Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof

A mobile communication device and trusted computing technology, applied in the fields of information security and biometric identification, can solve the problems of inability to perform remote payment and low security, and achieve the effect of mobile on-site payment, security and high security.

Inactive Publication Date: 2011-03-16
HANGZHOU SYNOCHIP DATA SECURITY TECH CO LTD
2 Cites 36 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0014] The existing mobile payment methods are low in security and can only be used for ...
View more

Method used

As shown in Figure 3, this trusted computing platform chip that can be applied to mobile communication equipment combines the high security of TPM with short-distance transmission technology, and the addition of fingerprint technology makes equipment and people bind, Greatly strengthen the security of the SIM card. The focus of the invention is to add a fingerprint processing engine module, a SCSI interface module suppo...
View more

Abstract

The invention relates to a trusted computing platform chip applicable to mobile communication equipment and an authentication method thereof. The trusted computing platform chip is provided with a secret key generating module based on a public key infrastructure (PKI) system, a data high-speed encrypting and deciphering engine module, a data safe memory module, a chip physical protection module, a fingerprint processing engine module, a small computer system interface (SCSI) interface module and a near field transmission module, wherein the SCSi interface module and the near field transmission module support the operation of a subscriber identity module (SIM) card; the fingerprint processing engine module, the SCSI interface module and the short-distance transmission module are connected with a communication bus; and the chip is encapsulated into an SIM card form or a trusted platform module (TPM) form. The trusted computing platform chip has the advantages that a TPM technique is combined with a fingerprint identification technique; the TPM technique is combined with mobile payment; the function of the TPM and mobile site payment is realized in one chip by a near field communication technique; the transaction security is simultaneously enhanced by adding the fingerprint technique; and the remote payment is realized by combining a wireless application protocol (WAP) 2.0 technique.

Application Domain

Public key for secure communicationUser identity/authority verification

Technology Topic

Public key infrastructureFingerprint +15

Image

  • Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
  • Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
  • Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof

Examples

  • Experimental program(1)

Example Embodiment

[0060] The present invention will be further explained below in conjunction with the drawings and embodiments:
[0061] Such as image 3 As shown, this trusted computing platform chip that can be applied to mobile communication devices combines the high security of TPM with short-distance transmission technology, and the addition of fingerprint technology enables the binding of devices and people, which greatly strengthens the SIM card safety. The focus of the present invention is to add a fingerprint processing engine module, a SCSI interface module supporting SIM card operation, and a short-distance transmission module on the common TPM chip. The fingerprint processing engine module, the SCSI interface module and the short-distance transmission module are all connected to the communication bus, and the chip is packaged in the form of a SIM card or TPM, and supports both contact and non-contact operations. The common short-distance transmission modules are RF, DI and NFC.
[0062] When used as a SIM card, the PIN package is like Figure 4 Shown: According to the ISO/IEC7816 standard, the SIM card usually has 8 contacts C1~C8, and the ordinary SIM card usually only uses 5 contacts of C1, C2, C3, C5, C7, which increases the short distance The card of the transmission module also needs to use the two contacts C4 and C8 as the antenna.
[0063] The pin definition is as follows:
[0064] Table 1 Mobile payment SIM card pin definition
[0065] Pin
[0066] Due to the addition of fingerprint operations, the requirements for memory and speed are higher, so this chip needs to run at a higher frequency, and there is a special fingerprint processing engine, and the RAM area is also enlarged to handle fingerprints.
[0067] According to unused applications, when the chip is used in electronic wallets or other small payments, it does not need to be authenticated; but when large payments such as transfers or remote payments are used, identity verification is required.
[0068] The method for authenticating a trusted computing platform chip applicable to mobile communication equipment according to the present invention has the following specific steps:
[0069] (1) Before making a mobile payment, the mobile phone generates a pair of public and private keys and the corresponding certificate issued by the CA. After the user has his own certificate, the subsequent mobile payment operation is performed. Every time the user logs in to the mobile payment service system Before, the user’s identity authentication is required;
[0070] (2) After the identity authentication is passed, the user uses the payment system to make mobile payments. Since it is a small payment, there is no need to verify fingerprints; when paying near the scene, it is the same as the existing mobile payment method. For remote payment, identity authentication is required; existing mobile payments do not support online banking operations. Based on the high security of TPM, this chip can be used for online banking operations on the Internet. Most of the current mobile phones support WAP2.0. Compared with WAP1.x, WAP2.0 enhances the end-to-end security and uses TLS (Transport Layer Security Protocol) for communication. TLS uses the PKI system for handshake and verification, so the requirements for security chips are higher. Must support RSA and HASH algorithms. The traditional SIM chip only supports symmetric algorithms and does not require high speed, which is completely consistent with the TPM chip.
[0071] (3). In the above PKI-based operations, fingerprints are required before each request. The fingerprint processing engine module realizes fingerprint feature entry and fingerprint comparison (the fingerprint entry process is as follows: Figure 5 As shown, the fingerprint matching process is as follows Image 6 (Shown), in the SCSI protocol, the operation instructions for fingerprints are added, and the password-based security system is upgraded to a security system that supports fingerprints. This SCSI command is independent of the existing SCSI command set, but adds support for fingerprint commands to the existing command set. Because the chip interface packaged into the SIM card is limited, fingerprints cannot be collected, so the fingerprint collection is in the main control chip After the acquisition is completed, the image is imported into the chip for comparison. Therefore, it is necessary to add two commands: import picture and search. The fingerprint-based verification method is as follows: the main control chip collects the fingerprint image and imports it into the SIM card chip to extract features and Search for comparison, follow up operations only after the comparison is passed (such as Figure 7 Shown).
[0072] With the addition of the PKI system, mobile payment providers need to support the CA certificate system. Before making a mobile payment, the mobile terminal needs to generate a pair of public and private keys and the corresponding certificate issued by the CA in order to perform subsequent mobile payment operations. The process of generating public and private keys and certificates on the mobile phone is as follows (e.g. Figure 8 Shown):
[0073] (1) The user sends an authentication request, and the request carries user information;
[0074] (2) The CA server authenticates the user's identity through the operator's BOSS system;
[0075] (3) After passing the authentication, return confirmation to the mobile phone;
[0076] (4) The key generation module on the mobile phone generates a pair of public and private key pairs (SK, PK);
[0077] (5) The mobile phone encrypts the generated public key PK and user information with the public key of the CA, and sends it to the CA server to request a certificate;
[0078] (6) After the CA server receives the request, it generates a user certificate and sends the generated certificate to the mobile phone. The certificate contains the signature of the CA server;
[0079] (7) After the mobile phone receives the certificate, it uses the public key of the CA server to verify the signature. If the verification passes, it means that the certificate has been successfully generated and save it.
[0080] After the user has his own certificate, he can make mobile payment. Before the user logs into the mobile payment service system each time, the user's identity authentication is required. The identity authentication process is as follows (such as Picture 9 Shown):
[0081] (1) The mobile phone sends an access request, and the request contains user information;
[0082] (2) The payment system generates a random number R, encrypts it with the user's public key ER=Enc(R, PK), and sends ER to the mobile phone;
[0083] (3) The mobile phone receives the encrypted random number ER, uses its private key SK to decrypt ER to obtain R, and encrypts the decrypted random number with the public key of the payment system DER=Enc(R, PK), Return to the payment system;
[0084] (4) After receiving the DER, the payment system decrypts it with its own private key, and verifies whether the random number R'is equal to R. If it is, the user's identity authentication is passed.
[0085] After passing the identity authentication, users can use the payment system to make mobile payments. The digital signature payment process is as follows (such as Picture 10 Shown):
[0086] (1) The user signs the purchase information instruction TxT with his own private key SK SignedTXT=Sign(TxT, SK), and sends it to the payment system, along with basic user information; such as user ID and mobile phone number Wait.
[0087] (2) The payment system finds the user's certificate based on the user's information, and verifies the validity period information of the certificate;
[0088] (3) The payment system then uses the public key PK in the user certificate to decrypt SignedTXT to verify whether the user's signature is correct;
[0089] (4) After the verification is passed, follow-up payment operations are performed.
[0090] In the mobile payment process, a secure channel needs to be established before the conversation. The establishment of a secure channel involves the encryption and decryption process in the public key system. The process is as follows (such as Picture 11 Shown):
[0091] (1) The server generates a random number R as the session key between the mobile phone and the server, and encrypts R with the user's public key PK ER=Enc(R, PK);
[0092] (2) The server uses R to encrypt the session content TXT that needs to be encrypted, CyberTXT=Enc(TXT, R);
[0093] (3) The server sends ER and CyberTXT to the mobile phone.
[0094] (4) After receiving the mobile phone, use the private key to decrypt the ER to obtain the session key R;
[0095] (5) The mobile phone uses R to decrypt CyberTXT to obtain TXT.
[0096] The above solution combines the PKI technology in TPM with SIM card technology and near-field communication technology to achieve the purpose of on-site mobile payment and remote mobile payment. At the same time, the addition of fingerprint technology enables the authentication-based method to achieve the goal of people and things. Unification has achieved real safety based on people.
[0097] Term explanation:
[0098] TPM: Trusted Platform Module (trusted platform module);
[0099] TCM: Trusted Cryptography Module (trusted cryptography module);
[0100] TCG: Trusted Computing Group (Trusted Computing Group);
[0101] DI: Double Interface (dual interface);
[0102] NFC: Near Field Communication (near field communication);
[0103] RF: Radio Frequency (radio frequency);
[0104] PKI: Public Key Infrastructure (public key infrastructure).
[0105] In addition to the above-mentioned embodiments, the present invention can also have other embodiments. All technical solutions formed by equivalent replacements or equivalent transformations fall within the protection scope of the present invention.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Multifunctional carry-on power supply

InactiveCN101202462Aimprove securityIncrease charging capacity
Owner:NANKAI UNIV

Classification and recommendation of technical efficacy words

  • achieve security
  • improve security

Safe mechanical joint with adjustable stiffness of magnetorheological fluid clutch

InactiveCN101293351Aachieve securityGuaranteed motion accuracy
Owner:SHANGHAI JIAO TONG UNIV

WAPI-based authentication method of wireless mesh network

InactiveCN101448262Aachieve security
Owner:GCI SCI & TECH

Method and device for information processing

InactiveCN106485498Aimprove securityachieve security
Owner:NUBIA TECHNOLOGY CO LTD

Anti-theft electric bicycle battery bin and electric bicycle with same

InactiveCN107512330Aachieve securitySimple and reasonable structural design
Owner:南京向宇互联网科技有限公司

Shutdown purging method of fuel cell system, fuel cell system and vehicle

PendingCN114447377AEnsuring Sufficiency and Suitabilityachieve security
Owner:BEIJING SINOHYTEC

Pesticide micro-capsule granules and preparation method thereof

InactiveCN102100229Alow toxicityimprove security
Owner:联合国南通农药剂型开发中心 +1

Method for achieving user authentication by utilizing camera

InactiveCN103678984Aimprove securityGuaranteed picture quality
Owner:湖北微模式科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products