CN109034798B - Electronic payment system, method, apparatus, device and medium based on micro service - Google Patents
Electronic payment system, method, apparatus, device and medium based on micro service Download PDFInfo
- Publication number
- CN109034798B CN109034798B CN201810772428.6A CN201810772428A CN109034798B CN 109034798 B CN109034798 B CN 109034798B CN 201810772428 A CN201810772428 A CN 201810772428A CN 109034798 B CN109034798 B CN 109034798B
- Authority
- CN
- China
- Prior art keywords
- key
- user terminal
- digital certificate
- electronic payment
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses an electronic payment system, a method, a device, equipment and a medium based on micro-service, which are used for improving the safety of the electronic payment service based on the micro-service. A microservice-based electronic payment system comprising: the key server is used for generating an asymmetric public-private key pair; providing a private key of the public-private key pair to a first user terminal generating a digital certificate; providing a public key of the public-private key pair to a second user terminal verifying the digital certificate; the first user terminal is used for generating a digital certificate transmitted between the micro-services by using a private key; sending an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and the electronic payment order to be processed; the second user terminal is used for verifying the digital certificate by utilizing the public key after receiving the electronic payment request; and processing the electronic payment order carried in the electronic payment request after the digital certificate is verified.
Description
Technical Field
The invention relates to the technical field of computers, in particular to an electronic payment system, method, device, equipment and medium based on micro service.
Background
The micro-services are an application constructed by adopting a group of services, the services are independently deployed in different processes, different services are communicated through some lightweight interaction mechanisms, such as RPC (Remote Procedure Call Protocol), HTTP (Hyper Text Transfer Protocol), and the like, the services can be independently expanded and contracted, each service defines a definite boundary, different services can be realized even by adopting different programming languages, and the services are maintained by independent teams.
Compared with the traditional single service, the micro-services are communicated in a network request mode, and once the data processing of the electronic payment process is tampered or easily attacked, the security risk of the electronic payment is caused.
Disclosure of Invention
The embodiment of the application provides an electronic payment system, a method, a device, equipment and a medium based on micro-service, which are used for improving the safety of the electronic payment service based on the micro-service.
The embodiment of the application provides an electronic payment system based on microservice, includes:
the key server is used for generating an asymmetric public-private key pair; providing a private key of the public-private key pair to a first user terminal generating a digital certificate; providing a public key of the public-private key pair to a second user terminal verifying the digital certificate;
the first user terminal is used for deploying a first service for generating a digital certificate and generating the digital certificate transmitted between the micro-services by using the private key; sending an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and the electronic payment order to be processed;
the second user terminal is used for deploying a second service for verifying the digital certificate, and verifying the digital certificate by using the public key after receiving the electronic payment request; and processing the electronic payment order carried in the electronic payment request after the digital certificate is verified.
Optionally, the digital certificate carries a first user identifier of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment;
the second user terminal is used for decrypting the digital certificate by using the public key; and after the decryption is successful, comparing the first user identification with the second user identification, and if the first user identification is the same as the second user identification, determining that the digital certificate is verified.
Optionally, the digital certificate further carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal is used for decrypting the digital certificate by using the public key; after decryption succeeds, the first transaction amount information and the second transaction amount information are compared; determining that the verification of the digital voucher is passed if the first transaction amount information is the same as the second transaction amount information.
Optionally, the key server is further configured to update the generated public-private key pair according to a set period; and providing the updated private key to the first user terminal; and providing the updated public key to the second user terminal.
Optionally, the first user terminal is configured to send a first key acquisition request to the key server, where the first key acquisition request carries a first service identifier of a first service;
the second user terminal is configured to send a second key acquisition request to the key server, where the second key acquisition request carries a second service identifier of a second service;
the key server is used for searching a key type corresponding to the first service identifier from the corresponding relation between the service identifier stored in the key server and the key type according to the received first service identifier, and returning a key of a corresponding type to the first user terminal according to the searched key type; and searching a key type corresponding to the second service identifier from the corresponding relation between the service identifier stored in the second service identifier and the key type according to the received second service identifier, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key.
The embodiment of the application provides an electronic payment method based on micro service, which comprises the following steps:
a first user terminal generates a digital certificate transmitted between micro services by using a private key provided by a key server, wherein a first service for generating the digital certificate is deployed on the first user terminal;
the first user terminal sends an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and an electronic payment order to be processed, and a second service for verifying the digital certificate is deployed on the second user terminal;
the second user terminal verifies the digital certificate by using the public key provided by the key server;
and after the second user terminal determines that the verification is passed, processing the electronic payment order carried in the electronic payment request.
Optionally, the digital certificate carries a first user identifier of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first user identification is different from the second user identification, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the digital certificate further carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails.
The electronic payment method based on the micro service provided by the embodiment of the application further comprises the following steps:
and the key server updates the generated public and private key pair according to a set period, provides the updated private key for the first user terminal and provides the updated public key for the second user terminal.
Optionally, before the first user terminal generates the digital certificate transferred between the microservices by using a private key provided by the key server, the method further includes:
the first user terminal sends a first key obtaining request by the key server, wherein the first key obtaining request carries a first service identifier of a first service;
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
the key server searches a key type corresponding to a first service identifier from a corresponding relation between the service identifier and the key type stored in the key server according to the received first service identifier, and returns a key of a corresponding type to the first user terminal according to the searched key type; and searching a key type corresponding to the second service identifier from the corresponding relation between the service identifier stored in the second service identifier and the key type according to the received second service identifier, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key.
The embodiment of the application provides another electronic payment method based on micro service, which comprises the following steps:
a second user terminal receives an electronic payment request sent by a first user terminal, wherein the electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on the second user terminal, the digital certificate is generated by the first user terminal by using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
the second user terminal verifies the digital certificate by using the public key provided by the key server;
and after the second user terminal determines that the verification is passed, processing the electronic payment order carried in the electronic payment request.
Optionally, the digital certificate carries a first user identifier of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first user identification is different from the second user identification, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the digital certificate further carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails.
Optionally, before the second user terminal receives the electronic payment request sent by the first user terminal, the method further includes:
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
and the second user terminal receives the key returned by the key server, wherein the key is the key of the corresponding type searched by the key server from the corresponding relation between the stored service identifier and the key type according to the second service identifier.
The embodiment of the application provides an electronic payment device based on micro service, includes:
the system comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving an electronic payment request sent by a first user terminal, the electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on the second user terminal, the digital certificate is generated by the first user terminal by using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
the verification unit is used for verifying the digital certificate by using a public key provided by the key server;
and the processing unit is used for processing the electronic payment order carried in the electronic payment request after the verification is determined to pass according to the verification result of the verification unit.
Optionally, the digital certificate carries a first user identifier of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; and
the device, still include:
the first decryption unit is used for decrypting the digital certificate by using the public key;
the first comparison unit is used for comparing the first user identifier with the second user identifier after the first decryption unit successfully decrypts the first user identifier;
the first determining unit is used for determining that the digital certificate is verified by the second user terminal if the first user identifier is the same as the second user identifier according to the comparison result of the first comparing unit; and if the first decryption unit fails to decrypt or the first user identifier is determined to be different from the second user identifier according to the comparison result of the first comparison unit, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the digital certificate further carries first transaction amount information; the electronic payment order also carries second transaction amount information; and
the device, still include:
the second decryption unit is used for decrypting the digital certificate by using the public key;
the second comparison unit is used for comparing the first transaction amount information with the second transaction amount information if the second decryption unit succeeds in decryption;
the second processing unit is used for determining that the verification of the digital certificate is passed by the second user terminal if the first transaction amount information is the same as the second transaction amount information according to the comparison result of the second comparing unit; and if the second decryption unit fails to decrypt or the first transaction amount information is determined to be different from the second transaction amount information according to the comparison result of the second comparison unit, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the electronic payment device based on microservice provided in the embodiment of the present application further includes:
a sending unit, configured to send a second key acquisition request to the key server before the first receiving unit receives the electronic payment request sent by the first user terminal, where the second key acquisition request carries a second service identifier of a second service;
and the second receiving unit is used for receiving the key returned by the key server, wherein the key is a key of a corresponding type searched by the key server from the corresponding relation between the stored service identifier and the key type according to the second service identifier.
An embodiment of the present application provides an electronic device, including at least one processor; and a memory; wherein the memory stores a program executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform any of the above-described microservice-based electronic payment methods.
Embodiments of the present application provide a non-volatile computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions may execute any one of the above electronic payment methods based on microservices.
In the electronic payment system, the method, the device, the equipment and the medium based on the micro-services, the key server generates a company key pair, a private key in the company key pair is provided for the micro-services generating the digital certificate, and a public key in the company key pair is provided for the micro-services verifying the digital certificate, so that the digital certificate encrypted by the private key can be transmitted between the micro-services, when each micro-service needs to process an electronic payment order, the public key is firstly used for verifying the digital verification, if the verification is passed, the received electronic payment order is determined to be legal and can be processed, and if the verification is not passed, the received electronic payment order is indicated to have the risk of being tampered, the processing is rejected, and the safety of the electronic payment process can be ensured.
Drawings
One or more embodiments are illustrated by way of example in the accompanying drawings, which correspond to the figures in which like reference numerals refer to similar elements and which are not to scale unless otherwise specified.
FIG. 1 is a schematic structural diagram of a microservice-based electronic payment system in an embodiment of the present application;
FIG. 2 is a schematic flow chart illustrating a first electronic payment method based on microservice in the embodiment of the present application;
FIG. 3 is a schematic flowchart illustrating an implementation of a second electronic payment method based on microservice in an embodiment of the present application;
FIG. 4 is a schematic structural diagram of an electronic payment device based on microservices in an embodiment of the application;
fig. 5 is a schematic structural diagram of an electronic device in the embodiment of the present application.
Detailed Description
In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be clearly and completely described below through embodiments with reference to the accompanying drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments.
Example one
As shown in fig. 1, which is a schematic structural diagram of a microservice-based electronic payment system provided in an embodiment of the present application, including:
a key server 11 for generating an asymmetric public-private key pair; providing a private key of the public-private key pair to a first user terminal generating a digital certificate; providing a public key of the public-private key pair to a second user terminal verifying the digital certificate;
the first user terminal 12 is used for deploying a first service for generating a digital certificate, and generating the digital certificate transmitted between the microservices by using the private key; sending an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and a to-be-processed electronic payment order;
the second user terminal 13 is configured to deploy a second service for verifying a digital certificate, and verify the digital certificate by using the public key after receiving the electronic payment request; and processing the electronic payment order carried in the electronic payment request after the digital certificate is verified.
In order to improve the security of the electronic payment process, in the embodiment of the present application, besides transmitting an electronic payment order between loosely coupled micro-services, a digital voucher needs to be generated while generating the electronic payment order, the digital voucher is transmitted between each related micro-service along with the processing of the electronic payment order, before each micro-service processes a received electronic payment order, the received digital voucher is firstly verified, if the verification is passed, the received electronic payment order is continuously processed, and if the verification fails, it is indicated that a certain security risk exists in the received electronic payment order, the received electronic payment order is rejected from being processed.
In particular implementations, the key used to generate the digital voucher and the key used to authenticate the digital voucher may be generated and controlled by a key server. In order to further improve the security of the electronic payment order, an asymmetric key system is adopted in the embodiment of the present application, that is, the key for generating the digital certificate is different from the key for verifying the digital certificate. Specifically, a public-private key pair may be generated by the key server according to an asymmetric key algorithm, a private key thereof may be provided to a first user terminal deploying the microservice for generating the digital certificate, and a public key thereof may be provided to a second user terminal deploying the verification digital certificate.
In specific implementation, the key server can distinguish a first service for generating the digital certificate and a second service for verifying the electronic certificate according to the service identifier, so that when different services initiate key acquisition requests, the key server can return keys of corresponding types according to the service identifier.
In one embodiment, the key server may pre-store the correspondence between the service identification and the key type, as shown in table 1:
TABLE 1
Based on this, in specific implementation, the first user terminal may be configured to send a first key acquisition request to the key server, where the first key acquisition request carries a first service identifier of a first service;
the second user terminal is configured to send a second key acquisition request to the key server, where the second key acquisition request carries a second service identifier of a second service;
the key server is used for searching a key type corresponding to the first service identifier from the corresponding relation between the service identifier stored in the key server and the key type according to the received first service identifier, and returning a key of a corresponding type to the first user terminal according to the searched key type; and searching a key type corresponding to the second service identifier from the corresponding relation between the service identifier stored in the second service identifier and the key type according to the received second service identifier, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key.
In specific implementation, the key server can be further configured to update the generated public and private key pair according to a set period; and providing the updated private key to the first user terminal; and providing the updated public key to the second user terminal.
In specific implementation, the digital certificate may carry a first user identifier of the user initiating the electronic payment, and the electronic payment order carries a second user identifier of the user initiating the electronic payment, so that the second user terminal may be used to decrypt the digital certificate by using the public key; and after the decryption is successful, comparing the first user identification with the second user identification, and if the first user identification is the same as the second user identification, determining that the digital certificate is verified. Determining that the digital credential failed to be verified if the decryption failed or the first user identification is different from the second user identification.
In another embodiment, the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal is used for decrypting the digital certificate by using the public key; after decryption is successful, comparing the first transaction amount information with the second transaction amount information; and if the first transaction amount information is the same as the second transaction amount information, determining that the digital certificate is verified. And if the decryption fails or the first transaction amount information is different from the second transaction amount information, determining that the digital certificate fails to be verified.
For example, for electronic payment with a payment amount of 10 yuan, a digital certificate is generated while an electronic payment order is generated, the digital certificate carries a payment amount of 10 yuan, when a subsequent micro service receives an electronic payment order sent by a previous-stage micro service, the digital certificate is decrypted by using a public key first, if the decryption is successful, whether the payment amount in the electronic payment order is consistent with the payment amount carried in the digital certificate is compared, if the decryption is successful, the electronic payment order is processed continuously, and if the decryption is inconsistent with the payment amount carried in the digital certificate, it is indicated that the received electronic payment order may have been tampered, and the processing may be refused, so as to ensure the security of an electronic payment process.
Based on the same technical concept, an embodiment of the present application further provides an electronic payment method based on microservice, as shown in fig. 2, which may include the following steps:
and S21, the first user terminal generates the digital certificate transmitted between the micro-services by using the private key provided by the key server.
Wherein a first service for generating a digital voucher is deployed on the first user terminal.
And S22, the first user terminal sends an electronic payment request to the second user terminal.
Wherein the electronic payment request carries the digital certificate and the electronic payment order to be processed, and the second user terminal is deployed with a second service for verifying the digital certificate
And S23, the second user terminal verifies the digital certificate by using the public key provided by the key server.
And S24, after the second user terminal determines that the verification is passed, processing the electronic payment order carried in the electronic payment request.
In one embodiment, the digital voucher carries a first user identification of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first user identification is different from the second user identification, the second user terminal determines that the verification of the digital certificate fails.
In another embodiment, the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the key server updates the generated public and private key pair according to a set period, provides the updated private key to the first user terminal, and provides the updated public key to the second user terminal.
Optionally, before the first user terminal generates the digital certificate transferred between the microservices by using a private key provided by the key server, the method further includes:
the first user terminal sends a first key obtaining request by the key server, wherein the first key obtaining request carries a first service identifier of a first service;
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
the key server searches a key type corresponding to the first service identifier from the corresponding relation between the service identifier stored in the key server and the key type according to the received first service identifier, and returns a key of a corresponding type to the first user terminal according to the searched key type; and searching a key type corresponding to the second service identifier from the corresponding relation between the service identifier stored in the second service identifier and the key type according to the received second service identifier, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key.
Based on the same technical concept, the embodiment of the present application further provides another electronic payment method based on microservice, as shown in fig. 3, which may include the following steps:
and S31, the second user terminal receives the electronic payment request sent by the first user terminal.
The electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on the second user terminal, the digital certificate is generated by the first user terminal by using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
and S32, the second user terminal verifies the digital certificate by using the public key provided by the key server.
And S33, after the second user terminal determines that the verification is passed, processing the electronic payment order carried in the electronic payment request.
In one embodiment, the digital voucher carries a first user identifier of a user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first user identification is different from the second user identification, the second user terminal determines that the verification of the digital certificate fails.
In another embodiment, the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
and if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails.
Optionally, before the second user terminal receives the electronic payment request sent by the first user terminal, the method further includes:
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
and the second user terminal receives the key returned by the key server, wherein the key is the key of the corresponding type searched by the key server from the corresponding relation between the stored service identifier and the key type according to the second service identifier.
Based on the same technical concept, an embodiment of the present application further provides an electronic payment apparatus based on microservice, as shown in fig. 4, which may include:
a first receiving unit 41, configured to receive an electronic payment request sent by a first user terminal, where the electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on the second user terminal, the digital certificate is generated by the first user terminal using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
a verification unit 42, configured to verify the digital certificate by using a public key provided by the key server;
and the processing unit 43 is configured to process the electronic payment order carried in the electronic payment request after the verification is determined to pass according to the verification result of the verification unit.
Optionally, the digital certificate carries a first user identifier of the user initiating the electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; and
the device, still include:
the first decryption unit is used for decrypting the digital certificate by using the public key;
the first comparison unit is used for comparing the first user identifier with the second user identifier after the first decryption unit successfully decrypts the first user identifier;
the first determining unit is used for determining that the digital certificate is verified by the second user terminal if the first user identifier is the same as the second user identifier according to the comparison result of the first comparing unit; and if the first decryption unit fails to decrypt or the first user identifier is determined to be different from the second user identifier according to the comparison result of the first comparison unit, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the digital certificate further carries first transaction amount information; the electronic payment order also carries second transaction amount information; and
the device, still include:
the second decryption unit is used for decrypting the digital certificate by using the public key;
the second comparison unit is used for comparing the first transaction amount information with the second transaction amount information if the second decryption unit succeeds in decryption;
the second processing unit is used for determining that the verification of the digital certificate is passed by the second user terminal if the first transaction amount information is the same as the second transaction amount information according to the comparison result of the second comparing unit; and if the second decryption unit fails to decrypt or the first transaction amount information is determined to be different from the second transaction amount information according to the comparison result of the second comparison unit, the second user terminal determines that the verification of the digital certificate fails.
Optionally, the electronic payment device based on microservice provided in the embodiment of the present application further includes:
a sending unit, configured to send a second key acquisition request to the key server before the first receiving unit receives the electronic payment request sent by the first user terminal, where the second key acquisition request carries a second service identifier of a second service;
and the second receiving unit is used for receiving the key returned by the key server, wherein the key is a key of a corresponding type searched by the key server from the corresponding relation between the stored service identifier and the key type according to the second service identifier.
Fig. 5 is a schematic hardware structure diagram of an electronic device for executing an electronic payment method based on microservice according to an embodiment of the present application, where, as shown in fig. 5, the electronic device includes:
one or more processors 510 and memory 520, with one processor 510 being an example in fig. 5.
The apparatus for performing the micro-service based electronic payment method may further include: an input device 530 and an output device 540.
The processor 510, the memory 520, the input device 530, and the output device 540 may be connected by a bus or other means, and the bus connection is exemplified in fig. 5.
The memory 520, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and units, such as program instructions/units (e.g., the first receiving unit 41, the verification unit 42, and the processing unit 430 shown in fig. 4) corresponding to the electronic payment method based on the micro service in the embodiment of the present application. The processor 510 executes various functional applications of the server and data processing by operating non-volatile software programs, instructions and units stored in the memory 520, namely, implements the electronic payment method based on microservices of the above method embodiments.
The memory 520 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the micro service-based electronic payment device, and the like. Further, the memory 520 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 520 may optionally include memory remotely located from processor 510, which may be connected to a microservice-based electronic payment device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 530 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the micro service-based electronic payment device. The output device 540 may include a display device such as a display screen.
The one or more units are stored in the memory 520 and, when executed by the one or more processors 510, perform the microservice-based electronic payment method of any of the above-described method embodiments.
The product can execute the method provided by the embodiment of the application, and has corresponding functional units and beneficial effects of the execution method. For technical details that are not described in detail in this embodiment, reference may be made to the methods provided in the embodiments of the present application.
The electronic device of the embodiments of the present application exists in various forms, including but not limited to:
(1) mobile communication devices, which are characterized by mobile communication capabilities and are primarily targeted at providing voice and data communications. Such terminals include smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) The ultra-mobile personal computer equipment belongs to the category of personal computers, has the functions of calculation and processing, and generally has the mobile internet access characteristic. Such terminals include PDA, MID, and UMPC devices, such as ipads.
(3) Portable entertainment devices such devices may display and play multimedia content. Such devices include audio and video players (e.g., ipods), handheld game consoles, electronic books, as well as smart toys and portable car navigation devices.
(4) The server is similar to a general computer architecture, but has higher requirements on processing capability, stability, reliability, safety, expandability, manageability and the like because of the need of providing highly reliable services.
(5) And other electronic devices with data interaction functions.
Embodiments of the present application provide a non-volatile computer storage medium, where computer-executable instructions are stored, and the computer-executable instructions may execute the electronic payment method based on microservice in any of the above method embodiments.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. Based on such understanding, the above technical solutions substantially or contributing to the related art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present application.
Claims (6)
1. A microservice-based electronic payment system, comprising:
the key server is used for generating an asymmetric public-private key pair; providing a private key of the public-private key pair to a first user terminal generating a digital certificate; providing a public key of the public-private key pair to a second user terminal verifying the digital certificate;
the first user terminal is used for deploying a first service for generating a digital certificate and generating the digital certificate transmitted between the micro-services by using the private key; sending an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and the electronic payment order to be processed;
the second user terminal is used for deploying a second service for verifying the digital certificate, and verifying the digital certificate by using the public key after receiving the electronic payment request; after the digital certificate is verified, processing an electronic payment order carried in the electronic payment request;
the digital certificate carries a first user identification of a user initiating electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; generating a digital voucher while generating an electronic payment order; the digital voucher carries money amount information;
the second user terminal is used for decrypting the digital certificate by using the public key; after decryption is successful, comparing the first user identification with the second user identification, and if the first user identification is the same as the second user identification, determining that the digital certificate is verified;
the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal is used for decrypting the digital certificate by using the public key; after decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, determining that the digital certificate is verified;
the first user terminal is configured to send a first key acquisition request to the key server, where the first key acquisition request carries a first service identifier of a first service;
the second user terminal is configured to send a second key acquisition request to the key server, where the second key acquisition request carries a second service identifier of a second service;
the key server is further used for searching a key type corresponding to the first service identifier from the corresponding relation between the service identifier stored in the key server and the key type according to the received first service identifier, and returning a key of a corresponding type to the first user terminal according to the searched key type; according to the received second service identification, searching a key type corresponding to the second service identification from the corresponding relation between the service identification and the key type stored in the second service identification, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key;
the key server is also used for updating the generated public and private key pair according to a set period; and providing the updated private key to the first user terminal; and providing the updated public key to the second user terminal.
2. A microservice-based electronic payment method, comprising:
a first user terminal generates a digital certificate transmitted between micro services by using a private key provided by a key server, wherein a first service for generating the digital certificate is deployed on the first user terminal;
the first user terminal sends an electronic payment request to a second user terminal, wherein the electronic payment request carries the digital certificate and an electronic payment order to be processed, and a second service for verifying the digital certificate is deployed on the second user terminal;
the second user terminal verifies the digital certificate by using the public key provided by the key server;
after the second user terminal determines that the verification is passed, processing an electronic payment order carried in the electronic payment request;
the digital certificate carries a first user identification of a user initiating electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; generating a digital voucher while generating an electronic payment order; the digital voucher carries money amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
if the decryption fails or the first user identifier is different from the second user identifier, the second user terminal determines that the verification of the digital certificate fails;
the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails;
before the first user terminal generates the digital certificate transferred between the microservices by using the private key provided by the key server, the method further comprises the following steps:
the first user terminal sends a first key obtaining request by the key server, wherein the first key obtaining request carries a first service identifier of a first service;
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
the key server searches a key type corresponding to the first service identifier from the corresponding relation between the service identifier stored in the key server and the key type according to the received first service identifier, and returns a key of a corresponding type to the first user terminal according to the searched key type; searching a key type corresponding to the second service identifier from the corresponding relation between the service identifier stored in the second service identifier and the key type according to the received second service identifier, and returning a key of a corresponding type to the second user terminal according to the searched key type, wherein the key type comprises a public key or a private key;
and the key server updates the generated public and private key pair according to a set period, provides the updated private key for the first user terminal and provides the updated public key for the second user terminal.
3. A microservice-based electronic payment method, comprising:
a second user terminal receives an electronic payment request sent by a first user terminal, wherein the electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on the second user terminal, the digital certificate is generated by the first user terminal by using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
the second user terminal verifies the digital certificate by using the public key provided by the key server;
after the second user terminal determines that the verification is passed, processing an electronic payment order carried in the electronic payment request;
the digital certificate carries a first user identification of a user initiating electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; generating a digital voucher while generating the electronic payment order; the digital voucher carries money amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first user identification with the second user identification;
if the first user identification is the same as the second user identification, the second user terminal determines that the digital certificate is verified;
if the decryption fails or the first user identifier is different from the second user identifier, the second user terminal determines that the verification of the digital certificate fails;
the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information;
the second user terminal judges whether the digital certificate passes the verification according to the following procedures:
the second user terminal decrypts the digital certificate by using the public key;
if the decryption is successful, comparing the first transaction amount information with the second transaction amount information; if the first transaction amount information is the same as the second transaction amount information, the second user terminal determines that the digital certificate is verified;
if the decryption fails or the first transaction amount information is different from the second transaction amount information, the second user terminal determines that the verification of the digital certificate fails;
before the second user terminal receives the electronic payment request sent by the first user terminal, the method further comprises the following steps:
the second user terminal sends a second key obtaining request to the key server, wherein the second key obtaining request carries a second service identifier of a second service;
the second user terminal receives a key returned by the key server, wherein the key is a key of a corresponding type searched by the key server from the corresponding relation between the stored service identifier and the key type according to the second service identifier; the key server is also used for updating the generated public and private key pair according to a set period; and providing the updated private key to the first user terminal; and providing the updated public key to the second user terminal.
4. A microservice-based electronic payment device, comprising:
the system comprises a first receiving unit, a second receiving unit and a third receiving unit, wherein the first receiving unit is used for receiving an electronic payment request sent by a first user terminal, the electronic payment request carries a digital certificate and an electronic payment order to be processed, a second service for verifying the digital certificate is deployed on a second user terminal, the digital certificate is generated by the first user terminal by using a private key provided by a key server, and a first service for generating the digital certificate is deployed on the first user terminal;
the verification unit is used for verifying the digital certificate by using a public key provided by the key server;
the processing unit is used for processing the electronic payment order carried in the electronic payment request after the verification is determined to pass according to the verification result of the verification unit;
the digital certificate carries a first user identification of a user initiating electronic payment; the electronic payment order carries a second user identification of the user initiating the electronic payment; generating a digital voucher while generating an electronic payment order; the digital voucher carries money amount information; and
the device, still include:
the first decryption unit is used for decrypting the digital certificate by using the public key;
the first comparison unit is used for comparing the first user identifier with the second user identifier after the first decryption unit successfully decrypts the first user identifier;
the first determining unit is used for determining that the digital certificate is verified by the second user terminal if the first user identifier is the same as the second user identifier according to the comparison result of the first comparing unit; and if the first decryption unit fails to decrypt or the first user identifier is determined to be different from the second user identifier according to the comparison result of the first comparison unit, the second user terminal determines that the verification of the digital certificate fails; the digital certificate also carries first transaction amount information; the electronic payment order also carries second transaction amount information; and
the device, still include:
the second decryption unit is used for decrypting the digital certificate by using the public key;
the second comparison unit is used for comparing the first transaction amount information with the second transaction amount information if the second decryption unit succeeds in decryption;
the second processing unit is used for determining that the verification of the digital certificate is passed by the second user terminal if the first transaction amount information is the same as the second transaction amount information according to the comparison result of the second comparing unit; and if the second decryption unit fails in decryption or the first transaction amount information and the second transaction amount information are determined to be different according to the comparison result of the second comparison unit, the second user terminal determines that the verification of the digital certificate fails; a sending unit, configured to send a second key acquisition request to the key server before the first receiving unit receives the electronic payment request sent by the first user terminal, where the second key acquisition request carries a second service identifier of a second service;
a second receiving unit, configured to receive a key returned by the key server, where the key is a key of a corresponding type that is searched by the key server from a correspondence between a service identifier and a key type stored in the key server according to the second service identifier;
the key server updates the generated public and private key pair according to a set period; and providing the updated private key to the first user terminal; and providing the updated public key to the second user terminal.
5. An electronic device, comprising: at least one processor; and a memory; wherein the memory stores a program executable by the at least one processor, and the instructions are executable by the at least one processor to enable the at least one processor to perform the steps of the method of any one of claims 2 to 3.
6. A non-transitory computer storage medium storing computer-executable instructions for performing the steps of the method of any one of claims 2 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810772428.6A CN109034798B (en) | 2018-07-13 | 2018-07-13 | Electronic payment system, method, apparatus, device and medium based on micro service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810772428.6A CN109034798B (en) | 2018-07-13 | 2018-07-13 | Electronic payment system, method, apparatus, device and medium based on micro service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109034798A CN109034798A (en) | 2018-12-18 |
| CN109034798B true CN109034798B (en) | 2022-09-09 |
Family
ID=64642882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810772428.6A Active CN109034798B (en) | 2018-07-13 | 2018-07-13 | Electronic payment system, method, apparatus, device and medium based on micro service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109034798B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112422475B (en) * | 2019-08-20 | 2022-12-09 | 阿里巴巴(北京)软件服务有限公司 | Service authentication method, device, system and storage medium |
| CN112862559A (en) * | 2019-11-28 | 2021-05-28 | 深圳富桂精密工业有限公司 | Micro-service online ordering system and method |
| CN111835774B (en) * | 2020-07-15 | 2022-09-30 | 建信金融科技有限责任公司 | Data processing method, device, equipment and storage medium |
| CN113014670B (en) * | 2021-03-25 | 2023-04-07 | 上海盛付通电子支付服务有限公司 | Method, device, medium and program product for pushing order information |
| CN115760082B (en) * | 2022-11-23 | 2024-05-17 | 中国银联股份有限公司 | Digital payment processing method, device, equipment, system and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836664A (en) * | 2015-03-27 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Method for executing business processing, device for executing business processing and system for executing business processing |
| CN106790080A (en) * | 2016-12-22 | 2017-05-31 | 深圳新众诚科技有限公司 | Secure communication of network method and apparatus between operation system and electronic certificate system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052601B (en) * | 2013-12-30 | 2017-08-11 | 国家电网公司 | A kind of Key-insulated label decryption method |
| CN103839157A (en) * | 2014-02-25 | 2014-06-04 | 中国联合网络通信集团有限公司 | Electronic payment method, device and system |
| EP3251067A4 (en) * | 2015-01-27 | 2018-08-01 | Ent. Services Development Corporation LP | Virtual point of sale |
| CN107798517A (en) * | 2016-08-31 | 2018-03-13 | 深圳市银信网银科技有限公司 | Bill payment method, apparatus and system |
-
2018
- 2018-07-13 CN CN201810772428.6A patent/CN109034798B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104836664A (en) * | 2015-03-27 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Method for executing business processing, device for executing business processing and system for executing business processing |
| CN106790080A (en) * | 2016-12-22 | 2017-05-31 | 深圳新众诚科技有限公司 | Secure communication of network method and apparatus between operation system and electronic certificate system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109034798A (en) | 2018-12-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109034798B (en) | Electronic payment system, method, apparatus, device and medium based on micro service | |
| CN111079103B (en) | Identity authentication method and equipment | |
| US11308196B2 (en) | Authentication of a device | |
| US11265319B2 (en) | Method and system for associating a unique device identifier with a potential security threat | |
| US11521203B2 (en) | Generating a cryptographic key based on transaction data of mobile payments | |
| US8589667B2 (en) | Booting and configuring a subsystem securely from non-local storage | |
| US9038157B1 (en) | Method and apparatus for integrating a dynamic token generator into a mobile device | |
| JP2021507555A (en) | Blockchain-based smart contract activation methods and devices, as well as electronic devices | |
| KR20150132471A (en) | Secure mobile payment using media binding | |
| WO2019239591A1 (en) | Authentication system, authentication method, application provision device, authentication device, and authentication program | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN107925868A (en) | A kind of method for remote management and equipment | |
| KR20180034563A (en) | A data processing method and system, and a wearable electronic device | |
| CN108616352B (en) | Dynamic password generation method and system based on secure element | |
| CN111404695B (en) | Token request verification method and device | |
| CN109768977A (en) | Streaming medium data processing method, device and relevant device and medium | |
| WO2019115393A1 (en) | Method for authenticating a user based on an image relation rule and corresponding first user device, server and system | |
| CN111723889A (en) | Code scanning login method, graphic code display method, device, equipment and storage medium | |
| CN108460251B (en) | Method, device and system for running application program | |
| EP4037250A1 (en) | Message transmitting system with hardware security module | |
| JP2018028786A (en) | Information processing apparatus, information processing program, information processing method, and information processing system | |
| CN110602700B (en) | Seed key processing method and device and electronic equipment | |
| US11425122B2 (en) | System and method for providing a configuration file to client devices | |
| KR101971428B1 (en) | Contents exchange method based on interaction between users and system performing the same | |
| WO2017206401A1 (en) | Video decryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |