CN113159771A - Safety payment device and method, computer equipment and readable storage medium - Google Patents

Safety payment device and method, computer equipment and readable storage medium Download PDF

Info

Publication number
CN113159771A
CN113159771A CN202110458577.7A CN202110458577A CN113159771A CN 113159771 A CN113159771 A CN 113159771A CN 202110458577 A CN202110458577 A CN 202110458577A CN 113159771 A CN113159771 A CN 113159771A
Authority
CN
China
Prior art keywords
information
user
verification
payment
pattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110458577.7A
Other languages
Chinese (zh)
Inventor
王文耀
罗伟
江子扬
刘强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110458577.7A priority Critical patent/CN113159771A/en
Publication of CN113159771A publication Critical patent/CN113159771A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks

Abstract

The present disclosure relates to the field of information security technologies, and in particular, to a secure payment apparatus, a secure payment method, a computer device, and a readable storage medium. The method comprises the following steps of directly executing the subsequent steps after the safe payment device is activated according to a user activation instruction; collecting biometric information of a user; when the biological identification information passes the verification, generating dynamic verification information directly based on the user information and the current characteristic information; and generating and displaying the pattern to be identified according to the verification information. By means of the embodiment, the operation of the old user and the child user is facilitated, the payment two-dimensional code can be generated by pressing the finger on the fingerprint acquisition unit after the safety payment device is activated, and a series of complex operations such as unlocking the smart phone, searching for payment application software, calling a certain small program of the payment application software, verifying fingerprints and the like are not needed.

Description

Safety payment device and method, computer equipment and readable storage medium
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a secure payment apparatus, a secure payment method, a computer device, and a readable storage medium.
Background
With the popularization of mobile payment in China, cash use scenes are gradually reduced, but due to the factors of numerous population and unbalanced cultural education level in China, a large part of people cannot use smart phones, so that mobile payment cannot be used; moreover, due to the power consumption problem of the smart phone, the battery power of the smart phone is exhausted during traveling, so that mobile payment cannot be used; in addition, the base station in remote areas is not covered completely, so that the mobile phone signals are not good, and mobile payment cannot be used.
How to solve the problem that convenient payment in the prior art is urgent to solve.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments herein provide a secure payment apparatus, a secure payment method, a computer device, and a readable storage medium, which are used to solve the problems of inconvenient mobile payment, complex payment operation, and low reliability in the prior art, which are caused by telecommunication network signal problems.
Embodiments herein provide a secure payment method, including,
directly executing the subsequent steps after the safe payment device is activated according to the user activation instruction;
collecting biometric information of a user;
when the biological identification information passes the verification, generating dynamic verification information directly based on the user information and the current characteristic information;
and generating and displaying the pattern to be identified according to the verification information.
The embodiment of the invention also provides a safe payment device, which comprises a processor, a power supply control unit, a biological information identification unit, a pattern generation unit and a display unit;
the power supply control unit is used for activating the secure payment device according to a user activation instruction;
the processor is used for directly calling the biological information identification unit to acquire the biological identification information of the user, and when the biological identification information passes verification, the processor directly generates dynamic verification information based on the user information and the current characteristic information;
the pattern generating unit is used for generating a pattern to be identified according to the verification information;
the display unit is used for displaying the pattern to be identified.
Embodiments herein also provide a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the above-mentioned method when executing the computer program.
Embodiments herein also provide a computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the above-described method.
By means of the embodiment, the operation of the old user and the child user is facilitated, the payment two-dimensional code can be generated by pressing the finger on the fingerprint acquisition unit after the safety payment device is activated, and a series of complex operations such as unlocking the smart phone, searching for payment application software, calling a certain small program of the payment application software, verifying fingerprints and the like are not needed.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram illustrating a secure payment system according to an embodiment of the present disclosure;
FIG. 2 is a flow diagram illustrating a secure payment method according to an embodiment of the disclosure;
fig. 3 is a schematic structural diagram of a secure payment device according to an embodiment of the present disclosure;
FIG. 4 is a flow diagram illustrating the configuration of a secure payment device according to an embodiment of the disclosure;
fig. 5 is a flow chart illustrating a secure payment method performed on a secure payment device according to an embodiment of the present disclosure;
fig. 6 is a data flow diagram illustrating a secure payment method according to an embodiment of the present disclosure.
[ description of reference ]
101. A secure payment device;
102. collecting a terminal;
103. a payment network;
104. a front-end server;
105. an internal network;
106. a core payment system;
107. an authentication server;
301. a processor;
302. a power supply control unit;
303. a biological information recognition unit;
304. a pattern generation unit;
305. a display unit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection.
Fig. 1 is a schematic structural diagram of a secure payment system according to an embodiment of the present disclosure, and a system structure diagram of payment performed by a secure payment device according to the embodiment of the present disclosure is described in this figure, where the system structure diagram includes a secure payment device 101, an acquisition terminal 102, a payment network 103, a front-end server 104, an internal network 105, a core payment system 106, and an authentication server 107. The secure payment device 101 provides verification information during a payment service process, the acquisition terminal 102 acquires the verification information and transmits the verification information and the payment information to the front-end server 104 through the payment network 103, the front-end server 104 transmits the verification information to the authentication server 107 through the secure internal network 105 for verification, and the front-end server 104 transmits the payment information to the core payment system 106 to complete the payment service after the verification is passed.
In addition, the smart mobile device usually embeds payment services in some software, such as generation of a payment two-dimensional code in a WeChat or Payment treasure, firstly opens the software, and then selects a corresponding icon in numerous icons and complex interfaces to start a payment function, so that the problem of complex operation also exists. The secure payment terminal in the embodiment of the present disclosure does not have an intelligent operating system, such as an intelligent operating system like an Android system or an IOS system, or a communication software, such as WeChat or Paibao, or does not need to activate modules like a baseband, WiFi, and radio frequency all the time, and only needs to dynamically generate verification information according to personal information of a user and information like real-time, so as to complete a payment service, so that the payment service becomes simple to operate, and the security of a payment transaction is ensured, and for an area with poor network coverage, an elderly user is a simple and secure payment method; due to the characteristics of simple structure and low energy consumption of the safety payment device, the safety payment device can be in standby for a long time, so that the problem of short standby time of the intelligent mobile terminal in the prior art is avoided.
Fig. 2 is a flowchart of a secure payment method according to an embodiment of the present disclosure, where a process of performing a payment service through a secure payment device is described in the present disclosure, and a user can complete a process of the payment service through a simple and convenient operation of the secure payment device under a bad telecommunication network, and can find payment software from numerous application programs of a smart phone and call out a payment interface for an application scenario of micropayment, for example, when an elderly user does not operate the smart phone, the secure payment terminal according to the embodiment of the present disclosure can call out the payment interface through a one-step operation, so as to complete a service requirement of micropayment; the method can also be applied to another application scene, for example, when a child purchases a commodity alone, a scene of small payment is needed, and in order to prevent a merchant from paying more than once and prevent the child from using various unrelated applications after taking a parent smart phone, such as playing games and the like, the safety payment device of the embodiment can be handed to the child to purchase the commodity; the method specifically comprises the following steps:
step 201, directly executing the subsequent steps after activating the secure payment device according to the user activation instruction;
step 202, collecting biometric information of a user;
step 203, when the biometric information passes the verification, generating dynamic verification information directly based on the user information and the current characteristic information;
and 204, generating and displaying the pattern to be identified according to the verification information.
According to the method of the embodiment, the activation instruction can be a starting instruction, and the on-off of the secure payment device can be realized through the on-off key of hardware, so that the secure payment device is activated, and the secure payment device can be quickly started because the hardware structure of the secure payment device is simple, a complex software operating system is not needed, and various application software and service software do not need to be started in the background of a software system, so that the starting and shutting of the secure payment device need to wait for a long time to start a software system, background application software and service software, and the power consumption of the secure payment device can be saved by activating the secure payment device as required, and long-time use is ensured; the biometric authentication can enhance the security of the payment service, the dynamic authentication information is directly generated after the biometric authentication is passed, other operations of the user are not needed in the process, the operation flow of the user in the payment service is greatly simplified, the dynamic authentication information is directly generated on the secure payment device to carry out the payment service, other application software cannot be run, the interference of various application programs on the smart phone on the use of the user is avoided, and the security of the payment service is also enhanced.
As one embodiment herein, activating a secure payment device in accordance with a user activation instruction includes,
and powering on and activating the safety payment device according to the operation of the user on-off key.
In the above steps, the secure payment apparatus is normally in a power-OFF state, and in a scene where payment is required, a user may move the switch key, for example, from a power-OFF state of OFF to a power-ON state of ON, so that the secure payment apparatus is in a power-ON state. Or, the switch key may also be a pressing structure, and the power of the secure payment device is determined whether to be turned on or not by pressing the switch key for a time, for example, lasting for 3 seconds, so as to turn on the secure payment device.
In other embodiments, the secure payment device may also be in a low-power consumption standby state, and the secure payment device may be activated to exit the low-power consumption standby state according to the moving or pressing of the activation key by the user, and may be in a state capable of receiving other inputs of the user, such as input of a fingerprint or a password, to perform a payment service.
As an embodiment herein, before activating the secure payment apparatus according to the user activation instruction, the method further includes acquiring biometric information of the user, and storing the biometric information into the secure memory chip;
and acquiring user information and reference characteristic information through a communication unit, and storing the user information and the reference characteristic information into the secure storage chip.
The steps of acquiring the biometric information of the user and storing the acquired user information and the reference characteristic information into the secure memory chip, which are executed in the above steps, are configuration steps that need to be executed before the user performs a payment service using the secure payment device of the embodiment. When a user gets the secure payment device from a bank, the secure payment device is powered on for the first time, biometric information of the user needs to be collected and stored in a local secure storage chip, user information and reference characteristic information are obtained from an intelligent terminal connected with the secure payment device through a wireless communication unit such as a Bluetooth unit, and the user information and the reference characteristic information are stored in the local secure storage chip. The above configuration steps need not be executed when the subsequent user uses the secure payment device to complete the payment service described in the embodiments herein.
As one embodiment herein, obtaining the user information and the reference characteristic information by the communication unit further comprises,
and receiving user information and reference characteristic information acquired by the intelligent terminal from a bank background server through the communication unit.
In the above steps, the smart terminal may be, for example, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, taking the smart phone as an example, when a user logs in a bank account by means of a web page or an application of the smart phone, and establishes a communication connection with the bank backend server, the smart phone may query user information of the bank backend server user, such as a unique identifier of the bank account, a user name, a user number, and the like, and may also obtain system time of the bank backend server, and send the user information and the system time to the secure payment device by means of a wired or wireless manner, using the system time as reference characteristic information.
In other embodiments, the secure payment device may further obtain the user information and the reference feature information from the bank backend server through a wireless communication unit, such as a SIM communication unit (i.e., establishing a connection with the bank backend server through a telecommunication network), or may further obtain the user information and the reference feature information from the bank backend server through a WiFi communication unit (i.e., establishing a connection with the bank backend server through a wired internet). The user can input the identification number or account number of the user through the digital keys on the safety payment device (if necessary, a password can also be input), and the safety payment device is directly connected with the bank background server through the wireless communication unit according to the information, so that the user information and the reference characteristic information stored on the bank background server can be obtained.
As an embodiment herein, the receiving, by the communication unit, the user information acquired by the intelligent terminal from the bank background server and the reference feature information further includes,
and receiving user information and reference characteristic information acquired by the intelligent terminal from a bank background server through the wired communication unit.
In this step, when the user first receives the secure payment device from the bank, the teller may operate to connect the secure payment device to an intelligent terminal of the bank, for example, a terminal with a USB unit, the teller inputs user information, such as name, identification number and other information, into the terminal, and the terminal may send the user information and the reference feature information stored in the bank backend server to the secure payment device through the USB unit.
The user information and the reference characteristic information (such as system time) stored in the bank background server are acquired through the intelligent terminal, so that the subsequent verification steps and the safety of payment service can be further ensured. And, acquire these information through intelligent terminal's mode and can further reduce the hardware requirement to safe payment device, reduce power consumption for safe payment device structure is simpler, more convenient operation.
As an embodiment herein, obtaining the user information and the reference feature information through the communication unit further comprises,
and receiving user information locally stored in the intelligent terminal and reference characteristic information generated by the intelligent terminal through a communication unit.
In this step, when the smart terminal may be, for example, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, and taking the smart phone as an example, after the user logs in the bank account through a web page or an application of the smart phone, the user information of the user, for example, a unique identifier such as a bank account, a user name, a user number, and the like, may be stored in the smart terminal, and the smart terminal may send the locally stored user information and the local system time as the reference characteristic information to the secure payment apparatus.
As one embodiment herein, the baseline characteristic information includes system time or a number.
In this step, the reference characteristic information may be a real-time system time at the time of the user configuration step, or a randomly generated start number. The secure payment device may generate verification information that is different for each payment service based on the reference characteristic information and the user information.
As an embodiment herein, when the reference feature information is system time, the storing the user information and the reference feature information into the secure storage chip further includes,
calculating the accumulated time;
further included in the generating dynamic authentication information directly based on user information and current profile information,
and accumulating the system time and the accumulated time to obtain the current system time so as to form current characteristic information.
In this step, the timing is started immediately after the secure payment device obtains the initial system time through the configuration step. When a user needs to perform payment service, the safety payment device can obtain the current system time according to the initial system time and the accumulated time obtained by timing, so that verification information, such as a two-dimensional code and the like, can be dynamically generated according to the user information and the current system time, the verification information generated by each payment service is different, and the payment safety can be ensured, namely the verification information is constantly changed, and the verification information cannot be reused even if the verification information is leaked. In the embodiment, the safe payment device is not networked, can not be constantly connected with the intelligent terminal for communication, and is often in a power-off shutdown state, if the same verification information is generated according to the same system time in each payment service, certain influence on the safety of the payment service can be caused, the current system time can be calculated in a low-energy-consumption mode in real time through power-off shutdown, and the verification information can be dynamically generated according to the current system time which changes in real time, so that the safety of the payment service is improved.
As an embodiment herein, when the reference feature information is a number, further comprising generating dynamic verification information directly based on the user information and the current feature information,
and accumulating the numbers to obtain the current sequence numbers so as to form the current characteristic information.
In this step, after the secure payment device stores the randomly generated digits in the configuration step as initial digits (which may also be uniform initial digits, for example, all starting from 0000), when the user performs a payment service, a fixed value, for example, 1, is added to the initial digits to form new sequential digits, that is, current sequential digits, the digits locally stored by the secure payment device are updated to current sequential digits, that is, when the user performs a next payment service, 1 is added to the current sequential digits to form new current sequential digits, the computation is performed by using the current sequential digits and the user information to generate dynamic verification information, and after the verification information is sent to the bank backend server, the bank backend server may query past payment service records, if there are the same sequential digits, the verification does not pass, and the result represents that the pattern to be identified generated by the secure payment device is used, the current payment service is exited, and if the same sequence number does not exist, the verification is passed, and the result represents that the pattern to be identified generated by the secure payment device is not used, and the subsequent payment service process is continued.
As one embodiment herein, said acquiring biometric information of the user comprises,
and acquiring the fingerprint information of the user through a fingerprint acquirer.
In the above steps, the biometric information includes fingerprint information, password information, etc., and the fingerprint information acquired by the fingerprint acquirer can be more conveniently used by elderly users or children users. Other steps of the payment service, such as verifying the legality of the pattern to be recognized, whether the account balance meets the payment transaction requirement, whether the transfer of the transaction amount has a problem and the like, do not bring any interference and influence to the user.
As an example herein, when the biometric information verification pass further comprises,
and judging whether the biological identification information stored in the secure storage chip of the secure payment device is consistent with the collected user biological identification information, if so, passing the verification, and if not, failing the verification.
As an embodiment herein, generating dynamic verification information directly based on the user information and the current feature information means that, when the biometric information passes verification, the secure payment device does not perform other processing, such as unlocking a screen, clicking application software, clicking a menu or pressing a key to invoke an application program or an applet, directly combines the user information and the current feature information in the secure storage chip to generate verification information (executed inside a processor of the secure payment device and not displayed to a user), and then generates an image to be recognized, and displays the image on a display screen of the secure payment device.
The merging of the user information and the current feature information to generate the verification information may be, for example, placing the user information in the front of the character string to be converted, placing the verification information in the rear of the character string to be converted to form a complete character string, converting each letter in the character string into a binary system according to a two-dimensional code conversion rule, for example, adding a mode indicator in front of the binary system character string, adding an error correction level in the tail of the binary system character string, and then representing the complete binary system character string in a black-and-white color block manner to form a two-dimensional code pattern. Of course, the operations of performing the uniformization of the pattern after performing the xor operation on the mask pattern and the complete binary character string black and white block are also involved, and the details are not repeated herein.
As an embodiment herein, generating and displaying a pattern to be recognized according to the verification information further comprises,
signing the verification information through a private key of a secure payment device;
and generating and displaying the pattern to be identified according to the signature and the verification information.
In this step, the secure payment device is used for signing by using the private key, and the signature and the verification information are converted to generate a pattern to be identified, such as a two-dimensional code, so that the security of payment can be further improved.
As an embodiment herein, further comprising after generating and displaying a pattern to be recognized according to the verification information,
acquiring the pattern to be identified through an acquisition terminal, and sending the pattern to be identified and payment information to a front-end server;
the prepositive server sends the pattern to be identified to an authentication server to verify the pattern to be identified;
and after the pattern to be identified passes the verification, the front-end server sends the payment information to a core payment system to complete the payment service.
In this step, the acquisition terminal acquires a pattern to be identified through a camera, an infrared scanner and other equipment, and sends the pattern to be identified or the verification information in the pattern to be identified to the front-end server in combination with the payment information of the current payment service, including information such as a commodity number, a quantity, an amount, a collection account and the like; the prepositive server sends the pattern to be identified or the verification information to the authentication server for verification; the authentication server identifies the pattern to be identified to obtain verification information, or directly receives the verification information, searches whether corresponding user information exists in the system by using the user information and the equipment ID in the verification information, and feeds back information of successful verification if the corresponding user information exists, wherein if the verification information comprises a signature of a user, a public key of the user can be obtained, the public key is used for verifying the signature in the verification information, and the information of successful verification is fed back after the signature verification passes; and if the verification result does not exist or the signature verification fails, feeding back information of the verification failure.
If the front-end server receives the information of successful verification, the payment information is sent to a core payment system to complete the operation of payment service; and if the front-end server receives the information of the verification failure, feeding back the information of the payment service failure to the acquisition terminal, and feeding back the reason of the payment service failure.
As an embodiment herein, performing the verification of the pattern to be recognized further comprises,
the authentication server obtains verification information through the pattern to be identified;
acquiring user information and current characteristic information in the verification information;
searching the current characteristic information matched with the user information in a historical payment service database;
if the verification result is found, feeding back verification failure information to the front-end server;
and if the verification result is not found, feeding back information of successful verification to the front-end server.
In this step, when the current system time or the current sequence number in the verification information appears in the history payment service record matched with the user information, it indicates that the verification information is used in the past payment service, that is, the pattern to be identified generated by the verification information and the user information is used, and the payment service of this time may have a transaction risk, so the authentication server feeds back the information of the transaction failure to the front-end server; otherwise, the verification information is brand new, the corresponding pattern to be identified is not used, and the payment service is safe.
Through the method of the embodiment, the operation of the elderly user and the children user is facilitated, the payment two-dimensional code can be generated by pressing the finger on the fingerprint acquisition unit after the safety payment device is activated, and a series of complex operations such as unlocking the smart phone, searching for payment application software, calling a certain small program of the payment application software, verifying a fingerprint and the like are not needed; in addition, the generation of the payment two-dimensional code in the operation process does not need the support of a telecommunication network, and the method is particularly suitable for remote areas with incomplete telecommunication network infrastructure; even if the payment service is carried out without the application of a telecommunication network, the payment two-dimensional code can be generated in a dynamic mode, so that the safety of the payment service is improved; in addition, the executed payment service flow has simple logic, a complex operating system and a high-performance processor are not needed in the safety payment device, the cost is low, the energy consumption is less, the response is rapid, the payment service can be completed by separating from the smart phone, and the payment service can be stably completed by using the safety payment device for a long time.
Fig. 3 is a schematic structural diagram of a secure payment device according to an embodiment of the present disclosure, in which the structure of the secure payment device is described, where the secure payment device includes a processor 301, a power control unit 302, a biological information identification unit 303, a pattern generation unit 304, and a display unit 305;
the power control unit 302 is used for activating a secure payment device according to a user activation instruction;
the processor 301 is configured to directly invoke the biometric information identification unit 303 to acquire biometric information of a user, and when the biometric information passes verification, generate dynamic verification information directly based on user information and current feature information;
the pattern generating unit 304 is configured to generate a pattern to be identified according to the verification information;
the display unit 305 is configured to display the pattern to be recognized.
Through the device of the embodiment, the operation of the old user and the child user is facilitated, the payment two-dimensional code can be generated by pressing the finger on the fingerprint acquisition unit after the safety payment device is activated, and a series of complex operations such as unlocking the smart phone, searching for payment application software, calling a certain small program of the payment application software, verifying a fingerprint and the like are not needed; in addition, the generation of the payment two-dimensional code in the operation process does not need the support of a telecommunication network, and the method is particularly suitable for remote areas with incomplete telecommunication network infrastructure; even if the payment service is carried out without the application of a telecommunication network, the payment two-dimensional code can be generated in a dynamic mode, so that the safety of the payment service is improved; in addition, the executed payment service flow has simple logic, a complex operating system and a high-performance processor are not needed in the safety payment device, the cost is low, the energy consumption is less, the response is rapid, the payment service can be completed by separating from the smart phone, and the payment service can be stably completed by using the safety payment device for a long time.
Fig. 4 is a flowchart illustrating a process of configuring a secure payment device after a user retrieves the secure payment device from a bank, where the secure payment device is configured, for example, a smart phone and the secure payment device are taken as participants of the configuration process, and in other embodiments, the secure payment device may be configured in other combinations, and an embodiment of the method specifically includes,
in step 401, the secure payment device is activated.
In this step, after the secure payment device is started, the bluetooth unit is opened in the configuration mode to wait for connection with the smartphone. For example, the configuration mode may be entered by continuously switching on and off the key several times, or when the secure payment device is powered on and turned on, and it is determined that the secure payment device is not configured, the secure payment device automatically enters the configuration mode, otherwise, the secure payment device enters the normal mode and waits for the input of a fingerprint.
Step 402, the smart phone is connected with the secure payment device via bluetooth.
In this step, the user can scan the bluetooth unit of the secure payment device through the bluetooth unit of the smart phone, and both parties can communicate after establishing the bluetooth connection.
Step 403, the user connects to the bank server through APP (application) of the smart phone.
In this step, the user can click the bank APP installed on the smart phone, and establish connection with the bank server through the telecommunication network.
In step 404, the smart phone obtains the user information and the system time stored in the bank server.
In this step, a user operates the smart phone to log in a bank server by using a user name, a password and other modes, and obtains user information from the bank server, wherein the user information may include information such as the user name, a user number, an account number and the like; system time, e.g. the current time on the system side, is also obtained from the bank server.
Step 405, the smart phone sends the user information and the system time to a secure payment device.
In this step, the request sent to the security payment device by the user information and the system time can be realized by the user clicking a certain key of the bank APP on the smart phone, or the security payment device sends a request to the smart phone in the background, and the smart phone completes the sending of the information in the background after logging in the bank APP.
At step 406, the secure payment device stores the user information and the system time in the secure memory chip.
Step 407, the secure payment device prompts the user via the display to enter a fingerprint.
This step may be performed before the aforementioned steps 402-406 or at the same time.
Step 408, receiving the fingerprint information input by the user on the fingerprint collector.
Step 409, storing the input fingerprint information in a secure storage chip.
Fig. 5 is a flowchart of a secure payment method executed on a secure payment device according to an embodiment of the present disclosure, where a method executed by the secure payment device when the configured secure payment device performs a payment service is described in this figure, where after a user inputs fingerprint information and verifies the fingerprint information, the secure payment device directly displays a dynamically generated two-dimensional code for completing payment on a display unit, and no manual operation or selection is required in the middle of the process, and the method of this embodiment specifically includes:
step 501, a secure payment device is activated.
In this step, when the user needs to perform the payment service, the configured secure payment device is taken out, and the secure payment device is powered on and started up by operating the switch key.
Step 502, prompting a user to input fingerprint information.
In the step, after the safe payment device is powered on and started up, if the configuration information is judged to exist, the text prompt is directly displayed through the display unit, and a user is requested to input fingerprint information; or the prompt information is displayed through the display unit, and only the fingerprint information input by the user is waited; or it may be a voice message through a speaker to prompt the user to input fingerprint information.
Step 503, the fingerprint collector collects fingerprint information input by the user.
And 504, comparing the acquired fingerprint information with the fingerprint information in the configuration information in the secure storage chip, if the acquired fingerprint information is consistent with the fingerprint information in the configuration information in the secure storage chip, passing the verification, and otherwise failing the verification.
In the step, if the verification is passed, the payment service processing is continued in the subsequent step, if the verification is failed, the user continues to wait for inputting the fingerprint, or a corresponding prompt of 'fingerprint input error' is made, if the fingerprint information input by the user for many times fails to be verified, no operation information is responded, the locking state is entered, the locking state is maintained even if the power-off and the power-on start are disconnected again, and any operation of the corresponding user is rejected.
Step 505, obtaining the device ID of the secure payment apparatus, and the user information and the system time in the secure memory chip.
In this step, the device ID of the secure payment apparatus may be a unique identifier of the processor, a unique identifier of the bluetooth unit, or a unique identifier of the secure memory chip.
And step 506, obtaining the current system time according to the system time.
In this step, the system time and the accumulated time in the secure memory chip are added to obtain the current system time, for example, the system time is 1 month, 18 nd day, 00 rd 00 second in 2021 year, 18 nd day, 00 rd 00 second in 1 month, 2 month, 18 nd day, 00 rd 00 second in 2021 year, and if the accumulated time is 48 hours, 00 rd 00 second when the secure payment device is used for payment after a period of time, the current system time is 18 nd day, 00 rd second in 1 month, 3 month, 2021 year.
Each time a payment service is performed using the secure payment apparatus, a new current system time is generated, and the verification information composed of the current system time, user information, device ID (signature information), and the like is refreshed, that is, dynamic verification information is formed.
Step 507, signing the device ID, the user information and the current system time.
In this step, the verification information is signed by the private key of the user, wherein the verification information comprises the device ID, the user information, and the current system time.
And step 508, generating the two-dimensional code by the verification information and the signature information.
In this step, the device ID, the user information, the current system time, and the signature information may be arranged in order to form a string, and then the string is converted into a binary string, and the binary string is converted into a two-dimensional code formed by black and white blocks.
Step 509, displaying the two-dimensional code on a display unit.
Fig. 6 is a data flow diagram of a secure payment method according to an embodiment of the present disclosure, where a process of a secure payment system performing a payment service, which is composed of a secure payment device, an acquisition terminal, a front server, a core payment system, and an authentication server, is described in the figure, where a described sequence is not necessarily the only execution sequence of the embodiment of the present disclosure, and other execution sequences are also possible, as long as the payment service can be completed within a reasonable variation range. The secure payment device used in this embodiment may be the structure shown in fig. 3, and may also include other necessary components, such as a battery, a housing, and other components, the secure payment device has a simple hardware structure and a simple processing capability, and compared with a smart phone, the power consumption is greatly reduced, and the operation is extremely simple, and only a power key needs to be turned on, and a finger is pressed on the fingerprint identification unit, so that a dynamically changing two-dimensional code can be generated; the acquisition terminal may include a communication unit, a network interface, a computer with certain data processing capability, and the like, in addition to a camera for acquiring patterns. The method of the embodiment specifically includes:
step 601, the acquisition terminal acquires a two-dimensional code of the security payment device.
In this step, the collection terminal may be a POS device with a scanning function.
Step 602, analyzing the two-dimensional code to obtain verification information.
In this step, the acquisition terminal analyzes the acquired two-dimensional code, obtains the device ID, the user information, the current system time, and the signature information therein to form a character string, and forms verification information according to a specific data encapsulation rule.
The specific data encapsulation rule may be to convert the character string into binary or XML format data.
Step 603, sending the verification information and the payment information of the payment service to a front-end server through a network.
In step 604, the front-end server sends the verification information to the authentication server.
Step 605, the authentication server verifies the verification information.
In this step, the authentication server searches the verification information of the user in the historical payment service database, for example, searches the user number in the historical payment service database, searches whether the user number has the same current system time and device ID, if yes, it indicates that the two-dimensional code used in the payment service has been used, the payment service has a risk, and if not, it indicates that the payment service is safe.
When the verification information further comprises signature information, a public key matched with the user information can be obtained, the public key is used for verifying the signature of the signature information, and if the signature passes the verification, the verification information provided by the payment service can be ensured to be a safe payment device from the user.
And step 606, the authentication server feeds back information of successful verification to the front-end server, otherwise, feeds back information of failed verification.
And step 607, when the verification is passed, the front-end server sends the payment information to the core payment system.
And if the verification fails, feeding back information of the verification failure to the acquisition terminal, and feeding back a failure reason, namely that the current two-dimensional code is possibly used, or other prompt information.
At step 608, the core payment system completes the payment transaction.
Step 609, the core payment system feeds back the information of successful payment service to the front-end server.
And step 610, the front-end server sends information of successful payment service to the acquisition terminal.
Through the method, the device and the system of the embodiment, the operation of the elderly user and the children user is facilitated, the payment two-dimensional code can be generated by pressing a finger on the fingerprint acquisition unit after the safe payment device is activated, and a series of complex operations such as unlocking the smart phone, searching the payment application software, calling a certain small program of the payment application software, verifying the fingerprint and the like are not needed; in addition, the generation of the payment two-dimensional code in the operation process does not need the support of a telecommunication network, and the method is particularly suitable for remote areas with incomplete telecommunication network infrastructure; even if the payment service is carried out without the application of a telecommunication network, the payment two-dimensional code can be generated in a dynamic mode, so that the safety of the payment service is improved; in addition, the executed payment service flow has simple logic, a complex operating system and a high-performance processor are not needed in the safety payment device, the cost is low, the energy consumption is less, the response is rapid, the payment service can be completed by separating from the smart phone, and the payment service can be stably completed by using the safety payment device for a long time.
Embodiments herein also provide computer readable instructions, wherein when executed by a processor, a program thereof causes the processor to perform the method of fig. 2, 4-6.
It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.
It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, meaning that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present invention may be implemented in a form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The principles and embodiments of this document are explained herein using specific examples, which are presented only to aid in understanding the methods and their core concepts; meanwhile, for the general technical personnel in the field, according to the idea of this document, there may be changes in the concrete implementation and the application scope, in summary, this description should not be understood as the limitation of this document.

Claims (16)

1. A secure payment method, comprising,
directly executing the subsequent steps after the safe payment device is activated according to the user activation instruction;
collecting biometric information of a user;
when the biological identification information passes the verification, generating dynamic verification information directly based on the user information and the current characteristic information;
and generating and displaying the pattern to be identified according to the verification information.
2. The method of claim 1, wherein activating a secure payment device in accordance with a user activation instruction comprises,
and powering on and activating the safety payment device according to the operation of the user on-off key.
3. The method of claim 1, further comprising, prior to activating the secure payment device in accordance with the user activation instruction,
collecting biological identification information of a user, and storing the biological identification information into a secure storage chip;
and acquiring user information and reference characteristic information through a communication unit, and storing the user information and the reference characteristic information into the secure storage chip.
4. The method of claim 3, wherein obtaining user information and reference characteristic information via a communication unit further comprises,
and receiving user information and reference characteristic information acquired by the intelligent terminal from a bank background server through the communication unit.
5. The method of claim 4, further comprising receiving user information and reference feature information acquired by the intelligent terminal from a bank background server through the communication unit,
and receiving user information and reference characteristic information acquired by the intelligent terminal from a bank background server through the wired communication unit.
6. The method of claim 3, further comprising obtaining user information and reference feature information via a communication unit,
and receiving user information locally stored in the intelligent terminal and reference characteristic information generated by the intelligent terminal through a communication unit.
7. The method of claim 3, wherein the baseline characterization information comprises a system time or a number.
8. The method according to claim 7, wherein when the reference characteristic information is a system time, the storing the user information and the reference characteristic information into the secure storage chip further comprises,
calculating the accumulated time;
further included in the generating dynamic authentication information directly based on user information and current profile information,
and accumulating the system time and the accumulated time to obtain the current system time so as to form current characteristic information.
9. The method of claim 7, further comprising, when the reference characteristic information is a number, generating dynamic authentication information based directly on user information and current characteristic information,
and accumulating the numbers to obtain the current sequence numbers so as to form the current characteristic information.
10. The method of claim 1, wherein when the biometric information verification is passed further comprises,
and judging whether the biological identification information stored in the secure storage chip of the secure payment device is consistent with the collected user biological identification information, if so, passing the verification, and if not, failing the verification.
11. The method according to claim 1, further comprising, in generating and displaying a pattern to be recognized based on the authentication information,
signing the verification information through a private key of a secure payment device;
and generating and displaying the pattern to be identified according to the signature and the verification information.
12. The method according to claim 1, further comprising, after generating and displaying a pattern to be recognized from the verification information,
acquiring the pattern to be identified through an acquisition terminal, and sending the pattern to be identified and payment information to a front-end server;
the prepositive server sends the pattern to be identified to an authentication server to verify the pattern to be identified;
and after the pattern to be identified passes the verification, the front-end server sends the payment information to a core payment system to complete the payment service.
13. The method of claim 12, wherein performing verification of the pattern to be identified further comprises,
the authentication server obtains verification information through the pattern to be identified;
acquiring user information and current characteristic information in the verification information;
searching the current characteristic information matched with the user information in a historical payment service database;
if the verification result is found, feeding back verification failure information to the front-end server;
and if the verification result is not found, feeding back information of successful verification to the front-end server.
14. A safe payment device is characterized by comprising a processor, a power supply control unit, a biological information identification unit, a pattern generation unit and a display unit;
the power supply control unit is used for activating the secure payment device according to a user activation instruction;
the processor is used for directly calling the biological information identification unit to acquire the biological identification information of the user, and when the biological identification information passes verification, the processor directly generates dynamic verification information based on the user information and the current characteristic information;
the pattern generating unit is used for generating a pattern to be identified according to the verification information;
the display unit is used for displaying the pattern to be identified.
15. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of the preceding claims 1-11 when executing the computer program.
16. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, is adapted to carry out the method of any of the preceding claims 1-11.
CN202110458577.7A 2021-04-27 2021-04-27 Safety payment device and method, computer equipment and readable storage medium Pending CN113159771A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110458577.7A CN113159771A (en) 2021-04-27 2021-04-27 Safety payment device and method, computer equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110458577.7A CN113159771A (en) 2021-04-27 2021-04-27 Safety payment device and method, computer equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN113159771A true CN113159771A (en) 2021-07-23

Family

ID=76871261

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110458577.7A Pending CN113159771A (en) 2021-04-27 2021-04-27 Safety payment device and method, computer equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN113159771A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106651378A (en) * 2016-10-21 2017-05-10 北京数码视讯支付技术有限公司 Payment terminal, system and method
CN107341658A (en) * 2017-08-24 2017-11-10 张龙 mobile quick payment terminal and quick payment method
CN108154365A (en) * 2017-12-19 2018-06-12 恒宝股份有限公司 A kind of safety equipment for generating dynamic two-dimension code, method and system
US20180181739A1 (en) * 2015-08-27 2018-06-28 Alibaba Group Holding Limited Identity authentication using biometrics
CN111899029A (en) * 2020-08-13 2020-11-06 北京字节跳动网络技术有限公司 Identity verification method and device for electronic payment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180181739A1 (en) * 2015-08-27 2018-06-28 Alibaba Group Holding Limited Identity authentication using biometrics
CN106651378A (en) * 2016-10-21 2017-05-10 北京数码视讯支付技术有限公司 Payment terminal, system and method
CN107341658A (en) * 2017-08-24 2017-11-10 张龙 mobile quick payment terminal and quick payment method
CN108154365A (en) * 2017-12-19 2018-06-12 恒宝股份有限公司 A kind of safety equipment for generating dynamic two-dimension code, method and system
CN111899029A (en) * 2020-08-13 2020-11-06 北京字节跳动网络技术有限公司 Identity verification method and device for electronic payment

Similar Documents

Publication Publication Date Title
US8788349B2 (en) Mobile payment using picture messaging
CN101038653B (en) Verification system
CN106296199A (en) Payment based on living things feature recognition and identity authorization system
US20120011007A1 (en) Mobile Payment Using DTMF Signaling
US7079833B2 (en) Mobile radio terminal and network commerce system using the same
CN103838992A (en) Fingerprint identifying method and terminal
EP2725536A1 (en) Mobile device-based electronic payment systems and methods
CN104820944A (en) Method and system for bank self-service terminal authentication, and device
CN106127900A (en) A kind of user identity comprehensive verification method for unlocking and device
WO2019178817A1 (en) Product sales volume extraction and reporting method, payment method, and terminal apparatus
CN112468975A (en) Management method, device, medium and electronic equipment of analog card
CN104008326A (en) Apparatus and method for managing security of terminal
CN109886670A (en) Method of payment, device, system, mobile terminal, payment equipment and server
CN110992053A (en) Safe payment system and method based on finger vein recognition and block chain technology
CN107230060A (en) The method and apparatus that a kind of account is reported the loss
CN1666457B (en) Method and device for authenticating a user in a variety of contexts
CN102902907B (en) A kind of collocation method, inking device and electronic equipment
KR101187856B1 (en) Mobile phone payment system for using bar code generating algorithm and method thereof
WO2018006318A1 (en) Method and system for using intelligent entrance guard on basis of mobile terminal
CN110582771B (en) Method and apparatus for performing authentication based on biometric information
CN111669744B (en) Information processing method and device and electronic equipment
JP2020519978A (en) Novel retail system and method based on face identification
CN113159771A (en) Safety payment device and method, computer equipment and readable storage medium
CN110766388B (en) Virtual card generation method and system and electronic equipment
WO2017173749A1 (en) Pin pad, payment terminal having integrated camera module, and payment method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination