFC secure payment of an NFC mobile terminal according to an example; FIG. 4 is a schematic diagram of a process for implementing NFC security defense during an NFC payment process by an NFC mobile terminal according to a preferred embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. 1 is a schematic diagram of an NFC mobile terminal according to an embodiment of the present invention, including: a baseband processing chip 10, an NFC module 20, and a hardware encryption chip 30, wherein the hardware encryption chip 30 is connected to the baseband processing chip 10 and the NFC module 20. In the process of performing NFC payment (ie, NFC contactless mobile payment) by the NFC mobile terminal using the baseband processing chip 10 and the NFC module 20, the baseband processing chip 10 and the NFC are used by using a pre-written local encryption algorithm. The communication data between the modules 20 is encrypted; wherein the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip 30. In this embodiment, by adding a hardware encryption chip between the end user side (ie, the baseband processing chip) and the NFC module, the communication data is encrypted on the hardware circuit (ie, the hardware chip), and any data is written (including the encryption algorithm). After the hardware encryption chip, the data is automatically melted and unreadable, which solves the problem that the user's personal information is easily stolen during the use of the NFC payment process. Use this implementation The hardware encryption method of the example is more secure and reliable than the software encryption method, and even when the NFC system is attacked, the user's personal information can be effectively protected. Preferably, the above NFC mobile terminal may be a mobile phone or the like. 2 is a schematic diagram of a hardware encryption chip in an NFC mobile terminal according to a preferred embodiment of the present invention, in order to further avoid the NFC mobile terminal in the process of performing NFC payment, related communication data, especially user information (including user identification code, payment) As shown in FIG. 2, the hardware encryption chip 30 may further include: a data storage module 302, configured to store preset encrypted information, where the preset encrypted information is in the case of the personal information of the account, etc. After the preset is automatically blown into an unreadable state; the monitoring program module 304 is configured to monitor the encrypted communication data after the NFC mobile terminal encrypts the received communication data; and the central processing module 306 is configured to use the data storage module 302. The preset encrypted information stored therein determines whether the encrypted communication data is legal (ie, whether the communication between the baseband processing chip 10 and the NFC module 20 is legal), and determines that the encrypted communication data is illegal. Next, blocking communication between the baseband processing chip 10 and the NFC module 20 (ie, the baseband processing core Illegal communication between slice 10 and NFC module 20 is blocked;). In the NFC mobile terminal shown in FIG. 1 , the monitoring program module 304 can also be used to determine whether the encrypted communication data includes user information. The central processing module 306 can also be used to determine the user information. Whether the encrypted information matches the preset encrypted information stored in the data storage module 302 determines whether the encrypted communication data is legal. Obviously, when it is determined to be a match, the user information is considered to meet the encryption requirement, that is, the encrypted communication data is considered to be legal, and conversely, the user information is considered not to meet the encryption requirement, that is, the encrypted communication data is considered to be illegal. In the above preferred embodiment, the central processing module 306 is further used to determine whether the encrypted communication data is legal by determining whether the encrypted information in the user information matches the preset encryption information stored in the data storage module 302. In the case where it is determined that the encrypted information in the user information does not match the preset encrypted information stored in the data storage module 302 (ie, the encrypted communication data is illegal), the hardware encryption chip 30 and the baseband processing chip 10 are turned off. The connected first interface and the second interface of the hardware encryption chip 30 and the NFC module 20 are connected to block communication between the baseband processing chip 10 and the NFC module 20. For example, in a specific implementation process, a clock signal or a data line between interfaces may be physically blocked to prevent the personal information of the user on the end user side from being read by the illegal NFC system. Moreover, the central processing module 306 is further configured to: when determining that the encrypted information in the user information matches the preset encrypted information stored in the data storage module 302, the control monitor module 304 continues to monitor the