CN111047313A - Code scanning payment, information sending and key management method, device and equipment - Google Patents
Code scanning payment, information sending and key management method, device and equipment Download PDFInfo
- Publication number
- CN111047313A CN111047313A CN202010171355.2A CN202010171355A CN111047313A CN 111047313 A CN111047313 A CN 111047313A CN 202010171355 A CN202010171355 A CN 202010171355A CN 111047313 A CN111047313 A CN 111047313A
- Authority
- CN
- China
- Prior art keywords
- information
- key
- access address
- merchant
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3276—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The embodiment of the specification discloses a method, a device and equipment for code scanning payment, information sending in a payment process, generation of a collection code and key management. The scheme comprises the following steps: the terminal acquires code image information; analyzing the code image information to obtain first identification information contained in the code image information; sending a key acquisition request to a key management system based on the first identification information; acquiring a key fed back by the key management system based on the key acquisition request; acquiring encrypted access address information of the acquiring mechanism stored in the block link point; decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information; and paying based on the acquirer access address information.
Description
Technical Field
The application relates to the technical field of computers, in particular to a method, a device and equipment for code scanning payment, information sending in the payment process, generation of a collection code and key management.
Background
In the prior art, electronic payment has been widely used in various fields. In particular, a method of performing code scanning payment by using a two-dimensional code or other code images is widespread. In practical application, each merchant can display the two-dimensional code of the merchant at the position where the merchant collects money, and a consumer can complete payment through scanning the two-dimensional code.
With the evolution of payment technology, one two-dimensional code can support the payment channels of a plurality of payment institutions. That is, after scanning a two-dimensional code, the user may select a payment channel a (e.g., a certain bank) for payment, or may select a payment channel B (e.g., an electronic wallet of a certain platform) for payment. In order to enable a two-dimensional code to support a plurality of payment channels, information of a plurality of payment channels supported by a merchant needs to be stored in a node of a payment network at the same time. The payment channel information belongs to privacy information for merchants or payment institutions.
However, how to protect the privacy information related in the code scanning payment process from the data perspective is an urgent technical problem to be solved.
Disclosure of Invention
In view of this, embodiments of the present application provide a code scanning payment method, an information sending method, a generation method of a cash register code, and a key management method, an apparatus, and a device in a payment process, which are used to protect privacy information related to the code scanning payment process from a data perspective.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
the code scanning payment method provided by the embodiment of the specification comprises the following steps: the terminal acquires code image information; analyzing the code image information to obtain first identification information contained in the code image information; sending a key acquisition request to a key management system based on the first identification information; acquiring a key fed back by the key management system based on the key acquisition request; acquiring encrypted access address information of the acquiring mechanism stored in the block link point; decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information; and paying based on the acquirer access address information.
An information sending method in a payment process provided by an embodiment of the present specification includes: a block chain node acquires an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer; searching corresponding encrypted acquirer access address information based on the information acquisition request; and sending the searched encrypted access address information of the acquirer to the terminal.
The method for generating a cash register code provided by the embodiment of the specification comprises the following steps: a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a collection code; acquiring a decentralized identity of the first terminal; sending the decentralized identity to a block chain node stored with a decentralized identity document; acquiring merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity; generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
An embodiment of the present specification provides a key management method, including: acquiring a key acquisition request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism; generating a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and sending the key to the terminal.
The code scanning payment device that this specification embodiment provided includes: the code image information acquisition module is used for acquiring code image information; the code image information analysis module is used for analyzing the code image information to obtain first identification information contained in the code image information; a key obtaining request sending module, configured to send a key obtaining request to a key management system based on the first identification information; the key obtaining module is used for obtaining a key fed back by the key management system based on the key obtaining request; the ciphertext information acquisition module is used for acquiring encrypted access address information of the acquiring mechanism stored in the block chain link point; the ciphertext information decryption module is used for decrypting the encrypted acquirer access address information by adopting the secret key to obtain acquirer access address information; and the payment module is used for carrying out payment based on the access address information of the acquirer.
An information sending apparatus in a payment process provided in an embodiment of the present specification includes: the request acquisition module is used for acquiring an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer; the information searching module is used for searching the corresponding encrypted access address information of the acquirer based on the information acquisition request; and the information sending module is used for sending the searched encrypted access address information of the acquirer to the terminal.
An apparatus for generating a cash register code provided in an embodiment of the present specification includes: the instruction acquisition module is used for acquiring a first instruction; the first instruction is used for instructing the first terminal to generate a collection code; a decentralized identity acquisition module, configured to acquire a decentralized identity of the first terminal; the decentralized identity sending module is used for sending the decentralized identity to the block chain link points stored with the decentralized identity documents; the merchant information acquisition module is used for acquiring merchant information inquired from the decentralized identity document by the block chain link point based on the decentralized identity; the cash register code generating module is used for generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
An embodiment of the present specification provides a key management apparatus, including: the request receiving module is used for acquiring a key acquisition request sent by the terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism; a key generation module, configured to generate a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and the key sending module is used for sending the key to the terminal.
The code scanning payment device that this specification embodiment provided includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the code-scanning payment device to: acquiring code image information; analyzing the code image information to obtain first identification information contained in the code image information; sending a key acquisition request to a key management system based on the first identification information; acquiring a key fed back by the key management system based on the key acquisition request; acquiring encrypted access address information of the acquiring mechanism stored in the block link point; decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information; and paying based on the acquirer access address information.
An information sending device in a payment process provided by an embodiment of the present specification includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable an information sending device in the payment process to: acquiring an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer; searching corresponding encrypted acquirer access address information based on the information acquisition request; and sending the searched encrypted access address information of the acquirer to the terminal.
An apparatus for generating a cash register code provided in an embodiment of the present specification includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the checkout code generating device to: a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a collection code; acquiring a decentralized identity of the first terminal; sending the decentralized identity to a block chain node stored with a decentralized identity document; acquiring merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity; generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
An embodiment of the present specification provides a key management device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the key management device to: acquiring a key acquisition request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism; generating a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and sending the key to the terminal.
The embodiment of the specification adopts at least one technical scheme which can achieve the following beneficial effects:
the encrypted access address information of the acquiring mechanism is stored in the block chain nodes, and the block chain nodes cannot analyze and obtain the privacy data of a certain merchant or a certain payment mechanism based on the data corresponding to the merchant or the payment mechanism stored in the block chain nodes because the block chain nodes are stored in a ciphertext mode, so that the data privacy of the merchant and the payment mechanism is ensured, and the safety of the information stored in the regional block chain nodes can be ensured. In addition, the key management system is used for managing the key, so that the security of the key is guaranteed. Therefore, the privacy information related in the code scanning payment process is protected from the data perspective.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic flowchart of a code scanning payment method provided in an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of an information sending method in a payment process according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a method for generating a cash register according to an embodiment of the present disclosure;
fig. 4 is a schematic flowchart of a key management method provided in an embodiment of the present specification;
FIG. 5 is a schematic diagram of an application scenario of a code scanning payment scheme provided in an embodiment of the present description;
fig. 6 is a schematic structural diagram of a code scanning payment device corresponding to fig. 1 provided in an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an information sending apparatus in a payment process corresponding to fig. 2 provided in an embodiment of the present specification;
fig. 8 is a schematic structural diagram of a device for generating a cash register code corresponding to fig. 3 according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a key management device corresponding to fig. 4 provided in an embodiment of the present specification;
fig. 10 is a schematic structural diagram of a network payment device provided in an embodiment of the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the technical solutions of the present application will be described in detail and completely with reference to the following specific embodiments of the present application and the accompanying drawings. It should be apparent that the described embodiments are only some of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In the description of the present application, the terms first, second, etc. are used to describe various information, instructions, terminals, etc., but these information, instructions, terminals, etc. should not be limited by these terms. These terms are used to distinguish one information, instruction, terminal from another. Thus, a first information, instruction, terminal discussed below could also be termed a second information, instruction, terminal without departing from the teachings of the present disclosure.
The technical solutions provided by the embodiments of the present application are described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a code scanning payment method provided in an embodiment of the present specification. From the viewpoint of the program, the main body of execution of the flow may be the program installed in the user terminal. In the embodiment of the present application, the user terminal specifically refers to a terminal used by a user who performs code scanning payment, that is, a terminal installed with a payment application (payment APP).
As shown in fig. 1, the process may include the following steps:
step 102: the terminal acquires code image information.
The terminal, i.e. the user terminal, may comprise a smart phone. In a code scanning payment scenario, a user terminal may be used to scan a payee's checkout code to obtain code image information. The payee may include a merchant. The payment code can comprise any form of codes such as a two-dimensional code and a bar code. The acquisition code image information may be image information of an acquisition code.
The cash register code may be presented on a printed matter, or may be presented on a display screen of the merchant terminal device, and for example, the following description assumes a case where the cash register code is presented on the merchant terminal.
Step 104: and analyzing the code image information to obtain first identification information contained in the code image information.
After the user terminal acquires the code image information, the acquired code image information may be analyzed to obtain the first identification information included therein. The first identification information may include information related to a current merchant and a current transaction.
Optionally, the first identification information may specifically include: a merchant index number and a merchant signature.
Wherein the merchant index number may be a number for identifying a merchant. In a network payment system with a specified range, one merchant has a unique merchant index number, and different merchants have different merchant index numbers. For example, in a network payment system where a certain banking institution, an electronic payment platform a and an electronic payment platform B cooperate, a merchant index number of a certain merchant may be the same for all of the certain banking institution, the electronic payment platform a and the electronic payment platform B.
The role of the merchant signature is that, in practice, before the request information is returned in response to the request of the information requester, the information sender may verify the identity of the information requester to ensure information security. In the embodiment of the application, the merchant signature can be verified in the key management system and in the blockchain node, so as to guarantee the safety of information.
Optionally, the first identification information may specifically include a transaction key parameter. The transaction key parameters may include a transaction order number, a transaction establishment time, a transaction amount, and the like.
Step 106: and sending a key acquisition request to a key management system based on the first identification information.
The Key Management System (KMS) can be used for assisting a user in Key escrow and password service, has security and reliability, and can perform encryption protection on user-defined data so as to reduce an attack face of a malicious person on sensitive data. The KMS supports the escrow of asymmetric keys and a digital signature verification algorithm based on the asymmetric keys, and can be used for wide service scenes such as identity authentication, code signature and block chains.
In an embodiment of the present application, step 106 may specifically include: acquiring second identification information of the payment mechanism; and sending a key acquisition request to a key management system, wherein the key acquisition request comprises the first identification information and the second identification information.
The payment mechanism refers to a mechanism to which a payment application currently used for payment installed on the user terminal belongs. The second identification information may be an identification of a payment institution, more specifically, a payment institution ID, which is an identification for distinguishing one payment institution from another payment institution, and different payment institutions have different payment identifications.
Optionally, second identification information of the payment mechanism is obtained, specifically, the second identification information is locally obtained from the user terminal; specifically, the second identification information may be acquired from a server corresponding to the payment mechanism.
Step 108: and acquiring a key fed back by the key management system based on the key acquisition request.
In the embodiment of the application, the key acquisition request may carry first identification information of the merchant and second identification information of the payment mechanism, and more specifically, may carry a merchant index number and a payment mechanism ID. Such that the key management system can generate the key based on the merchant index and the payment authority ID, and more particularly, can obtain the merchant key based on the merchant index and then generate the key based on the merchant key and the payment authority ID.
For example, if the merchant Key corresponding to the merchant index in the Key acquisition request is acquired by the Key management system as K, then the Key S for decrypting the encrypted acquirer access address information may be generated based on the merchant Key K and the payment authority ID, for example, by a Key Derivation Function (KDF), that is, S ← KDF (K, payment authority ID).
Step 110: and acquiring the encrypted access address information of the acquiring mechanism stored in the block link point.
The acquirer access address information stored on the blockchain node is ciphertext information obtained through encryption processing in advance, and is also in the form of ciphertext when the acquirer access address information is returned to the user terminal from the blockchain node. The encrypted acquirer access address information, which may also be referred to as ciphertext hereinafter. Therefore, the access address information of the acquirer cannot be acquired by an opponent mechanism and the like no matter in a storage state or in an information transmission process, and the confidentiality is ensured.
In an embodiment, the acquirer access address information may include the primary address information and the merchant ID. For example, the acquirer access address may be: https:// alipay.com/123456, where "alipay.com" is the principal payment address and "123456" is the merchant ID. The format of the acquirer access address is not limited to this example.
Step 112: and decrypting the encrypted access address information of the acquirer by using the secret key to obtain the access address information of the acquirer.
The encrypted acquirer access address information is obtained by encrypting the same key as the key, so that the encrypted acquirer access address information obtained from the block link point can be decrypted by using the key obtained from the KMS to obtain the acquirer access address information.
Step 114: and paying based on the acquirer access address information.
Specifically, the user may access the decrypted acquiring mechanism access address at the user terminal, and complete the payment operation in the page corresponding to the address, where the method for completing the payment operation may refer to the prior art, and no specific description is provided in this specification.
In one or more embodiments of the present application, a privacy protection scheme for a code scanning payment process is provided, where encrypted acquirer access address information is stored in a block chain node, and since the encrypted acquirer access address information is stored in a ciphertext form, the block chain node cannot analyze privacy data of a certain merchant or a certain payment mechanism based on data corresponding to the merchant or the certain payment mechanism stored in the block chain node, so that data privacy of the merchant and the payment mechanism is ensured, that is, the security of information stored in a regional block chain node is ensured. In addition, the key is managed by using the key management system and is immediately acquired when the key is required to be used, so that the security of the key is guaranteed.
Based on the process of fig. 1, some specific embodiments of the process are also provided in the examples of this specification, which are described below.
In practical application, in the block chain node, under the same merchant, the ciphertext of the access address of the acquirer corresponding to each of a plurality of different payment mechanisms can be stored, and the user terminal installed with the payment application can obtain the ciphertext of the access address of the acquirer corresponding to the payment mechanism to which the payment application belongs from the block chain node. In an embodiment of the present specification, the acquirer in the acquirer access address corresponding to the payment application may be the payment authority.
In an embodiment of the present application, the obtaining encrypted acquirer access address information stored in a block link node (step 110) may specifically include: generating index data according to the secret key and the second identification information; sending a request for acquiring the access address information of the acquiring mechanism to the block chain nodes; the request for acquiring the access address information of the acquirer at least comprises the index data; and acquiring the encrypted access address information of the acquiring mechanism fed back by the block link point. Optionally, the request for obtaining the acquirer access address information may specifically include: a merchant index number, a merchant signature, and the index data.
As an example, the Index data is generated according to the key and the second identification information, and specifically, the Index data Index is generated by using a Key Derivation Function (KDF), that is, Index ← KDF (S, payment authority ID), so as to carry the Index data in the acquisition request. And then searching for encrypted acquirer access address information corresponding to the index data in the blockchain node and returning.
In practical applications, each merchant may have a cooperative relationship with a plurality of payment mechanisms, in which case the encrypted acquirer access address information may be stored in the blockchain corresponding to the merchant and corresponding to the payment mechanism. Specifically, for example, the encrypted acquirer access address information may be stored with the merchant index as a first-layer directory and the index data as a second-layer directory.
Corresponding to the code scanning payment method, the application provides an information sending method in the payment process. Fig. 2 is a schematic flow chart of an information sending method in a payment process according to an embodiment of the present disclosure. From a procedural perspective, the execution subject of the flow may be a blockchain node.
As shown in fig. 2, the process may include the following steps:
step 202: a block chain node acquires an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer.
Wherein the terminal may be a user terminal installed with a payment application.
Step 204: and searching the corresponding encrypted access address information of the acquirer based on the information acquisition request.
Specifically, the method may include: acquiring index data contained in the information acquisition request; and searching the encrypted access address information of the acquirer corresponding to the index data. The index data is generated based on a secret key and identification information of a payment mechanism, and the access address information of the acquirer is encrypted by adopting the secret key.
Step 206: and sending the searched encrypted access address information of the acquirer to the terminal.
According to an alternative embodiment, before the searching for the corresponding encrypted acquirer access address information (step 204), the method may further include: acquiring a merchant signature contained in the information acquisition request; verifying the merchant signature; and if the verification is passed, executing the step of searching the corresponding encrypted access address information of the acquirer.
Since the embodiment of the information sending method in the payment process has the same or corresponding technical characteristics as the above embodiments of the code scanning payment method, the same technical effects as those of the above embodiments of the code scanning payment method can be achieved. Specifically, in the information sending method in the payment process, the encrypted acquirer access address information is stored in the blockchain node, and the ciphertext is stored, so that the blockchain node cannot analyze and obtain privacy data of a certain merchant or a certain payment mechanism based on the data corresponding to the merchant or the payment mechanism stored in the blockchain node, thereby ensuring the data privacy of the merchant and the payment mechanism, i.e. ensuring the security of the information stored in the blockchain node. Thus, the privacy of the privacy data involved in the code scanning payment process is protected from a data perspective.
Corresponding to the code scanning payment method and the information sending method in the payment process, the application provides a method for generating a cash register code. Fig. 3 is a schematic flowchart of a method for generating a cash register according to an embodiment of the present disclosure. From a program perspective, the executing body of the flow may be a merchant terminal.
As shown in fig. 3, the process may include the following steps:
step 302: a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a cash register code.
In this embodiment, the first terminal is a terminal at a merchant side, and the merchant terminal may generate and present a cash register code; the second terminal hereinafter refers to a terminal on the user side, i.e. a terminal in which the payment application is installed.
Step 304: and acquiring the decentralized identity of the first terminal.
Among them, Decentralized Identity (DID) is a new type of Identifier with global uniqueness, high availability, resolvability and encryption verifiability. DIDs are typically associated with cryptographic material (e.g., public keys) and service endpoints to establish secure communication channels. DIDs are useful for any application that benefits from self-managed, cryptographically verifiable identifiers, such as personal identifiers, organizational identifiers, and internet of things scene identifiers. For example, current W3C may verify that commercial deployments of credentials use DIDs extensively to identify people, organizations, and things, and implement many security and privacy safeguards guarantees.
In step 304, the decentralized identity of the terminal is obtained, that is, a globally unique identifier of the merchant terminal is obtained.
Step 306: and sending the decentralized identity to the block chain nodes which store the decentralized identity documents.
Step 308: and acquiring the merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity.
In the regional blockchain node, a decentralized identity document (DID document) is stored, which may include a DID identifier, a set of cryptographic materials (e.g., a public key), a set of cryptographic protocols, a set of service endpoints, a timestamp, and an optional signature for proving the legitimacy of the DID document. In practical application, the corresponding DID document can be found on the blockchain node based on the DID identifier as a key. Then, the merchant information of the merchant terminal can be obtained from the DID document.
It should be noted that the block link point storing the DID document and the block link point storing the encrypted acquirer access address information described above may be different block link nodes.
Step 310: generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
In an embodiment, the merchant information may specifically include a merchant index number.
Correspondingly, the generating of the cash register code based on the merchant information may specifically include: acquiring transaction parameters of current transaction; obtaining a private key corresponding to the merchant index number; generating a merchant signature according to the private key; and generating a cash register code, wherein the information carried by the cash register code comprises the merchant index number, the transaction parameters and the merchant signature.
In the embodiment, in the method for generating the pay-out code, information related to a merchant, such as a merchant index number, is acquired based on DID, and then the pay-out code is generated based on the information, so that the pay-out code at least includes identification information uniquely corresponding to the merchant, and is used for acquiring a key from a key management system, acquiring encrypted access address information of an acquiring organization from a block link point, and further decrypting a ciphertext by using the key.
Corresponding to the method, the application provides a key management method. Fig. 4 is a flowchart illustrating a key management method according to an embodiment of the present disclosure. From a program perspective, the execution subject of the flow may be a key management system, more specifically, a key management server.
As shown in fig. 4, the process may include the following steps:
step 402: acquiring a key acquisition request sent by a terminal; the key acquisition request includes first identification information of the merchant and second identification information of the payment mechanism.
Step 404: generating a key based on the first identification information and the second identification information; and the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer.
Step 406: and sending the key to the terminal.
In an embodiment of the present application, the first identification information may specifically include: a merchant index number and a merchant signature. Before generating a key based on the first identification information and the second identification information (step 404), the method may further include: acquiring a merchant public key corresponding to the merchant index number; verifying the merchant signature by adopting the merchant public key; and if the verification is passed, executing the step of generating the key based on the first identification information and the second identification information.
As an example, the step of generating the key based on the first identification information and the second identification information may specifically be, where the first identification information specifically includes a merchant index and a merchant signature, the second identification information may include a payment authority ID, the merchant key corresponding to the merchant index in the key acquisition request is K, and after the signature verification, the key for decrypting the encrypted acquirer access address information may be generated based on the merchant key K and the payment authority ID, and for example, the key S, i.e., S ← KDF (K, payment authority ID), may be generated by a Key Derivation Function (KDF).
In one or more embodiments of the present application, a key management system is utilized to manage the merchant's keys and generate keys in the key management system for decrypting encrypted acquirer access address information, thereby protecting the privacy of the private data involved in the code-scan payment process from a data perspective.
In order to make the description of the present application clearer, fig. 5 is a schematic diagram of an application scenario of the code scanning payment scheme provided in the embodiment of the present specification. The overall scheme is described below with reference to fig. 5.
Referring to fig. 5, the code scanning payment scheme provided in the embodiment of the present application may specifically include the following steps:
(1) the merchant terminal generates a cash register code aiming at the current transaction, wherein the cash register code comprises merchant index number information, merchant signature information and transaction key parameter information. Wherein the merchant index number is used to identify the identity of the merchant.
(2) And scanning the cash register code through the user terminal provided with the payment application, and analyzing to obtain the merchant index number, the merchant signature and the transaction key parameters contained in the cash register code.
(3) The user terminal acquires a payment authority ID for identifying the payment authority, and transmits the merchant index number, the merchant signature, the transaction key parameter, and the payment authority ID to a Key Management System (KMS).
(4) And the key management system acquires a merchant key K after passing the signature verification, calculates a key S based on the merchant key and the payment mechanism ID, and returns the key S to the user terminal.
(5) The user terminal obtains Index data (namely Index) based on the secret key S and the payment mechanism ID, and sends the merchant Index number, the merchant signature and the Index data to the block chain node.
(6) After verifying the merchant signature, the block chain node acquires encrypted acquirer access address information corresponding to the index data under the merchant corresponding to the merchant index number, and sends the acquired ciphertext information back to the user terminal; the key used to encrypt the acquirer access address information is the same as the key S obtained from the key management system.
(7) And the user terminal decrypts the received ciphertext information by using the secret key to obtain the access address information of the acquiring mechanism, so that payment is completed based on the access address information of the acquiring mechanism.
In some cases, the actions or steps recited in the claims and the description may be performed in an order different than in the embodiments and still achieve desirable results, and further, the processes depicted in the figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or possible.
Based on the same idea, the embodiment of the specification further provides a device corresponding to the code scanning payment method. Fig. 6 is a schematic structural diagram of a code scanning payment device corresponding to fig. 1 provided in an embodiment of the present disclosure. As shown in fig. 6, the apparatus may include:
a code image information obtaining module 602, configured to obtain code image information;
a code image information analyzing module 604, configured to analyze the code image information to obtain first identification information included in the code image information;
a key obtaining request sending module 606, configured to send a key obtaining request to a key management system based on the first identification information;
a key obtaining module 608, configured to obtain a key fed back by the key management system based on the key obtaining request;
a ciphertext information obtaining module 610, configured to obtain encrypted acquirer access address information stored in a block link point;
a ciphertext information decryption module 612, configured to decrypt the encrypted acquirer access address information by using the key to obtain acquirer access address information;
and a payment module 614, configured to perform payment based on the acquirer access address information.
According to an embodiment, the key obtaining request sending module 606 may specifically include: a second identification information acquisition unit configured to acquire second identification information of the payment mechanism; a key obtaining request sending unit, configured to send a key obtaining request to a key management system, where the key obtaining request includes the first identification information and the second identification information.
According to an embodiment, the ciphertext information obtaining module 610 may specifically include: an index data generating unit, configured to generate index data according to the secret key and the second identification information; a request sending unit, configured to send, to the block link node, a request for acquiring acquirer access address information, where the request for acquiring acquirer access address information at least includes the index data; and the ciphertext information acquisition unit is used for acquiring the encrypted access address information of the acquiring mechanism fed back by the block link point.
In an embodiment of the present application, the request for obtaining the acquirer access address information may specifically include: a merchant index number, a merchant signature, and the index data. The first identification information may specifically include a merchant index number and a merchant signature; or, the first identification information may specifically include a merchant index number, a transaction key parameter, and a merchant signature.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the information sending method in the payment process. Fig. 7 is a schematic structural diagram of an information sending apparatus in a payment process corresponding to fig. 2 provided in an embodiment of this specification. As shown in fig. 7, the apparatus may include:
a request obtaining module 702, configured to obtain an information obtaining request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer;
an information search module 704, configured to search, based on the information acquisition request, corresponding encrypted acquirer access address information;
an information sending module 706, configured to send the searched encrypted acquirer access address information to the terminal.
According to an embodiment of the present application, the information searching module 704 may specifically include: an index data acquisition unit configured to acquire index data included in the information acquisition request; and the ciphertext information searching unit is used for searching the encrypted access address information of the acquiring mechanism corresponding to the index data. The index data may be generated based on a key and identification information of a payment institution, and the acquirer access address information is encrypted by using the key.
According to an embodiment of the present application, the apparatus may further include a signature verification module, and specifically, the signature verification module may include: a signature acquisition unit, configured to acquire a merchant signature included in the information acquisition request; and the signature verification unit is used for verifying the merchant signature. The information searching module 704 may specifically be configured to: and if the verification is passed, executing the step of searching the corresponding encrypted access address information of the acquirer.
Based on the same idea, the embodiments of the present specification further provide a device corresponding to the method for generating a collection code. Fig. 8 is a schematic structural diagram of a device for generating a cash register code corresponding to fig. 3 according to an embodiment of the present disclosure. As shown in fig. 8, the apparatus may include:
an instruction obtaining module 802, configured to obtain a first instruction; the first instruction is used for instructing the first terminal to generate a collection code;
a decentralized identity obtaining module 804, configured to obtain a decentralized identity of the first terminal;
a decentralized identity sending module 806, configured to send the decentralized identity to a block link point in which the decentralized identity document is stored;
a merchant information obtaining module 808, configured to obtain merchant information queried by the block link point from the decentralized identity document based on the decentralized identity;
a receiving code generating module 810, configured to generate a receiving code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
According to an embodiment of the application, the merchant information may specifically include a merchant index number. The receiving code generating module 810 may be specifically configured to: acquiring transaction parameters of current transaction; obtaining a private key corresponding to the merchant index number; generating a merchant signature according to the private key; generating a collection code; the information carried by the cash register code comprises the merchant index number, the transaction parameters and the merchant signature.
Based on the same idea, the embodiments of the present specification further provide an apparatus corresponding to the above key management. Fig. 9 is a schematic structural diagram of a key management device corresponding to fig. 4 provided in an embodiment of this specification. As shown in fig. 9, the apparatus may include:
a request receiving module 902, configured to obtain a key obtaining request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism;
a key generating module 904, configured to generate a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer;
a key sending module 906, configured to send the key to the terminal.
In an embodiment of the present application, the first identification information may specifically include a merchant index and a merchant signature. The device can also comprise an authentication module used for acquiring a merchant public key corresponding to the merchant index number; and verifying the merchant signature by adopting the merchant public key. The key generating module 904 may be specifically configured to, if the verification is passed, execute the step of generating the key based on the first identification information and the second identification information.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method.
Fig. 10 is a schematic structural diagram of a network payment device provided in an embodiment of the present specification. Specifically, the network payment device 1000 may include a user terminal installed with a payment application, a merchant terminal, a block chain node storing encrypted acquirer access address information, and a key management server.
As shown in fig. 10, when the apparatus 1000 is embodied as a user terminal, the method may include:
at least one processor 1010; and the number of the first and second groups,
a memory 1030 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 1030 stores instructions 1020 executable by the at least one processor 1010 to enable the user terminal to:
the terminal acquires code image information;
analyzing the code image information to obtain first identification information contained in the code image information;
sending a key acquisition request to a key management system based on the first identification information;
acquiring a key fed back by the key management system based on the key acquisition request;
acquiring encrypted access address information of the acquiring mechanism stored in the block link point;
decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information;
and paying based on the acquirer access address information.
As shown in fig. 10, when the apparatus 1000 is embodied as a block link point, it may include:
at least one processor 1010; and the number of the first and second groups,
a memory 1030 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 1030 stores instructions 1020 executable by the at least one processor 1010 to enable the blockchain node to:
acquiring an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer;
searching corresponding encrypted acquirer access address information based on the information acquisition request;
and sending the searched encrypted access address information of the acquirer to the terminal.
As shown in fig. 10, when the apparatus 1000 is embodied as a merchant terminal, the method may include:
at least one processor 1010; and the number of the first and second groups,
a memory 1030 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 1030 stores instructions 1020 executable by the at least one processor 1010 to enable the merchant terminal to:
a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a collection code;
acquiring a decentralized identity of the first terminal;
sending the decentralized identity to a block chain node stored with a decentralized identity document;
acquiring merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity;
generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
As shown in fig. 10, when the device 1000 is embodied as a key management server, it may include:
at least one processor 1010; and the number of the first and second groups,
a memory 1030 communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory 1030 stores instructions 1020 executable by the at least one processor 1010 to enable the key management server to:
acquiring a key acquisition request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism;
generating a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer;
and sending the key to the terminal.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), HDCal, JHDL (Java Hardware Description Language), langue, Lola, HDL, laspam, hardsradware (Hardware Description Language), vhjhd (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
Claims (26)
1. A code scanning payment method, comprising:
the terminal acquires code image information;
analyzing the code image information to obtain first identification information contained in the code image information;
sending a key acquisition request to a key management system based on the first identification information;
acquiring a key fed back by the key management system based on the key acquisition request;
acquiring encrypted access address information of the acquiring mechanism stored in the block link point;
decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information;
and paying based on the acquirer access address information.
2. The method according to claim 1, wherein the sending a key acquisition request to a key management system based on the first identification information specifically includes:
acquiring second identification information of the payment mechanism;
sending a key acquisition request to a key management system; the key acquisition request includes the first identification information and the second identification information.
3. The method of claim 2, wherein the obtaining encrypted acquirer access address information stored by the block link node specifically comprises:
generating index data according to the secret key and the second identification information;
sending a request for acquiring the access address information of the acquiring mechanism to the block chain nodes; the request for acquiring the access address information of the acquirer at least comprises the index data;
and acquiring the encrypted access address information of the acquiring mechanism fed back by the block link point.
4. The method according to claim 3, wherein the request for obtaining the acquirer access address information specifically includes:
a merchant index number, a merchant signature, and the index data.
5. The method according to any one of claims 1 to 4, wherein the first identification information specifically includes:
merchant index number and merchant signature;
or, the first identification information specifically includes:
merchant index number, transaction key parameters, and merchant signature.
6. An information sending method in a payment process comprises the following steps:
a block chain node acquires an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer;
searching corresponding encrypted acquirer access address information based on the information acquisition request;
and sending the searched encrypted access address information of the acquirer to the terminal.
7. The method according to claim 6, wherein the searching for the corresponding encrypted acquirer access address information specifically includes:
acquiring index data contained in the information acquisition request;
and searching the encrypted access address information of the acquirer corresponding to the index data.
8. The method of claim 7, wherein the index data is generated based on a key with which the acquirer access address information is encrypted and payment authority identification information.
9. The method of any of claims 6 or 7, prior to finding the corresponding encrypted acquirer access address information, further comprising:
acquiring a merchant signature contained in the information acquisition request;
verifying the merchant signature;
and if the verification is passed, executing the step of searching the corresponding encrypted access address information of the acquirer.
10. A generation method of a cash register code comprises the following steps:
a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a collection code;
acquiring a decentralized identity of the first terminal;
sending the decentralized identity to a block chain node stored with a decentralized identity document;
acquiring merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity;
generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
11. The method according to claim 10, wherein the merchant information specifically includes: a merchant index number;
generating a cash register code based on the merchant information specifically comprises:
acquiring transaction parameters of current transaction;
obtaining a private key corresponding to the merchant index number;
generating a merchant signature according to the private key;
generating a collection code; the information carried by the cash register code comprises the merchant index number, the transaction parameters and the merchant signature.
12. A method of key management, comprising:
acquiring a key acquisition request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism;
generating a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer;
and sending the key to the terminal.
13. The method of claim 12, wherein the first identification information specifically includes: merchant index number and merchant signature;
before generating a key based on the first identification information and the second identification information, the method further includes:
acquiring a merchant public key corresponding to the merchant index number;
verifying the merchant signature by adopting the merchant public key;
and if the verification is passed, executing the step of generating the key based on the first identification information and the second identification information.
14. A code scanning payment device, comprising:
the code image information acquisition module is used for acquiring code image information;
the code image information analysis module is used for analyzing the code image information to obtain first identification information contained in the code image information;
a key obtaining request sending module, configured to send a key obtaining request to a key management system based on the first identification information;
the key obtaining module is used for obtaining a key fed back by the key management system based on the key obtaining request;
the ciphertext information acquisition module is used for acquiring encrypted access address information of the acquiring mechanism stored in the block chain link point;
the ciphertext information decryption module is used for decrypting the encrypted acquirer access address information by adopting the secret key to obtain acquirer access address information;
and the payment module is used for carrying out payment based on the access address information of the acquirer.
15. The apparatus according to claim 14, wherein the key obtaining request sending module specifically includes:
a second identification information acquisition unit configured to acquire second identification information of the payment mechanism;
a key acquisition request sending unit for sending a key acquisition request to the key management system; the key acquisition request includes the first identification information and the second identification information.
16. The apparatus according to claim 15, wherein the ciphertext information obtaining module specifically includes:
an index data generating unit, configured to generate index data according to the secret key and the second identification information;
a request sending unit, configured to send a request for acquiring acquirer access address information to the block link node; the request for acquiring the access address information of the acquirer at least comprises the index data;
and the ciphertext information acquisition unit is used for acquiring the encrypted access address information of the acquiring mechanism fed back by the block link point.
17. An information transmission apparatus in a payment process, comprising:
the request acquisition module is used for acquiring an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer;
the information searching module is used for searching the corresponding encrypted access address information of the acquirer based on the information acquisition request;
and the information sending module is used for sending the searched encrypted access address information of the acquirer to the terminal.
18. The apparatus according to claim 17, wherein the information searching module specifically includes:
an index data acquisition unit configured to acquire index data included in the information acquisition request;
and the ciphertext information searching unit is used for searching the encrypted access address information of the acquiring mechanism corresponding to the index data.
19. The apparatus according to any one of claims 17 or 18, further comprising a signature verification module for obtaining a merchant signature included in the information obtaining request; verifying the merchant signature;
and the information searching module is specifically used for executing the step of searching the corresponding encrypted access address information of the acquirer if the authentication is passed.
20. A generation apparatus of a cash register code, comprising:
the instruction acquisition module is used for acquiring a first instruction; the first instruction is used for instructing the first terminal to generate a collection code;
a decentralized identity acquisition module, configured to acquire a decentralized identity of the first terminal;
the decentralized identity sending module is used for sending the decentralized identity to the block chain link points stored with the decentralized identity documents;
the merchant information acquisition module is used for acquiring merchant information inquired from the decentralized identity document by the block chain link point based on the decentralized identity;
the cash register code generating module is used for generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
21. A key management apparatus comprising:
the request receiving module is used for acquiring a key acquisition request sent by the terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism;
a key generation module, configured to generate a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer;
and the key sending module is used for sending the key to the terminal.
22. The apparatus according to claim 21, wherein the first identification information specifically includes a merchant index and a merchant signature;
the device also comprises a signature verification module used for acquiring a merchant public key corresponding to the merchant index number; verifying the merchant signature by adopting the merchant public key;
the key generation module is specifically configured to, if the verification is passed, execute the step of generating a key based on the first identification information and the second identification information.
23. A code-scanning payment device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the code-scanning payment device to:
the terminal acquires code image information;
analyzing the code image information to obtain first identification information contained in the code image information;
sending a key acquisition request to a key management system based on the first identification information;
acquiring a key fed back by the key management system based on the key acquisition request;
acquiring encrypted access address information of the acquiring mechanism stored in the block link point;
decrypting the encrypted acquirer access address information by using the secret key to obtain acquirer access address information;
and paying based on the acquirer access address information.
24. An information transmission apparatus in a payment process, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable an information sending device in the payment process to:
acquiring an information acquisition request sent by a terminal; the information acquisition request is used for requesting to acquire the access address information of the acquirer;
searching corresponding encrypted acquirer access address information based on the information acquisition request;
and sending the searched encrypted access address information of the acquirer to the terminal.
25. A generation device of a cash register code, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the checkout code generating device to:
a first terminal acquires a first instruction; the first instruction is used for instructing the first terminal to generate a collection code;
acquiring a decentralized identity of the first terminal;
sending the decentralized identity to a block chain node stored with a decentralized identity document;
acquiring merchant information inquired from the decentralized identity document by the block link point based on the decentralized identity;
generating a cash register code based on the merchant information; and the collection code is used for acquiring the encrypted access address information of the acquiring mechanism after being scanned by the second terminal.
26. A key management device, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the key management device to:
acquiring a key acquisition request sent by a terminal; the key acquisition request comprises first identification information of a merchant and second identification information of a payment mechanism;
generating a key based on the first identification information and the second identification information; the secret key is used for decrypting the encrypted access address information of the acquirer to obtain the access address information of the acquirer;
and sending the key to the terminal.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010171355.2A CN111047313B (en) | 2020-03-12 | 2020-03-12 | Code scanning payment, information sending and key management method, device and equipment |
| PCT/CN2020/139751 WO2021179744A1 (en) | 2020-03-12 | 2020-12-26 | Code-scanning payment method, apparatus and device, information sending method, apparatus and device, and key management method, apparatus and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010171355.2A CN111047313B (en) | 2020-03-12 | 2020-03-12 | Code scanning payment, information sending and key management method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111047313A true CN111047313A (en) | 2020-04-21 |
| CN111047313B CN111047313B (en) | 2020-12-04 |
Family
ID=70230811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010171355.2A Active CN111047313B (en) | 2020-03-12 | 2020-03-12 | Code scanning payment, information sending and key management method, device and equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN111047313B (en) |
| WO (1) | WO2021179744A1 (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111787364A (en) * | 2020-07-13 | 2020-10-16 | 聚好看科技股份有限公司 | Media data acquisition method, smart television and mobile terminal |
| CN113014670A (en) * | 2021-03-25 | 2021-06-22 | 上海盛付通电子支付服务有限公司 | Method, device, medium and program product for pushing order information |
| CN113221143A (en) * | 2020-04-24 | 2021-08-06 | 支付宝(杭州)信息技术有限公司 | Information processing method, device and equipment |
| WO2021179744A1 (en) * | 2020-03-12 | 2021-09-16 | 支付宝(杭州)信息技术有限公司 | Code-scanning payment method, apparatus and device, information sending method, apparatus and device, and key management method, apparatus and device |
| WO2023029701A1 (en) * | 2021-09-03 | 2023-03-09 | 浙江网商银行股份有限公司 | Task processing system, method and apparatus |
| WO2023142441A1 (en) * | 2022-01-29 | 2023-08-03 | 中国银联股份有限公司 | Tag-based money receiving qr code payment method and payment device |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111460842A (en) * | 2020-03-31 | 2020-07-28 | 北京金和网络股份有限公司 | Two-dimensional code processing method and device, storage medium and user terminal |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
| CN107862215A (en) * | 2017-09-29 | 2018-03-30 | 阿里巴巴集团控股有限公司 | A kind of date storage method, data query method and device |
| CN108932297A (en) * | 2018-06-01 | 2018-12-04 | 阿里巴巴集团控股有限公司 | A kind of data query, data sharing method, device and equipment |
| CN109191108A (en) * | 2018-08-07 | 2019-01-11 | 广东蓝蜜蜂信息技术有限公司 | Two dimensional code polymerization payment system and its working method based on block chain |
| CN109521956A (en) * | 2018-10-18 | 2019-03-26 | 上海达家迎信息科技有限公司 | A kind of cloud storage method, apparatus, equipment and storage medium based on block chain |
| CN110225000A (en) * | 2019-05-21 | 2019-09-10 | 袁园 | A kind of data processing and Transmission system based on block chain technology |
| CN110336832A (en) * | 2019-07-24 | 2019-10-15 | 深圳传音控股股份有限公司 | A kind of information encryption and decryption method, device, terminal and storage medium |
| KR20190135830A (en) * | 2018-05-29 | 2019-12-09 | 주식회사 티모넷 | System and method for providing service based on blockchain using electronic code |
| CN110675265A (en) * | 2019-09-29 | 2020-01-10 | 四川师范大学 | Method for realizing block chain double-key hiding address protocol without temporary key leakage |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9818092B2 (en) * | 2014-06-04 | 2017-11-14 | Antti Pennanen | System and method for executing financial transactions |
| CN110414936A (en) * | 2019-07-30 | 2019-11-05 | 河北时代电子有限公司 | A kind of trade order flow system and method based on block chain technology |
| CN111047313B (en) * | 2020-03-12 | 2020-12-04 | 支付宝(杭州)信息技术有限公司 | Code scanning payment, information sending and key management method, device and equipment |
-
2020
- 2020-03-12 CN CN202010171355.2A patent/CN111047313B/en active Active
- 2020-12-26 WO PCT/CN2020/139751 patent/WO2021179744A1/en active Application Filing
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107070644A (en) * | 2016-12-26 | 2017-08-18 | 北京科技大学 | A kind of decentralization public key management method and management system based on trust network |
| CN107862215A (en) * | 2017-09-29 | 2018-03-30 | 阿里巴巴集团控股有限公司 | A kind of date storage method, data query method and device |
| KR20190135830A (en) * | 2018-05-29 | 2019-12-09 | 주식회사 티모넷 | System and method for providing service based on blockchain using electronic code |
| CN108932297A (en) * | 2018-06-01 | 2018-12-04 | 阿里巴巴集团控股有限公司 | A kind of data query, data sharing method, device and equipment |
| CN109191108A (en) * | 2018-08-07 | 2019-01-11 | 广东蓝蜜蜂信息技术有限公司 | Two dimensional code polymerization payment system and its working method based on block chain |
| CN109521956A (en) * | 2018-10-18 | 2019-03-26 | 上海达家迎信息科技有限公司 | A kind of cloud storage method, apparatus, equipment and storage medium based on block chain |
| CN110225000A (en) * | 2019-05-21 | 2019-09-10 | 袁园 | A kind of data processing and Transmission system based on block chain technology |
| CN110336832A (en) * | 2019-07-24 | 2019-10-15 | 深圳传音控股股份有限公司 | A kind of information encryption and decryption method, device, terminal and storage medium |
| CN110675265A (en) * | 2019-09-29 | 2020-01-10 | 四川师范大学 | Method for realizing block chain double-key hiding address protocol without temporary key leakage |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021179744A1 (en) * | 2020-03-12 | 2021-09-16 | 支付宝(杭州)信息技术有限公司 | Code-scanning payment method, apparatus and device, information sending method, apparatus and device, and key management method, apparatus and device |
| CN113221143A (en) * | 2020-04-24 | 2021-08-06 | 支付宝(杭州)信息技术有限公司 | Information processing method, device and equipment |
| CN111787364A (en) * | 2020-07-13 | 2020-10-16 | 聚好看科技股份有限公司 | Media data acquisition method, smart television and mobile terminal |
| CN113014670A (en) * | 2021-03-25 | 2021-06-22 | 上海盛付通电子支付服务有限公司 | Method, device, medium and program product for pushing order information |
| WO2023029701A1 (en) * | 2021-09-03 | 2023-03-09 | 浙江网商银行股份有限公司 | Task processing system, method and apparatus |
| WO2023142441A1 (en) * | 2022-01-29 | 2023-08-03 | 中国银联股份有限公司 | Tag-based money receiving qr code payment method and payment device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021179744A1 (en) | 2021-09-16 |
| CN111047313B (en) | 2020-12-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111047313B (en) | Code scanning payment, information sending and key management method, device and equipment | |
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| US11877213B2 (en) | Methods and systems for asset obfuscation | |
| CN111062715B (en) | Method, device and equipment for code scanning payment, information sending and collection code generation | |
| KR102477453B1 (en) | Transaction messaging | |
| US20210326868A1 (en) | Information sharing methods and systems | |
| CN113012008B (en) | Identity management method, device and equipment based on trusted hardware | |
| US10796302B2 (en) | Securely storing and using sensitive information for making payments using a wallet application | |
| CN112818380A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| EP3962135B1 (en) | Information sharing methods, apparatuses, and devices | |
| CN111814196B (en) | Data processing method, device and equipment | |
| US20140289129A1 (en) | Method for secure contactless communication of a smart card and a point of sale terminal | |
| CN113704775B (en) | Service processing method and related device based on distributed digital identity | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN114143041A (en) | Identity verification method, device and equipment based on block chain and storage medium | |
| CN103942896A (en) | System for money withdrawing without card on ATM | |
| CN113015991A (en) | Secure digital wallet processing system | |
| US11283614B2 (en) | Information verification method, apparatus, and device | |
| CN110417557B (en) | Intelligent terminal peripheral data security control method and device | |
| CN113704734A (en) | Distributed digital identity-based method for realizing certificate verification and related device | |
| US20220286291A1 (en) | Secure environment for cryptographic key generation | |
| CN113037764B (en) | System, method and device for executing service | |
| CN113343254B (en) | Method, device, medium and electronic equipment for encrypting and decrypting warranty based on OFD format | |
| Oliveira | Dynamic QR codes for Ticketing Systems | |
| CN116455657A (en) | Service providing method, device, equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40028438 Country of ref document: HK |