CN114463012A - Authentication method, payment method, device and equipment - Google Patents
Authentication method, payment method, device and equipment Download PDFInfo
- Publication number
- CN114463012A CN114463012A CN202210096244.9A CN202210096244A CN114463012A CN 114463012 A CN114463012 A CN 114463012A CN 202210096244 A CN202210096244 A CN 202210096244A CN 114463012 A CN114463012 A CN 114463012A
- Authority
- CN
- China
- Prior art keywords
- information
- token
- server
- internet
- payment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the application discloses an authentication method, a payment device and equipment, wherein in the authentication method, identity information of Internet of things equipment and payment information of a user are obtained through mobile equipment, and a first token is arranged in the Internet of things equipment; the identity information and the payment information are sent to a first server, so that the first server sends the payment information to a second server for authentication after passing the identity information authentication; and when the second server passes the payment information authentication, generating a second token and sending the second token to the first server, and generating first information and second information based on the first token, the second token and the association information among the payment information and sending the first information and the second information to the mobile equipment and the Internet of things equipment respectively to complete the authentication. The first token serves as an equipment token of the Internet of things equipment, the second token serves as a business token corresponding to the payment information, and in the payment process, the transaction safety is improved based on the binding relationship between the tokens and the payment information.
Description
Technical Field
The application belongs to the technical field of payment security, and particularly relates to an authentication method, a payment device and equipment.
Background
With the rapid development of the internet of things technology, the variety of the internet of things equipment in the market is more diversified, the manufacturers are more and the management is complex, so that the risk involved when the internet of things equipment participates in a payment scene is higher.
The existing internet of things equipment only supports online transaction in a payment scene, and the transaction safety is low.
Disclosure of Invention
The embodiment of the application provides an authentication method, a payment device and equipment, and can improve the transaction security of Internet of things equipment in a payment scene.
In a first aspect, an embodiment of the present application provides an authentication method, which is applied to an internet of things device, where a first token is built in the internet of things device, and the method includes:
sending identity information of the Internet of things equipment to mobile equipment so that the mobile equipment sends the identity information and payment information of a user to a first server for authentication;
receiving first information sent by a first server, wherein the first information comprises a first token and associated information between a second token and the identity information and payment information, the first token is determined after the identity information is authenticated by the first server, and the second token is generated after the payment information is authenticated by the second server;
the first information is stored in the secure chip.
In some embodiments, the internet of things equipment is provided with a security chip,
before sending the identity information of the internet of things equipment to the mobile equipment, the method further comprises the following steps;
generating a pair of keys through a security chip, wherein the keys comprise a first public key and a first private key;
sending the first public key to the first server;
sending identity information of the internet of things device to the mobile device, including:
the identity information is encrypted through the first private key and then sent to the mobile equipment, so that the mobile equipment can authenticate the identity information through the first public key after sending the identity information to the first server.
In some embodiments, the first token is stored encrypted in the secure chip.
In some embodiments, the payment information corresponds to one or more payment cards, the second tokens correspond to one or more payment cards, and the second tokens correspond to the payment cards in a one-to-one manner.
In a second aspect, an embodiment of the present application provides an authentication method, applied to a first server, the method including:
receiving identity information of the Internet of things equipment and payment information of a user, which are sent by mobile equipment;
authenticating identity information through a preset rule;
after the identity information authentication is passed, sending payment information to a second server for authentication;
receiving a second token sent by a second server, wherein the second token is generated after the payment information authentication of the second server is passed;
and sending the association information obtained by associating the first token and the second token with the identity information and the payment information to the Internet of things equipment and the mobile equipment.
In some embodiments, the identity information is information encrypted by a first private key, and the first private key is generated by a security chip of the internet of things device;
authenticating identity information through a preset rule, comprising:
and authenticating the identity information through the first public key, wherein the first public key is generated for the security chip and corresponds to the first private key.
In some embodiments, before receiving the identity information of the internet of things device and the payment information of the user sent by the mobile device, the method further includes:
receiving a first public key sent by the Internet of things equipment;
the first public key is saved.
In some embodiments, the payment information corresponds to one or more payment cards, the second tokens correspond to one or more payment cards, and the second tokens correspond to the payment cards in a one-to-one manner.
In a third aspect, an embodiment of the present application provides an authentication method, which is applied to a mobile device, and the method includes:
acquiring identity information of the Internet of things equipment and payment information of a user, wherein a first token is arranged in the Internet of things equipment;
the identity information and the payment information are sent to a first server, so that the first server sends the payment information to a second server for authentication after passing the identity information authentication;
and receiving second information sent by the first server, wherein the second information comprises a first token, a second token, identity information and associated information among the payment information, the first token is determined by the first server according to the identity information, and the second token is generated after the payment information is authenticated by the second server.
In some embodiments, obtaining identity information of the internet of things device and payment information of the user includes:
acquiring an identification code of the Internet of things equipment, wherein the identification code comprises identity information and a page address of the Internet of things equipment;
according to the identification code, analyzing to obtain identity information, and jumping to a first interface corresponding to the page address;
and receiving payment information input by a user from the first interface.
In some embodiments, a security chip is provided in the internet of things device, and the first token is stored in the security chip in an encrypted manner.
In some embodiments, the payment information corresponds to one or more payment cards, the second tokens correspond to one or more payment cards, and the second tokens correspond to the payment cards in a one-to-one manner.
In a fourth aspect, an embodiment of the present application provides a payment method, which is applied to a first server, and the method includes:
receiving a transaction request sent by equipment of the Internet of things, wherein the transaction request comprises transaction information corresponding to a transaction event, a first token and identity information of the equipment of the Internet of things, and the transaction information comprises payment information;
analyzing the transaction request to obtain a first token;
determining a corresponding second token according to the first token and pre-stored mapping information in the first server, wherein the pre-stored mapping information is associated information of the first token, the second token, identity information and payment information;
sending the second token and the transaction information to a second server, so that after the second server verifies the payment information corresponding to the second token, a third server performs balance deduction operation corresponding to the transaction event based on the payment information and generates balance change information;
and receiving balance change information sent by the second server to forward to the Internet of things equipment.
In some embodiments, the transaction request is information encrypted by a first private key on the internet of things device, the first private key being generated for a security chip of the internet of things device;
parsing the transaction request to obtain a first token, comprising:
and decrypting the transaction request through the first public key to obtain a first token from the transaction request by analysis, wherein the first public key is generated by the security chip and corresponds to the first private key.
In a fifth aspect, an embodiment of the present application provides an authentication apparatus, which is applied to a mobile device, and the apparatus includes:
the system comprises a first acquisition module, a second acquisition module and a payment module, wherein the first acquisition module is used for acquiring identity information of the Internet of things equipment and payment information of a user, and a first token is arranged in the Internet of things equipment;
the first sending module is used for sending the identity information and the payment information to the first server so as to send the payment information to the second server for authentication after the first server passes the identity information authentication;
the first receiving module is used for receiving first information sent by the first server, wherein the first information comprises a first token, a second token, identity information and associated information among the payment information, the first token is determined by the first server according to the identity information, and the second token is generated after the payment information is authenticated by the second server.
In a sixth aspect, the embodiment of the present application provides an authentication device, is applied to thing networking equipment, and thing networking equipment embeds there is first token, and its characterized in that, the device includes:
the second sending module is used for sending the identity information of the Internet of things equipment to the mobile equipment so that the mobile equipment sends the identity information and the payment information of the user to the first server for authentication;
the second receiving module is used for receiving second information sent by the first server, wherein the second information comprises a first token, the second token, identity information and associated information among the payment information, the first token is determined after the identity information is authenticated by the first server, and the second token is generated after the payment information is authenticated by the second server;
and the storage module is used for storing the second information in the security chip.
In a seventh aspect, an embodiment of the present application provides an authentication apparatus applied to a first server, where the apparatus includes:
the third receiving module is used for receiving the identity information of the Internet of things equipment and the payment information of the user, which are sent by the mobile equipment;
the first authentication module is used for authenticating the identity information through a preset rule;
the third sending module is used for sending the payment information to the second server for authentication after the identity information passes the authentication;
the fourth receiving module is used for receiving a second token sent by the second server, wherein the second token is generated after the payment information authentication of the second server is passed;
and the fourth sending module is used for sending the associated information obtained by associating the first token and the second token with the identity information and the payment information to the Internet of things equipment and the mobile equipment.
In an eighth aspect, an embodiment of the present application provides a payment apparatus, which is applied to a first server, and the apparatus includes:
the fifth receiving module is used for receiving a transaction request sent by the internet of things equipment, wherein the transaction request comprises transaction information corresponding to a transaction event, a first token and identity information of the internet of things equipment, and the transaction information comprises payment information;
the first analysis module is used for analyzing the transaction request to obtain a first token;
the determining module is used for determining a corresponding second token according to the first token and pre-stored mapping information in the first server, wherein the pre-stored mapping information is association information of the first token, the second token, identity information and payment information;
a fifth sending module, configured to send the second token and the transaction information to the second server, so that after the payment information corresponding to the second token is verified by the second server, a balance deduction operation corresponding to the transaction event is performed by the third server based on the payment information, and balance change information is generated;
a sixth receiving module, configured to receive the balance change information sent by the second server, so as to forward the balance change information to the internet of things device.
In a ninth aspect, an embodiment of the present application provides an electronic device, where the device includes: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, performs the method as described in any of the embodiments of the first, second, third, or fourth aspects above.
In a tenth aspect, an embodiment of the present application provides a computer storage medium, where computer program instructions are stored on the computer storage medium, and when executed by a processor, the computer program instructions implement the method described in any of the embodiments of the first aspect, the second aspect, the third aspect, or the fourth aspect.
In an eleventh aspect, the present application provides a computer program product, where instructions of the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the method described in any of the first, second, third, or fourth aspects.
The embodiment of the application provides an authentication method, a payment device and equipment, wherein in the authentication method, identity information of Internet of things equipment and payment information of a user are obtained through mobile equipment, and a first token is arranged in the Internet of things equipment; the identity information and the payment information are sent to a first server, so that the first server sends the payment information to a second server for authentication after passing the identity information authentication; and when the second server passes the payment information authentication, generating a second token and sending the second token to the first server, and generating first information and second information based on the first token, the second token and the association information among the payment information and sending the first information and the second information to the mobile equipment and the Internet of things equipment respectively to complete the authentication. The first token serves as an equipment token of the Internet of things equipment, the second token serves as a business token corresponding to the payment information, and in the payment process, the transaction safety is improved based on the binding relationship between the tokens and the payment information.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of an authentication method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating an authentication method in a specific example of the present application;
fig. 3 is a schematic flowchart of an authentication method according to another embodiment of the present application;
FIG. 4 is a schematic flow chart diagram illustrating an authentication method according to yet another embodiment of the present application;
fig. 5 is a flowchart illustrating an authentication method according to another embodiment of the present application;
FIG. 6 is a schematic flow chart diagram of a payment method provided by one embodiment of the present application;
FIG. 7 is a schematic flow chart of a payment method in a specific example of the present application;
fig. 8 is a schematic structural diagram of an authentication device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an authentication device according to another embodiment of the present application;
fig. 10 is a schematic structural diagram of an authentication device according to still another embodiment of the present application;
FIG. 11 is a schematic diagram of a payment device according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of an electronic device according to still another embodiment of the present application.
Detailed Description
Features and exemplary embodiments of various aspects of the present application will be described in detail below, and in order to make objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described herein are intended to be illustrative only and are not intended to be limiting. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present application by illustrating examples thereof.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In a payment scenario of the current internet of things device, a payment method generally adopted is as follows: the internet of things equipment sends a payment request containing the equipment identification and the payment amount to the server, and the server inquires the associated payment account according to the equipment identification and deducts money from the payment account.
The payment method has the disadvantages that the payment safety is low, the related payment account can only be determined by the background server for deduction, and the Internet of things equipment does not have independent payment capacity.
In addition, at present, the internet of things device only supports online transaction in a payment scene, and does not participate in offline POS (Point of sales) devices, so that offline transaction cannot be supported. As for the current payment technology, if the internet of things device performs offline transaction, it mostly needs to rely on an IC Card (Integrated Circuit Card), and needs to initiate transaction based on the IC Card by means of the POS device, so that the front-end operation convenience is reduced, and the operation flow complexity is high.
In order to solve the problem of the prior art, the embodiment of the application provides an authentication method, a payment device and equipment. The safe payment is realized through the safety chip and the equipment token which are arranged in the Internet of things equipment. The following first introduces an authentication method provided in an embodiment of the present application.
Fig. 1 shows a flowchart of an authentication method according to an embodiment of the present application. As shown in fig. 1, the authentication method is applied to an internet of things device, in which a first token is built, and includes steps S101 to S103:
s101, identity information of the Internet of things equipment is provided for mobile equipment, so that the mobile equipment sends the identity information and payment information of a user to a first server for authentication.
S102, receiving first information sent by a first server, wherein the first information comprises a first token, a second token and associated information among the payment information, the first token is determined after the first server passes the identity information authentication, and the second token is generated after the second server passes the payment information authentication;
s103, storing the first information.
In the authentication method of the embodiment of the application, the identity information of the internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to obtain the first token correspondingly; and then sending the payment information to a second server, authenticating the legality of the payment information by the second server, generating a second token after the authentication is passed, returning the second token to the first server, and finishing the binding of the corresponding Internet of things equipment by the first server, namely associating the first token, the second token and the payment information and sending the first token, the second token and the payment information to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the Internet of things equipment and the server, and the safety of subsequent payment is guaranteed.
In some embodiments, to enhance payment security, the payment may be implemented by increasing hardware capabilities of the internet of things device. Optionally, in this embodiment of the application, a processor of the device in the internet of things, such as an MCU (Micro Controller Unit, Micro control Unit), is connected to the security chip SE (secure element), and the security chip SE presets a security domain, so as to establish a security basis of the device in the internet of things.
It can be understood that the security domain may verify the validity and the security through the server to which the internet of things device belongs, and the verification of the security domain may adopt a mature technology in the field, which is not described herein again.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first Token is stored in the security chip SE in an encrypted manner, and the first Token is used as a Token of the equipment of the Internet of things and can be preset in the equipment of the Internet of things together with the security chip in a delivery stage or before being put into use. Such as by a payment card manufacturer or by an internet of things device manufacturer.
The first Token, namely the device Token of the internet of things device, has a unique corresponding relationship with the internet of things device, and each internet of things device has one device Token, so that the device Token of the internet of things device has uniqueness in the whole situation.
Optionally, after the security domain of the secure chip SE passes verification, before step S101, the authentication method in the embodiment of the present application may further include S104 to S105:
s104, generating a pair of keys through the security chip, wherein the keys comprise a first public key and a first private key;
and S105, sending the first public key to the first server.
Illustratively, the secure chip SE generates a pair of asymmetric keys, where the keys include a first public key and a first private key, where the first private key is stored in the secure chip, and the first public key is sent to the first server for storage.
In this way, in step S101, providing the identity information of the internet of things device to the mobile device may specifically include:
and the identity information is encrypted by the first private key and then sent to the mobile equipment, so that the mobile equipment authenticates the identity information by a first public key after sending the identity information to the first server.
In step S101, the Identity information of the internet of things may include one or more of an Identity Document (ID), an equipment manufacturer ID, and an equipment chip ID (i.e., a chip serial number corresponding to the MCU of the equipment). In some examples, when the identity information of the internet of things device is provided to the mobile device, the identity information of the internet of things device may be displayed for the mobile device to obtain, or the internet of things device provides an MCU access interface for the mobile device to obtain the identity information of the internet of things device.
As shown in fig. 2, when identity information is provided through an identification code, the identification code may include acquisition request information, and through steps S201 to S202, the mobile device scans the identification code to initiate a request to the internet of things device, and then the internet of things device returns the identity information to the mobile device based on the request, and the mobile device receives the identity information and then acquires payment information input by a user through a first interface.
The identification code may include identity information and page address links such as a device ID and a device vendor ID of the internet of things device. The mobile device obtains identity information of the Internet of things device by scanning the identification code, and jumps to a first interface corresponding to the page address to receive payment information input by the user from the first interface.
Or the Internet of things equipment provides an MCU access interface, the mobile equipment acquires identity information of the Internet of things equipment through the access interface, and then payment information input by a user is acquired through the first interface.
For example, the identification code may be a two-dimensional code or a graphic code in other forms; the identification code can be a static code or a dynamic code; the identification code can be displayed through a display screen of the Internet of things equipment and also can be displayed in other forms; the embodiments of the present application are not limited to the sole examples.
Illustratively, the identity information acquired by the mobile device is encrypted by using a first private key stored in a security chip SE by the internet of things device, so that a risk of malicious analysis and attack caused by information leakage during information transmission in an authentication process can be avoided.
For example, the payment information input by the user may include one or more of a Card Number of a payment Card (e.g., a bank Card), an anti-counterfeiting code (e.g., a security code CVN2, Card validity Number 2), and a verification code. In one particular example, one or more payment cards may be included in the payment information.
In this embodiment of the application, through step S203 shown in fig. 2, the mobile device sends the identity information of the internet of things device and the payment information of the user to the first server, authenticates the validity of the identity information through the first server, and authenticates the payment of the user through the second server after the identity information of the internet of things device passes authentication.
Illustratively, the first server may be an internet of things device management platform. The first server stores the mapping relationship between the internet-of-things device and the corresponding first public key and the device Token in the database in advance. Referring to fig. 2, after the first server receives the identity information of the internet of things device sent by the mobile terminal, in step S204, the identity information is decrypted and authenticated through the first public key, and if the decryption is successful, the identity of the internet of things device is legal and the authentication is passed; otherwise, the identity authentication of the Internet of things fails.
In step S204, after the first server passes the authentication of the identity information of the internet of things device, the first token corresponding to the internet of things device is determined based on the analyzed identity information. Meanwhile, the first server also transmits the payment information of the user to the second server through step S205. For example, the second server may be a transaction platform of an operator to which the payment card belongs (e.g., a union pay transaction platform corresponding to a union pay card). And the second server verifies the card number, the anti-counterfeiting code and the verification code in the payment information to confirm the validity of the payment information.
It can be understood that the legality authentication of the payment card by the server corresponding to the payment card operator is a mature technology in the field, and is not described herein again.
Referring to fig. 2, the second server generates a second token corresponding to the payment information after authenticating that the payment information of the user is legal, through step S206. Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with the payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
Through step S207, the second token generated by the second server is returned to the first server, and through step S208, the first server binds the first token corresponding to the determined internet of things device and the second token returned by the second server with the corresponding identity information and payment information, generates corresponding association information, and stores the association information in the first server. In the association information, one first token may correspond to one or more second tokens, that is, in the embodiment of the present application, one internet of things device is allowed to bind multiple payment cards for subsequent transactions, so as to meet the multi-card payment requirement of the user. In one example, to improve convenience of subsequent payment, one of the payment cards may be set as a default payment card in the binding process of the association information, and a corresponding default payment identifier may be marked in the association information.
After the associated information generated by the first server, the internet of things device receives the associated information (i.e., the first information) sent by the first server through step S102, and securely stores the first information in the internet of things device through step S103. And the associated information can also be sent to the mobile device for display to the user.
In the embodiment of the application, the first information is safely stored in the internet of things device, transaction payment can be initiated through payment information in the first information stored in the safety chip SE in a subsequent payment scene, the internet of things device has hardware capability capable of being used for safe payment, transaction attributes of the internet of things device are expanded, and device safety payment capability is improved. Therefore, the internet of things equipment authenticated through the identity information and the payment information can have independent payment capacity in a subsequent payment process, on one hand, compared with the traditional online transaction, the internet of things equipment in the embodiment of the application can initiate transaction payment according to the payment information which is safely stored and authenticated through the platform and the first token based on a hardware basis established by the security chip, so that the transaction security is guaranteed, and the risk that the information is maliciously cracked and attacked in the transmission process of the transaction information is avoided. On the other hand, the first information authenticated by the authentication method in the embodiment of the application is stored in the internet of things device and used for initiating the transaction payment in a subsequent scene, and compared with the traditional offline transaction which is completed by relying on an IC card, when the internet of things device initiates the transaction based on the payment information of the payment card in the embodiment of the application, the dependence of a front end on the physical card body of the IC card can be separated, so that the transaction convenience is improved.
Optionally, in order to meet various requirements of the user, the user may be allowed to update payment information stored in the internet of things device in the embodiment of the present application. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the internet of things device to request authentication binding, or wants to delete a bound payment card, as shown in fig. 3, the authentication method may further include steps S301 to S303:
s301, identity information and payment information of the Internet of things equipment are provided for mobile equipment, so that the mobile equipment generates updated payment information according to the payment information and sends the updated payment information and the identity information to a first server for authentication.
The mobile terminal can acquire the identity information of the Internet of things equipment by scanning the identification code or accessing the MCU access interface of the Internet of things equipment, and jump to a second interface to display the payment information of the existing payment card stored on the Internet of things equipment.
The user can generate corresponding updated payment information by inputting an additional payment card or deleting a payment card and the like on the basis of the payment information displayed on the second interface of the mobile device. If the originally set payment information of the payment card 1 is displayed on the second interface, the user inputs the payment information of the payment card 2 and the payment card 3 on the second interface, marks the default payment card mark on the payment information of the payment card 2, deletes the payment information of the payment card 1, and generates updated payment information corresponding to the payment card 2 and the payment card 3. The mobile device sends the identity information and the updated payment information to the first server for authentication.
S302, third information sent by a first server is received, wherein the third information comprises the first token, the third token, the identity information and the associated information among the updated payment information, the first token is determined after the identity information is authenticated by the first server, and the third token is generated after the updated payment information is authenticated by the second server;
and S303, storing the third information.
In this embodiment, the authentication process of the first server for the identity information of the internet of things device is the same as the authentication process of the identity information in the above embodiment, the authentication process of the second server for the updated payment information is the same as the authentication process of the payment information in the above embodiment, the second server generates a new technology Token, that is, a third Token, after the updated payment information is authenticated, returns to the second server, and the second server binds the first Token, the third Token, the identity information, and the updated payment information to generate new associated information (that is, third information), sends the new associated information to the internet of things device for storage, and sends the new associated information to the mobile device for display to the user.
Fig. 4 shows a flowchart of an authentication method provided in an embodiment of the present application. As shown in fig. 4, the authentication method is applied to the first server, and the method includes steps S401 to S405:
s401, receiving identity information of the Internet of things equipment and payment information of a user, which are sent by the mobile equipment;
s402, authenticating the identity information through a preset rule;
s403, after the identity information passes the authentication, sending the payment information to a second server for authentication;
s404, receiving a second token sent by a second server, wherein the second token is generated after the payment information authentication of the second server is passed;
s405, sending the first token, the second token, the identity information and the associated information obtained after the payment information is associated to the Internet of things equipment and the mobile equipment.
In this embodiment of the application, the first server may be an internet of things device management platform, and the first server may perform unified management on a plurality of internet of things devices. In the authentication method of the embodiment of the application, the identity information of the internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to obtain the first token correspondingly; and then sending the payment information to a second server, authenticating the legality of the payment information by the second server, generating a second token after the authentication is passed, returning the second token to the first server, and finishing the binding of the corresponding Internet of things equipment by the first server, namely associating the first token, the second token and the payment information and sending the first token, the second token and the payment information to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the Internet of things equipment and the server, and the safety of subsequent payment is guaranteed.
Optionally, in order to enhance payment security, a processor of the internet of things device, such as an MCU (Micro Controller Unit, Micro control Unit), is connected to the security chip SE (secure element), and the security chip SE presets a security domain to establish a security foundation of the internet of things device.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first token is stored in the security chip SE in an encrypted manner. The first Token and the internet of things equipment have a unique corresponding relation, each internet of things equipment has one equipment Token, and the equipment Token of the internet of things equipment has uniqueness in the whole situation.
The security chip of the internet of things equipment is used for generating a pair of asymmetric keys besides the first token. The secret key comprises a first public key and a first private key, the first private key is stored in the security chip, and the first public key is sent to the first server to be stored. Therefore, before the step S401, the method may further include:
receiving the first public key sent by the Internet of things equipment;
and saving the first public key.
The first server may store mapping association between the identity information of the internet of things device and the first token thereof in a database in advance, and store the first public key in association with the corresponding identity information of the internet of things device after receiving the first public key.
After the first public key is saved by the first server, the Identity information of the internet of things device and the payment information of the user, which are sent by the mobile device, are received through step S401, where the Identity information of the internet of things device may include a device ID (Identity Document), a device manufacturer ID, and a device chip ID. The payment information of the user can comprise one or more of Card Number of a payment Card (such as a bank Card), anti-counterfeiting code (such as a security code CVN2, Card validity Number 2), verification code and the like. In one particular example, one or more payment cards may be included in the payment information.
For example, in order to improve the security of the authentication information, the identity information may be encrypted by a first private key stored in a security chip of the internet of things device, and after receiving the identity information of the internet of things device and the payment information of the user, the first server may authenticate the identity information by using a preset rule through step S402. Specifically, step S402 may include:
and authenticating the identity information through a first public key, wherein the first public key is generated for the security chip and corresponds to the first private key.
The identity information encrypted by the first private key is a section of ciphertext, if the ciphertext can be decrypted by a first public key corresponding to the first private key, the identity of the Internet of things equipment is legal, and the authentication is passed; if decryption fails, the identity of the Internet of things equipment is illegal, and the identity authentication of the Internet of things fails.
And authenticating that the identity of the Internet of things equipment is legal, decrypting a plaintext of the identity information, and matching the first server from the database to obtain a corresponding first token based on the plaintext. And sends the payment information to a second server for authentication in step S403, in one example, the second server may be a transaction platform of an operator to which the payment card belongs (e.g., a union pay transaction platform corresponding to a union pay card). And the second server verifies the card number, the anti-counterfeiting code and the verification code in the payment information to confirm the legality of the payment information.
And after the second server authenticates that the payment information of the user is legal, generating a second token corresponding to the payment information. Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with a payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
After the second server generates the second token, the first server receives the second token sent by the second server through step S404, associates and binds the first token and the second token with the decrypted identity information and the payment information, generates corresponding association information, stores the association information in a database of the first server, and sends the association information to the internet of things device and the mobile device respectively through step S405, and the internet of things device stores the association information so that the transaction payment is initiated based on the association information subsequently, and the mobile device can display the association information for the user to view.
In the embodiment of the application, after the identity information of the Internet of things equipment is authenticated through the first server, the payment information is authenticated through the second server, and the information safety is guaranteed. The first server associates and binds the identity information and the payment information of the Internet of things equipment with the unique equipment Token of the Internet of things equipment, and feeds the identity information and the payment information back to the Internet of things equipment for storage, so that in a subsequent payment scene, transaction payment can be initiated through the payment information stored in a security chip SE of the Internet of things equipment, and the Internet of things equipment has independent payment capacity. On the one hand, compared with the traditional online transaction, the internet of things equipment in the embodiment of the application can initiate transaction payment according to the safely stored payment information which is authenticated by the platform and the first token based on the hardware basis established by the security chip, so that the transaction security is guaranteed, and the risk that the information is maliciously cracked and attacked in the transmission process of the transaction information is avoided. On the other hand, the associated information authenticated by the authentication method in the embodiment of the application is stored in the internet of things device, and is used in a scene of initiating transaction payment subsequently.
Optionally, in order to meet various requirements of the user, the user may be allowed to update payment information stored in the internet of things device in the embodiment of the present application. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the internet of things device to request authentication binding, or wants to delete a bound payment card, the authentication method may further include steps S406 to S410:
and S406, receiving the identity information of the Internet of things equipment and the updated payment information of the user, which are sent by the mobile equipment.
The mobile terminal can acquire the identity information of the Internet of things equipment by scanning the identification code or accessing the MCU access interface of the Internet of things equipment, and jump to a second interface to display the payment information of the existing payment card stored on the Internet of things equipment.
The user can generate corresponding updated payment information by inputting operations such as adding a payment card or deleting the payment card and the like on the basis of the payment information displayed on the second interface of the mobile device, and the identity information and the updated payment information are sent to the first server for authentication.
S407, authenticating the identity information through a preset rule;
s408, after the identity information passes the authentication, sending the updated payment information to a second server for authentication;
s409, receiving a third token sent by a second server, wherein the third token is generated after the second server passes the authentication of the updated payment information;
and S410, sending the first token, the third token, the identity information and the associated information after the payment updating information is associated to the Internet of things equipment and the mobile equipment.
In this embodiment, the authentication process of the first server for the identity information of the internet of things device is the same as the authentication process of the identity information in step S402 in the above embodiment, the authentication process of the second server for the updated payment information is the same as the authentication process of the payment information in the above embodiment, the second server generates a new technology Token, that is, a third Token, after the updated payment information is authenticated, returns to the second server, and the second server binds the first Token, the third Token, the identity information, and the updated payment information to generate new associated information (that is, third information), and sends the new associated information to the internet of things device for storage and sends the new associated information to the mobile device for display to the user.
Fig. 5 shows a flowchart of an authentication method provided in an embodiment of the present application. As shown in fig. 5, the method is applied to a mobile device, and the method includes steps S501 to S503:
s501, obtaining identity information of Internet of things equipment and payment information of a user, wherein a first token is arranged in the Internet of things equipment;
s502, the identity information and the payment information are sent to a first server, so that the first server sends the payment information to a second server for authentication after passing the identity information authentication;
s503, receiving second information sent by the first server, wherein the second information comprises a first token and associated information between the second token and the identity information and between the second token and the payment information, the first token is determined by the first server according to the identity information, and the second token is generated after the second server passes the authentication of the payment information.
In the authentication method of the embodiment of the application, the identity information of the internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to obtain the first token correspondingly; and then sending the payment information to a second server, authenticating the legality of the payment information by the second server, generating a second token after the authentication is passed, returning the second token to the first server, and finishing the binding of the corresponding Internet of things equipment by the first server, namely associating the first token, the second token and the payment information and sending the first token, the second token and the payment information to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the Internet of things equipment and the server, and the safety of subsequent payment is guaranteed.
Illustratively, in order to enhance payment security, a processor of the internet of things device, such as an MCU (Micro Controller Unit), is connected to a security chip SE (secure element), and the security chip SE presets a security domain to establish a security foundation of the internet of things device.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first token is stored in the security chip SE in an encrypted manner. The first Token and the Internet of things equipment have a unique corresponding relation, each Internet of things equipment has one equipment Token, and the equipment Token of the Internet of things equipment has uniqueness globally.
The secure chip is used for generating a secret key besides the first token which is stored securely, the secret key is an asymmetric secret key and comprises a first public key and a first private key, the first private key is stored in the secure chip, and the first public key is sent to the first server for storage. Therefore, in step S501, in the identity information of the internet of things device and the payment information of the user, the identity information may be encrypted by the first private key in the security chip of the internet of things device, so that a risk of malicious analysis and attack due to information leakage during information transmission in the authentication process can be avoided.
For example, the payment information input by the user may include one or more of a Card Number of a payment Card (e.g., a bank Card), an anti-counterfeiting code (e.g., a security code CVN2, Card validity Number 2), and a verification code. In one particular example, one or more payment cards may be included in the payment information.
In some examples, when the mobile device obtains the identity information of the internet of things device, the identity information of the internet of things device may be obtained through analysis of an identification code of the identity information of the internet of things device, or the mobile device provides an MCU access interface through the internet of things device.
Optionally, if the identity information of the internet of things device is obtained through the identity code analysis of the identity information of the internet of things device, the identity code may include obtaining request information, so that the mobile device scans the identity code to initiate a request to the internet of things device, the internet of things device returns the identity information to the mobile device based on the request, and the mobile device receives the identity information and then obtains payment information input by a user through the first interface.
Or, optionally, the identification code may include identity information and a page address link, such as a device ID of the internet of things device and a device vendor ID, and the step S501 may specifically include steps S5011 to S5013:
s5011, acquiring an identification code of the Internet of things equipment, wherein the identification code comprises identity information and a page address of the Internet of things equipment;
s5012, analyzing the identification code to obtain the identity information, and jumping to a first interface corresponding to the page address;
s5013, receiving payment information input by a user from the first interface.
The mobile device obtains identity information of the Internet of things device by scanning the identification code, and jumps to a first interface corresponding to the page address to receive payment information input by the user from the first interface. The convenience of payment information entry can be improved through the mode of scanning code input in the embodiment.
The identification code may be a two-dimensional code, or may be a graphic code in other forms; the identification code can be a static code or a dynamic code; the identification code can be displayed through a display screen of the Internet of things equipment and also can be displayed in other forms; the embodiments of the present application are not limited solely.
After acquiring the identity information and the payment information, the mobile device sends the identity information and the payment information to the first server through step S502. In the first server, the legality of the identity information is authenticated, after the identity information of the Internet of things equipment passes authentication, the first server sends payment information to the second server, and then the second server authenticates the payment of the user.
Illustratively, the first server may be an internet of things device management platform. The first server stores the mapping relationship between the internet-of-things device and the corresponding first public key and the device Token in the database in advance. After the first server receives the identity information of the Internet of things equipment sent by the mobile terminal, the identity information is decrypted and authenticated through the first public key, if the decryption is successful, the identity of the Internet of things equipment is legal, and the authentication is passed; otherwise, the identity authentication of the Internet of things fails.
After the identity information of the Internet of things equipment is authenticated by the first server, the first token corresponding to the Internet of things equipment is determined based on the analyzed identity information. Meanwhile, the first server also sends the payment information of the user to the second server. For example, the second server may be a transaction platform of an operator to which the payment card belongs (e.g., a union pay transaction platform corresponding to a union pay card). And the second server verifies the card number, the anti-counterfeiting code and the verification code in the payment information to confirm the legality of the payment information.
And after the second server authenticates that the payment information of the user is legal, generating a second token corresponding to the payment information. Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with a payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
The second token generated by the second server is returned to the first server, the first token corresponding to the internet of things device and the second token returned by the second server are bound with the corresponding identity information and payment information through the first server, and corresponding associated information is generated, so that the mobile device can receive the second information (namely, the associated information) sent by the first server through the step S503 and display the second information for the user to view.
In the second information, one first token may correspond to one or more second tokens, that is, in the embodiment of the present application, one internet of things device is allowed to bind multiple payment cards for subsequent transactions, so as to meet the multi-card payment requirement of the user. In one example, to improve convenience of subsequent payment, one of the payment cards may be set as a default payment card in the binding process of the association information, and a corresponding default payment identifier may be marked in the association information.
In the embodiment of the application, the authentication method between the internet of things equipment and the platform based on the mobile equipment can initiate transaction payment through payment information in the associated information stored in the security chip SE in a subsequent payment scene. Therefore, the internet of things equipment authenticated through the identity information and the payment information can have independent payment capacity in a subsequent payment process, and on one hand, compared with the traditional online transaction, the internet of things equipment in the embodiment of the application can initiate transaction payment based on the hardware basis established by the security chip according to the payment information which is stored safely and authenticated through the platform and the first token, so that the transaction safety is guaranteed, and the risk that the transaction information is maliciously cracked and attacked in the transmission process is avoided. On the other hand, the associated information authenticated by the authentication method in the embodiment of the application is stored in the internet of things device, and is used in a scene of initiating transaction payment subsequently.
Optionally, in order to meet various requirements of the user, the user may be allowed to update payment information stored in the internet of things device in the embodiment of the present application. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the internet of things device to request authentication binding, or wants to delete a bound payment card, the authentication method may further include steps S504 to S506:
s504, obtaining identity information of the Internet of things equipment and updated payment information of a user, wherein a first token is arranged in the Internet of things equipment;
s505, the identity information and the updated payment information are sent to a first server, so that the first server sends the updated payment information to a second server for authentication after passing the identity information authentication;
s303, receiving fourth information sent by the first server, wherein the fourth information comprises a first token and associated information between the third token and the identity information and between the third token and the updated payment information, the first token is determined by the first server according to the identity information, and the third token is generated after the second server passes the authentication of the updated payment information.
The mobile terminal can acquire the identity information of the Internet of things equipment by scanning the identification code or accessing the MCU access interface of the Internet of things equipment, and jump to a second interface to display the payment information of the existing payment card stored on the Internet of things equipment.
The user can generate corresponding updated payment information by inputting an additional payment card or deleting a payment card and the like on the basis of the payment information displayed on the second interface of the mobile device. The mobile device sends the identity information and the updated payment information to the first server for authentication.
In this embodiment, the authentication process of the first server for the identity information of the internet of things device is the same as the authentication process of the identity information in the above embodiment, the authentication process of the second server for the updated payment information is the same as the authentication process of the payment information in the above embodiment, the second server generates a new technology Token, that is, a third Token, after the updated payment information is authenticated, returns to the second server, and the second server binds the first Token, the third Token, the identity information and the updated payment information to generate new associated information (that is, fourth information), sends the new associated information to the internet of things device for storage, and sends the new associated information to the mobile device for display to the user.
It is to be understood that, in the above embodiments, after the same association information is sent to different devices, the association information may be expressed by different technical terms, for example, the first information and the second information may include the same association information, and the third information and the fourth information may include the same association information.
Illustratively, the internet of things device may be an electronic license plate.
After the authentication and binding of the Internet of things equipment and the payment information are completed through information interaction among the Internet of things equipment, the mobile equipment, the first server and the second server, the Internet of things equipment can participate in a transaction payment scene, and the transaction safety is guaranteed. Therefore, the embodiment of the application also provides a payment method.
Fig. 6 shows a flowchart of a payment method provided in an embodiment of the present application. As shown in fig. 6, the method is applied to the first server, and includes steps S601 to S605:
s601, receiving a transaction request sent by Internet of things equipment, wherein the transaction request comprises transaction information corresponding to a transaction event, a first token and identity information of the Internet of things equipment, and the transaction information comprises payment information;
s602, analyzing the transaction request to obtain a first token;
s603, determining a corresponding second token according to the first token and pre-stored mapping information in the first server, wherein the pre-stored mapping information is association information of the first token, the second token and payment information;
s604, sending the second token and the transaction information to a second server, so that after the payment information corresponding to the second token is verified by the second server, a balance deduction operation corresponding to a transaction event is carried out by a third server based on the payment information, and balance change information is generated;
and S605, receiving balance change information sent by the second server, and forwarding the balance change information to the Internet of things equipment.
The first server in the embodiment of the application may be an internet of things device management platform. In the payment method of the embodiment of the application, transaction payment is initiated based on the authenticated identity information and payment information and the first token stored in the security chip, so that the legality of transaction information is guaranteed and the transaction security is improved compared with the traditional online transaction; compared with the traditional IC card transaction, the method provided by the embodiment of the application can realize the transaction process initiated by the physical card body based on the payment information of the payment card but independent of the payment card, and improves the convenience of payment.
Optionally, in this embodiment, as shown in fig. 7, in a transaction, in step S701, the internet of things device encapsulates, to generate a data packet of the transaction request, the transaction information corresponding to the transaction event, the first token and the identity information of the internet of things device stored in the security chip, and sends the data packet to the first server.
The transaction information may include the time of the current transaction event, an event identifier, payment information (such as payment information of a default payment card), a payment amount, and the like.
In the data packet of the transaction request, transaction information, a first token of the internet of things device, identity information and the like can be encrypted through a first private key in the security chip, so that the security of sensitive information is guaranteed.
Correspondingly, after receiving the transaction request sent by the internet of things device through step S601, the first server obtains the first token through analyzing the transaction request through step S602, which may specifically include the steps of:
and decrypting the transaction request through the first public key to obtain a first token from the transaction request by analysis, wherein the first public key is generated by the security chip and corresponds to the first private key.
The first server stores a first public key, a first token, a second token, Internet of things equipment identity information and associated information of payment information in advance. And decrypting the data packet of the transaction request through the first public key to decrypt the plaintext of the information such as the first token, the identity information, the transaction information and the like. Then, a corresponding second token may be determined according to the first token and pre-stored mapping information in the first server in step S603, where the pre-stored mapping information is the association information.
After confirming the second token corresponding to the transaction request, the first server sends a message containing the second token and the transaction information to the second server through step S604. For example, the second server may be a transaction platform of an operator to which the payment card belongs (e.g., a union pay transaction platform corresponding to a union pay card). If the second server stores the mapping relationship data between the second token and the payment information in advance, referring to fig. 7, in step S702, the second server may determine the validity of the corresponding payment information according to the second token in the message.
After verifying that the payment information is legal, in step S703, the second server sends the payment amount and the payment information (such as the payment card number) in the transaction information to the third server. For example, the third server may be a card issuer system, and the third server performs a balance deduction operation based on the payment information, the payment amount and other corresponding transaction events through step S704, generates balance change information of the payment card, returns to the second server through steps S705 to S707, and returns from the second server step by step.
Therefore, the first server receives the balance change information sent by the second server through step S605, and forwards the balance change information to the internet of things device, thereby completing the transaction payment.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
It should be understood that in the embodiment of the present application, "B corresponding to a" means that B is associated with a, from which B can be determined. It should also be understood that determining B from a does not mean determining B from a alone, but may be determined from a and/or other information.
Fig. 8 shows a schematic structural diagram of an authentication device provided in an embodiment of the present application. As shown in fig. 8, the apparatus is applied to an internet of things device, the internet of things device is provided with a first token in its inside, and the apparatus includes:
a first sending module 801, configured to provide identity information of the internet of things device to a mobile device, so that the mobile device sends the identity information and payment information of a user to a first server for authentication;
a first receiving module 802, configured to receive second information sent by a first server, where the second information includes association information between the first token and a second token and the identity information and the payment information, where the first token is determined after the identity information is authenticated by the first server, and the second token is generated after the payment information is authenticated by the second server;
a saving module 803, configured to save the first information.
In the embodiment of the application, the identity information of the internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to correspondingly obtain the first token; and then sending the payment information to a second server, authenticating the legality of the payment information by the second server, generating a second token after the authentication is passed, returning the second token to the first server, and finishing the binding of the corresponding Internet of things equipment by the first server, namely associating the first token, the second token and the payment information and sending the first token, the second token and the payment information to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the equipment of the Internet of things and the server, and the safety of subsequent payment is guaranteed.
Optionally, in this embodiment of the application, a processor of the device in the internet of things, such as an MCU (Micro Controller Unit, Micro control Unit), is connected to the security chip SE (secure element), and the security chip SE presets a security domain, so as to establish a security basis of the device in the internet of things.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first token is stored encrypted in the security chip SE.
The first Token, namely the device Token of the internet of things device, has a unique corresponding relationship with the internet of things device, and each internet of things device has one device Token, so that the device Token of the internet of things device has uniqueness in the whole situation.
Optionally, in this embodiment of the present application, the apparatus may further include:
the first generation module is used for generating a pair of keys through the security chip, and the keys comprise a first public key and a first private key;
a sixth sending module, configured to send the first public key to the first server.
Correspondingly, the first sending module 801 may specifically be configured to:
and the identity information is encrypted by the first private key and then sent to the mobile equipment, so that the mobile equipment authenticates the identity information by a first public key after sending the identity information to the first server.
Illustratively, the Identity information of the internet of things may include one or more of an Identity Document (ID), a device manufacturer ID, and a device chip ID (in this example, a serial number of a chip corresponding to the MCU of the device).
The payment information input by the user can comprise one or more of the Card Number of the payment Card (such as a bank Card), an anti-counterfeiting code (such as a security code CVN2, Card validity Number 2) and a verification code. In one particular example, one or more payment cards may be included in the payment information.
Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with a payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
Optionally, in this embodiment of the present application, the apparatus may further include:
the second providing module is used for providing the identity information and the payment information of the Internet of things equipment for the mobile equipment, so that the mobile equipment generates updated payment information according to the payment information and sends the updated payment information and the identity information to the first server for authentication;
a seventh receiving module, configured to receive third information sent by a first server, where the third information includes the first token, a third token, the identity information, and association information between the updated payment information, where the first token is determined after the identity information is authenticated by the first server, and the third token is generated after the updated payment information is authenticated by the second server;
and the second storage module is used for storing the third information.
Fig. 9 shows a schematic diagram illustrating a structure of an authentication device provided in an embodiment of the present application. As shown in fig. 9, the apparatus is applied to a first server, and includes:
a second receiving module 901, configured to receive identity information of the internet of things device and payment information of the user, which are sent by the mobile device;
a first authentication module 902, configured to authenticate the identity information according to a preset rule;
a second sending module 903, configured to send the payment information to a second server for authentication after the identity information authentication is passed;
a third receiving module 904, configured to receive a second token sent by a second server, where the second token is generated after the payment information authentication by the second server is passed;
a third sending module 905, configured to send the association information obtained by associating the first token and the second token with the identity information and the payment information to the internet of things device and the mobile device.
In this embodiment of the application, the first server may be an internet of things device management platform, and the first server may perform unified management on a plurality of internet of things devices. The identity information of the Internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to obtain the first token correspondingly; and then the payment information is sent to a second server, the second server authenticates the legality of the payment information, generates a second token after the authentication is passed, returns the second token to the first server, and the first server completes the binding of the corresponding Internet of things equipment, namely, the first token, the second token and the payment information are associated and sent to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the Internet of things equipment and the server, and the safety of subsequent payment is guaranteed.
Optionally, in this embodiment of the application, a processor of the device in the internet of things, such as an MCU (Micro Controller Unit, Micro control Unit), is connected to the security chip SE (secure element), and the security chip SE presets a security domain, so as to establish a security basis of the device in the internet of things.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first token is stored in the security chip SE in an encrypted manner.
The first Token, namely the device Token of the internet of things device, has a unique corresponding relationship with the internet of things device, and each internet of things device has a device Token, so the device Token of the internet of things device has uniqueness in the whole situation.
Optionally, in this embodiment of the present application, the apparatus may further include:
the eighth receiving module is configured to receive the first public key sent by the internet of things device;
and the third storage module is used for storing the first public key.
The first server may store mapping association between the identity information of the internet of things device and the first token of the internet of things device in a database in advance, and store the first public key in association with the corresponding identity information of the internet of things device after receiving the first public key.
For example, the internet of things Identity information may include one or more of an Identity Document (ID), a device manufacturer ID, and a device chip ID.
The payment information input by the user can comprise one or more of Card Number of a payment Card (such as a bank Card), anti-counterfeiting code (such as a security code CVN2, Card validity Number 2), verification code and the like. In one particular example, one or more payment cards may be included in the payment information.
Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with a payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
Optionally, in this embodiment of the present application, the apparatus may further include:
the ninth receiving module is used for receiving the identity information of the internet of things equipment and the updated payment information of the user, which are sent by the mobile equipment;
the second authentication module is used for authenticating the identity information through a preset rule;
a ninth sending module, configured to send the updated payment information to the second server for authentication after the identity information passes authentication;
a tenth receiving module, configured to receive a third token sent by a second server, where the third token is generated after the second server passes authentication of the updated payment information;
a tenth sending module, configured to send the first token and the third token, the identity information, and the associated information obtained after associating the updated payment information to the internet of things device and the mobile device.
Fig. 10 shows a schematic structural diagram of an authentication device provided in an embodiment of the present application. As shown in fig. 10, the apparatus is applied to a mobile device, and includes:
the system comprises a first obtaining module 1001, a first token and a second token, wherein the first obtaining module is used for obtaining identity information of internet of things equipment and payment information of a user, and a first token is arranged in the internet of things equipment;
a fourth sending module 1002, configured to send the identity information and the payment information to a first server, so that after the identity information is authenticated by the first server, the payment information is sent to a second server for authentication;
a fourth receiving module 1003, configured to receive first information sent by the first server, where the first information includes association information between a first token and a second token, and the identity information and the payment information, where the first token is determined by the first server according to the identity information, and the second token is generated after the second server passes authentication of the payment information.
In the embodiment of the application, the identity information of the Internet of things equipment and the payment information of the user are obtained through the mobile equipment and are sent to the first server together for authentication. After the identity information of the internet of things equipment is authenticated by the first server, a first token of the internet of things equipment can be determined based on the identity information, namely the token of the internet of things equipment does not need to be transmitted, the corresponding relation between the identity information of the internet of things equipment and the first token can be stored in the first server in advance, and after the identity information of the internet of things equipment is authenticated to be legal, the equipment can be determined to obtain the first token correspondingly; and then sending the payment information to a second server, authenticating the legality of the payment information by the second server, generating a second token after the authentication is passed, returning the second token to the first server, and finishing the binding of the corresponding Internet of things equipment by the first server, namely associating the first token, the second token and the payment information and sending the first token, the second token and the payment information to the Internet of things equipment for storage. Therefore, before payment is realized, authentication is completed between the equipment token (namely the first token and the same below) based on the Internet of things equipment and the server, and the safety of subsequent payment is guaranteed.
Optionally, in this embodiment of the application, a processor of the device in the internet of things, such as an MCU (Micro Controller Unit, Micro control Unit), is connected to the security chip SE (secure element), and the security chip SE presets a security domain, so as to establish a security basis of the device in the internet of things.
For example, a security chip SE of the internet of things device can serve as a transaction security shield of the device, and the hardware capability of the internet of things device is improved based on the high security performance of the device. And a first token is stored in the security chip SE in an encrypted manner.
The first Token, namely the device Token of the internet of things device, has a unique corresponding relationship with the internet of things device, and each internet of things device has one device Token, so that the device Token of the internet of things device has uniqueness in the whole situation.
Optionally, in this embodiment of the present application, the apparatus may further include:
the second acquisition module is used for acquiring an identification code of the Internet of things equipment, wherein the identification code comprises identity information and a page address of the Internet of things equipment;
the second analysis module is used for analyzing the identification code to obtain the identity information and jumping to a first interface corresponding to the page address;
and the eleventh receiving module is used for receiving the payment information input by the user from the first interface.
Illustratively, the Identity information of the internet of things may include one or more of an Identity Document (ID), a device manufacturer ID, and a device chip ID (in this example, a serial number of a chip corresponding to the MCU of the device).
The payment information input by the user can comprise one or more of Card Number of a payment Card (such as a bank Card), anti-counterfeiting code (such as a security code CVN2, Card validity Number 2), verification code and the like. In one particular example, one or more payment cards may be included in the payment information.
Illustratively, the second Token is used as a service Token, and has a one-to-one correspondence relationship with a payment card in the payment information, and when the payment information includes information of one payment card, a first Token may be generated; when the payment information includes information of a plurality of payment cards, a plurality of second tokens may be generated corresponding to the payment cards, respectively.
Optionally, in this embodiment of the present application, the apparatus may further include:
the third acquisition module is used for acquiring identity information of the Internet of things equipment and updated payment information of the user, and a first token is arranged in the Internet of things equipment;
an eleventh sending module, configured to send the identity information and the updated payment information to a first server, so that after the identity information is authenticated by the first server, the updated payment information is sent to a second server for authentication;
a twelfth receiving module, configured to receive fourth information sent by the first server, where the fourth information includes a first token and associated information between the third token and the identity information and the updated payment information, where the first token is determined by the first server according to the identity information, and the third token is generated after the second server passes authentication of the updated payment information.
Fig. 11 shows a schematic structural diagram of a payment device provided in an embodiment of the present application. As shown in fig. 11, the apparatus is applied to a first server, and includes:
a fifth receiving module 1101, configured to receive a transaction request sent by an internet of things device, where the transaction request is initiated based on payment information stored in the internet of things device, and the transaction request includes transaction information corresponding to a transaction event, a first token of the internet of things device, and identity information;
a first parsing module 1102, configured to parse the transaction request to obtain a first token;
a determining module 1103, configured to determine a corresponding second token according to the first token and pre-stored mapping information in the first server, where the pre-stored mapping information is associated information of the first token, the second token, and the payment information;
a fifth sending module 1104, configured to send the second token and the transaction information to the second server, so that after the payment information corresponding to the second token is verified by the second server, a balance deduction operation corresponding to the transaction event is performed by the third server based on the payment information, and balance change information is generated;
a sixth receiving module 1105, configured to receive the balance change information sent by the second server, so as to forward the balance change information to the internet of things device.
The first server in the embodiment of the application may be an internet of things device management platform. In the embodiment of the application, transaction payment is initiated based on the authenticated identity information and payment information and the first token stored in the security chip, so that the legality of transaction information is guaranteed and the transaction security is improved compared with the traditional online transaction; compared with the traditional IC card transaction, the method provided by the embodiment of the application can realize the transaction process initiated by the physical card body based on the payment information of the payment card but independent of the payment card, and improves the convenience of payment.
It should be noted that all relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and the corresponding technical effect can be achieved, and for brevity, no further description is provided herein.
Fig. 12 shows a hardware structure diagram of an electronic device provided in an embodiment of the present application.
The electronic device may include a processor 1201 and a memory 1202 storing computer program instructions.
In particular, the processor 1201 may include a Central Processing Unit (CPU), or an Application Specific Integrated Circuit (ASIC), or may be configured to implement one or more Integrated circuits of the embodiments of the present Application.
The memory may include Read Only Memory (ROM), Random Access Memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, the memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., a memory device) encoded with software comprising computer-executable instructions and when the software is executed (e.g., by one or more processors), it is operable to perform the operations described with reference to the authentication method or payment method according to any of the embodiments described above herein.
The processor 1201 realizes the authentication method or payment method of any of the embodiments described above by reading and executing computer program instructions stored in the memory 1202.
In one example, the electronic device can also include a communication interface 1203 and a bus 1210. As shown in fig. 12, the processor 1201, the memory 1202, and the communication interface 1203 are connected via a bus 1210 to complete communication therebetween.
The communication interface 1203 is mainly used for implementing communication between modules, apparatuses, units and/or devices in this embodiment of the application.
The bus 1210 includes hardware, software, or both to couple the components of the electronic device to each other. By way of example, and not limitation, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hypertransport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. Bus 1210 may include one or more buses, where appropriate. Although specific buses are described and shown in the embodiments of the application, any suitable buses or interconnects are contemplated by the application.
In addition, in combination with the authentication method or the payment method in the above embodiments, the embodiments of the present application may provide a computer storage medium to implement. The computer storage medium having computer program instructions stored thereon; the computer program instructions, when executed by a processor, implement the authentication method or payment method of any of the embodiments described above.
In addition, in combination with the authentication method or the payment method in the above embodiments, the embodiments of the present application may provide a computer program product to implement. The instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the authentication method or the payment method of any of the embodiments described above.
It is to be understood that the present application is not limited to the particular arrangements and instrumentality described above and shown in the attached drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present application are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications, and additions or change the order between the steps after comprehending the spirit of the present application.
The functional blocks shown in the above-described structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the present application are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, may be performed in an order different from the order in the embodiments, or may be performed simultaneously.
Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, enable the implementation of the functions/acts specified in the flowchart and/or block diagram block or blocks. Such a processor may be, but is not limited to, a general purpose processor, a special purpose processor, an application specific processor, or a field programmable logic circuit. It will also be understood that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware for performing the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As described above, only the specific embodiments of the present application are provided, and it can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the module and the unit described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. It should be understood that the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application.
Claims (21)
1. An authentication method is applied to Internet of things equipment, a first token is arranged in the Internet of things equipment, and the method comprises the following steps:
providing identity information of the Internet of things equipment to mobile equipment so that the mobile equipment sends the identity information and payment information of a user to a first server for authentication;
receiving first information sent by a first server, wherein the first information comprises a first token, a second token, the identity information and association information among the payment information, the first token is determined after the identity information authentication of the first server passes, and the second token is generated after the payment information authentication of the second server passes;
and saving the first information.
2. The method according to claim 1, wherein a security chip is provided in the Internet of things device,
before the providing identity information of the internet of things device to the mobile device, the method further comprises;
generating a pair of keys by the security chip, wherein the keys comprise a first public key and a first private key;
sending the first public key to the first server;
the providing identity information of the internet of things device to the mobile device includes:
and the identity information is encrypted by the first private key and then sent to the mobile equipment, so that the mobile equipment authenticates the identity information by a first public key after sending the identity information to the first server.
3. The method of claim 2, wherein the first token is stored encrypted in the secure chip.
4. The method of claim 1, wherein the payment information corresponds to one or more payment cards, the second tokens are one or more, and the second tokens correspond to the payment cards one to one.
5. An authentication method applied to a first server, the method comprising:
receiving identity information of the Internet of things equipment and payment information of a user, which are sent by mobile equipment;
authenticating the identity information through a preset rule;
after the identity information passes the authentication, sending the payment information to a second server for authentication;
receiving a second token sent by a second server, wherein the second token is generated after the payment information authentication of the second server is passed;
and sending the first token and the second token, the identity information and the associated information after the payment information is associated to the Internet of things equipment and the mobile equipment.
6. The method of claim 5, wherein the identity information is encrypted by a first private key generated for a security chip of the Internet of things device;
the authenticating the identity information through the preset rule comprises:
and authenticating the identity information through a first public key, wherein the first public key is generated for the security chip and corresponds to the first private key.
7. The method of claim 6, wherein before the receiving identity information of the Internet of things device and payment information of the user sent by the mobile device, the method further comprises:
receiving the first public key sent by the Internet of things equipment;
and saving the first public key.
8. The method of claim 5, wherein the payment information corresponds to one or more payment cards, the second tokens are one or more, and the second tokens correspond to the payment cards one to one.
9. An authentication method applied to a mobile device, the method comprising:
acquiring identity information of Internet of things equipment and payment information of a user, wherein a first token is arranged in the Internet of things equipment;
sending the identity information and the payment information to a first server so that the first server sends the payment information to a second server for authentication after passing the identity information authentication;
receiving second information sent by the first server, wherein the second information comprises a first token and associated information between the second token and the identity information and the payment information, the first token is determined by the first server according to the identity information, and the second token is generated after the second server passes the authentication of the payment information.
10. The method of claim 9, wherein the obtaining identity information of the internet of things device and payment information of the user comprises:
acquiring an identification code of the Internet of things equipment, wherein the identification code comprises identity information and a page address of the Internet of things equipment;
analyzing to obtain the identity information according to the identification code, and jumping to a first interface corresponding to the page address;
and receiving payment information input by a user from the first interface.
11. The method according to claim 10, wherein a secure chip is provided in the internet of things device, and the first token is stored in the secure chip in an encrypted manner.
12. The method of claim 9, wherein the payment information corresponds to one or more payment cards, the second tokens are one or more, and the second tokens correspond to the payment cards one to one.
13. A payment method, applied to a first server, the method comprising:
receiving a transaction request sent by equipment of the Internet of things, wherein the transaction request comprises transaction information corresponding to a transaction event, a first token and identity information of the equipment of the Internet of things, and the transaction information comprises payment information;
analyzing the transaction request to obtain the first token;
determining a corresponding second token according to the first token and pre-stored mapping information in the first server, wherein the pre-stored mapping information is associated information of the first token, the second token, the identity information and the payment information;
sending the second token and the transaction information to a second server, so that after the second server verifies the payment information corresponding to the second token, a third server performs balance deduction operation corresponding to the transaction event based on the payment information and generates balance change information;
and receiving the balance change information sent by the second server to forward to the Internet of things equipment.
14. The method of claim 13, wherein the transaction request is information encrypted by a first private key on an internet of things device, the first private key being generated for a security chip of the internet of things device;
the parsing the first token from the transaction request includes:
and decrypting the transaction request through a first public key to analyze the transaction request to obtain the first token, wherein the first public key is generated by the security chip and corresponds to the first private key.
15. The utility model provides an authentication device, its characterized in that is applied to thing networking equipment, thing networking equipment embeds there is first token, its characterized in that, the device includes:
the first sending module is used for providing identity information of the Internet of things equipment to mobile equipment so that the mobile equipment sends the identity information and payment information of a user to a first server for authentication;
a first receiving module, configured to receive second information sent by a first server, where the second information includes association information between the first token and the second token and the identity information and the payment information, where the first token is determined after the identity information is authenticated by the first server, and the second token is generated after the payment information is authenticated by the second server;
and the storage module is used for storing the first information.
16. An authentication apparatus applied to a first server, the apparatus comprising:
the second receiving module is used for receiving the identity information of the Internet of things equipment and the payment information of the user, which are sent by the mobile equipment;
the first authentication module is used for authenticating the identity information through a preset rule;
the second sending module is used for sending the payment information to a second server for authentication after the identity information passes the authentication;
a third receiving module, configured to receive a second token sent by a second server, where the second token is generated after the payment information is authenticated by the second server;
and the third sending module is used for sending the first token and the second token, the identity information and the associated information after the payment information is associated to the internet of things equipment and the mobile equipment.
17. An authentication apparatus, applied to a mobile device, the apparatus comprising:
the system comprises a first acquisition module, a second acquisition module and a payment module, wherein the first acquisition module is used for acquiring identity information of the Internet of things equipment and payment information of a user, and a first token is arranged in the Internet of things equipment;
the fourth sending module is used for sending the identity information and the payment information to the first server so as to send the payment information to the second server for authentication after the identity information is authenticated by the first server;
a fourth receiving module, configured to receive first information sent by the first server, where the first information includes association information between a first token and a second token, and the identity information and the payment information, where the first token is determined by the first server according to the identity information, and the second token is generated after the second server passes authentication of the payment information.
18. A payment apparatus, applied to a first server, the apparatus comprising:
the fifth receiving module is used for receiving a transaction request sent by the internet of things equipment, wherein the transaction request comprises transaction information corresponding to a transaction event, a first token and identity information of the internet of things equipment, and the transaction information comprises payment information;
the first analysis module is used for analyzing the transaction request to obtain the first token;
the determining module is used for determining a corresponding second token according to the first token and pre-stored mapping information in the first server, wherein the pre-stored mapping information is association information of the first token, the second token, the identity information and the payment information;
a fifth sending module, configured to send the second token to the second server, so that after the payment information corresponding to the second token is verified by the second server, the third server performs, based on the payment information, a balance deduction operation corresponding to the transaction event and generates balance change information;
a sixth receiving module, configured to receive the balance change information sent by the second server, so as to forward the balance change information to the internet of things device.
19. An electronic device, characterized in that the device comprises: a processor and a memory storing computer program instructions;
the processor, when executing the computer program instructions, implements the method of any of claims 1-4, or claims 5-8, or claims 9-12, or claims 13-14.
20. A computer storage medium having computer program instructions stored thereon which, when executed by a processor, implement the method of any of claims 1-4, or claims 5-8, or claims 9-12, or claims 13-14.
21. A computer program product, characterized in that instructions in the computer program product, when executed by a processor of an electronic device, cause the electronic device to perform the method of any of claims 1-4, or claims 5-8, or claims 9-12, or claims 13-14.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096244.9A CN114463012A (en) | 2022-01-26 | 2022-01-26 | Authentication method, payment method, device and equipment |
| PCT/CN2022/112455 WO2023142436A1 (en) | 2022-01-26 | 2022-08-15 | Authentication method and apparatus, payment method and apparatus, and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210096244.9A CN114463012A (en) | 2022-01-26 | 2022-01-26 | Authentication method, payment method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114463012A true CN114463012A (en) | 2022-05-10 |
Family
ID=81411842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210096244.9A Pending CN114463012A (en) | 2022-01-26 | 2022-01-26 | Authentication method, payment method, device and equipment |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114463012A (en) |
| WO (1) | WO2023142436A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023142436A1 (en) * | 2022-01-26 | 2023-08-03 | 中国银联股份有限公司 | Authentication method and apparatus, payment method and apparatus, and device |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170091758A1 (en) * | 2015-09-30 | 2017-03-30 | Bank Of America Corporation | Merchant tokenization migration infrastructure system |
| SG10201805337YA (en) * | 2018-06-21 | 2020-01-30 | Mastercard International Inc | Computer system and computer-implemented method for secure payment transaction |
| CN109034780A (en) * | 2018-06-25 | 2018-12-18 | 深圳市金溢科技股份有限公司 | Vehicle-mounted mobile method of payment, system and its V2X car-mounted device, V2X trackside POS device |
| CN111429126A (en) * | 2020-03-03 | 2020-07-17 | 支付宝(杭州)信息技术有限公司 | Payment method, device and equipment |
| CN112819454B (en) * | 2021-01-22 | 2023-11-21 | 中国银联股份有限公司 | Payment method, gateway device, server and storage medium |
| CN114463012A (en) * | 2022-01-26 | 2022-05-10 | 中国银联股份有限公司 | Authentication method, payment method, device and equipment |
-
2022
- 2022-01-26 CN CN202210096244.9A patent/CN114463012A/en active Pending
- 2022-08-15 WO PCT/CN2022/112455 patent/WO2023142436A1/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023142436A1 (en) * | 2022-01-26 | 2023-08-03 | 中国银联股份有限公司 | Authentication method and apparatus, payment method and apparatus, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023142436A1 (en) | 2023-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2021203184B2 (en) | Transaction messaging | |
| US8346672B1 (en) | System and method for secure transaction process via mobile device | |
| US9864983B2 (en) | Payment method, payment server performing the same and payment system performing the same | |
| CN108476223B (en) | Method and apparatus for SIM-based authentication of non-SIM devices | |
| CN102088353B (en) | Two-factor authentication method and system based on mobile terminal | |
| EP2961094A1 (en) | System and method for generating a random number | |
| JP2017537421A (en) | How to secure payment tokens | |
| EP2690840B1 (en) | Internet based security information interaction apparatus and method | |
| KR20070048815A (en) | System and method for the one-time password authentication by using a smart card and/or a mobile phone including a smart-card chip | |
| US20140172741A1 (en) | Method and system for security information interaction based on internet | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN112085531B (en) | Resource processing method, server, terminal, device, system and storage medium | |
| KR102574524B1 (en) | Remote transaction system, method and point of sale terminal | |
| US11625713B2 (en) | Method for securing transactional data processing, corresponding terminal and computer program | |
| US20180018665A1 (en) | Method and device for accessing a service | |
| US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
| CN110659899B (en) | Offline payment method, device and equipment | |
| CN107872321B (en) | Electronic identity authentication method and electronic identity terminal equipment | |
| WO2023142436A1 (en) | Authentication method and apparatus, payment method and apparatus, and device | |
| CN101425901A (en) | Control method and device for customer identity verification in processing terminals | |
| CN112053159A (en) | Transaction data verification method and device, risk control server and business server | |
| CN113807843B (en) | Card binding method, user terminal, server, system and storage medium | |
| CN105590197B (en) | Router-based payment method and router | |
| KR101710950B1 (en) | Method for distributing encrypt key, card reader and system for distributing encrypt key thereof | |
| CN115344848A (en) | Identification obtaining method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |