CN117314442A

CN117314442A - Transaction verification method and device for rail transit

Info

Publication number: CN117314442A
Application number: CN202311267682.8A
Authority: CN
Inventors: 余华琼; 王雷; 伊尚丰; 沈贵
Original assignee: Baweitong Technology Co ltd
Current assignee: Baweitong Technology Co ltd
Priority date: 2023-09-27
Filing date: 2023-09-27
Publication date: 2023-12-29

Abstract

The embodiment of the application discloses a transaction verification method and device for rail transit, wherein the method provides: when responding to the generation instruction of the transaction certificate, if detecting that the authority certificate in the local cache is invalid, applying for updating the authority certificate to the authority server based on the communication connection with the authority server, wherein the authority certificate is used for allowing the transaction certificate to be generated. If the communication quality of the communication connection is detected to be lower than or equal to the expected communication quality in the process of applying for updating the permission certificate to the permission server, generating a self-generated transaction certificate based on the permission certificate which is invalid in the local cache, displaying the self-generated transaction certificate, enabling the ticket checking client to identify the self-generated transaction certificate, obtaining self-generated certificate information indicated by the self-generated transaction certificate, carrying out transaction verification on the passenger client based on the self-generated certificate information, and finally opening a track service channel after the transaction verification of the passenger client is passed, thereby realizing providing efficient transaction verification in traffic scenes with poor communication environment.

Description

Transaction verification method and device for rail transit

Technical Field

The application relates to the technical field of rail transit and computer, in particular to a rail transit service method and device.

Background

Along with the continuous development and maturity of computer technology, application figures of computer technology can be seen in various travel scenes nowadays, and different degrees of promotion are brought to travel efficiency and travel experience of travel objects. In a rail transit scenario, computer technology may be combined with rail transit technology to implement informationized traffic services, such as generating and identifying transaction credentials (e.g., ride codes) to implement paperless traffic ticketing services.

However, in the conventional rail transit service method, when the authority certificate provided by the authority server is invalid, the generation efficiency of the transaction credential will be closely related to the quality of the network connection between the passenger client and the authority server. When the quality of the network environment where the passenger client is located is poor, the situation that the generation of the transaction certificate fails is very easy to occur, so that the travel efficiency and travel experience of a travel object are seriously affected. Therefore, it is necessary and significant to provide a rail transit service method applicable to a traffic service scene with poor network environment.

Disclosure of Invention

The embodiment of the application provides a transaction verification method and device for rail transit, which can provide efficient transaction verification service under a traffic service scene with poor network environment, so that the travel efficiency of travel objects when the rail transit is adopted is improved.

In one aspect, an embodiment of the present application provides a transaction verification method for rail transit, including:

when responding to a generation instruction of a transaction credential, if detecting that the authority credentials in the local cache are invalid, applying for updating the authority credentials to the authority server based on communication connection with the authority server; wherein the rights certificate is used to allow generation of a transaction credential;

in the process of applying for updating the authority certificate to the authority server, if the communication quality of the communication connection is detected to be lower than or equal to the expected communication quality, generating a self-generated transaction certificate based on the authority certificate which is invalid in the local cache;

displaying the autogenous transaction certificate so that the ticket checking client side recognizes the autogenous transaction certificate, obtaining autogenous certificate information indicated by the autogenous transaction certificate, carrying out transaction verification on the passenger client side based on the autogenous certificate information, and opening a track service channel after the transaction verification on the passenger client side is passed.

In yet another aspect, an embodiment of the present application provides a transaction verification method for rail transit, including:

identifying a self-generated transaction certificate, and obtaining self-generated certificate information indicated by the self-generated transaction certificate; the self-generated transaction certificate is displayed by a passenger client, and is generated based on the authority certificate which is invalid in the local cache when the passenger client detects that the authority certificate in the local cache is invalid when responding to a generation instruction of the transaction certificate, and the authority certificate is used for allowing the generation of the transaction certificate when detecting that the communication quality of communication connection with the authority server is lower than or equal to the expected communication quality in the process of applying for updating the authority certificate to the authority server;

And carrying out transaction verification on the passenger client based on the self-generated credential information, and opening a track service channel after the transaction verification on the passenger client is passed.

In still another aspect, an embodiment of the present application provides a transaction verification device for rail transit, including:

the response unit is used for applying for updating the authority certificate to the authority server based on communication connection with the authority server if the authority certificate in the local cache is detected to be invalid when responding to the generation instruction of the transaction certificate; wherein the rights certificate is used to allow generation of a transaction credential;

the generation unit is used for generating a self-generated transaction certificate based on the authority certificate which is invalid in the local cache if the communication quality of the communication connection is detected to be lower than or equal to the expected communication quality in the process of applying for updating the authority certificate to the authority server;

the display unit is used for displaying the autogenous transaction certificate so that the ticket checking client side can identify the autogenous transaction certificate, the autogenous certificate information indicated by the autogenous transaction certificate is obtained, the transaction verification is carried out on the passenger client side based on the autogenous certificate information, and the track service channel is opened after the transaction verification of the passenger client side is passed.

In yet another aspect, an embodiment of the present application provides a transaction verification device for rail transit, including:

the identification unit is used for identifying the autogenous transaction certificate and obtaining autogenous certificate information indicated by the autogenous transaction certificate; the self-generated transaction certificate is displayed by a passenger client, and is generated based on the authority certificate which is invalid in the local cache when the passenger client detects that the authority certificate in the local cache is invalid when responding to a generation instruction of the transaction certificate, and the authority certificate is used for allowing the generation of the transaction certificate when detecting that the communication quality of communication connection with the authority server is lower than or equal to the expected communication quality in the process of applying for updating the authority certificate to the authority server;

and the transaction verification unit is used for carrying out transaction verification on the passenger client based on the self-generated certificate information and opening a track service channel after the transaction verification on the passenger client is passed.

In yet another aspect, an embodiment of the present application provides a transaction verification device, including:

a processor adapted to implement one or more computer programs;

a storage medium storing one or more computer programs adapted to be loaded by the processor and to perform a transaction verification method of rail transit as set out in the first or second aspect.

In yet another aspect, embodiments of the present application provide a storage medium storing one or more computer programs adapted to be loaded by a processor and to perform a transaction verification method of rail transit as set forth in the first or second aspects.

In the embodiment of the application, under the condition that the authority certificate of the passenger client is invalid, if the passenger client detects that the communication connection quality with the authority server is poor when responding to the generation instruction of the transaction certificate, the self-generated transaction certificate is generated in a local offline mode by referring to the invalid authority certificate, and the self-generated transaction certificate is adopted for carrying out transaction verification, so that the influence of the communication environment in the rail transit on the transaction verification efficiency is reduced, and the passenger client can realize the transaction verification under the condition that the communication environment is poor. In addition, the invalid authority certificate can indicate that the passenger client has the generation authority of the transaction certificate, so that the self-generated transaction certificate is generated based on the invalid authority certificate in the local cache, and the validity of the passenger client can be proved to a certain extent, and the security of the transaction verification is ensured to a certain extent. Therefore, by adopting the embodiment of the application in the track traffic scene, the passenger client can realize efficient and safe transaction verification when the communication environment is poor, and the travel efficiency of a travel object using the passenger client is effectively ensured.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic structural diagram of a transaction verification system for rail transit according to an embodiment of the present application;

fig. 2 is a schematic flow chart of a transaction verification method of rail transit provided in an embodiment of the present application;

FIG. 3a is a schematic diagram of a transaction verification principle when a rights certificate is valid according to an embodiment of the present application;

FIG. 3b is a schematic diagram of a transaction verification principle when a rights certificate is revoked according to an embodiment of the present application;

FIG. 4 is a schematic flow chart of yet another transaction verification method for rail transit provided by an embodiment of the present application;

FIG. 5a is a schematic diagram of the generation principle of a self-generated transaction credential according to an embodiment of the present application;

FIG. 5b is a schematic diagram of a transaction verification based on a self-generated transaction credential according to an embodiment of the present application;

FIG. 5c is a schematic diagram of a further exemplary transaction verification based on self-generated transaction credentials according to an embodiment of the present application;

FIG. 6a is a schematic diagram of the generation of a further self-generated transaction credential according to an embodiment of the present application;

FIG. 6b is a schematic diagram of a credential write-back verification based on a self-generated transaction credential according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a transaction verification device for rail transit according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a transaction verification device for rail transit according to another embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of a transaction verification device according to an embodiment of the present application.

Detailed Description

It should be noted in advance that, in order to enable those skilled in the art to better understand the technical solutions provided by the embodiments of the present application, the embodiments of the present application will be clearly and completely described in terms of implementation manners of the technical solutions provided by the embodiments of the present application with reference to one or more drawings. Moreover, the drawings shown in the embodiments of the present application are only exemplary, and for example, the execution sequence of each step in the drawings may be adaptively adjusted according to the actual application scenario. Furthermore, in the embodiments of the present application, the block diagrams shown in the drawings are merely functional entities, and do not necessarily correspond to physically independent entities. That is, the functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

Aiming at the development background of the high combination of the computer technology and the track traffic technology at present, the embodiment of the application provides a transaction verification scheme suitable for the track traffic scene, which can enrich the transaction modes of the track traffic and reduce the influence on the transaction efficiency caused by low communication connection quality between devices in the track traffic scene. In practical applications, the communication connection may include a wired communication connection and/or a wireless communication connection, which is not particularly limited in the embodiments of the present application. The general principle of this solution is illustrated below by taking its application at the passenger client as an example:

specifically, in the transaction credential generation scenario of rail transit, the scheme indicates: if the passenger client detects that the authority certificate in the local cache is invalid when responding to the generation instruction of the transaction certificate, the passenger client is indicated not to be allowed to generate the transaction certificate currently, and accordingly the passenger client is triggered to apply for updating the authority certificate to the authority server so as to acquire the generation authority of the transaction certificate from the authority server. If the communication quality corresponding to the communication connection between the passenger client and the permission server is detected to be lower than or equal to the expected communication quality in the process of applying for updating the permission certificate, the self-generated transaction certificate is generated offline on the basis of the permission certificate which is invalid in the local cache, the self-generated transaction certificate is displayed, the ticket checking client performs transaction verification on the passenger client by identifying the self-generated transaction certificate, and a track service channel is opened after the transaction verification on the passenger client is passed.

In the scheme, when the communication connection quality between the passenger client and the authority server is poor, the dead authority certificate is referred to generate the autogenous transaction certificate, and the dead authority certificate can be obtained from the local cache, so that the passenger client can give up a transaction certificate generation channel which needs to be utilized to be in communication connection under the condition of poor communication connection quality, generate the autogenous transaction certificate in an off-line mode, finally adopt the autogenous transaction certificate to realize transaction verification, reduce the negative influence on the application efficiency of the authority certificate caused by the communication connection quality as much as possible, and further reduce the influence on the transaction verification efficiency caused by the communication environment in the rail transit. In addition, in the scheme, the valid authority certificate indicates that the passenger client has the generation authority of the transaction certificate, so that it is easy to understand that the invalid authority certificate can indicate that the passenger client has the generation authority of the transaction certificate. Under the condition, the self-generated transaction certificate is generated based on the invalid right certificate in the local cache, so that the identity legitimacy of the passenger client can be proved to a certain extent, the security of the transaction verification is ensured to a certain extent, and the trip efficiency of the corresponding trip object is improved.

In conclusion, the transaction verification scheme provided by the embodiment of the application is adopted in the track traffic scene, so that the passenger client can realize efficient transaction verification even when the communication environment is poor, and the travel efficiency of a travel object using the passenger client is effectively ensured.

In a specific embodiment, the scheme can be applied to a transaction verification system of rail transit as shown in fig. 1. As shown in fig. 1, the system at least comprises a right server, a passenger client and a ticket checking client, and a communication connection is established between the right server and the passenger client. Furthermore, optionally, a communication connection may be established between the rights server and the ticket checking client, and a communication connection may be established between the passenger client and the ticket checking client in an application for a long time or temporarily.

The passenger client can be operated in terminal equipment (such as a smart phone, a tablet computer, a smart watch, a smart bracelet and the like) of a passenger for generating and displaying transaction credentials, and the transaction credentials are used for conducting transaction verification. In practical applications of the present scheme, the transaction credential may be composed of one or more of a graphic element (e.g., an identification code) and a character element (e.g., a letter, a symbol, a number, etc.). The identification code may specifically include, but is not limited to, one or more of a bar code, a two-dimensional code, and a three-dimensional code. Alternatively, the transaction credentials may be categorized into online transaction credentials and autogenous transaction credentials. When the authority certificate in the passenger client fails, if the communication connection quality between the passenger client and the authority server is poor, the passenger client can generate a self-generated transaction certificate. If the communication connection quality between the passenger client and the authority server is good, the passenger client can generate an online transaction certificate after the authority server updates the authority certificate.

It will be readily apparent that the rights server may be used to generate or update a rights certificate for a passenger client to provide the passenger client with the rights to generate transaction credentials. Alternatively, the authority server in the embodiment of the present application may be an independent server (physical server and/or cloud server), or may be a server cluster or a distributed system formed by a plurality of servers. When the rights server includes a cloud server, the rights server may be used to provide one or more cloud services of a cloud database, cloud computing, cloud functions, cloud storage, cloud communication, and the like, which is not particularly limited in the embodiments of the present application.

The rights server may also be used to synchronize the rights information of the passenger client to the ticket checking client when there is a communication connection between the rights server and the ticket checking client. The rights information may include, but is not limited to, one or more of a rights certificate, a rights expiration date, a client identification, and passenger identity information, among others. In addition, in practical application, the ticket checking client can run in a gate set by the rail transit service station, and is used for identifying the transaction certificate displayed by the passenger client and further carrying out transaction verification on the passenger client based on the information obtained by identification. Specifically, when a passenger needs to take track traffic, a transaction certificate can be presented to the gate, so that the gate can acquire information indicated by the transaction certificate by scanning the transaction certificate, and further a ticket checking client in the gate can determine whether to control the gate to open a track service channel for the passenger based on the acquired information.

Based on the principle of the transaction verification scheme, the embodiment of the application specifically provides a transaction verification method of rail transit, which can be executed by the passenger client. As shown in fig. 2, the method may specifically include steps S201 to S203:

s201, when responding to a generation instruction of a transaction credential, if detecting that the authority credentials in the local cache are invalid, applying for updating the authority credentials to the authority server based on communication connection with the authority server; wherein the rights certificate is used to allow generation of the transaction credential.

In a specific embodiment, the instruction for generating the transaction credential may be generated by the passenger client upon detecting that the passenger performs the selection operation with respect to the target component, which may be a page component in the passenger client for triggering generation of the transaction credential. When the passenger client detects the generation instruction of the transaction credential, the authority certificate can be acquired to acquire the authority of generating the transaction credential. If the authority certificate acquired by the passenger client is valid, transaction verification can be implemented by referring to the principle shown in S301 to S308 in fig. 3 a. Namely: the passenger client generates an online transaction certificate based on the authority certificate, and the ticket checking client (running in the gate) performs transaction verification based on the online transaction certificate. If the authority certificate acquired by the passenger client is invalid, transaction verification can be implemented by referring to the principle shown in S311 to S320 in fig. 3 b. Namely: the passenger client applies for updating the authority certificate of the passenger client to the authority server based on the communication connection with the authority server, so that the authority certificate of the passenger client is valid, and further, an online transaction certificate is generated based on the valid authority certificate.

S202, in the process of applying for updating the permission certificate to the permission server, if the communication quality of the communication connection is detected to be lower than or equal to the expected communication quality, generating a self-generated transaction certificate based on the permission certificate which is invalid in the local cache.

In a specific embodiment, when the authority server applies for updating the authority certificate of the passenger client, if the communication quality of the communication connection between the passenger client and the authority server is detected to be higher than the expected communication quality, it indicates that the passenger client can obtain the effective authority certificate more quickly, so that the transaction verification can be implemented by adopting the principle shown in fig. 3 b. If the communication quality of the communication connection between the passenger client and the authority server is detected to be lower than or equal to the expected communication quality (fixed value or dynamically adjusted value), the passenger client is considered to be in a non-network or weak-network state currently, and the passenger client in the non-network or weak-network state is difficult to successfully acquire the authority certificate, so that the efficiency of transaction verification is greatly affected. Then, in order to improve the efficiency of transaction verification of the passenger client under the non-network or weak-network state, the passenger client in the embodiment of the application can temporarily prove the legitimacy of the passenger client based on the invalid authority certificate, and further generates a autogenous transaction certificate according to the invalid authority certificate, so that temporary transaction verification under the non-network or weak-network state is realized, and the trip efficiency of a trip object is improved.

In one implementation, the rights server may validate the rights certificate generated for the passenger client multiple times. That is, the passenger client may use the same authority certificate multiple times to prove that it has the authority to generate the transaction credential. In this case, the passenger client may cache the authority certificate in the local storage space (or local cache) after applying the authority certificate to the authority server, so that the passenger client may read from the local cache more quickly when the passenger client needs to acquire the authority certificate. By adopting the method, the communication times between the authority server and the passenger client can be reduced in the generation process of the transaction certificate, so that the generation efficiency of the transaction certificate is improved.

In yet another implementation, the rights certificate may also be valid a single time in order to promote transaction security. That is, the same authority certificate can only prove for the passenger client that it has the generation authority of the transaction credential once. In this case, the passenger client may initiate a certificate application request to the rights server when the transaction credential needs to be generated, such that the rights server generates the rights credential for the passenger client after the relevant authentication (e.g., authentication, and/or risk authentication, etc.) of the passenger client passes. To ensure that there is an expired rights certificate in the local cache for use in a non-network or weakly-network state, the passenger client may store the rights certificate in the local cache after acquiring the rights certificate or using the rights certificate. Alternatively, in other implementations, the passenger client may apply for the permission certificate to the permission server before detecting the instruction to generate the transaction credential, and store the applied permission certificate in the local cache for standby.

Notably, in the embodiment of the present application, in order to further improve the security of transaction verification, the passenger client may add a timeliness requirement to the revoked authority certificate. For example, a revoked permission certificate employed in generating the self-generated transaction credential may be limited to permission certificates acquired within a preset time frame, for which permission certificates acquired outside the preset time frame will be denied for use in generating the self-generated transaction credential. Wherein the preset time range may be illustratively determined based on the current time, such as within 48 hours from the current time. Based on the above, it is easy to understand that adding a time-efficient requirement to the revoked authority certificate can enable the passenger client that generates the self-generated transaction certificate to be the passenger client that is given authority by the authority server to generate the transaction certificate in a near future. In practical situations, the user behavior generated by the same passenger client in a short time has a large reference to the risk assessment dimension, so that the credibility of the authority certificate generated in a short time is high. Then, based on the permission certificate, a self-generated transaction certificate is generated, so that the transaction risk is small when the self-generated transaction certificate is used for transaction verification, the security of the transaction verification is effectively improved, and meanwhile, the passenger client can also receive the code scanning gate passing service in the track traffic scene under the condition of no network or weak network.

S203, displaying the autogenous transaction certificate so that the ticket checking client side identifies the autogenous transaction certificate, obtains autogenous certificate information indicated by the autogenous transaction certificate, performs transaction verification on the passenger client side based on the autogenous certificate information, and opens a track service channel after the transaction verification on the passenger client side is passed.

In one embodiment, the ticket checking client runs in a gate that has an input interface for the transaction token, such as a scan box for the transaction token. The input interface of the transaction voucher is used for scanning the transaction voucher generated by the passenger client, so that the ticket checking client can identify the autogenous transaction voucher and obtain autogenous voucher information indicated by the autogenous transaction voucher. The self-generated credential information can be used for realizing transaction verification of the ticket checking client to the passenger client, and can also be used for realizing risk assessment of the ticket checking client to the passenger client.

In one implementation, the ticket checking client performs transaction verification on the passenger client to determine whether the passenger client has authority to pass through the track service channel, or whether the passenger client has authority to perform account transaction with the track traffic device (e.g., gate). That is, the transaction verification herein may be that there is no account transaction with the passenger client, but only one verification of passing authority (or transaction authority), and the transaction with the passenger client may be performed after or in synchronization with opening the track service channel for the passenger, thereby improving the travel efficiency of the travel object. In this case, the self-generated credential information may optionally include, in particular, but not limited to, one or more of a client identification of the passenger client, a transaction identification, a certificate identification of the revoked authority certificate, and the like. In particular implementations, then, the ticket checking client may obtain business data associated with the self-generated credential information, and further perform one or more business processes of transaction verification, account transaction, and risk assessment on the passenger client based on the business data.

For example, when the self-generated credential information includes a client identifier, the ticket checking client may obtain service data generated by the passenger client based on the client identifier, and further perform risk assessment on the passenger client according to the service data to determine whether risk control on the passenger client is required (e.g. limiting the passenger client to take rail transit and canceling the authority certificate of the passenger client). In addition, when the self-generated voucher information includes a transaction identifier, the ticket checking client can determine a transaction account associated with the passenger client based on the transaction identifier indicated by the self-generated voucher information, so that related account transactions of the rail transit are realized.

Based on the transaction verification scheme and the transaction verification method shown in fig. 2, the embodiment of the application provides a transaction verification method of rail transit, and the method can be cooperatively executed by the above-mentioned passenger client and ticket checking client. As shown in fig. 4, the method may specifically include steps S401 to S405:

s401, when responding to a generation instruction of a transaction certificate, if detecting that the authority certificate in the local cache is invalid, the passenger client applies for updating the authority certificate to the authority server based on communication connection with the authority server; wherein the rights certificate is used to allow generation of the transaction credential.

In a specific embodiment, the implementation manner of step S401 may refer to the related embodiment of step S201, which is not described herein.

S402, in the process of applying for updating the permission certificate to the permission server, if the communication quality of the communication connection is detected to be lower than or equal to the expected communication quality, the passenger client generates a self-generated transaction certificate based on the permission certificate which is invalid in the local cache.

In one embodiment, the credential information submitted by the passenger client at the time of applying for the permission certificate may be present in the permission certificate, in which case the passenger client may generate the self-generated transaction credential based on the credential information (i.e., historical credential information) contained in the expired permission certificate. The historical credential information may refer to information that the passenger client is authenticated by the authority server in the historical time, such as client identification and passenger identity information. Then, the self-generated transaction certificate is generated based on the history certificate information, so that the legitimacy of the passenger client can be verified by adopting the self-generated transaction certificate to a certain extent, and the most basic security guarantee of transaction verification is given.

In a specific implementation, when the passenger client generates the self-generated transaction credential, the passenger client may first obtain historical credential information from the revoked authority credential and generate the reference transaction credential based on the historical credential information. Then, in order to further improve the security and reliability of the transaction verification, the passenger client may further acquire its own key information, so as to encrypt the reference transaction credential based on the key information, and use the data obtained by the encryption process as the autogenous transaction credential. In this case, the ticket checking client needs to acquire the historical credential information of the passenger client for transaction verification after the self-generated transaction credential is successfully decrypted. It can be understood that, by introducing the data encryption manner in the embodiment of the application, the probability of data leakage of the passenger client can be effectively reduced, so that the information security of the passenger client is ensured to a certain extent.

The key information used for data encryption may specifically include one or more of a signing key and an encryption key. When the key information includes a signing key, the passenger client will digitally sign the reference transaction credential such that the signature data of the passenger client is present in the self-generated transaction credential. Then, the ticket checking client can determine whether the autogenous transaction credential is generated by the passenger client based on the signature data, and determine the integrity of the autogenous credential information indicated by the autogenous transaction credential based on the signature data, so that the reliability of data communication between the passenger client and the ticket checking client is effectively ensured. In addition, when the key information includes a signature key and an encryption key, the passenger client can digitally sign the reference transaction certificate by using the signature key to obtain a reference transaction certificate containing signature data, and further encrypt the reference transaction certificate containing signature data by using the encryption key to finally obtain the autogenous transaction certificate.

Illustratively, the passenger client may generate the self-generated transaction credential with particular reference to the principles shown in fig. 5 a. In fig. 5a, the credential identifier may be generated based on historical credential information, which may be specifically such as a certificate identifier of a revoked authority certificate and/or a client identifier, so that the credential identifier of the self-generated transaction credential may be traced, which reduces the difficulty of the ticket checking client to perform transaction verification based on the self-generated transaction credential to a certain extent. Further, the ticket checking client may refer to the transaction verification principles shown in fig. 5b and/or 5c for transaction verification based on the self-generated transaction credentials. In fig. 5b and 5c, synchronizing the authentications of the authentications to the rights server may cause the rights server to trigger the authentication of the passenger client based on the authentications of the authentications. Then, after the authority server passes the authority verification of the passenger client, the authority certificate of the passenger client may be actively updated. When the authority server does not pass the authority verification of the passenger client, the authority server may send the verification result to the gate server (or gate), so that the gate server (or gate) may refuse to provide the rail traffic service to the passenger client afterwards.

It should be further specifically noted that, in practical applications, the ticket checking client may independently complete transaction verification. That is, each step performed by the gate server in fig. 5b and 5c may be performed by the ticket checking client in the gate. In this case, the step mentioned in fig. 5c of "good communication quality detected, uploading verification data and self-generated transaction credentials" will be omitted. Then, when more transaction verification needs to be processed, the ticket checking client can perform transaction verification by adopting the principle shown in fig. 5c after omitting the step, so as to improve the efficiency of transaction verification.

In yet another specific implementation, the passenger client may further obtain a communication identifier of the near field communication module to generate the self-generated transaction credential based on the communication identifier of the near field communication module and the permission certificate, such that the self-generated credential information indicated by the self-generated transaction credential includes the communication identifier. In this case, the generation principle of the autogenous transaction credential may be exemplarily shown with reference to fig. 6 a. The near field communication module exists in a terminal device running the passenger client, and may specifically include any one or more of a bluetooth communication module, an NFC (Near Field Communication, a short-range high-frequency radio technology) module, an infrared communication module, a WiFi communication module, and the like. The ticket checking client can initiate near field communication connection to the near field communication module based on the communication identification so as to conduct safe and reliable data interaction with the passenger client through a near field communication channel.

In practical applications, the structure of the autogenous transaction credential may be as shown in table 1. Based on table 1, it can be seen that the fields included in the autogenous transaction credential may include credential types (e.g., autogenous credential type, online credential type, credit credential, free credential, etc.), write data, fixed data, and reserved fields. Wherein this field of the written data may be used to store the credential identifier, passenger information, and passenger identifier in fig. 6 a. The fixed data field may be used to store the credential generation time and communication identification provided by the passenger client. The reserved field is used for storing write-back data sent by the ticket checking client.

TABLE 1

Credential type

Writing data

Fixed data

Reserved field

S403, the passenger client displays the autogenous transaction certificate.

In one embodiment, after the passenger client generates the self-generated transaction credential, the self-generated transaction credential may be displayed in the passenger client such that the passenger may present the self-generated transaction credential to the ticket checking client.

S404, the ticket checking client identifies the autogenous transaction certificate and obtains autogenous certificate information indicated by the autogenous transaction certificate.

In one embodiment, the ticket checking client may identify the self-generated transaction voucher by scanning the self-generated transaction voucher, thereby obtaining self-generated voucher information. Based on the foregoing, in practical applications, the self-generated transaction credential may be generated by the passenger client based on historical credential information in the permission certificate. In this case, the self-generated credential information obtained by the ticket checking client may also include at least the historical credential information of the passenger client. In addition, the self-generated transaction credential may also be generated based on the permission certificate along with the communication identity of the near field communication, in which case the self-generated credential information may include the communication identity of the near field communication module along with the associated credential information (e.g., historical credential information) indicated by the permission certificate.

S405, the ticket checking client performs transaction verification on the passenger client based on the self-generated certificate information, and opens a track service channel after the transaction verification on the passenger client is passed.

In one embodiment, when the self-generated credential information includes a communication identification of the near field communication module, the transaction verification of the passenger client may include a credential write-back verification. Specifically, after the ticket checking client acquires the communication identifier, the ticket checking client adopts a near field communication channel to send write-back data to a near field communication module indicated by the communication identifier, instructs the passenger client to generate a regeneration transaction credential based on the write-back data and the autogenous transaction credential, and finally realizes credential write-back verification of the passenger client by identifying the regeneration transaction credential displayed by the passenger client. Illustratively, the principle of the ticket checking client performing the credential write-back verification may be as shown in fig. 6 b.

The write-back data is generated by the ticket checking client, and the generation of the regeneration transaction certificate utilizes the write-back data, so that the regeneration transaction certificate of the passenger client is closely related to the write-back data. Under the condition, if the write-back data is dynamically generated by the ticket checking client, the dynamic verification of the ticket checking client to the passenger client can be realized, and the situation of forging the autogenous transaction credentials or stealing the autogenous transaction credentials (such as using the transaction credentials of other passengers) is effectively avoided, so that the reliability of the transaction verification is improved.

In yet another embodiment, as can be readily seen based on fig. 5a and 6a, in practical applications, the self-generated credential information of the self-generated transaction credential may also include a credential generation time. In this case, then, the transaction verification to the passenger client may also include a time validity verification. Specifically, the ticket checking client may first obtain the current time, and obtain the generation time of the autogenous transaction credential from the autogenous credential information, so as to determine a time difference between the generation time and the current time. And when the time difference is smaller than or equal to the preset time difference, determining that the time validity verification of the passenger client is passed. The time validity verification can effectively avoid the situation that passengers acquire rail transit services by using the credential screenshot.

In yet another embodiment, based on the specific implementation of step S402, the self-generated transaction credential may be obtained by encrypting the self-generated transaction credential with the encryption information, and then the self-generated credential information indicated by the self-generated transaction credential may be specific to the encrypted credential information (hereinafter referred to as the encryption credential information). In this case, then, the ticket checking client may include authentication of the passenger client at the time of transaction authentication of the passenger client. The identity verification method may specifically be: the identity of the passenger client is acquired first, and then a decryption key associated with the identity of the passenger client is acquired, so that encryption credential information indicated by the self-generated transaction credential is decrypted by adopting the decryption key. If the decryption is successful, the authentication of the passenger client can be determined to pass, otherwise, the authentication of the passenger client is not passed.

It should be noted that, in the transaction verification method of the rail transit mentioned in fig. 2 and fig. 4, if the ticket checking client fails to verify the passenger client (such as the identity verification fails, the time validity verification fails, etc.) in any transaction verification step, risk control information for the passenger client may be generated to indicate that the passenger client needs to perform risk control. Specifically, the ticket checking client may send risk control information to the service device to inform the service device to determine a risk control policy to be adopted for the passenger client based on the risk control information.

In the embodiment of the application, under the condition that the authority certificate of the passenger client fails, when the passenger client responds to the generation instruction of the transaction certificate, if the communication connection quality between the passenger client and the authority server is detected to be poor, the self-generated transaction certificate can be generated in a local offline mode by referring to the failed authority certificate, so that the ticket checking client performs transaction verification on the passenger client based on the self-generated transaction certificate, the influence of the communication environment in rail transit on the transaction verification efficiency is reduced, and the passenger client can realize the transaction verification under the condition that the communication environment is poor. In addition, the self-generated transaction credentials can be specifically generated based on the invalid permission credentials and the communication identification of the near field communication module, so that the ticket checking client can perform data interaction (such as sending write-back data) with the near field communication module indicated by the communication identification by adopting a near field communication channel, thereby realizing credential write-back verification of the passenger client and further improving the reliability of transaction verification. That is, by adopting the embodiment of the application in the track traffic scene, the passenger client can realize efficient and reliable transaction verification when the communication environment is poor, and the travel efficiency of the travel object using the passenger client is effectively ensured.

Based on the related embodiments of the transaction verification method of the track traffic in fig. 2 and fig. 4, the embodiments of the present application also disclose a transaction verification device of the track traffic, where the transaction verification device of the track traffic may be a computer program (including program code) running in the above-mentioned terminal device. The transaction verification device of the rail transit can execute the transaction verification method of the rail transit shown in fig. 2 and 4. Referring to fig. 7, the transaction verification device for track traffic may at least include: a response unit 701, a generation unit 702, and a display unit 703. Wherein:

a response unit 701, configured to, when responding to a generation instruction of a transaction credential, apply for updating the rights certificate to a rights server based on a communication connection with the rights server if it is detected that the rights certificate in the local cache is invalid; wherein the rights certificate is used to allow generation of a transaction credential;

a generating unit 702, configured to generate, in a process of applying for updating the permission certificate to the permission server, a self-generated transaction credential based on the permission certificate that has failed in the local cache if it is detected that the communication quality of the communication connection is lower than or equal to an expected communication quality;

The display unit 703 is configured to display the self-generated transaction certificate, so that the ticket checking client identifies the self-generated transaction certificate, obtains self-generated certificate information indicated by the self-generated transaction certificate, performs transaction verification on the passenger client based on the self-generated certificate information, and opens the track service channel after the transaction verification on the passenger client passes.

In one embodiment, the transaction verification for the passenger client includes credential write-back verification; the self-generated credential information comprises a communication identifier of a near field communication module, and the near field communication module exists in operation equipment for operating the passenger client; the generating unit 702 may be further configured to perform:

write-back data is acquired, and the write-back data is sent to a near field communication module indicated by a communication identifier by a ticket checking client side through a near field communication channel; generating a regenerated transaction voucher based on the write-back data and the autogenous transaction voucher; displaying the regeneration transaction certificate so that the ticket checking client identifies the regeneration transaction certificate, obtains regeneration certificate information indicated by the regeneration transaction certificate, and performs certificate write-back verification based on the regeneration certificate information.

In yet another embodiment, the generating unit 702 may specifically perform when configured to generate the self-generated transaction credential based on the revoked authority certificate in the local cache:

Acquiring historical credential information of a passenger client from the locally cached invalid authority certificate, and generating a reference transaction credential based on the historical credential information; and acquiring key information of the passenger client, and encrypting the reference transaction certificate based on the key information to obtain the autogenous transaction certificate.

Based on the related embodiments of the transaction verification method of the track traffic in fig. 2 and fig. 4, another transaction verification device of the track traffic is also disclosed, and the transaction verification device of the track traffic may be a computer program (including program code) running in the above mentioned gate. The transaction verification device of the rail transit can execute the transaction verification method of the rail transit shown in fig. 2 and 4. Referring to fig. 8, the transaction verification device for track traffic may at least include: the identification unit 801 and the authentication unit 802. Wherein:

an identifying unit 801, configured to identify a self-generated transaction credential, and obtain self-generated credential information indicated by the self-generated transaction credential; the self-generated transaction certificate is displayed by a passenger client, and is generated based on the authority certificate which is invalid in the local cache when the passenger client detects that the authority certificate in the local cache is invalid when responding to a generation instruction of the transaction certificate, and the authority certificate is used for allowing the generation of the transaction certificate when detecting that the communication quality of communication connection with the authority server is lower than or equal to the expected communication quality in the process of applying for updating the authority certificate to the authority server;

And the verification unit 802 is configured to perform transaction verification on the passenger client based on the self-generated credential information, and open a track service channel after the transaction verification on the passenger client passes.

In one embodiment, the self-generated credential information includes a communication identification of a near field communication module that resides in an operating device that operates the passenger client; transaction verification includes credential write-back verification; the verification unit 802 may specifically perform, when performing credential write-back verification on the passenger client:

acquiring a communication identifier from the autogenous voucher information, and generating write-back data aiming at the autogenous transaction voucher; the near field communication channel is adopted to send write-back data to a near field communication module indicated by the communication identifier, so that a passenger client side obtains the write-back data, generates a regeneration transaction credential based on the write-back data and the autogenous transaction credential, and displays the regeneration transaction credential; and identifying the regeneration transaction certificate, obtaining regeneration certificate information indicated by the regeneration transaction certificate, and performing certificate write-back verification based on the regeneration certificate information.

In yet another embodiment, the self-generated credential information includes a generation time of the self-generated transaction credential; transaction verification includes time legitimacy verification, and the verification unit 802 may be specifically configured to perform, when performing time legitimacy verification on the passenger client:

Acquiring the current time; acquiring the generation time of the autogenous transaction certificate from the autogenous certificate information; and determining the time difference between the generation time and the current time, and determining that the time validity verification of the passenger client passes when the time difference is smaller than or equal to the preset time difference.

In yet another embodiment, the self-generated credential information includes encrypted credential information obtained after the passenger client performs the encryption process; transaction verification includes identity verification; the authentication unit 802 may specifically perform, when performing authentication on the passenger client:

acquiring the identity of a passenger client; acquiring a decryption key associated with the identity, and decrypting the encryption credential information by adopting the decryption key; if the decryption is successful, the authentication of the passenger client is determined to pass.

In yet another embodiment, the transaction verification device of the rail transit may further include a risk control unit 803, and the risk control unit 803 may be configured to perform:

if the transaction verification of the passenger client is not passed, risk control information aiming at the passenger client is generated; and sending the risk control information to the service server equipment so that the service server equipment can execute risk control processing of the rail transit service on the passenger client based on the risk control information.

Note that, each unit in the transaction verification device for rail transit shown in fig. 7 and fig. 8 is divided based on a logic function, and each unit may be respectively or completely combined into one or several other units, or some (some) units may be further split into a plurality of units with smaller functions to form the transaction verification device, which can achieve the same operation without affecting the implementation of the technical effects of the embodiments of the present application. In other embodiments of the present application, the transaction verification device for rail transit may also include other units, and in practical applications, these functions may also be implemented with assistance of other units, and may be implemented by cooperation of multiple units.

Based on the above related description of the transaction verification method and apparatus of rail transit, the embodiments of the present application further provide a transaction verification device, which may be used to perform all the steps of fig. 2 and the steps performed by the passenger client in fig. 4, or to perform the steps performed by the ticket checking client in fig. 4. In particular, referring to fig. 9, the transaction verification device includes at least a processor 901 and a storage medium 902, and the processor 901 and the storage medium 902 of the transaction verification device may be connected by a bus or other means. Wherein the storage medium 902 is a memory device in the transaction verification device for storing programs and data. It will be appreciated that the storage medium 902 herein may include both a built-in storage medium in the transaction verification device and an extended storage medium supported by the transaction verification device. The storage medium 902 is used to provide storage space that stores the operating system of the transaction verification device. Also stored in this memory space are one or more computer programs, which may be one or more program codes, adapted to be loaded and executed by the processor 901.

The storage medium herein may be a high-speed RAM memory or a non-volatile memory (non-volatile memory), such as at least one disk memory; optionally, at least one storage medium located remotely from the processor. The processor 901 (or CPU (Central Processing Unit, central processing unit)) is a computing core as well as a control core of the transaction verification device, which is adapted to implement one or more computer programs, in particular to load and execute one or more computer programs for implementing the respective method flows or the respective functions.

The embodiment of the application further provides a storage medium, in which one or more computer programs corresponding to the transaction verification method of the rail transit are stored, and when one or more processors load and execute the one or more computer programs, the description of the transaction verification method of the rail transit in the embodiment can be realized, and the description is omitted herein. It will be appreciated that a computer program may be deployed to be executed on one or more devices that are capable of communication with one another.

Embodiments of the present application also provide a computer program product or computer program comprising computer instructions stored in a storage medium. The processor of the transaction verification device reads the computer instructions from the storage medium, and the processor executes the computer instructions, so that the transaction verification device performs the transaction verification method of the rail transit provided in the above-described respective embodiments.

In addition, it can be understood that the beneficial effects generated by adopting the same method in the storage medium, the transaction verification device and the transaction verification device of the track traffic in the present application are the same as the beneficial effects of the transaction verification method of the track traffic proposed in fig. 2 and fig. 4, so that the description thereof is omitted herein.

Those skilled in the art will appreciate that implementing all or part of the above-described embodiment method may be accomplished by a computer program to instruct related hardware, and the computer program may be stored in a storage medium, and the computer program may include the embodiment of the transaction verification method of rail transit as described above when executed. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), or the like.

It should be understood that the foregoing disclosure of various embodiments is only a partial example of the present application, and it is not intended to limit the scope of the claims of the present application. It should be further noted that, when the above embodiments of the present application are applied to specific products or technologies, if passenger related data needs to be obtained, passenger permission or consent needs to be obtained, and the collection, use and processing of the related data needs to comply with relevant laws and regulations and standards of relevant countries and regions.

Claims

1. A transaction verification method for rail transit, the method being performed by a passenger client and comprising:

displaying the autogenous transaction certificate so that the ticket checking client side recognizes the autogenous transaction certificate, obtains autogenous certificate information indicated by the autogenous transaction certificate, performs transaction verification on the passenger client side based on the autogenous certificate information, and opens a track service channel after the transaction verification on the passenger client side is passed.

2. The method of claim 1, wherein the transaction verification of the passenger client comprises credential write-back verification; the self-generated credential information comprises a communication identifier of a near field communication module, wherein the near field communication module exists in operation equipment for operating the passenger client; the method further comprises the steps of:

Obtaining write-back data, wherein the write-back data is sent to a near field communication module indicated by the communication identifier by adopting a near field communication channel by the ticket checking client;

generating a regeneration transaction credential based on the write-back data and the autogenous transaction credential;

displaying the regeneration transaction certificate so that the ticket checking client side recognizes the regeneration transaction certificate, obtains regeneration certificate information indicated by the regeneration transaction certificate, and performs the certificate write-back verification based on the regeneration certificate information.

3. The method of claim 1 or 2, wherein the generating a self-generated transaction credential based on the revoked rights certificate in the local cache comprises:

acquiring historical credential information of the passenger client from the locally cached invalid permission certificate, and generating a reference transaction credential based on the historical credential information;

and acquiring key information of the passenger client, and encrypting the reference transaction certificate based on the key information to obtain the autogenous transaction certificate.

4. A transaction verification method for rail transit, the method being performed by a ticket checking client and comprising:

5. The method of claim 4, wherein the self-generated credential information includes a communication identification of a near field communication module that is present in a running device running the passenger client; the transaction verification includes credential write-back verification; the way of performing the credential write-back verification on the passenger client includes:

Acquiring the communication identification from the autogenous voucher information, and generating write-back data aiming at the autogenous transaction voucher;

transmitting the write-back data to a near field communication module indicated by the communication identifier by adopting a near field communication channel so that the passenger client side obtains the write-back data, generates a regeneration transaction credential based on the write-back data and the autogenous transaction credential, and displays the regeneration transaction credential;

and identifying the regeneration transaction certificate, obtaining regeneration certificate information indicated by the regeneration transaction certificate, and performing certificate write-back verification based on the regeneration certificate information.

6. The method of claim 4 or 5, wherein the self-generated credential information includes a time of generation of the self-generated transaction credential; the transaction verification comprises time validity verification, and the method for carrying out the time validity verification on the passenger client side comprises the following steps:

acquiring the current time;

acquiring the generation time of the autogenous transaction voucher from the autogenous voucher information;

and determining the time difference between the generation time and the current time, and determining that the time validity verification of the passenger client passes when the time difference is smaller than or equal to a preset time difference.

7. The method according to claim 4 or 5, wherein the self-generated credential information includes encrypted credential information obtained after the passenger client performs encryption processing; the transaction verification includes identity verification; the means for performing the authentication of the passenger client comprises:

acquiring the identity of the passenger client;

acquiring a decryption key associated with the identity, and decrypting the encryption credential information by adopting the decryption key;

and if the decryption is successful, determining that the identity verification of the passenger client is passed.

8. The method according to claim 4 or 5, characterized in that the method further comprises:

if the transaction verification of the passenger client is not passed, risk control information aiming at the passenger client is generated;

and sending the risk control information to service equipment so that the service server equipment can execute risk control processing of the rail transit service on the passenger client based on the risk control information.

9. A transaction verification device for rail transit, comprising:

10. A transaction verification device for rail transit, comprising:

And the verification unit is used for carrying out transaction verification on the passenger client based on the self-generated certificate information and opening a track service channel after the transaction verification on the passenger client is passed.