A kind of mobile device authentication method based on point-of-sale terminal
Technical field
The present invention relates to a kind of method for authenticating, more particularly, to a kind of mobile device authentication method based on point-of-sale terminal.
Background technology
With expanding economy, scientific and technical progress, what people differentiated to moving down the line payment, ticket verification and identity
Demand is also more and more stronger.Authentication means typically use smart card under line at present, particularly double interface C PU chip cards, including
Contact IC (integrated circuits:Integrated Circuit) and contactless NFC (wireless near field communications:Near
Field Communication) two kinds of communication modes, due to possessing independent microprocessor chip, storage unit (bag inside it
Include random access memory ram, program memory ROM, user data memory EEPROM and flash memory FLASH) and chip operation system
Unite COS, its security gains public acceptance, so as to be largely used to identification, the means of payment, encrypting and decrypting and security information
The fields such as storage.As China's Golden Card Program deepens continuously to industry-by-industry, smart card issuing amount is more than 10,000,000,000, main application
In industries such as identity card, telecommunications, finance, public transport, campus, social security and medical treatment, people often possess multiple cards at the same time, such as
Bank card, mass transit card and member card of different bank etc., are not easy to management and use.Therefore, people are highly desirable to one kind more just
Prompt, safety authentication means.On the other hand, for Xian Xia trade companies, traditional point-of-sale terminal (POS:Point Of Sale)
Polytype authentication request can not be supported in the case where not carrying out software and hardware upgrading, be not easy to carry out multifarious marketing work
It is dynamic.
The content of the invention
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind is based on point-of-sale terminal
Mobile device authentication method, have improve user use convenience, the security of reinforced authentication data and increase authentication in
The advantages that diversity of appearance.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of mobile device authentication method based on point-of-sale terminal includes:
Step S1:The financial account for binding a banking system in mobile equipment continues to bind other accounts as primary account number
Number conduct time account, secondary account is corresponding with time account management side's server, move equipment by with credible bank service manager
Server communication obtains the authentication code generated by primary account number manager server, and the authentication code is corresponding with binding account, is used for
Identify the authentication content that mobile payment, ticket verification and identity differentiate;
Step S2:Point-of-sale terminal initiates payment request to mobile equipment, and mobile equipment selectes one after personal identification
A account of having bound obtains corresponding authentication code, and be based on primary account number and the virtual master of authentication code encryption generation as authentication account
Account, the payment request that point-of-sale terminal is initiated is responded by way of short-haul connections by the use of virtual primary account number as primary account number;
Step S3:Point-of-sale terminal is by the payment request containing virtual primary account number through receiving single file server and card organization server
It is transmitted to primary account number manager's server;
Step S4:Primary account number manager server decrypts payment request, and generation authentication code checking request is transmitted to credible silver
Row service management side server;
Step S5:Credible bank service manager server generates the first authentication request according to authentication code checking request, and
The authentication corresponding primary account number manager server of account or secondary account management side's server are transmitted to, obtains the first mirror fed back to
Weigh requests verification result;
Step S6:Credible bank service manager server judges whether to need to give birth to according to the first authentication request verification result
Into the second authentication request, if so, step S7 is performed, if it is not, performing step S8;
Step S7:Credible bank service manager server generates the second authentication request, and is transmitted to primary account number manager
Server, obtains the second authentication request verification result fed back to;
Step S8:Credible bank service manager server generates authentication code checking request according to authentication request verification result
Verification result, and feed back to primary account number manager server and mobile equipment;
Step S9:Primary account number manager server generates payment request verification knot according to authentication code checking request verification result
Fruit, and through card organization server and receive single file server feedback time point-of-sale terminal.
Other described accounts include but not limited to the financial account of banking system, the financial account of non-banking system, electronics
The certification account that the trade company's account and personal identification of ticket prove.
The authentication code includes but not limited to account authentication code and ticket authentication code;
The acquisition pattern of the account authentication code is:After mobile equipment successfully binds account, managed by credible bank service
Square server initiates the generation request of account authentication code, the generation of primary account number manager server for encrypting to primary account number manager server
Account authentication code feeds back to credible bank service manager server, then is handed down to shifting by credible bank service manager server
Dynamic equipment;
The acquisition pattern of the ticket authentication code is:Mobile equipment according to the information that electronic bill and personal identification prove to
Credible bank service manager server initiates the generation request of ticket authentication code, is forwarded by credible bank service manager server
Primary account number manager's server is given, primary account number manager server for encrypting generation ticket authentication code feeds back to credible bank service pipe
Reason side's server, then mobile equipment is handed down to by credible bank service manager server.
The payment request is divided into the first payment request and the second payment request;
First payment request refers to:By real consumption amount of money input transaction amount, mobile equipment selection on point-of-sale terminal
After authenticating account, primary account number and corresponding authentication code encryption are generated virtual primary account number and responded by mobile equipment;
Second payment request refers to:By the specified amount input transaction amount of agreement on point-of-sale terminal, user is in movement
After equipment selection authentication account, primary account number and corresponding authentication code encryption are generated virtual primary account number and rung by mobile equipment
Should.
The virtual primary account number is that generation is encrypted on the basis of the banking system financial account of primary account number has been bound, gold
Melt the digit Q of account1And the digit Q of virtual primary account number2It is both needed to digit the collection Q, i.e. Q for meeting card organization prescribed1,Q2∈ Q, Q ∈
{16,17,18,19}。
The content of the financial account includes but not limited to bank identifier code (BIN:Bank Identification
Number), account identification code, client's serial number and check code, wherein:
The bank identifier code field includes n1Bit digital, is denoted as B, n1=6;
The account identification code field includes n2Bit digital, is denoted as S, if bank identifier code field be used for identify whether for
Virtual primary account number, and account identification code is without other identification purposes, then n2=0, i.e., account identification code is not shown in financial account
Field, otherwise, n2∈ { 1,2,3,4 }, account identification code can be used for identifying whether as virtual primary account number, or provide gold for identifying
Melt the branch of account, it can also be used to other self-defined identification functions;
Client's serial number field includes n3Bit digital, is denoted as L, n3∈ { 5,6 ..., 12 }, for identifying user's body
Part;
The check code field is by (the n before this by card organizational standard1+n2+n3) bit digital passes through Luhn algorithm meters
1 bit digital drawn, is denoted as J, then Q1=n1+n2+n3+ 1, financial account is B+S+L+J.
The virtual primary account number includes but not limited to bank identifier code, account identification code, authentication code and check code, its
In:
The bank identifier code field includes n1Bit digital, is denoted as B, n1=6;
The account identification code field includes n2Bit digital, is denoted as S, if bank identifier code field be used for identify whether for
Virtual primary account number, and account identification code is without other identification purposes, then n2=0, i.e., account identification code is not shown in financial account
Field, otherwise, n2∈ { 1,2,3,4 }, account identification code can be used for identifying whether as virtual primary account number, or provide gold for identifying
Melt the branch of account, it can also be used to other self-defined identification functions;
The authentication code field includes n4Bit digital, is denoted as X, n4∈{5,6,...,12};
The check code field is by (the n before this by card organizational standard1+n2+n4) bit digital passes through Luhn algorithm meters
1 bit digital drawn, is denoted as J', then Q2=n1+n2+n4+ 1, virtual primary account number is B+S+X+J', B, S of virtual primary account number
Field is identical with B, S field of financial account.
The encryption generation of the virtual primary account number includes off-line mode and on-line mode.
The off-line mode is:Mobile equipment is equipped with secure storage module, is preserved by secure storage module and is used to decrypt mirror
The key and authentication code of weighted code, and the virtual main account of generation is encrypted together with primary account number after decrypting corresponding authentication code when paying
Number;
Corresponding off-line encryption generates the step of virtual primary account number and is:
1) authentication code of secure storage module is stored in using secret key decryption;
2) the bank identifier code of primary account number, account identification code and authentication code are arranged as 15~18 bit digitals in order;
3) 1 bit check code is calculated with Luhn algorithms according to this 15~18 bit digital;
4) check code is arranged sequentially last position, generates virtual primary account number, complete off-line encryption generation.
The on-line mode is:Mobile equipment is initiated virtual primary account number to credible bank service manager server online and is given birth to
Into request, credible bank service manager server judges the corresponding mirror for decrypting needs after virtual primary account number generation request effectively
Weighted code is sent to primary account number manager's server, primary account number manager server decryption authentication code, and by the authentication code after decryption
Encrypt the virtual primary account number of generation together with primary account number and feed back to credible bank service manager server, then pass through credible bank
Service management side's server is handed down to mobile equipment;
Corresponding on-line encryption generates the step of virtual primary account number and is:
1) mobile equipment initiates virtual primary account number generation request to credible bank service manager server online;
2) credible bank service manager server is judged corresponding authentication code after the generation request effectively of virtual primary account number
It is sent to primary account number manager's server;
3) primary account number manager server uses secret key decryption authentication code;
4) the bank identifier code of primary account number, account identification code and authentication code are arranged as 15 by primary account number manager server
~18 bit digitals;
5) 1 bit check code is calculated with Luhn algorithms according to this 15~18 bit digital;
6) check code is arranged sequentially last position, generates virtual primary account number;
7) virtual primary account number is transmitted to credible bank service manager server by primary account number manager server;
8) virtual primary account number is handed down to mobile equipment by credible bank service manager server, completes on-line encryption life
Into.
The payment request includes but not limited to virtual primary account number, transaction amount, the exchange hour for meeting card organization prescribed
With trade company's code.
The personal identification includes but not limited to the body of numerical ciphers, word password, pattern password and biological characteristic
Part certification.
The short-haul connections mode is that contact or contactless data communication mode are carried out within 10 meters of distance ranges,
Including but not limited to contact IC communication modes, magnetic stripe communication mode, NFC communication mode and Blue-tooth communication method.
The authentication code checking request includes but not limited to authentication code, transaction amount, exchange hour and trade company's code;
First authentication request is based on corresponding with authentication code authentication content, transaction amount, exchange hour and trade company's generation
Code generation, for being authenticated to primary account number manager server corresponding with authentication code or the request of secondary account management side's server;
The authentication content generation that second authentication request can not be completed based on the first authentication request in payment request, is used for
Part payment transaction amount is asked to primary account number manager server.
A kind of mobile device authentication system based on point-of-sale terminal for realizing the above method includes mobile equipment, sale eventually
End, receive single file server, card organization server, primary account number manager server, credible bank service manager server and secondary
Account management side's server is sequentially connected, and the mobile equipment is also connected with credible bank service manager server.
The main functional modules of the mobile equipment include:
CPU, for controlling modules and computation key;
Short-range communications module, for point-of-sale terminal carry out short-range data communication, include but not limited to contact IC modules,
Magnetic stripe module, NFC module and bluetooth module;
First remote communication module, for passing through the networks such as WIFI and 2G/3G/4G mobile communication and credible bank service pipe
Reason side's server carries out remote data communication.
The mobile equipment further includes secure storage module, and secure storage module is used for secure storage key and authentication code,
Including but not limited to embedded-type security element (eSE:Embedded Secure Equipment) and credible performing environment (TEE:
Trusted Execution Environment) module, the key is obtains pair by way of bank counter/online download
The key of the primary account number manager's server mandate for the primary account number that should have been bound, for decrypting authentication code.Secure storage module makes
Equipment, which must be moved, locally to preserve key and authentication code, and off line decryption authentication code is carried out using key when needing to pay,
And off-line encryption generates virtual primary account number.
The main functional modules of the point-of-sale terminal include:
CPU, for controlling modules;
Short-range communications module, for carrying out short-range data communication with mobile equipment, include but not limited to contact IC modules,
Magnetic stripe module, NFC module and bluetooth module;
Second remote communication module, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and receipts single file
Server carries out remote data communication.
The receipts single file server main functional modules include:
CPU, for controlling modules;
Interim data storehouse, for secure storage interim data;
Second remote communication module, for whole with sale by the network such as WIFI, LAN and 2G/3G/4G mobile communication special line
End and card organization server are into row data communication.
The card organization server main functional modules include:
CPU, for controlling modules;
Interim data storehouse, for secure storage interim data;
Second remote communication module, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and receipts single file
Server and primary account number manager server are into row data communication.
The primary account number manager server main functional modules include:
CPU, for controlling modules and computation key;
First customer data base, for secure storage key and user related data, the key in the first customer data base
For encryption and decryption authentication code;
Payment data storehouse, for secure storage payment data;
Second remote communication module, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and card tissue
Server and credible bank service manager server are into row data communication.
The credible bank service manager server main functional modules include:
CPU, for controlling modules;
Second user database, for secure storage subscription authentication code and related data;
Second remote communication module, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and primary account number
Manager's server, secondary account management side's server and mobile equipment are into row data communication.
Secondary account management side's server main functional modules include:
CPU, for controlling modules;
Authorization data storehouse, for secure storage authorization data;
Second remote communication module, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and credible silver
Row service management side server is into row data communication.
Compared with prior art, the present invention has the following advantages:
1) virtual primary account number replacement real account numbers are generated by using authentication code to ask to respond the payment of point-of-sale terminal initiation
Ask, avoid the risk of real account numbers leakage, the security of mobile payment greatly improved.
2) in the case where not upgrading to point-of-sale terminal, according to the existing defined payment flow of card tissue and communication protocols
Discuss the account and ticket of each account management side are provided it is substantially compatible, solve user need to carry with multiple bank cards,
The problem of member card and identity document, also solving Third-party payment account and electronic bill can not ask what point-of-sale terminal authenticated
Topic, so as to improve the convenience that user uses;
3) it is used for the key of encryption and decryption authentication code, credible bank service manager by primary account number manager server admin
The major/minor account related data that server admin user has bound, key message is retained separately and managed, it is ensured that number of users
According to security, reduce because of hacker attack and caused by leaking data risk.
4) authorization data of each account management side's owning user is managed by credible bank service manager server centered,
Each account management side's stream compression is got through, so as to extend the inter-compatibility that authentication under line is applicable in scene.
5) it is used as data core, credible bank's clothes by adding credible bank service manager server in link is authenticated
Business manager server, primary account number manager server and secondary account management side's server tripartite, which network, carries out data exchange, from
And mobile payment, ticket verification and body are provided for account management side in the case where not carrying out software and hardware upgrading to point-of-sale terminal
The authentication functions such as part discriminating, greatly improve the diversity of account management side's authentication request content.
6) can be without networking, the direct virtual main account of off-line encryption generation in the owned secure storage module of mobile equipment
Number, on the one hand avoid and lead to not the problem of online because network environment is bad, on the other hand it also avoid data transfer mistake
The risk revealed in journey, improves convenience and security that user uses;
7) based on distribution operation system architecture, credible bank service manager server be only used for matching authentication code with
The relationship map and data relay of major/minor account management side's server, primary account number manager's server are only used for the life of authentication code
Into, the decryption of payment request, the generation of authentication code checking request and the verification of first and second authentication request, secondary account management side's clothes
Business device is only used for the verification of the first authentication request, and the server resource that will be distributed over everywhere is comprehensively utilized so that authentication
Request load is transferred to multiple nodes by individual node, on the one hand improves server operational efficiency, reduces operating pressure, separately
On the one hand reduce and lost caused by hacker attack or server failure, improve the security of system.
Brief description of the drawings
Fig. 1 is right discriminating system structure diagram in method for authenticating of the present invention;
Fig. 2 is method for authenticating flow chart of the present invention;
Fig. 3 is to realize that the method for authenticating for being used for mobile payment based on point-of-sale terminal is illustrated in embodiment one in an off-line
Figure;
Fig. 4 is to realize that the method for authenticating for being used for mobile payment based on point-of-sale terminal is illustrated in embodiment two in an off-line
Figure;
Fig. 5 is to realize that the method for authenticating for being used for mobile payment based on point-of-sale terminal is illustrated in embodiment three with on-line mode
Figure.
Fig. 6 is to realize the method for authenticating signal for being used for ticket verification based on point-of-sale terminal in example IV in an off-line
Figure;
Fig. 7 is to realize the method for authenticating signal for being used for ticket verification based on point-of-sale terminal in embodiment five in an off-line
Figure;
Fig. 8 is to realize the method for authenticating signal for being used for identity discriminating based on point-of-sale terminal in embodiment six in an off-line
Figure.
In figure:1st, mobile equipment, 2, point-of-sale terminal, 3, receive single file server, 4, card organization server, 5, primary account number management
Square server, 6, credible bank service manager server, 7, secondary account management side's server, 8, CPU, 9, secure storage mould
Block, 10, short-range communications module, the 11, first remote communication module, the 12, second remote communication module, 13, interim data storehouse, 14,
First customer data base, 15, payment data storehouse, 16, second user database, 17, authorization data storehouse.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention
Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to
Following embodiments.
Embodiment one
As shown in Figure 1, a kind of right discriminating system authenticated between mobile equipment and point-of-sale terminal that is used for realization includes:Movement is set
Standby 1, point-of-sale terminal 2, receipts single file server 3, card organization server 4, primary account number manager server 5, credible bank service pipe
Reason side's server 6 and time account management side's server 7 are sequentially connected, and mobile equipment 1 is also connected with credible bank service manager clothes
Business device 6.It is specifically described below:
Mobile equipment 1, mobile equipment 1, which includes but not limited to mobile phone, tablet computer, smart card and intelligent watch etc., to be had closely
The electronic equipment of journey communication function, for binding a primary account number and multiple secondary accounts, in the selected account bound as mirror
After weighing account, encryption generation is substituted in payment request for the virtual primary account number that mobile payment, ticket verification and identity differentiate
Required primary account number, and the payment request that point-of-sale terminal 2 is initiated is responded by way of short-haul connections, while receive credible bank
The authentication code checking request verification result that service management side's server 6 is fed back.
1) mobile 1 main functional modules of equipment include:
CPU8, for controlling modules and computation key;
Secure storage module 9, secure storage module 9 are used for secure storage key and authentication code, including but not limited to embedded
Formula safety element and credible performing environment module, the key have been tied up to obtain correspondence by way of bank counter/online download
The key that the primary account number manager server 5 of fixed primary account number authorizes, for decrypting authentication code, secure storage module 9 is so that move
Dynamic equipment 1 can locally preserve key and authentication code, carry out off line decryption authentication code using key when needing to pay, and take off
Machine encryption generates virtual primary account number;
Short-range communications module 10, for carrying out short-range data communication with point-of-sale terminal 2, includes but not limited to contact IC moulds
Block, magnetic stripe module, NFC module and bluetooth module;
First remote communication module 11, for passing through the networks such as WIFI and 2G/3G/4G mobile communication and credible bank service
Manager's server 6 carries out remote data communication.
2) point-of-sale terminal 2, for initiating payment request, while receive the payment request verification result fed back to.
The main functional modules of point-of-sale terminal 2 include:
CPU8, for controlling modules;
Short-range communications module 10, for carrying out short-range data communication with mobile equipment 1, includes but not limited to contact IC moulds
Block, magnetic stripe module, NFC module and bluetooth module;
Second remote communication module 12, for single with receiving by the network such as WIFI, LAN and 2G/3G/4G mobile communication special line
Row server 3 carries out remote data communication.
3) single file server 3 is received, for forwarding payment request, the card tissue belonging to it is judged by bank identifier code
Afterwards, payment request is transmitted to corresponding card organization server 4, while forwards the payment request fed back to test to point-of-sale terminal 2
Demonstrate,prove result.
Receiving 3 main functional modules of single file server includes:
CPU8, for controlling modules;
Interim data storehouse 13, for secure storage interim data;
Second remote communication module 12, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and sale
Terminal 2 and card organization server 4 are into row data communication.
4) card organization server 4, for forwarding payment request, the primary account number pipe belonging to it is judged by bank identifier code
Behind reason side, payment request is transmitted to corresponding primary account number manager server 5, while feed back to the forwarding of single file server 3 is received
The payment request verification result returned.
4 main functional modules of card organization server include:
CPU8, for controlling modules;
Interim data storehouse 13, for secure storage interim data;
Second remote communication module 12, for single with receiving by the network such as WIFI, LAN and 2G/3G/4G mobile communication special line
Row server 3 and primary account number manager server 5 are into row data communication.
5) primary account number manager server 5, for receiving the payment request of the forwarding of card organization server 4, by payment request
Authentication code is obtained after decryption, generation authentication code checking request is transmitted to credible bank service manager server 6;According to credible silver
The authentication request that row service management side server 6 is sent accordingly is authenticated, and feeds back to authentication request verification result;According to credible
The authentication code checking request verification result generation payment request verification result that bank service manager server 6 is fed back, to card group
Knit server 4 and feed back to payment request verification result.
5 main functional modules of primary account number manager server include:
CPU8, for controlling modules and computation key;
First customer data base 14, for secure storage key and user related data, in the first customer data base 14
Key is used for encryption and decryption authentication code;
Payment data storehouse 15, for secure storage payment data;
Second remote communication module 12, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and card group
Server 4 and credible bank service manager server 6 are knitted into row data communication.
6) credible bank service manager server 6, the authentication code for receiving the transmission of primary account number manager server 5 are tested
Card request, generates corresponding authentication request according to authentication code checking request and is transmitted to the corresponding primary account number manager of authentication account
Server 5 or secondary account management side's server 7, and then the authentication request verification result fed back to is obtained, tested according to authentication request
The verification result of result generation authentication code checking request is demonstrate,proved, and feeds back to primary account number manager server 5 and mobile equipment 1.
Credible 6 main functional modules of bank service manager server include:
CPU8, for controlling modules;
Second user database 16, for secure storage subscription authentication code and related data;
Second remote communication module 12, for passing through the network such as WIFI, LAN and 2G/3G/4G mobile communication special line and main account
Number manager's server 5, secondary account management side's server 7 and mobile equipment 1 are into row data communication.
7) secondary account management side's server 7, please for receiving the authentication that credible bank service manager server 6 is sent
Ask, authentication request verification result is fed back to according to authentication request.
Secondary 7 main functional modules of account management side's server include:
CPU8, for controlling modules;
Authorization data storehouse 17, for secure storage authorization data;
Second remote communication module 12, for by the network such as WIFI, LAN and 2G/3G/4G mobile communication special line with it is credible
Bank service manager server 6 is into row data communication.
As shown in Fig. 2, realize that the mobile device authentication method based on point-of-sale terminal includes using above-mentioned right discriminating system:
Step S1:The financial account for binding a banking system in mobile equipment 1 continues to bind other accounts as primary account number
Number conduct time account, secondary account is corresponding with time account management side's server 7, move equipment 1 by with credible bank service management
The square communication of server 6 obtains the authentication code generated by primary account number manager server 5, and authentication code is corresponding with binding account, is used for
Identify the authentication content that mobile payment, ticket verification and identity differentiate.
Wherein, primary account number includes but not limited to the finance of the banking systems such as bank deposit card account, bank card account
Account;Secondary account includes but not limited to the financial account (bank deposit card account, bank card account etc.), non-of banking system
The financial account (Third-party payment account, prepaid card account etc.) of banking system, trade company's account (electronic motion picture of electronic bill
Ticket, electronics delivery of cargo certificate etc.) and personal identification proof certification account (personal identity card, gate inhibition's identity etc.).
Authentication code includes but not limited to corresponding with major/minor account account authentication code and ticket authentication code.
The acquisition pattern of account authentication code is:After mobile equipment 1 successfully binds account, taken by credible bank service manager
Business device 6 initiates the generation request of account authentication code to primary account number manager server 5, and primary account number manager server 5 uses key
Encryption generation account authentication code feeds back to credible bank service manager server 6, then is serviced by credible bank service manager
Device 6 is handed down to mobile equipment 1, the account authentication code that locally preserves need periodically by credible bank service manager server 6 to
The request renewal of primary account number manager server 5.Therefore, account authentication code has correspondence with the account bound.
The acquisition pattern of ticket authentication code is:User obtains electronic bill and a by the mode such as buying, transferring the possession of and exchange
The information of people's proof of identification, mobile equipment 1 is according to the information that electronic bill and personal identification prove to credible bank service management
Square server 6 initiates the generation request of ticket authentication code, and primary account number manager is transmitted to by credible bank service manager server 6
Server 5, primary account number manager server 5 encrypt generation ticket authentication code using key and feed back to credible bank service manager
Server 6, then mobile equipment 1 is handed down to by credible bank service manager server 6.Wherein, the information of electronic bill includes
But electronic motion picture ticket, electronic entrance ticket, electronics delivery of cargo certificate and electronics coupons etc. are not limited to by electronically generating, transmitting, protecting
The electronic bill information data deposited and used.The information that personal identification proves includes but not limited to electronic ID card, electronic access
Identity card etc. passes through the personally identifiable information data that electronically generate, transmit, preserve and use.
Primary account number manager server 5 and mobile equipment 1 are equipped with for encrypting, decrypting being added based on asymmetric for authentication code
The key of close algorithm, key is with elliptic curve encryption algorithm (ECC in the present embodiment:Elliptic Curves Cryptography) be
ECC keys are used for encrypted authentication code and pass through credible bank service manager server 6 by example, primary account number manager server 5
Mobile equipment 1 is handed down to, authentication code is stored in safe storage module by mobile equipment 1, when needing to pay again by ECC keys
Decrypt corresponding authentication code.
Step S2:When user is authenticated, point-of-sale terminal 2 initiates payment request to mobile equipment 1, and mobile equipment 1 is through a
One is selected after people's authentication and has bound account as authentication account, obtains corresponding authentication code, and be based on primary account number and mirror
Weighted code encryption generates virtual primary account number, and point-of-sale terminal is responded by the use of virtual primary account number as primary account number by way of short-haul connections
2 payment requests initiated.Virtual primary account number is that mirror is combined on the basis of the banking system financial account of primary account number has been bound
Weighted code encryption generation.
Wherein, it is special to include but not limited to numerical ciphers, word password, pattern password and biology for the mode of personal identification
By way of sign (such as fingerprint, vocal print and iris) etc. completes authentication the reserved information of individual or biological characteristic.Short range
Communication mode including but not limited to contacts to carry out contact or contactless data communication mode within 10 meters of distance ranges
Formulas I C communication modes, magnetic stripe communication mode, NFC communication mode and Blue-tooth communication method.
The content that the payment request that point-of-sale terminal 2 is initiated is included includes but not limited to virtual primary account number, transaction amount, friendship
The data of the easy card organization prescribed such as time and trade company's code, trade company's code are used for the point-of-sale terminal 2 for identifying different trade companies.Paying please
Ask and be divided into the first payment request and the second payment request;
First payment request refers to that the amount of money that the operating personnel of point-of-sale terminal 2 pay according to actual needs is defeated in point-of-sale terminal 2
Enter transaction amount, after mobile equipment 1 selects authentication account, generated primary account number and corresponding authentication code encryption by mobile equipment 1
Virtual primary account number is responded;
Second payment request refers to the operating personnel of point-of-sale terminal 2 trade company and major/minor account management as belonging to point-of-sale terminal 2
Available ticket (information of electronic bill and personal identification proof) corresponding specified amount that side arranges in advance is in point-of-sale terminal 2
Input transaction amount, user after selection authentication account, are authenticated in movement equipment 1 by mobile equipment 1 by primary account number and accordingly
Code encryption generates virtual primary account number and is responded.
Have following two situations at the same time:
1) if user uses the electronic bill of Flat Amount, the second payment request can be both used, first can also be used
Payment request.During using the first payment request, as credible bank service manager according to included in authentication code checking request
Authentication code, transaction amount, exchange hour and trade company's code matches associated authentication account and major/minor account management number formulary are according to completing the
After the verification of one authentication request, judge whether to pay the transaction amount in authentication code checking request completely, if otherwise generating
Two authentication requests, by primary account number manager server 5 in the primary account number that the user has bound the remaining portion of the payment transaction amount of money
Point;
2) if user proves (such as account using specific electronic bill (such as integration, information of discount) and specific personal identification
Number VIP identity) when being authenticated, the first payment request can also be used.During using the first payment request, by payment request
The data of the card organization prescribeds such as the account authentication code and trade company's code of the major/minor account that virtual primary account number is included are in primary account number pipe
Authentication is completed at reason side's server 5, credible bank service manager server 6 and secondary account management side's server 7.
Step S3:Point-of-sale terminal 2 is by the payment request containing virtual primary account number through receiving single file server 3 and card organization service
Device 4 is transmitted to primary account number manager server 5.
Step S4:Primary account number manager server 5 decrypts payment request, and generation authentication code checking request is transmitted to credible silver
Row service management side server 6.
The step of decryption payment request of primary account number manager server 5, includes:
1) virtual primary account number is obtained from payment request;
2) bank identifier code, account identification code and the check code included in virtual primary account number is removed, so as to be authenticated
Code, completes decryption.
Step S5:Credible bank service manager server 6 generates the first authentication request according to authentication code checking request, and
The authentication corresponding primary account number manager server 5 of account or secondary account management side's server 7 are transmitted to, obtains first fed back to
Authentication request verification result.
Step S6:Credible bank service manager server 6 judges whether needs according to the first authentication request verification result
The second authentication request is generated, if so, step S7 is performed, if it is not, performing step S8.
Step S7:Credible bank service manager server 6 generates the second authentication request, and is transmitted to primary account number manager
Server 5, obtains the second authentication request verification result fed back to.
Step S8:Credible bank service manager server 6 generates authentication code verification according to authentication request verification result please
Verification result is sought, and feeds back to primary account number manager server 5 and mobile equipment 1.
Step S9:Primary account number manager server 5 generates payment request verification according to authentication code checking request verification result
As a result, and feed back to point-of-sale terminal 2 through card organization server 4 and receipts single file server 3.
Wherein, authentication code checking request includes but not limited to authentication code, transaction amount, exchange hour and trade company's code;
First authentication request is based on authentication content corresponding with authentication code, transaction amount, exchange hour and trade company's code life
Into for asking to authenticate to 5 or secondary account management side's server 7 of primary account number manager server corresponding with authentication code;
The authentication content generation that second authentication request can not be completed based on the first authentication request in payment request, for master
Account management side's server 5 asks part payment transaction amount.
Virtual primary account number is that generation, financial account are encrypted on the basis of the banking system financial account of primary account number has been bound
Number digit Q1And the digit Q of virtual primary account number2It is both needed to digit the collection Q, i.e. Q for meeting card organization prescribed1,Q2∈ Q, Q ∈ 16,
17,18,19}。
The content of financial account includes but not limited to bank identifier code, account identification code, client's serial number and check code,
Wherein:
Bank identifier code field includes n1Bit digital, is denoted as B, n1=6, receive single file server 3 and card organization server 4
Interim data after being judged based on bank identifier code;
Account identification code field includes n2Bit digital, is denoted as S, if bank identifier code field is used to identify whether to be virtual
Primary account number, and account identification code is without other identification purposes, then n2=0, i.e., do not show that account identifies code field in financial account,
Otherwise, n2∈ { 1,2,3,4 }, account identification code can be used for identifying whether as virtual primary account number, or provide financial account for identifying
Number branch, it can also be used to other self-defined identification functions;
Client's serial number field includes n3Bit digital, is denoted as L, n3∈ { 5,6 ..., 12 }, for identifying user identity;
Check code field is by (the n before this by card organizational standard1+n2+n3) bit digital calculated by Luhn algorithms
1 bit digital gone out, is denoted as J, then Q1=n1+n2+n3+ 1, financial account is B+S+L+J.
Virtual primary account number includes but not limited to bank identifier code, account identification code, authentication code and check code, wherein:
Bank identifier code field includes n1Bit digital, is denoted as B, n1=6;
Account identification code field includes n2Bit digital, is denoted as S, if bank identifier code field is used to identify whether to be virtual
Primary account number, and account identification code is without other identification purposes, then n2=0, i.e., do not show that account identifies code field in financial account,
Otherwise, n2∈ { 1,2,3,4 }, account identification code can be used for identifying whether as virtual primary account number, or provide financial account for identifying
Number branch, it can also be used to other self-defined identification functions;
Authentication code field includes n4Bit digital, is denoted as X, n4∈{5,6,...,12};
Check code field is by (the n before this by card organizational standard1+n2+n4) bit digital calculated by Luhn algorithms
1 bit digital gone out, is denoted as J', then Q2=n1+n2+n4+ 1, virtual primary account number is B+S+X+J', B, S field of virtual primary account number
It is identical with B, S field of financial account.
Therefore, virtual primary account number is encrypted by off-line mode is generated as:Mobile equipment 1 is equipped with secure storage module 9,
The encryption of secure storage module 9 generates virtual primary account number;
Corresponding off-line encryption generates the step of virtual primary account number and is:
1) authentication code of secure storage module 9 is stored in using ECC secret key decryptions;
2) the bank identifier code of primary account number, account identification code and authentication code are arranged as 15~18 bit digitals in order;
3) 1 bit check code is calculated with Luhn algorithms according to this 15~18 bit digital;
4) check code is arranged sequentially last position, generates virtual primary account number, complete off-line encryption generation.
Point-of-sale terminal (i.e. point-of-sale terminal 2) is dragged for mobile phone (moving equipment 1), seabed, Bank of Communications's server (is received single
Row server 3), Unionpay's server (i.e. card organization server 4), China Merchants Bank's server (i.e. primary account number manager server 5)
And exemplified by credible bank service manager server 6, user's (using mobile phone) drags for have a meal in the sea need to drag for sale eventually by seabed
End pays 280 yuan of dinner cost, and user selects to pay 280 yuan using the China Merchants Bank's primary account number bound.In order to simplify step, acquiescence
Validation verification is effective.As shown in figure 3, the method for authenticating for being used for mobile payment based on point-of-sale terminal is realized in an off-line
Comprise the following steps:
101:Seabed drag for point-of-sale terminal operating personnel know that user will complete payment using China Merchants Bank's primary account number after,
280 yuan of first payment requests of initiation of point-of-sale terminal input transaction amount are dragged in seabed;
102:User first completes personal identification on mobile phone in a manner of fingerprint recognition, then determines the main account of China Merchants Bank
Number as authentication account, by ECC secret key decryption China Merchants Bank of the mobile phone in secure storage module 9 account authentication code and add
It is dense to substitute primary account number needed for payment request into corresponding virtual primary account number, and respond seabed by way of NFC and drag for
The payment request that point-of-sale terminal is initiated;
103:Drag for point-of-sale terminal and payment request is transmitted to Bank of Communications's server in seabed;
104:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
105:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
106:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
107:Credible bank service manager server 6 according to included in authentication code checking request account authentication code,
The related data generation of transaction amount, exchange hour and code matches correlation the user China Merchants Bank of trade company primary account number pays seabed
280 yuan of the first authentication request is dragged for, is transmitted to China Merchants Bank's server;
108:After China Merchants Bank's server authentication the user's related data, credible bank service manager server is fed back to
6 have successfully passed the first authentication request verification result that account balance pays 280 yuan;
109:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
The final verification result of checking request comprehensive descision generation authentication code checking request simultaneously feeds back to China Merchants Bank's server and mobile phone;
110:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
111:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
112:Payment request verification result is fed back to seabed and drags for point-of-sale terminal by Bank of Communications's server, completes payment request
Verification.
Embodiment two
The difference between this embodiment and the first embodiment lies in time account management side's server 7 is used as using masses' comment server;
User selects popular comment account to use popular 2 100 yuan of electronics cash equivalent commented in account as authentication account on mobile phone
Certificate pays 200 yuan, while pays remaining 80 yuan using the China Merchants Bank's primary account number bound.In order to simplify step, acquiescence has
The verification of effect property is effective, as shown in figure 4, realizing the method for authenticating bag for being used for mobile payment based on point-of-sale terminal in an off-line
Include following steps:
201:The operating personnel that point-of-sale terminal is dragged in seabed know that user will use China Merchants Bank's primary account number and popular comment electricity
Filial generation gold note after completing payment, drags for 280 yuan of first payment requests of initiation of point-of-sale terminal input transaction amount in seabed;
202:User first completes personal identification on mobile phone in a manner of fingerprint recognition, then determines popular comment account
As authentication account, by the account authentication code and off line of the popular comment of ECC secret key decryption of the mobile phone in secure storage module 9
Encryption generates corresponding virtual primary account number to substitute primary account number needed for payment request, and seabed is responded by way of NFC
Drag for the payment request of point-of-sale terminal initiation;
203:Drag for point-of-sale terminal and payment request is transmitted to Bank of Communications's server in seabed;
204:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
205:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
206:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
207:Credible bank service manager server 6 authentication code, transaction according to included in authentication code checking request
The related data generation of the popular comment account of the amount of money, exchange hour and trade company code matches correlation the user pays seabed and drags for 280
First authentication request of member, is transmitted to popular comment server 7;
208:After masses' comment server authentication the user's related data, credible bank service manager server is fed back to
6 have successfully passed the first authentication request verification result that electronics coupons pay 200 yuan;
209:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
The generation of checking request comprehensive descision pays 80 yuan of the second authentication request and is transmitted to China Merchants Bank's server authentication;
210:After China Merchants Bank's server authentication the user's related data, credible bank service manager server is fed back to
6 have successfully passed the second authentication request verification result that account balance pays 80 yuan;
211:The final verification result of authentication code checking request is fed back to trade and investment promotion by credible bank service manager server 6
Bank server and mobile phone;
212:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
213:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
214:Payment request verification result is fed back to seabed and drags for point-of-sale terminal by Bank of Communications's server, completes payment request
Verification.
Embodiment three
The difference between this embodiment and the first embodiment lies in be not provided with secure storage module 9 in mobile phone, then the hand in step S2
Machine need to obtain the virtual primary account number that generation is encrypted by primary account number manager server 5 by on-line mode.
On-line mode is:Mobile equipment 1 is generated to the virtual primary account number of credible 6 online initiation of bank service manager server
Request, credible bank service manager server 6 send corresponding authentication code after judging virtual primary account number generation request effectively
To primary account number manager server 5, the virtual primary account number of generation is encrypted by primary account number manager server 5 and feeds back to credible bank
Service management side's server 6, then mobile equipment 1 is handed down to by credible bank service manager server 6.Primary account number manager
The key for encryption and decryption authentication code is equipped with server 5.
Corresponding on-line encryption generates the step of virtual primary account number and is:
1) mobile equipment 1 is asked to the virtual primary account number generation of credible 6 online initiation of bank service manager server;
2) credible bank service manager server 6 is judged corresponding authentication code after the generation request effectively of virtual primary account number
It is sent to primary account number manager server 5;
3) primary account number manager server 5 uses corresponding ECC secret key decryptions authentication code;
4) the bank identifier code of primary account number, account identification code and authentication code are arranged as by primary account number manager server 5
15~18 bit digitals;
5) 1 bit check code is calculated with Luhn algorithms according to this 15~18 bit digital;
6) check code is arranged sequentially last position, generates virtual primary account number;
7) virtual primary account number is transmitted to credible bank service manager server 6 by primary account number manager server 5;
8) virtual primary account number is handed down to mobile equipment 1 by credible bank service manager server 6, completes on-line encryption life
Into.
User selects popular comment account to comment on the seabed in account as authentication account using masses and drag for meeting on mobile phone
Member's card makes a call to 9 foldings, reuses integration and pays 10 yuan, while pays remaining 242 yuan using the China Merchants Bank's primary account number bound.For
Simplified step, acquiescence validation verification are effective, are used to move based on point-of-sale terminal as shown in figure 5, realizing with on-line mode
The dynamic method for authenticating paid comprises the following steps:
301:User first completes personal identification on mobile phone in a manner of fingerprint recognition, then determines popular comment account
As authentication account, mobile phone is asked to the virtual primary account number generation of credible 6 online initiation of bank service manager server;
302:After the credible virtual primary account number generation request effectively of 6 certification of bank service manager server, reflected based on account
Weighted code obtains the respective virtual primary account number of encryption generation from China Merchants Bank's server and is handed down to mobile phone;
303:Seabed drag for point-of-sale terminal operating personnel know user will using masses' comment account come after completing payment,
Drag for 280 yuan of first payment requests of initiation of point-of-sale terminal input transaction amount in seabed;
304:Mobile phone substitutes primary account number needed for payment request with virtual primary account number that on-line encryption generates, and passes through
The mode of NFC responds the payment request that point-of-sale terminal initiation is dragged in seabed;
305:Drag for point-of-sale terminal and payment request is transmitted to Bank of Communications's server in seabed;
306:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
307:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
308:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
309:Credible bank service manager server 6 authentication code, transaction according to included in authentication code checking request
The related data generation of the popular comment account of the amount of money, exchange hour and trade company code matches correlation the user pays seabed and drags for 280
First authentication request of member, is transmitted to popular comment server;
310:After masses' comment server authentication the user's related data, credible bank service manager server is fed back to
6 successfully passed seabed drag for member card beaten 9 foldings and with integration pay 10 yuan amount to pay 38 yuan the first authentication requests verify
As a result;
311:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
The generation of checking request comprehensive descision pays 242 yuan of the second authentication request and is transmitted to China Merchants Bank's server authentication;
312:After China Merchants Bank's server authentication the user's related data, credible bank service manager server is fed back to
6 have successfully passed the second authentication request verification result that account balance pays 242 yuan;
313:The final verification result of authentication code checking request is fed back to trade and investment promotion by credible bank service manager server 6
Bank server and mobile phone;
314:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
315:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
316:Payment request verification result is fed back to seabed and drags for point-of-sale terminal by Bank of Communications's server, completes payment request
Verification.
Example IV
The difference between this embodiment and the first embodiment lies in using smart card as mobile equipment 1, made with Haagen-Dazs server
For secondary account management side's server 7, user selects Haagen-Dazs account to use Haagen-Dazs as authentication account on smart cards
258 yuan of ice cream moon cakes electronics are picked up goods certificates, using contact IC as short-haul connections in a manner of.In order to simplify step, validity is given tacit consent to
Verification is effective, as shown in fig. 6, realize in an off-line based on point-of-sale terminal be used for ticket verification method for authenticating include with
Lower step:
401:The operating personnel of Haagen-Dazs point-of-sale terminal know that user will use 258 yuan of ice cream moon cakes electricity of Haagen-Dazs
Son delivery of cargo certificate is come after completing payment, in 0.01 yuan of second payment request of initiation of Haagen-Dazs point-of-sale terminal input transaction amount;
402:User is known with numerical ciphers on smart cards first completes personal identification otherwise, then determines Ha Genda
This 258 yuan of ice cream moon cakes electronics delivery of cargo certificates are as authentication account, by secret key decryption of the smart card in secure storage module 9
The ticket authentication code and the corresponding virtual primary account number of off-line encryption generation of 258 yuan of ice cream moon cakes electronics delivery of cargo certificates of Haagen-Dazs come
Primary account number needed for payment request is substituted, and the payment of Haagen-Dazs point-of-sale terminal initiation is responded by way of contact IC
Request;
403:Payment request is transmitted to Bank of Communications's server by Haagen-Dazs point-of-sale terminal;
404:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
405:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
406:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
407:Credible bank service manager server 6 authentication code, transaction according to included in authentication code checking request
The correlation of 258 yuan of amount of money, exchange hour and trade company's code matches correlation the user Haagen-Dazs ice cream moon cakes electronics delivery of cargo certificates
First authentication request of data generation verification electronic bill, is transmitted to Haagen-Dazs server;
408:After Haagen-Dazs server authentication the user's related data, credible bank service manager server is fed back to
First authentication request verification result of 6 certificates of 258 yuan of ice cream moon cakes electronics of good authentication Haagen-Dazs delivery of cargo;
409:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
Checking request comprehensive descision generates the final verification result of authentication code checking request, and feeds back to China Merchants Bank's server and intelligence
Card;
410:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
411:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
412:Payment request verification result is fed back to Haagen-Dazs point-of-sale terminal by Bank of Communications's server, is completed to pay and is asked
Ask verification.
Embodiment five
The difference between this embodiment and the first embodiment lies in using intelligent watch as mobile equipment 1, made with Guevara's server
For secondary account management side's server 7, user selects Guevara's account to be used 2015 1 as authentication account on intelligent watch
On the moon 1 19:30 electronic motion picture ticket.The present embodiment is also different from example IV and completes ticket verification using account authentication code.
In order to simplify step, acquiescence validation verification is effective, is used for as shown in fig. 7, realizing in an off-line based on point-of-sale terminal
The method for authenticating of ticket verification comprises the following steps:
501:After the operating personnel of Wanda cinema point-of-sale terminal know that user will complete payment using Guevara's account,
In Wanda cinema 50 yuan of first payment requests of initiation of point-of-sale terminal input transaction amount;
502:User first completes personal identification on intelligent watch in a manner of Application on Voiceprint Recognition, then determines Guevara's account
Number as authentication account, by the account authentication code of secret key decryption Guevara account of the intelligent watch in secure storage module 9
And off-line encryption generates corresponding virtual primary account number to substitute primary account number needed for payment request, and rung by way of NFC
The payment request for answering Wanda cinema point-of-sale terminal to initiate;
503:Payment request is transmitted to Bank of Communications's server by Wanda cinema point-of-sale terminal;
504:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
505:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
506:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
507:Credible bank service manager server 6 authentication code, transaction according to included in authentication code checking request
The related data generation verification Wanda cinema of the amount of money, exchange hour and trade company's code matches correlation the user's Guevara's account works as
It is preceding can admission viewing film electronic motion picture ticket the first authentication request, be transmitted to Guevara's server;
508:After Guevara's server authentication the user's related data, credible bank service manager server 6 is fed back to
Good authentication Wanda cinema currently can admission viewing film electronic motion picture ticket the first authentication request verification result;
509:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
Checking request comprehensive descision generates the final verification result of authentication code checking request, and feeds back to China Merchants Bank's server and intelligence
Wrist-watch;
510:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
511:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
512:Payment request verification result is fed back to Wanda cinema point-of-sale terminal by Bank of Communications's server, completes to pay
Requests verification.
Embodiment six
The difference between this embodiment and the first embodiment lies in using tablet computer as mobile equipment 1, using take journey server as
Secondary account management side's server 7, user select to take journey account as authentication account on tablet computer, using taking journey VIP member
Qualification, using bluetooth as short-haul connections in a manner of.In order to simplify step, acquiescence validation verification is effective, as shown in figure 8, with
Off-line mode realizes that the method for authenticating for being used for identity discriminating based on point-of-sale terminal is comprised the following steps:
601:After the operating personnel of airport function room point-of-sale terminal know that user will complete payment using journey account is taken,
Airport function room point-of-sale terminal input 0.01 yuan of second payment request of initiation of transaction amount;
602:User is known on tablet computer with numerical ciphers first completes personal identification otherwise, then determines to take journey
Account takes the clubbable tickets of journey VIP as authentication account by secret key decryption of the tablet computer in secure storage module 9
Authentication code and off-line encryption generate corresponding virtual primary account number to substitute primary account number needed for payment request, and pass through bluetooth
Mode responds the payment request that airport function room point-of-sale terminal is initiated;
603:Payment request is transmitted to Bank of Communications's server by airport function room point-of-sale terminal;
604:Payment request is transmitted to Unionpay's server by Bank of Communications's server;
605:Payment request is transmitted to China Merchants Bank's server by Unionpay's server;
606:China Merchants Bank's server decryption payment request, generation authentication code checking request are transmitted to credible bank service pipe
Reason side's server 6;
607:Credible bank service manager server 6 authentication code, transaction according to included in authentication code checking request
The amount of money, exchange hour and trade company code matches correlation the user take the clubbable related data generation verification electronic tickets of journey VIP
First authentication request of certificate, is transmitted to and takes journey server;
608:After taking journey server authentication the user's related data, credible bank service manager server 6 has been fed back to
The clubbable first authentication request verification results of journey VIP are taken in good authentication;
609:Credible bank service manager server 6 is according to the first authentication request verification result and authentication code fed back to
Checking request comprehensive descision generates the final verification result of authentication code checking request, and feeds back to China Merchants Bank's server and tablet
Computer;
610:China Merchants Bank's server is anti-according to the verification result of authentication code checking request generation payment request verification result
It is fed back to Unionpay's server;
611:Payment request verification result is fed back to Bank of Communications's server by Unionpay's server;
612:Payment request verification result is fed back to airport function room point-of-sale terminal by Bank of Communications's server, completes to pay
Requests verification.