| CPC H04L 9/0656 (2013.01) [G06Q 20/322 (2013.01); G06Q 20/3823 (2013.01); G06Q 20/3829 (2013.01); H04L 9/3239 (2013.01); H04L 2209/56 (2013.01)] | 20 Claims |
|
1. A processor-implemented mobile payment method performed, by one or more processors of an electronic device, the method comprising:
generating, corresponding to a cryptography original one-time pad (OTP) key that is based on a plurality of true random numbers, a decrypted OTP key by decrypting a received encrypted OTP key for representing an encryption result of the original OTP key;
generating a first cryptographic hash by applying a cryptographic hash function to payment data corresponding to a current payment transaction between the electronic device and a commerce device, wherein the cryptographic hash function is configured to generate the first cryptographic hash to be uniquely representative of the payment data for guaranteeing an integrity of the payment data;
generating an encrypted payment token by encrypting the payment data concatenated with the first cryptographic hash using the decrypted OTP key, and transmitting the encrypted payment token to the commerce device; and
selectively, based on a decrypted portion of the encrypted payment token corresponding to the first cryptographic hash and a decrypted different portion of the encrypted payment token corresponding to the encrypted payment data using the original OTP key, confirming a payment of the current payment transaction to the commerce device, including:
receiving verification information representing whether a first decryption result matches a second cryptographic hash generated from a second decryption result using the cryptographic hash function, for confirming whether the integrity of the payment data is guaranteed;
confirming the payment when the received verification information represents that the first decryption result matches a second hash value and that the integrity of the payment data is guaranteed; and
not confirming the payment when the received verification information represents that the first decryption result does not match the second hash value and the integrity of the payment data is not guaranteed.
|