baseband processing chip 10 and the NFC module. The encrypted communication data between 20 keeps the normal communication between the two. Obviously, it can be seen from the above embodiments that the hardware encryption chip 30 can work in the normal working mode or the blocking mode according to the monitoring situation. Wherein, when operating in the blocking mode, communication between the baseband processing chip 10 and the NFC module 20 is blocked; when operating in the normal operating mode, the hardware encryption chip 30 is in the baseband processing chip 10 and the NFC module 20 It plays the role of communication monitoring (that is, monitoring the communication data between the two), and monitors whether the data transmission between the two meets the requirements of the encrypted information (that is, whether it is legal). Preferably, in order to facilitate communication with the baseband processing chip 10 and the NFC module 20, the interface of the hardware encryption chip 30: the first interface connected to the baseband processing chip 10 and the second interface connected to the NFC module 20 may be currently used. The SDIO (Secure Digital Input and Output) interface can also be the current general-purpose SPI (High Speed Synchronous Serial) interface. In the actual implementation, the monitoring program module in the above embodiment may be implemented by using a software program, or may be implemented by using hardware. It can be selectively implemented according to actual needs. The encryption algorithm in the hardware encryption chip 30, the storage of the monitor module 304, and the storage of the preset encryption information should have anti-attack capability, and cannot be known and changed from outside the chip after being written into the hardware encryption chip. Program and data content, and hardware encryption chip 30 has non-reproducible characteristics. In the actual implementation process, when the monitoring program module 304 is a software for monitoring the program, the hardware encryption chip 30 may further include a monitoring program storage module and an interface module. The monitoring program storage module is configured to store the monitoring program; the interface module includes the first interface and the second interface, and is respectively connected to the interface of the baseband control chip 10 and the interface of the NFC module 20. After receiving the communication data from the baseband processing chip 10 or the NFC module 20, the hardware encryption chip 30 first encrypts the communication data by using a local encryption algorithm, and then performs correlation by running a monitoring program stored in the monitoring program storage module. Data processing and control processing work, and communication between the baseband processing chip 10 and the NFC module 20 is controlled by the interface module. When the hardware encryption chip 30 monitors the communication between the baseband processing chip 10 and the NFC module 20 and obtains user identification related data (ie, user information) therefrom, it is preset with the data storage module 302. The data in (i.e., the encrypted information) is authenticated, and the normal communication of the NFC module 20 is controlled based on the result of the discrimination. 3 is a flowchart of an implementation method of an NFC secure payment of an NFC mobile terminal according to an embodiment of the present invention. As shown in FIG. 3, the implementation method includes the following steps: Step S302: In the process of performing NFC payment by the NFC mobile terminal using the baseband processing chip and the NFC module, the hardware encryption chip encrypts the communication data between the baseband processing chip and the NFC module by using a pre-written local encryption algorithm; The hardware encryption chip is connected between the baseband processing chip and the NFC module; the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip; and in step S304, the hardware encryption chip determines whether the encrypted communication data is based on the locally preset encryption information. Legitimate, wherein the preset encrypted information is automatically blown into an unreadable state after being preset; in step S306, the hardware encryption chip blocks the baseband processing chip and the NFC module when it is determined that the encrypted communication data is illegal Communication. Preferably, the step S304 may include: the hardware encryption chip determines whether the encrypted communication data includes user information; and when the hardware encryption chip determines that the communication data includes the user information, determining the encryption information and the preset in the user information. Whether the encrypted information matches to determine whether the encrypted communication data is legal. Preferably, the step S406 includes: after determining that the encryption information in the user information does not match the preset encryption information, the hardware encryption chip closes the first interface connected to the baseband processing chip by the hardware encryption chip and The second interface of the hardware encryption chip and the NFC module blocks communication between the baseband processing chip and the NFC module. Moreover, in the case where it is determined that the encrypted information in the user information matches the preset encrypted information, the encrypted communication data between the baseband processing chip and the NFC module can be continuously monitored. The process of implementing the NFC security defense in the NFC payment process of the NFC mobile terminal in the above embodiment of the present invention is described in detail below. FIG. 4 is a NFC migration according to a preferred embodiment of the present invention, including the following steps: Step S402, the hardware encryption chip is powered on, and the monitoring program stored in the monitoring program storage module on the hardware encryption chip starts to run; in step S404, the monitoring program works in the normal working mode, and the monitoring program opens the communication interface (including the first interface and a second interface;), allowing normal communication between the NFC module and the baseband processing chip; Step S406, the hardware encryption chip encrypts the communication data between the NFC module and the baseband processing chip by using an encryption algorithm pre-written to the local; The monitoring program monitors the encrypted communication data; and in step S410, the monitoring program determines whether the encrypted communication data includes a user identification code or personal information related data (ie, user information) by determining the type of the encrypted communication data, and if Then, the process proceeds to step S412. If no, the process returns to step S408 to continue monitoring. In step S412, the central processing module identifies the user information with the data preset in the data storage module (ie, the preset encryption information), according to the authentication result. To control the normal communication of the NFC module; if the authentication result is not consistent Encryption requirements, the process proceeds to step S414, the otherwise, continue to monitor the process returns to step S408; in particular, whether the encrypted information with the preset user information in the encrypted information data storage module matches. Step S414, determining that the NFC system is illegal, the monitoring program enters the blocking mode, the hardware encryption chip blocks the communication between the interfaces, the NFC module and the baseband processing chip cannot communicate normally, and the use of the NFC module is blocked, and the terminal is blocked. The user's personal information can also be secured. From the above description, it can be seen that the present invention achieves the following technical effects: by adding a hardware encryption chip between the end user side (ie, the baseband processing chip) and the NFC module, on the hardware circuit (ie, the hardware chip) Encryption of communication data, the data is automatically fused and unreadable after writing any data (including an encryption algorithm) to the hardware encryption chip, thereby solving the problem that the user's personal information is easily stolen during the use of the NFC payment process, thereby Compared with software encryption, it is safer and more reliable. Even when the NFC system is attacked, it can ensure that the user's personal information can still be effectively protected. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be executed by a computing device The program code is implemented so that they can be stored in the storage device by the computing device, and in some cases, the steps shown or described can be performed in a different order than here, or they can be separately produced. The individual integrated circuit modules are implemented, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 一种近距离无线通信 NFC移动终端, 其特征在于, 包括: 基带处理芯 片、 NFC模块和硬件加密芯片, 其中, The invention relates to a short-range wireless communication NFC mobile terminal, which comprises: a baseband processing chip, an NFC module and a hardware encryption chip, wherein 所述硬件加密芯片,连接在所述基带处理芯片和所述 NFC模块之 间, 用于在所述 NFC移动终端使用所述基带处理芯片和所述 NFC模 块进行 NFC支付的过程中,使用加密算法对所述基带处理芯片和所述 NFC模块之间的通讯数据进行加密;  The hardware encryption chip is connected between the baseband processing chip and the NFC module, and is configured to use an encryption algorithm in a process in which the NFC mobile terminal uses the baseband processing chip and the NFC module to perform NFC payment. Encrypting communication data between the baseband processing chip and the NFC module; 其中, 所述加密算法在写入所述硬件加密芯片后自动熔断为不可 读状态。 才艮据权利要求 1所述的 NFC移动终端, 其特征在于, 所述硬件加密芯 片包括:  The encryption algorithm is automatically blown to an unreadable state after being written to the hardware encryption chip. The NFC mobile terminal according to claim 1, wherein the hardware encryption chip comprises: 数据存储模块, 用于存储预置的加密信息, 其中, 所述预置的加 密信息在预置后自动熔断为不可读状态;  a data storage module, configured to store preset encrypted information, where the preset encryption information is automatically blown into an unreadable state after being preset; 监控程序模块, 用于监控加密后的通讯数据;  a monitoring program module for monitoring encrypted communication data; 中央处理模块, 用于根据所述预置的加密信息判断所述加密后的 通讯数据是否合法,并在确定所述加密后的通讯数据不合法的情况下, 阻断所述基带处理芯片和所述 NFC模块之间的通讯。 根据权利要求 2所述的 NFC移动终端, 其特征在于, 所述监控程序模 块还用于判断所述加密后的通讯数据中是否包含有用户信息; 所述中 央处理模块还用于通过判断所述用户信息中的加密信息与所述预置的 加密信息是否匹配来判断所述加密后的通讯数据是否合法。 才艮据权利要求 3所述的 NFC移动终端, 其特征在于, 所述中央处理模 块还用于在确定所述用户信息中的加密信息与所述预置的加密信息不 匹配的情况下, 通过关闭所述硬件加密芯片与所述基带处理芯片连接 的第一接口和所述硬件加密芯片与所述 NFC模块连接的第二接口, 阻 断所述基带处理芯片和所述 NFC模块之间的通讯。 a central processing module, configured to determine, according to the preset encryption information, whether the encrypted communication data is legal, and block the baseband processing chip and the device if it is determined that the encrypted communication data is illegal Communication between NFC modules. The NFC mobile terminal according to claim 2, wherein the monitoring program module is further configured to determine whether the encrypted communication data includes user information; and the central processing module is further configured to determine the Whether the encrypted information in the user information matches the preset encrypted information determines whether the encrypted communication data is legal. The NFC mobile terminal according to claim 3, wherein the central processing module is further configured to: if it is determined that the encrypted information in the user information does not match the preset encrypted information, Close a first interface of the hardware encryption chip connected to the baseband processing chip and a second interface of the hardware encryption chip and the NFC module, and block communication between the baseband processing chip and the NFC module . 5. 居权利要求 3所述的 NFC移动终端, 其特征在于, 所述中央处理模 块还用于在确定所述用户信息中的加密信息与所述预置的加密信息匹 配的情况下, 控制所述监控程序模块继续监控所述基带处理芯片和所 述 NFC模块之间的加密后的通讯数据。 The NFC mobile terminal according to claim 3, wherein the central processing module is further configured to: in a case where it is determined that the encrypted information in the user information matches the preset encrypted information, The monitoring program module continues to monitor the encrypted communication data between the baseband processing chip and the NFC module. 6. 居权利要求 1所述的 NFC移动终端, 其特征在于, 所述硬件加密芯 片与所述基带处理芯片连接的第一接口以及所述硬件加密芯片与所述 NFC模块连接的第二接口为安全数字输入输出 SDIO接口或者为高速 同步串行 SPI接口。 The NFC mobile terminal of claim 1, wherein the first interface of the hardware encryption chip connected to the baseband processing chip and the second interface of the hardware encryption chip connected to the NFC module are Secure digital input and output SDIO interface or high speed synchronous serial SPI interface. 7. 根据权利要求 1至 6中任一项所述的 NFC移动终端, 其特征在于, 所 述硬件加密芯片具有不可复制性。 The NFC mobile terminal according to any one of claims 1 to 6, wherein the hardware encryption chip is non-reproducible. 8. —种近距离无线通信 NFC移动终端的 NFC安全支付的实现方法, 其 特征在于, 包括: 在所述 NFC移动终端使用基带处理芯片和 NFC模块进行 NFC支 付的过程中, 硬件加密芯片使用加密算法对所述基带处理芯片和所述 NFC模块之间的通讯数据进行加密; 8. A method for implementing NFC secure payment of a short-range wireless communication NFC mobile terminal, comprising: encrypting a hardware encryption chip in a process of performing NFC payment by using the baseband processing chip and the NFC module by the NFC mobile terminal; An algorithm encrypts communication data between the baseband processing chip and the NFC module; 其中,所述硬件加密芯片连接在所述基带处理芯片和所述 NFC模 块之间; 所述加密算法在写入所述硬件加密芯片后自动熔断为不可读 状态。  The hardware encryption chip is connected between the baseband processing chip and the NFC module; the encryption algorithm is automatically blown into an unreadable state after being written into the hardware encryption chip. 9. 根据权利要求 8所述的方法, 其特征在于, 所述硬件加密芯片使用加 密算法对所述基带处理芯片和所述 NFC模块之间的通讯数据进行加密 之后, 还包括: The method according to claim 8, wherein the hardware encryption chip encrypts the communication data between the baseband processing chip and the NFC module by using an encryption algorithm, and further includes: 所述硬件加密芯片 -据本地预置的加密信息判断加密后的通讯数 据是否合法, 其中, 所述预置的加密信息在预置后自动熔断为不可读 状态;  The hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information, wherein the preset encryption information is automatically melted into an unreadable state after being preset; 在确定所述加密后的通讯数据为不合法的情况下, 所述硬件加密 芯片阻断所述基带处理芯片和所述 NFC模块之间的通讯。  In the case where it is determined that the encrypted communication data is illegal, the hardware encryption chip blocks communication between the baseband processing chip and the NFC module. 10. 根据权利要求 9所述的方法, 其特征在于, 所述硬件加密芯片根据本 地预置的加密信息判断加密后的通讯数据是否合法包括: The method according to claim 9, wherein the hardware encryption chip determines whether the encrypted communication data is legal according to the locally preset encryption information, including: 所述硬件加密芯片判断所述加密后的通讯数据中是否包含有用户 信息; 当所述硬件加密芯片确定所述通讯数据中包含有用户信息时, 通 过判断所述用户信息中的加密信息与所述预置的加密信息是否匹配来 判断加密后的通讯数据是否合法。 The hardware encryption chip determines whether the encrypted communication data includes user information; When the hardware encryption chip determines that the communication data includes user information, it is determined whether the encrypted communication data is legal by determining whether the encrypted information in the user information matches the preset encryption information.
PCT/CN2011/070238 2010-10-14 2011-01-13 Near field communication (nfc) mobile terminal and method for implementing nfc secure payment Ceased WO2012048538A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2010105070943A CN101980309B (en) 2010-10-14 2010-10-14 Near field communication (NFC) mobile terminal and NFC safety payment realizing method
CN201010507094.3 2010-10-14

Publications (1)

Publication Number Publication Date
WO2012048538A1 true WO2012048538A1 (en) 2012-04-19

Family

ID=43600811

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/070238 Ceased WO2012048538A1 (en) 2010-10-14 2011-01-13 Near field communication (nfc) mobile terminal and method for implementing nfc secure payment

Country Status (2)

Country Link
CN (1) CN101980309B (en)
WO (1) WO2012048538A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685073B (en) * 2011-03-11 2016-04-27 中国移动通信集团公司 Safe payment method and mobile terminal
CN102404025B (en) * 2011-11-16 2016-09-07 中兴通讯股份有限公司 A kind of terminal and the method processing payment transaction
CN103001773B (en) * 2012-11-28 2015-07-01 鹤山世达光电科技有限公司 Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
CN104883258A (en) * 2015-02-06 2015-09-02 北京旅之星业新技术有限公司 Wireless password transmission method for encrypted mobile storage
CN114626855B (en) * 2020-12-11 2025-09-09 展讯半导体(南京)有限公司 Service processing method and device on intelligent terminal

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101154281A (en) * 2006-09-30 2008-04-02 联想(北京)有限公司 Method and mobile device for migrating finance data in smart card
US20080162361A1 (en) * 2006-12-29 2008-07-03 Motorola, Inc. Method and system for monitoring secure application execution events during contactless rfid/nfc communication
CN101222711A (en) * 2008-02-02 2008-07-16 代邦(江西)制卡有限公司 Mobile communication network system supporting virtual SIM card and authentication method thereof
WO2010032215A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The system and method of contactless authorization of a payment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101154281A (en) * 2006-09-30 2008-04-02 联想(北京)有限公司 Method and mobile device for migrating finance data in smart card
US20080162361A1 (en) * 2006-12-29 2008-07-03 Motorola, Inc. Method and system for monitoring secure application execution events during contactless rfid/nfc communication
CN101222711A (en) * 2008-02-02 2008-07-16 代邦(江西)制卡有限公司 Mobile communication network system supporting virtual SIM card and authentication method thereof
WO2010032215A1 (en) * 2008-09-19 2010-03-25 Logomotion, S.R.O. The system and method of contactless authorization of a payment

Also Published As

Publication number Publication date
CN101980309B (en) 2013-06-12
CN101980309A (en) 2011-02-23

Similar Documents

Publication Publication Date Title
JP5289460B2 (en) System and method for secure communication in a near field communication network
US9288192B2 (en) System and method for securing data from a remote input device
US8136731B2 (en) Controlling connectivity of a wireless smart card reader
KR100689504B1 (en) Content Delivery Protection Device
JP4805935B2 (en) Bootstrap authentication with a distinguished random challenge
US7912027B2 (en) Controlling visibility of a wireless device in discoverable mode
WO2019007252A1 (en) Control method and apparatus
JP2008512966A5 (en)
WO2012048538A1 (en) Near field communication (nfc) mobile terminal and method for implementing nfc secure payment
JP4242657B2 (en) Secure remote subscription module access
US7796979B2 (en) Controlling visibility of a wireless device
CN103780387A (en) Hardware security module, security terminal and realizing method of security terminal
KR20190047557A (en) Earphone Device for Providing OTP by using Asynchronous Local Area Radio Communication
KR101846646B1 (en) Method for Providing Security Communication based on Asynchronous Local Area Radio Communication
CA2554325C (en) Controlling visibility of a wireless device in discoverable mode
KR101777044B1 (en) Card for Generating One Time Password based on Asynchronous Local Area Radio Communication
KR101777041B1 (en) Method for Generating One Time Password based on Asynchronous Local Area Radio Communication
KR101777042B1 (en) Card for Generating Electronic Signature based on Asynchronous Local Area Radio Communication
KR101513434B1 (en) Method and Module for Protecting Key Input
KR101777043B1 (en) Method for Generating Electronic Signature based on Asynchronous Local Area Radio Communication
CN1933635B (en) Controlling visibility of a wireless device
KR101513435B1 (en) Method for Protecting Key Input, and Device for Key Input Protection
KR20190047558A (en) Method for Providing One Time Password by using Asynchronous Local Area Radio Communication of Earphone Device
KR101704249B1 (en) Method for Controlling Integrated Circuit Chip by using Distributed Processing
KR20060045669A (en) Method for managing communication security in a wireless network and apparatus therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11831935

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11831935

Country of ref document: EP

Kind code of ref document: A1