CN107622395B - Payment password generation method, terminal, server and system - Google Patents

Payment password generation method, terminal, server and system Download PDF

Info

Publication number
CN107622395B
CN107622395B CN201710896319.0A CN201710896319A CN107622395B CN 107622395 B CN107622395 B CN 107622395B CN 201710896319 A CN201710896319 A CN 201710896319A CN 107622395 B CN107622395 B CN 107622395B
Authority
CN
China
Prior art keywords
virtual machine
server
terminal
payment password
machine number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710896319.0A
Other languages
Chinese (zh)
Other versions
CN107622395A (en
Inventor
沈国民
杨青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hundsun Data Safety Technology Co ltd
Original Assignee
Hangzhou Hundsun Data Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hundsun Data Safety Technology Co ltd filed Critical Hangzhou Hundsun Data Safety Technology Co ltd
Priority to CN201710896319.0A priority Critical patent/CN107622395B/en
Publication of CN107622395A publication Critical patent/CN107622395A/en
Application granted granted Critical
Publication of CN107622395B publication Critical patent/CN107622395B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a payment password generation method, a terminal, a server, a calculation module and a system, wherein the method comprises the following steps: the terminal acquires a calculation element input by a user, sends the calculation element to the server, receives a payment password returned by the server, and verifies the payment password by using a verification system. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the terminal in the application integrates the functions of the entity payment scrambler aiming at each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the safety of a payment password and the convenience for a user to use the payment password are improved.

Description

Payment password generation method, terminal, server and system
Technical Field
The invention relates to the technical field of computers, in particular to a payment password generation method, a terminal, a server, a calculation module and a system.
Background
In the prior art, the payment password issuing process of a bank depends on an entity payment scrambler, the payment scrambler is a special tool which is authenticated by Chinese people bank and the national password administration, adopts an advanced data encryption technology and is automatically generated into a payment password by a drawer according to related elements on a bill or a settlement certificate. The payment cipher device needs to be carried about, has single service function, cannot be issued remotely, and can only be used by a single machine in the traditional payment cipher device. With the increasing popularization and diversification of the application of the payment cryptographic technology in payment settlement between banks and enterprises, the traditional payment cipher device cannot meet the market application requirements, and various problems exist in the use and management process of the traditional payment cipher device, so that the current increasingly diversified customer payment requirements cannot be met.
In the prior art, password verification through a payment password device is generally adopted. The payment cipher is a set of cipher data calculated by a prescribed algorithm from important data and other related information on a certificate (mainly a check).
The payment cipher device system mainly comprises a payment cipher device, a payment cipher special verification device and other related equipment and software thereof. The payment certificate issuer inputs the relevant elements on the certificate into the payment cipher device, and generates a payment cipher to be filled in the payment certificate after encryption operation. The bank verifies the relevant elements of the payment voucher and the payment password by using the computer equipment to determine the authenticity of the payment password.
However, the above-described scheme has at least the following problems:
1) chip resource waste: due to the physical payment crypto-engine, the inevitable nature of "one machine with one chip" results in a chip without multiplexing capability. If the business entity payment encryptor is used less frequently, chip resources are wasted naturally.
2) The enterprise cost is high: most enterprises can be damaged or replaced in the process of using the entity payment cipherer. Sometimes, enterprises need to purchase different equipment at different banks, and the operation cost of the enterprises is increased invisibly.
3) The entity payment cipher device needs to be replaced in a bank when being unlocked, damaged and upgraded: in actual use, due to the reasons of machine locking, equipment damage and the like, a customer needs to go to a bank site to repair and replace the equipment, and the use is inconvenient.
4) Safety risk in use: in the use process of the entity payment scrambler, the conditions of equipment loss, theft and the like are easy to occur.
5) The bank management cost is higher: each entity payment cipher machine and bank need to go through the processes of popularization, purchase, registration, sale and after-sale. Taking a bank with 20000 pairs of public accounts as an example, the bank needs to pay the cipher machine to 20000 entities at a minimum.
6) The service form is single: the entity payment cipher device is an entity device composed of a shell, a keyboard, a singlechip, a liquid crystal display and other modules, and couples computing elements into the singlechip device. Because the resources of the singlechip are limited, only simple service functions can be realized. The business requirements of enterprises, especially medium and large-sized enterprises, such as increasingly increased security internal control, money limitation and the like cannot be met.
Disclosure of Invention
In view of this, the present invention provides a method, a terminal, a server, a computing module and a system for generating a payment password, which integrate the function of an entity payment scrambler of each bank at the terminal, save the cost of the entity payment scrambler, and improve the security of password payment and the convenience of user payment using the password.
Additional features and advantages of the invention will be set forth in the detailed description which follows, or may be learned by practice of the invention.
According to a first aspect of the present invention, there is provided a method of payment password generation, wherein the method comprises:
the terminal acquires a calculation element input by a user;
the terminal sends the computing element to a server;
and the terminal receives the payment password returned by the server and verifies the payment password by using a verification system.
In some embodiments, the method further comprises: the terminal sends basic information input by a user to the server to acquire the virtual machine number distributed by the server;
and the terminal sends the virtual machine number to a verification system so as to issue the virtual machine number and enable the verification system to bind the virtual machine number with a bank account input by a bank teller.
In some embodiments, the terminal sending the virtual machine number to a verification system, including: and the terminal establishes connection with a data loader and sends the virtual machine serial number to a verification system through the data loader in a serial port communication mode.
In some embodiments, the method further comprises: the terminal receives a virtual machine number returned by the verification system through the data loader and a bank account number bound with the virtual machine number, and sends the virtual machine number and the bank account number bound with the virtual machine number to a server;
the terminal sending the computing element to a server, comprising: the terminal sends the computing elements including the bank account number input by the user to the server;
the terminal receives the payment password returned by the server and verifies the payment password by using a verification system, and the method comprises the following steps: and the terminal receives a payment password which is returned by the server and calculated according to the bank account number, and verifies the payment password by using a verification system.
According to a second aspect of the present invention, there is provided another method of payment cryptogram generation, wherein the method comprises:
the server receives a calculation element input by a user and sent by a terminal;
the server acquires a payment password according to the calculation element;
and the server sends the payment password to the terminal.
In some embodiments, the method comprises: the server receives basic information input by a user and sent by the terminal, and allocates a virtual machine number to the terminal according to the basic information;
the server receives the virtual machine number sent by the terminal and a bank account number bound with the virtual machine number;
the server acquires a payment password according to the calculation element, and the method comprises the following steps:
the server searches a virtual machine number corresponding to the bank account according to the calculation elements including the bank account input by the user, and acquires a payment password according to the virtual machine number.
In some embodiments, the method further comprises: the server allocates at least one algorithm chip to the number of the virtual machine according to the load information of the algorithm chip integrated in the cipher machine;
the obtaining of the payment password according to the virtual machine number comprises the following steps: and the server acquires the corresponding algorithm chip according to the virtual machine number and acquires a payment password according to the algorithm chip.
In some embodiments, the obtaining a payment password according to the algorithm chip includes:
when the server obtains a plurality of corresponding algorithm chips according to the virtual machine serial number, selecting the algorithm chip with the minimum load from the algorithm chips, and calculating a payment password according to the calculation element by using the algorithm chip with the minimum load; alternatively, the first and second electrodes may be,
and when the server acquires a corresponding algorithm chip according to the virtual machine number, calculating a payment password according to the calculation element by using the algorithm chip.
According to a third aspect of the present invention, there is provided a further method of payment password generation, wherein the method comprises:
the terminal acquires a calculation element input by a user;
the terminal sends the computing element to a server;
the server receives the computing element sent by the terminal;
the server acquires a payment password according to the calculation element;
the server sends the payment password to the terminal;
and the terminal receives the payment password returned by the server and verifies the payment password by using a verification system.
According to a fourth aspect of the present invention, there is provided a terminal for payment password generation, wherein the terminal comprises:
the first acquisition module is used for acquiring the calculation elements input by the user;
a first sending module for sending the computing element to a server;
and the receiving module is used for receiving the payment password returned by the server and verifying the payment password by using a verification system.
In some embodiments, the terminal further comprises:
the second acquisition module is used for sending the basic information input by the user to the server so as to acquire the virtual machine number distributed by the server;
and the binding module is used for sending the virtual machine number to a verification system so as to issue the virtual machine number and enable the verification system to bind the virtual machine number with a bank account number input by a bank teller.
In some embodiments, the binding module is further configured to establish a connection with a data loader, send the virtual machine tool number to an authentication system through the data loader in a serial port communication manner, issue the virtual machine tool number, and bind the virtual machine tool number and a bank account number input by a bank teller by the authentication system.
In some embodiments, the terminal further comprises:
the second sending module is used for receiving the virtual machine number returned by the verification system through the data loader and the bank account number bound with the virtual machine number, and sending the virtual machine number and the bank account number bound with the virtual machine number to the server;
the first sending module is further used for sending the computing elements comprising the bank account number input by the user to the server;
the receiving module is further used for receiving a payment password which is returned by the server and calculated according to the bank account, and verifying the payment password by using a verification system.
According to a fifth aspect of the present invention, there is provided a server for payment password generation, wherein the server comprises:
the first receiving module is used for receiving the calculation elements input by the user and sent by the terminal;
the acquisition module is used for acquiring a payment password according to the calculation element;
and the sending module is used for sending the payment password to the terminal.
In some embodiments, the server further comprises:
the first allocation module is used for receiving basic information input by a user and transmitted by the terminal and allocating virtual machine numbers to the terminal according to the basic information;
the second receiving module is used for receiving the virtual machine number sent by the terminal and the bank account number bound with the virtual machine number;
the acquisition module is used for searching the virtual machine number corresponding to the bank account number according to the calculation elements including the bank account number input by the user and acquiring the payment password according to the virtual machine number.
In some embodiments, the server further comprises:
the second distribution module is used for distributing at least one algorithm chip to the virtual machine number according to the load information of the algorithm chip integrated in the cipher machine;
the acquisition module is used for acquiring the corresponding algorithm chip according to the virtual machine number and acquiring the payment password according to the algorithm chip.
According to a sixth aspect of the present invention, there is provided a computing module for payment password generation, wherein the computing module integrates at least one algorithm chip, and the computing module includes:
the receiving unit is used for receiving a calculation request sent by the server; the calculation request comprises calculation elements and an identifier of a target algorithm chip;
the calculation unit is used for calculating a payment password according to the calculation element by utilizing the target algorithm chip;
and the sending unit is used for sending the payment password to the server.
According to a seventh aspect of the present invention, there is provided a system for payment password generation, comprising the terminal of the fourth aspect, the server of the fifth aspect, and the computing module of the sixth aspect.
In the embodiment of the invention, a terminal acquires a calculation element input by a user, sends the calculation element and a virtual machine number corresponding to the terminal to a server, receives a payment password returned by the server, and verifies the payment password by using a verification system. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the terminal in the application integrates the functions of the entity payment scrambler aiming at each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.
FIG. 1 is a flow diagram illustrating a method of payment password generation in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating another method of payment password generation in accordance with an exemplary embodiment;
FIG. 3 is a flow diagram illustrating yet another method of payment cryptogram generation in accordance with an exemplary embodiment;
FIG. 4 is a system block diagram illustrating payment password generation according to an embodiment of the present invention;
FIG. 5 is a flow chart of a method of payment password generation for application to the system shown in FIG. 4;
fig. 6 is a block diagram illustrating a payment password generation terminal according to an exemplary embodiment;
FIG. 7 is a block diagram illustrating a payment crypto-generation server in accordance with one illustrative embodiment;
FIG. 8 is a block diagram illustrating a computing module for payment password generation in accordance with an exemplary embodiment;
FIG. 9 is a block diagram illustrating a system for payment password generation in accordance with an exemplary embodiment.
DETAILED DESCRIPTION OF EMBODIMENT (S) OF INVENTION
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention may be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations or operations have not been shown or described in detail to avoid obscuring aspects of the invention.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
In the embodiment of the present invention, the acquisition module, the transmission module, the reception module, and the distribution module are described by terms of first/second, etc., but these terms are only used to distinguish the acquisition module, the transmission module, the reception module, and the distribution module from each other.
Fig. 1 is a flow diagram illustrating a method of payment password generation in accordance with an example embodiment. It should be noted that this method is mainly applied to the terminal side.
As shown in fig. 1, the method may include the steps of:
in S110, the terminal acquires the calculation element input by the user.
It should be noted that the terminal proposed in the embodiment of the present invention is loaded with an application program of a payment crypto. The terminal in the embodiment of the invention can include but is not limited to a mobile terminal, the application program of the payment cipher device can be used for generating payment ciphers of various banks, and when the ciphers need to be generated, the virtual machine number can be determined according to the bank account number in the calculation element, so that the payment ciphers are generated by utilizing the algorithm chip corresponding to the virtual machine number.
It should be noted that the terminal needs to acquire the virtual machine number and issue the virtual machine number in the bank, thereby completing a process similar to the bank issuing machine number in the prior art.
According to an example embodiment, a user can input basic information at a terminal, further register a user account at the terminal, and send the basic information to a server to obtain a virtual machine number allocated by the server. The terminal further sends the virtual machine number to a verification system of a bank so as to issue the virtual machine number, and further the verification system binds the virtual machine number with a bank account number input by a bank teller. Wherein, the basic information may include but is not limited to: the user's cell phone number, company name, and business license, etc.
For example, after the terminal loads an application program of the payment password device, the user can register by using a mobile phone number, input basic information such as a company name and the like, and send the basic information to the server, the server allocates a virtual machine number to each company according to the basic information, and sends the virtual machine number to the terminal, so that the terminal acquires the virtual machine number.
According to an example embodiment, the terminal establishes connection with a data loader arranged in a bank, sends a virtual machine number to a verification system of the bank in a serial port communication mode through the data loader, issues the virtual machine number, and further binds the virtual machine number with a bank account number input by a bank teller through the verification system.
It should be noted that the bank account corresponds to a company corresponding to the virtual machine number, for example, the server allocates the virtual machine number X to the terminal according to the information of the company a input by the user, and the bank teller can search the bank account of the company a to input the bank account, so that the binding between the virtual machine number X and the bank account is completed.
Further, the terminal receives a virtual machine number returned by a verification system of the bank and a bank account number bound with the virtual machine number through a data loader connected with the terminal, and sends the virtual machine number and the bank account number bound with the virtual machine number to the server.
It should be noted that, in the prior art, the entity payment cipher device is connected with the bank through the serial port mode, and in this application, unable direct serial port mode connection between terminal and the bank, so can set up data loader in bank department, bank verification system is connected through the serial port mode to this data loader one end, the other end can support wireless modes such as bluetooth to carry out data communication with the terminal, and then the terminal can send virtual machine number to verification system with serial port communication's mode through this data loader, thereby realize the issue to this virtual machine number, it is further, this verification system binds this virtual machine number with the bank account number of bank teller input.
In the embodiment of the invention, on the premise of not increasing any software and hardware development cost of the bank, the data communication between the terminal and the bank is realized, and the data loader is arranged in the bank and can be in data communication with any terminal, so that the multiplexing of the data loader is realized.
It should be noted that, in the embodiment of the present invention, the terminal sends the virtual machine number and the bank account number bound to the virtual machine number to the server, so as to record the corresponding relationship between the virtual machine number and the bank account number on the server side.
According to an example embodiment, the computing element sent by the terminal to the server includes a bank account number input by the user, and then the virtual machine number corresponding to the bank account number can be found, so that the payment password can be calculated according to the virtual machine number. It should be noted that the computing elements may also include, but are not limited to: certificate type, certificate number, amount, issue date, etc.
In S120, the terminal transmits the calculation element to the server.
It should be noted that, after the server allocates the virtual machine number to the bank account, the server may also allocate an algorithm chip to the virtual machine number, after the terminal sends the computing element including the bank account to the server, the server searches for the corresponding virtual machine number and algorithm chip by using the bank account included in the computing element, so as to obtain the payment password, and the specific content is detailed in the following embodiment applied to the server side, and is not described in detail here.
In S130, the terminal receives the payment password returned by the server, and verifies the payment password by using the verification system.
It should be noted that the verification system is usually installed in a bank. In the application, after the terminal receives the payment password returned by the server, the user fills in the paper bill according to the mode in the prior art, the paper bill is transmitted to the bank, and the paper bill is manually input into the verification system by a teller of the bank, so that the payment password is verified by the verification system.
In the above embodiment of the present invention, for the bank staff, the payment password in the present application can be operated according to the operation habit of the existing payment password processing entity payment password device, the processing flow is not changed, and the original operation flow is not changed by replacing the entity payment password device with the terminal, so that the operation burden of the bank staff is reduced.
In the embodiment of the invention, a terminal acquires a calculation element input by a user, sends the calculation element and a virtual machine number corresponding to the terminal to a server, receives a payment password returned by the server, and verifies the payment password by using a verification system. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the terminal in the application integrates the functions of the entity payment scrambler aiming at each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
Fig. 2 is a flow diagram illustrating another method of payment password generation in accordance with an example embodiment. It should be noted that the method is mainly applied to the server side.
As shown in fig. 2, the method may include the steps of:
in S210, the server receives the calculation element input by the user transmitted from the terminal.
It should be noted that the terminal proposed in the embodiment of the present invention is loaded with an application program of a payment crypto.
According to an example embodiment, before a server receives a computing element input by a user and sent by a terminal, the server receives basic information input by the user and sent by the terminal, and allocates a virtual machine number to the terminal according to the basic information. Wherein, the basic information may include but is not limited to: the user's cell phone number, company name, and business license, etc.
According to an example embodiment, a user can input basic information at a terminal, further register a user account at the terminal, and send the basic information to a server, and the server allocates a virtual machine number to the terminal according to the basic information and returns the virtual machine number to the terminal. The terminal further sends the virtual machine number to a verification system, so that the virtual machine number is issued, and the verification system binds the virtual machine number with a bank account number input by a bank teller.
Further, the server may receive the virtual machine number sent by the terminal and the bank account number bound to the virtual machine number.
It should be noted that, when the terminal sends the virtual machine number to the verification system, the terminal establishes connection with a data loader of the bank, and sends the virtual machine number to the verification system through the data loader, so as to issue the virtual machine number, the verification system further returns the virtual machine number and the bank account number bound with the virtual machine number to the terminal through the data loader, the terminal sends the virtual machine number and the bank account number bound with the virtual machine number to the server, and the server stores the corresponding relationship after receiving the virtual machine number and the bank account number bound with the virtual machine number.
According to the example embodiment, the computing element sent by the terminal and received by the server includes the bank account input by the user, so that the virtual machine number corresponding to the bank account can be found from the stored corresponding relation, and the payment password can be calculated according to the virtual machine number. It should be noted that the computing elements may also include, but are not limited to: certificate type, certificate number, amount, issue date, etc.
In S220, the server obtains a payment password according to the calculation element.
It should be noted that, after the server allocates the virtual machine number to the terminal, at least one algorithm chip may be allocated to the virtual machine number according to load information of an algorithm chip integrated in the cryptographic machine, and after the server receives a calculation element including a bank account sent by the terminal, the server searches for the corresponding virtual machine number according to the bank account, searches for the algorithm chip corresponding to the virtual machine number, and obtains the payment password according to the algorithm chip.
It should be noted that, the cryptographic engine in the present application may be a dedicated electronic device for calculating a payment password, and includes a plurality of algorithm chips (for example, including 64 SSX-B payment cryptographic engine dedicated algorithm chips), may centrally manage the dedicated cryptographic algorithm chips in the conventional physical payment cryptographic engine, and may be similar to a rack-mounted server in appearance, and may interact with the server through tcp, http and other mainstream network communication methods.
According to an example embodiment, when the server allocates the algorithm chip to the virtual machine number, the server may allocate the cryptographic algorithm chip with the lightest load to the "virtual machine number" according to the algorithm chip load condition in the cryptographic machine. For example, at least one algorithm chip with a small number of associated virtual machines is selected. The bank manages the App based on the cloud server, and excessive management cost cannot be increased no matter how the number of subsequent machines is increased. One chip can also correspond to a plurality of enterprise information, so that chip resources are saved. When a new service needs to be expanded, the new service can be realized only by pushing and upgrading the App.
It should be noted that the server may associate one algorithm chip with multiple virtual machine numbers, thereby reducing the dependency on the algorithm chip and improving the utilization rate of chip resources.
Searching the algorithm chip according to the virtual machine number can comprise the following two cases:
1. when the server obtains the corresponding multiple algorithm chips according to the virtual machine serial numbers, the algorithm chip with the minimum load can be further selected according to the calculation frequency of each algorithm chip, and the payment password is calculated according to the calculation elements by using the algorithm chip with the minimum load.
2. And when the server acquires a corresponding algorithm chip according to the virtual machine number, calculating a payment password by using the algorithm chip directly according to the calculation element.
In the above embodiment of the present invention, a plurality of algorithm chips are integrated in the cryptographic machine, and the server allocates at least one algorithm chip to the virtual machine number.
In S230, the server transmits the payment password to the terminal.
According to an example embodiment, the server may also receive data such as transaction flow sent by the terminal and record the information so that the terminal manages the bank account.
In the embodiment of the invention, the server realizes the calculation of the payment password through the data interaction with the terminal. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the data interaction between the server and the terminal in the application enables the terminal to integrate the functions of the entity payment scrambler of each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
Fig. 3 is a flow diagram illustrating yet another method of payment cryptogram generation in accordance with an example embodiment. In the following description of the method, the same parts as those of the foregoing method will not be described again.
As shown in fig. 3, the method may include the steps of:
in S310, the terminal acquires a calculation element input by the user;
in S320, the terminal transmits the calculation element to the server.
In S330, the server receives the calculation element transmitted by the terminal.
In S340, the server obtains a payment password according to the calculation element.
In S350, the server transmits the payment password to the terminal.
In S360, the terminal receives the payment password returned by the server, and verifies the payment password by using a verification system.
In the embodiment of the invention, the payment password is calculated through data interaction between the server and the terminal. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the data interaction between the server and the terminal in the application enables the terminal to integrate the functions of the entity payment scrambler of each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
The following describes in detail a method for generating a payment password proposed in the embodiment of the present invention with reference to a specific application scenario. Fig. 4 is a block diagram of a system for generating a payment password according to an embodiment of the present invention, and as shown in fig. 4, the system may include a password machine 410, a cloud server 420, a terminal 430, a data loader 440, and the like. Fig. 5 is a flowchart of a method of payment password generation applied to the system shown in fig. 4, which may include the following flows, as shown in fig. 5:
s501, the terminal 430 receives the basic information input by the user, and sends the basic information to the cloud server 420.
According to an example embodiment, the terminal 430 is loaded with an application of a payment encryptor, through which the terminal 430 communicates with a cloud server in a network-like manner with high-level encryption.
S502, the cloud server 420 assigns a virtual machine number to the terminal 430, and returns the virtual machine number to the terminal 430.
It should be noted that the cloud server 420 may be mainly divided into: a DMZ zone and an intranet application zone.
The DMZ area is used as an internal and external network isolation area, mainly used for avoiding the possibility that core application service and data are attacked by an external network and becoming a security barrier for accessing the core application. The DMZ area is mainly provided with a Nginx server, the load balance of a front-end HTTP request and a back-end application service is realized through load balance and reverse proxy technology, and the health state and disaster tolerance are realized through KeepAlive.
The intranet application area is a payment cloud service, storage service and cipher machine deployment environment.
It should be noted that the application server supports multi-machine cluster deployment, and for the heat data with low change frequency and high access frequency, a memory database cache mode is adopted, so that the direct access times applied to the database are reduced. The database adopts Mysql, realizes data updating and data query separation by master-slave mode master/slave, and improves data processing performance. Through the message queue technology such as RabbitMq and the like, asynchronous decoupling and persistent buffering can be carried out on high-concurrency services.
It should be noted that the cloud server relates to vast public clients, and there are many bank VIP users, so that when the background system works normally for 7 × 24 hours, the stability and reliability of the application program for password payment of the enterprise terminal are ensured, and a backup scheme is provided to ensure the normal and orderly development of payment settlement services, thereby achieving high reliability.
S503, the cloud server 420 allocates a plurality of algorithm chips to the virtual machine serial number.
And S504, the terminal 430 establishes connection with the data loader 440.
S505, the data loader 440 sends the virtual machine number to the verification system in a serial port communication mode, issues the virtual machine number, and enables the verification system to bind the virtual machine number with a bank account number input by a bank teller.
In the present application, the data loader 440 can support payment verification systems of all banks, and the system has a teller operation management mode, so that processes such as issuing and management of the password device can be directly performed.
S506, the terminal 430 sends the virtual machine number returned by the data loader 440 and the bank account number bound to the virtual machine number to the cloud server 420.
The terminal 430 may record data such as related transaction streams on the server, so that the user manages the bank account through the terminal. For example, a financial management module may be added to the payment crypto-generator application of terminal 430, which is not available from the original conventional payment crypto-generator.
S507, the terminal 430 obtains the computing elements input by the user, and sends the computing elements including the bank account to the cloud server 420.
S508, the server 420 finds the virtual machine number corresponding to the bank account, finds a plurality of algorithm chips corresponding to the virtual machine number from the cryptographic machine 410, and sends the calculation element to the algorithm chip with the lightest load among the plurality of algorithm chips.
In the application, the cloud server adopts the rack-mounted payment password machine equipment and the application mode on hardware, so that password payment can be carried out by utilizing the strong safety and the large concurrent processing capacity of the cloud server.
S509, the server 420 obtains the payment password calculated by the algorithm chip with the lightest load, and sends the payment password to the terminal 430.
And S510, the user fills the payment password in the paper bill, transmits the payment password to the bank, manually inputs the payment password into the verification system by a bank teller, and verifies the payment password by using the verification system.
It should be noted that the security of the system can be improved by:
1. in the login phase
After the application program is loaded, a system key (6 bytes) is set in the application program and used for encrypting a login password, the login password is generated by utilizing the system password to XOR a login account number (such as a mobile phone number), the login key and the login password are XOR to form a ciphertext, and if the login password exceeds 6 bytes, the circular encryption is carried out.
2. In the phase of generating public key and private key
The method comprises the steps of generating a 32-byte plaintext by using MAC (6 bytes) + mobile phone number (5 bytes), generating a 32-byte identity authentication public key and a 32-byte identity authentication private key through SM2, storing the identity authentication private key by an identity authentication private key server, sending the identity authentication public key to a client (the first two bytes can be sent by short messages, and the remaining 30 bytes can be transmitted by a network), and issuing a random number R1(3 bytes) in the process.
3. In the identity authentication phase
The terminal generates a random number R (3 bytes) by itself, forms a plaintext (R + R1) with 32 bytes with the random number R1 issued by the server, and carries out digital signature by using SM2 and SM3 in sequence. And the server side carries out signature verification, the calculated R1 is compared with the R1 issued by the server side, and if the R1 is correct, the identity authentication is successful. And R is used as a communication key for the login.
4. Communication phase
R is used as a communication key, a 16-byte communication work key is generated, and the communication work key is encrypted and decrypted by using an SM4 algorithm.
5. Terminal data storage phase
And generating a 6-byte storage key by using the 6-byte system key exclusive OR of the 6-byte mobile phone mac address, and storing the data needing to be stored after exclusive OR.
It should be noted that the whole payment password cloud needs to be integrally safe, and all-round safety design is achieved from identity authentication, data transmission to data storage, from an application server at the rear end of the system to each client at the front end, and from the management flow of the enterprise checks to the bank account processing flow. And a key exchanging method, a core key of a bank and a key of an enterprise are all handed to corresponding units. The system can effectively prevent various attacks, attacks outside the system, attacks inside the system, attacks of system research personnel and attacks of internal and external hands of the system.
It should be clearly understood that the present disclosure describes how to make and use particular examples, but the principles of the present disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
The following are embodiments of the apparatus of the present invention that may be used to perform embodiments of the method of the present invention. In the following description of the apparatus, the same parts as those of the foregoing method will not be described again.
Fig. 6 is a block diagram illustrating a payment password generation terminal according to an exemplary embodiment. As shown in fig. 6, the terminal 600 includes:
a first obtaining module 610, configured to obtain a computing element input by a user;
a first sending module 620, configured to send the computing element to a server;
the receiving module 630 is configured to receive the payment password returned by the server, and verify the payment password by using a verification system.
According to some embodiments, the terminal 600 further comprises: a second obtaining module 640, configured to send the basic information input by the user to the server, so as to obtain the virtual machine number allocated by the server.
And the binding module 650 is configured to send the virtual machine number to a verification system, so as to issue the virtual machine number, and enable the verification system to bind the virtual machine number with a bank account number input by a bank teller.
According to some embodiments, the binding module 650 is further configured to establish a connection with a data loader, send the virtual machine tool number to a verification system through the data loader in a serial port communication manner, issue the virtual machine tool number, and enable the verification system to bind the virtual machine tool number and a bank account number input by a user.
The terminal 600 further includes:
and a second sending module 660, configured to receive the virtual machine number returned by the verification system through the data loader and the bank account number bound to the virtual machine number, and send the virtual machine number and the bank account number bound to the virtual machine number to the server.
The first sending module 620 is further configured to send the computing element including the bank account number input by the user to the server.
The receiving module 630 is further configured to receive a payment password calculated according to the bank account returned by the server, and verify the payment password by using a verification system.
In the embodiment of the invention, the calculation elements input by a user are obtained through a terminal; the terminal sends the computing element to a server; the terminal receives the payment password that the server returned to it is right to utilize the system of verifying payment password verification, compare in prior art the account number of every bank at least dispose an entity payment cipher ware, the terminal integration in this application is to the function of the entity payment cipher ware of every bank, has not only saved the cost of entity payment cipher ware, avoids the circumstances such as entity cipher ware use is lost, stolen moreover, has improved the security of password payment and the convenience that the user used payment password payment.
Fig. 7 is a block diagram illustrating a payment password generation server according to an example embodiment. As shown in fig. 7, the server 700 includes:
a first receiving module 710, configured to receive a computing element input by a user and sent by a terminal;
an obtaining module 720, configured to obtain a payment password according to the computing element;
a sending module 730, configured to send the payment password to the terminal.
According to some embodiments, the server 700 further comprises:
the first allocating module 740 is configured to receive basic information input by a user and sent by the terminal, and allocate a virtual machine number to the terminal according to the basic information.
And a second receiving module 750, configured to receive the virtual machine number and the bank account number bound to the virtual machine number sent by the terminal.
The obtaining module 720 is configured to find a virtual machine number corresponding to a bank account number according to a calculation element including the bank account number input by a user, and obtain a payment password according to the virtual machine number.
According to some embodiments, the server 700 further comprises: the second allocating module 760 is configured to allocate at least one algorithm chip to the virtual machine number according to load information of the algorithm chip integrated in the cryptographic machine.
The obtaining module 720 is configured to obtain the corresponding algorithm chip according to the virtual machine serial number, and obtain the payment password according to the algorithm chip.
In the embodiment of the invention, the server realizes the calculation of the payment password through the data interaction with the terminal. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the data interaction between the server and the terminal in the application enables the terminal to integrate the functions of the entity payment scrambler of each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
Fig. 8 is a block diagram illustrating a calculation module for payment password generation according to an exemplary embodiment, and as shown in fig. 8, the calculation module 800 includes:
a receiving unit 810, configured to receive a calculation request sent by a server; the calculation request comprises calculation elements and an identifier of a target algorithm chip;
a calculating unit 820, configured to calculate a payment password according to the calculation element by using the target algorithm chip;
a sending unit 830, configured to send the payment password to the server.
Fig. 9 is a block diagram illustrating a system for payment password generation according to an exemplary embodiment, as shown in fig. 9, the system including a terminal 600, a server 700, and a calculation module 800.
In the embodiment of the invention, the payment password is calculated through the data interaction between the terminal and the server and between the server and the calculation module. Compared with the prior art that at least one entity payment scrambler is configured for each bank account, the data interaction between the server and the terminal in the application enables the terminal to integrate the functions of the entity payment scrambler of each bank, so that the cost of the entity payment scrambler is saved, the situations that the entity scrambler is lost, stolen and the like in the using process are avoided, and the password payment safety and the payment convenience of a user using a payment password are improved.
Exemplary embodiments of the present invention are specifically illustrated and described above. It is to be understood that the invention is not limited to the precise construction, arrangements, or instrumentalities described herein; on the contrary, the invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (13)

1. A method of payment password generation, the method comprising:
the terminal acquires a calculation element input by a user;
the terminal sends the calculation element to a server, wherein the server has a corresponding relation between a bank account number and a virtual machine number, and the server searches the corresponding virtual machine number according to the bank account number in the calculation element to generate a payment password;
the terminal receives the payment password returned by the server and verifies the payment password by using a verification system;
before the terminal acquires the computing elements input by the user, the method comprises the following steps:
the terminal sends basic information input by a user to the server to acquire the number of the virtual machine distributed by the server;
and the terminal sends the virtual machine number to a verification system so as to issue the virtual machine number and enable the verification system to bind the virtual machine number with a bank account input by a bank teller.
2. The method of claim 1, wherein the terminal sending the virtual machine number to a verification system, comprising:
and the terminal establishes connection with a data loader and sends the virtual machine serial number to a verification system through the data loader in a serial port communication mode.
3. The method of claim 2, wherein the method further comprises:
the terminal receives a virtual machine number returned by the verification system through the data loader and a bank account number bound with the virtual machine number, and sends the virtual machine number and the bank account number bound with the virtual machine number to a server;
the terminal sending the computing element to a server, comprising:
the terminal sends the computing elements including the bank account number input by the user to the server;
the terminal receives the payment password returned by the server and verifies the payment password by using a verification system, and the method comprises the following steps:
and the terminal receives a payment password which is returned by the server and calculated according to the bank account number, and verifies the payment password by using a verification system.
4. A method of payment password generation, the method comprising:
the server receives a calculation element input by a user and sent by a terminal;
the server has a corresponding relation between a bank account number and a virtual machine number, and searches the corresponding virtual machine number according to the bank account number in the calculation element to generate a payment password;
the server sends the payment password to the terminal;
before receiving a computing element input by a user and sent by a terminal, the server comprises:
the server receives basic information input by a user and sent by the terminal, and allocates a virtual machine tool number to the terminal according to the basic information, so that the terminal sends the virtual machine tool number to a verification system to issue the virtual machine tool number, and the verification system binds the virtual machine tool number with a bank account input by a bank teller;
and the server receives the virtual machine number and the bank account number bound with the virtual machine number sent by the terminal.
5. The method of claim 4, wherein the method further comprises:
the server allocates at least one algorithm chip to the number of the virtual machine according to the load information of the algorithm chip integrated in the cipher machine;
the obtaining of the payment password according to the virtual machine number comprises the following steps:
and the server acquires a corresponding algorithm chip according to the virtual machine number and acquires a payment password according to the algorithm chip.
6. The method of claim 5, wherein the obtaining a payment password from the algorithm chip comprises:
when the server obtains a plurality of corresponding algorithm chips according to the virtual machine serial number, selecting the algorithm chip with the minimum load from the algorithm chips, and calculating a payment password according to the calculation element by using the algorithm chip with the minimum load; alternatively, the first and second electrodes may be,
and when the server acquires a corresponding algorithm chip according to the virtual machine number, calculating a payment password according to the calculation element by using the algorithm chip.
7. A method of payment password generation, the method comprising:
the terminal acquires a calculation element input by a user;
the terminal sends the computing element to a server;
the server receives the computing element sent by the terminal;
the server has a corresponding relation between a bank account number and a virtual machine number, and searches the corresponding virtual machine number according to the bank account number in the calculation element to generate a payment password;
the server sends the payment password to the terminal;
the terminal receives the payment password returned by the server and verifies the payment password by using a verification system;
before the terminal acquires the computing elements input by the user, the method comprises the following steps:
the terminal sends basic information input by a user to the server to acquire the number of the virtual machine distributed by the server;
and the terminal sends the virtual machine number to a verification system so as to issue the virtual machine number and enable the verification system to bind the virtual machine number with a bank account input by a bank teller.
8. A terminal for payment password generation, the terminal comprising:
the first acquisition module is used for acquiring the calculation elements input by the user;
a first sending module for sending the computing element to a server; the server has a corresponding relation between a bank account number and a virtual machine number, and searches the corresponding virtual machine number according to the bank account number in the computing element to generate a payment password;
the receiving module is used for receiving the payment password returned by the server and verifying the payment password by using a verification system;
wherein, the terminal further includes:
the second acquisition module is used for sending the basic information input by the user to the server so as to acquire the virtual machine number distributed by the server;
and the binding module is used for sending the virtual machine number to a verification system so as to issue the virtual machine number and enable the verification system to bind the virtual machine number with a bank account number input by a bank teller.
9. The terminal of claim 8,
the binding module is also used for establishing connection with a data loader, sending the virtual machine tool number to an authentication system in a serial port communication mode through the data loader so as to issue the virtual machine tool number, and binding the virtual machine tool number and a bank account number input by a bank teller by the authentication system.
10. The terminal of claim 9, wherein the terminal further comprises:
the second sending module is used for receiving the virtual machine number returned by the verification system through the data loader and the bank account number bound with the virtual machine number, and sending the virtual machine number and the bank account number bound with the virtual machine number to the server;
the first sending module is further used for sending the computing elements comprising the bank account number input by the user to the server;
the receiving module is further used for receiving a payment password which is returned by the server and calculated according to the bank account, and verifying the payment password by using a verification system.
11. A server for payment password generation, the server comprising:
the first receiving module is used for receiving the calculation elements input by the user and sent by the terminal;
the server has a corresponding relation between a bank account number and a virtual machine number;
the acquisition module is used for searching the corresponding virtual machine number according to the bank account number in the calculation element and generating a payment password;
the sending module is used for sending the payment password to the terminal;
wherein the server further comprises:
the first allocation module is used for receiving basic information input by a user and sent by the terminal, allocating a virtual machine number to the terminal according to the basic information, so that the terminal sends the virtual machine number to a verification system to issue the virtual machine number, and the verification system binds the virtual machine number with a bank account number input by a bank teller;
and the second receiving module is used for receiving the virtual machine number and the bank account number bound with the virtual machine number, which are sent by the terminal.
12. The server of claim 11, wherein the server further comprises:
the second distribution module is used for distributing at least one algorithm chip to the virtual machine number according to the load information of the algorithm chip integrated in the cipher machine;
the acquisition module is used for acquiring the corresponding algorithm chip according to the virtual machine number and acquiring the payment password according to the algorithm chip.
13. A system for payment cryptogram generation comprising a terminal according to any of claims 8-10, a server according to any of claims 11-12.
CN201710896319.0A 2017-09-28 2017-09-28 Payment password generation method, terminal, server and system Active CN107622395B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710896319.0A CN107622395B (en) 2017-09-28 2017-09-28 Payment password generation method, terminal, server and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710896319.0A CN107622395B (en) 2017-09-28 2017-09-28 Payment password generation method, terminal, server and system

Publications (2)

Publication Number Publication Date
CN107622395A CN107622395A (en) 2018-01-23
CN107622395B true CN107622395B (en) 2020-09-01

Family

ID=61090382

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710896319.0A Active CN107622395B (en) 2017-09-28 2017-09-28 Payment password generation method, terminal, server and system

Country Status (1)

Country Link
CN (1) CN107622395B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102316150A (en) * 2011-04-19 2012-01-11 中国工商银行股份有限公司 Method, server and system for realizing check security verification by mobilephone banking
CN102609842A (en) * 2012-01-19 2012-07-25 上海海基业高科技有限公司 Payment cipher device based on hardware signature equipment, and application method of payment cipher device
CN103346881A (en) * 2013-06-14 2013-10-09 上海海基业高科技有限公司 Cloud computing system of bank payment passwords and application method thereof
CN104144256A (en) * 2014-07-17 2014-11-12 武汉理工大学 Portable password device based on mobile terminal
CN105389702A (en) * 2015-10-16 2016-03-09 陕西海基业高科技实业有限公司 Network payment cipher device system and application method thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102143230A (en) * 2011-04-01 2011-08-03 广州杰赛科技股份有限公司 Method for mini-station to authenticate and log in virtual machine in cloud system and login system
WO2017031343A1 (en) * 2015-08-19 2017-02-23 Shen Winifred Systems and methods for authenticating users accessing a secure network with one-session-only, on-demand login credentials

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102316150A (en) * 2011-04-19 2012-01-11 中国工商银行股份有限公司 Method, server and system for realizing check security verification by mobilephone banking
CN102609842A (en) * 2012-01-19 2012-07-25 上海海基业高科技有限公司 Payment cipher device based on hardware signature equipment, and application method of payment cipher device
CN103346881A (en) * 2013-06-14 2013-10-09 上海海基业高科技有限公司 Cloud computing system of bank payment passwords and application method thereof
CN104144256A (en) * 2014-07-17 2014-11-12 武汉理工大学 Portable password device based on mobile terminal
CN105389702A (en) * 2015-10-16 2016-03-09 陕西海基业高科技实业有限公司 Network payment cipher device system and application method thereof

Also Published As

Publication number Publication date
CN107622395A (en) 2018-01-23

Similar Documents

Publication Publication Date Title
CA3011600C (en) Information transaction infrastructure
CN103581108B (en) Login authentication method, login authentication client, login authentication server and login authentication system
CN101414909B (en) System, method and mobile communication terminal for verifying network application user identification
CN108564353A (en) Payment system based on block chain and method
CN104917807B (en) Resource transfers methods, devices and systems
CN101527634B (en) System and method for binding account information with certificates
CN105900375A (en) Efficient methods for protecting identity in authenticated transmissions
CN108876365A (en) A kind of intelligent contract generating block issue mechanism
CN101405759A (en) Method and apparatus for user centric private data management
CN104462949B (en) The call method and device of a kind of plug-in unit
WO2012146537A1 (en) Method for securely creating a new user identity within an existing cloud account in a cloud system
CN111314066B (en) Block chain-based data transfer method, terminal and computer-readable storage medium
CN109685659B (en) Method for supporting offline transaction of block chain hard wallet and hard wallet
CN114372242A (en) Ciphertext data processing method, authority management server and decryption server
KR20200119671A (en) method of distributing digital content by the amount of issuance, server performing the method, and computer program
KR101120059B1 (en) Billing verifying apparatus, billing apparatus and method for cloud computing environment
WO2018195822A1 (en) Method and device for processing financial terminal transactions, and financial terminal
CN113841206A (en) Event management in a distributed computing system
CN107622395B (en) Payment password generation method, terminal, server and system
CN113962695A (en) Data processing method and device and server
CN109801059B (en) Mobile payment system and mobile payment method
KR100830969B1 (en) Method and System for Implementing Financial Transactions Using OTP
US10762558B1 (en) System, method, and computer program for authorizing a payment using gesture data
CN111415148A (en) Method and device for non-inductive payment, electronic equipment and storage medium
JP2007249690A (en) Member management system, service providing terminal and its method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant