Demands on password protection in cell phone payment become increasingly higher and higher as payment with cell phone prevails. In payment with a cell phone, a security IC chip is generally used to store information on user's ID or bank card, to verify the input password and to generate encrypted payment information, so as to ensure the safety of payment.
FIG. 1 shows a schematic structural view of an existing payment cell phone. As shown in the figure, the payment cell phone comprises an input device 10, a cell phone CPU 11 and a security IC chip 12.
Typically, information exchange between IC chip and outside is accomplished through executing command-response. Various commands provided by IC chip are the only one legitimate means for interacting between outside and the IC card. IC applied commands refer to those commands that fit demands on such type of IC chip communication interface.
Users enter a password via the input device 10 and cell phone CPU 11 processes the password, and afterward an IC applied command containing the password is sent to the security IC chip.
Conventionally, two ways are adopted for the security IC chip to process the IC applied commands:
First way: The security IC chip acquires a payment password according to the IC applied command and encrypts the payment password, and then the cell phone CPU 11 uses communication interface (not shown) of the cell phone system to send the encrypted password to a bank server for verifying the payment password.
Second way: The security IC chip acquires a payment password according to the IC applied command and makes a comparison between the acquired payment password and another payment password that has been stored in advance in the IC chip so as to verify the correctness of the payment password. After the verification is approved, other cryptographic keys in the IC chip are used to encrypt and sign the payment information that is transmitted previously by payment software. Then, the cell phone CPU 11 uses the communication interface (not shown) of the cell phone system to send the encrypted and signed payment information to bank server for verifying the legality of the payment information.
However, the above ways is equivalent to physically place the user's ID information or the band card information at the cell phone terminal. When the operating system of the cell phone is completely controlled by malicious software, leakage of password will occur since the password can be captured by malicious software in the course of entering the password.
When the malicious software has acquired the password, it can actively conduct payment transactions since the user's ID information or the band card information contained in the IC chip is not physically removed from the cell phone. Therefore, the safety of payment cannot be guaranteed.