WO2012031549A1 - Method, apparatus, and system for security authentication in mobile payment - Google Patents

Method, apparatus, and system for security authentication in mobile payment Download PDF

Info

Publication number
WO2012031549A1
WO2012031549A1 PCT/CN2011/079374 CN2011079374W WO2012031549A1 WO 2012031549 A1 WO2012031549 A1 WO 2012031549A1 CN 2011079374 W CN2011079374 W CN 2011079374W WO 2012031549 A1 WO2012031549 A1 WO 2012031549A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
password
time
mobile terminal
verification
Prior art date
Application number
PCT/CN2011/079374
Other languages
French (fr)
Chinese (zh)
Inventor
黄志辉
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2012031549A1 publication Critical patent/WO2012031549A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices

Definitions

  • the present invention relates to the field of communications technologies, and in particular, to a method, device and system for mobile payment security verification. Background technique
  • the so-called mobile payment means that the two parties use the mobile terminal to make a payment by wireless means for a certain goods or business.
  • the mobile terminal used for mobile payment can be a mobile phone, a PDA (Personal Digital Assistant), or the like.
  • the user when paying through the mobile terminal, in order to ensure the security of the payment, the user inputs the payment password through the mobile terminal, and then the mobile terminal transmits the payment password to the operator server, and the operator server transmits the payment password to the payment verification server. After the payment verification server verifies the payment password, the payment is made.
  • the mobile terminal transmits the payment password to the operator server through the base station, and the carrier server transmits the payment password to the payment verification server, and the payment password may be captured by the illegal user, so that the illegal user can use the payment password to pass the payment verification server.
  • the verification of the payment makes the existing payment method very unsafe.
  • a method of mobile payment security 3 certification comprising:
  • the method further includes: before acquiring the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the method further includes:
  • the mobile payment insurance information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, And a set of verification passwords corresponding to the payment account.
  • the method further includes: setting a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the Deleted in a set of authentication passwords.
  • a device for mobile payment security insurance comprising:
  • a first obtaining module configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal;
  • a first determining module configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal exist in the device Number
  • a second judging module configured to: when the judgment result of the first judging module is that the payment account and the mobile terminal number are present in the device, determine whether a group of verification passwords corresponding to the payment account is There is a one-time verification password corresponding to the one-time payment password code;
  • a payment module configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
  • the device further includes: a second obtaining module, configured to acquire, after the first acquiring module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the mobile payment verification information set by the user And storing the mobile payment verification information in the device, where the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and the payment account A corresponding set of verification passwords.
  • a second obtaining module configured to acquire, after the first acquiring module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the mobile payment verification information set by the user And storing the mobile payment verification information in the device, where the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and the payment account A corresponding set of verification passwords.
  • the device further includes: a setting module, configured to: after the payment module determines that the one-time payment password is successfully verified, set a one-time verification password corresponding to the one-time payment password to be unavailable Or deleting the one-time verification password from the set of verification passwords.
  • a setting module configured to: after the payment module determines that the one-time payment password is successfully verified, set a one-time verification password corresponding to the one-time payment password to be unavailable Or deleting the one-time verification password from the set of verification passwords.
  • a system for mobile payment security verification comprising: a mobile terminal and a payment verification server; the mobile terminal, configured to acquire a payment account input by a user, a one-time payment password, the payment account, a one-time payment password, and a mobile terminal The number is sent to the payment verification server; the payment verification server is configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, and determine whether the payment account and the mobile terminal number exist locally; If the payment account and the mobile terminal number exist, it is determined whether a one-time insurance password corresponding to the one-time payment password exists in a group of insurance passwords corresponding to the payment account.
  • the payment verification server includes:
  • a first obtaining module configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal
  • a first determining module configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the Mobile terminal number
  • a second judging module configured to determine, when the judgment result of the first judging module is that the payment account and the mobile terminal number exist in the payment verification server, determine a group of insurance risks corresponding to the payment account Whether there is a one-time insurance password corresponding to the one-time payment password in the password;
  • a payment module configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
  • the payment verification server further includes: a second obtaining module, configured to acquire a mobile payment set by the user before the first obtaining module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal Verifying the information, and storing the mobile payment verification information in the payment verification server, where the mobile payment verification information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and A set of risk code corresponding to the payment account.
  • a second obtaining module configured to acquire a mobile payment set by the user before the first obtaining module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal Verifying the information, and storing the mobile payment verification information in the payment verification server, where the mobile payment verification information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and A set of risk code corresponding to the payment account.
  • the payment verification server further includes: a setting module, configured to: after the payment module determines that the one-time payment password verification is successful, set a one-time verification password corresponding to the one-time payment password to Not available or remove the one-time verification password from the set of verification passwords.
  • a setting module configured to: after the payment module determines that the one-time payment password verification is successful, set a one-time verification password corresponding to the one-time payment password to Not available or remove the one-time verification password from the set of verification passwords.
  • FIG. 1 is a schematic flow chart of a method for mobile payment security verification according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic flow chart of a method for mobile payment security verification according to Embodiment 2 of the present invention.
  • FIG. 3 is a schematic diagram showing the structure of a first mobile payment security verification apparatus according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic diagram showing the structure of a second mobile payment security verification apparatus according to Embodiment 3 of the present invention.
  • FIG. 5 is a schematic structural diagram of a third apparatus for mobile payment security verification according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic diagram showing the structure of a fourth mobile payment security verification apparatus according to Embodiment 3 of the present invention.
  • FIG. 7 is a schematic structural diagram of a system for mobile payment security verification according to Embodiment 4 of the present invention. detailed description
  • an embodiment of the present invention provides a method for mobile payment security verification, including: Step 101: Acquire a payment account, a one-time payment password, and a mobile terminal number sent by a mobile terminal.
  • Step 102 Determine whether the payment account and the mobile terminal number exist locally.
  • Step 103 If the payment account and the mobile terminal number exist locally, determine whether there is a corresponding one of the set of verification passwords corresponding to the payment account corresponding to the one-time payment password. Verify the password once.
  • Step 104 If there is a one-time insurance password corresponding to the one-time payment password in the set of license password corresponding to the payment account, it is determined that the one-time payment password insurance is successful.
  • the method further includes:
  • the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and the payment A set of risk code corresponding to the account.
  • the method further includes: setting a one-time verification password corresponding to the one-time payment password to be unavailable or verifying the one-time verification password from the group Deleted in the password.
  • the mobile payment security verification method performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment.
  • the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords.
  • the license code can only be used once.
  • an embodiment of the present invention provides a method for mobile payment security verification, including: Step 201: A payment verification server obtains mobile payment verification information, and stores the mobile payment verification information in a payment verification server, where The mobile payment verification information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of verification passwords corresponding to the payment account. Wherein, one set of verification passwords includes at least two one-time verification passwords.
  • the mobile terminal number is a number that can identify the mobile terminal, such as a mobile phone number of the mobile phone Code and so on.
  • the payment account can be an account that can support mobile payment, such as a 4 credit card number, a credit card number, a Q currency account number, and a Fortune account.
  • the payment account corresponding to the mobile terminal number may be set one or more, and may be set according to the actual application status, which is not limited thereto.
  • the verification password can be used only once, and thus can be referred to as a one-time verification password.
  • the user when setting the mobile terminal number, the payment account corresponding to the mobile terminal number, and the set of verification passwords corresponding to the payment account, the user may directly set to the provider of the payment verification server, or may use a computer or the like.
  • the provider of the remote connection payment verification server performs setting, which is not specifically limited.
  • the set of verification passwords includes at least two one-time verification passwords.
  • the method for setting a group of verification passwords includes five one-time verification passwords: 0123, x456, abc, 3789, and 8888.
  • the payment verification server when the payment verification server stores the mobile terminal number, the payment account corresponding to the mobile terminal number, and the set of verification passwords corresponding to the payment account, the payment verification server may be stored in the payment verification server in a list manner, or may be Other ways to store, the storage method is not specifically limited.
  • Step 202 When the user makes a payment through the mobile terminal, the mobile terminal requests the user to input the payment account and the one-time payment password.
  • the payment password can only be used once in the method of the embodiment of the present invention, it can be referred to as a one-time payment password.
  • Step 203 The mobile terminal acquires the payment account and the one-time payment password input by the user, and sends the payment account, the one-time payment password and the mobile terminal number to the payment verification server through the base station and the operator server.
  • Step 204 The payment verification server receives the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, and determines whether the payment account and the mobile terminal number exist in the payment verification server. If yes, step 205 is performed; otherwise, End the current process. Step 205: The payment verification server determines whether there is a one-time insurance password corresponding to the one-time payment password input by the user this time in the group of verification passwords corresponding to the payment account, and if yes, step 206 is performed; otherwise, Go to step 207.
  • Step 206 The payment insurance certificate server determines that the one-time payment password insurance is successful, and sets the one-time verification password corresponding to the one-time payment password sent by the mobile terminal to be unavailable or from its corresponding group. The license is removed from the password and the current process ends.
  • the payment account can be used for payment.
  • the payment verification server may send a one-time payment password verification success message to the mobile terminal through the operator server and the base station, and notify the mobile terminal to successfully pay the password insurance certificate in one time.
  • the one-time payment password and the one-time verification password can be used only once, even in the payment process.
  • the payment password is captured by the unlawful user, and the unlawful user cannot use the one-time payment password to pay, which increases the security of the payment.
  • the payment verification server judges the movement by setting the one-time verification password input by the user this time to be unavailable or deleting it from the group of verification passwords. Whether the number of times the one-time payment password is input in the terminal exceeds a preset number of times. If it is exceeded, the current process is ended; otherwise, step 208 is performed.
  • the preset number of times may be 3 times, 5 times, etc., and may be flexibly set according to actual application conditions, which is not limited thereto.
  • Step 208 The payment verification server requests the mobile terminal to re-enter the one-time payment password. After receiving the request from the payment verification server, the mobile terminal requests the user to re-enter the one-time payment password, and then performs step 203.
  • the mobile payment security verification method according to the embodiment of the present invention performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment.
  • the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords.
  • the license code can only be used once.
  • an embodiment of the present invention provides a device for mobile payment security verification, where the device includes:
  • the first obtaining module 301 is configured to obtain a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal.
  • the first determining module 302 is configured to determine, after the first obtaining module 301 obtains the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal number are corresponding to the device. Payment account.
  • the second judging module 303 is configured to: when the judgment result of the first judging module 302 is that the payment account and the mobile terminal number are present in the device, determine whether there is a pair of license code passwords corresponding to the payment account The one-time payment password corresponds to the one-time verification password.
  • the payment module 304 is configured to determine, when the determination result of the second determining module 303 is that the one-time verification password corresponding to the one-time payment password exists in a group of verification passwords corresponding to the payment account, determining the one-time payment The password insurance certificate was successful.
  • the apparatus further includes:
  • the second obtaining module 305 is configured to obtain the mobile payment verification information set by the user, and store the mobile payment verification information, before the first obtaining module 301 acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal.
  • the license information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of risk certificate passwords corresponding to the payment account.
  • the device further includes:
  • the setting module 306 is configured to: after the payment module 304 determines that the one-time payment password is successfully verified, set the one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the group Verify the password is removed.
  • the mobile payment security verification apparatus performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment.
  • the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords.
  • the license code can only be used once.
  • an embodiment of the present invention provides a system for mobile payment security verification, where the system includes: a mobile terminal 401 and a payment verification server 402.
  • the mobile terminal 401 is configured to obtain a payment account input by the user, a one-time payment password, and send the payment account, the one-time payment password, and the mobile terminal number to the payment verification server 402.
  • a payment verification server 402 configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal 401, and determine whether the payment account and the mobile terminal number exist locally; if the payment account and the mobile terminal exist locally The number determines whether a one-time verification password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account.
  • the payment verification server 402 includes: a first obtaining module, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal 401;
  • a first determining module configured to determine, after the first obtaining module obtains the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal number exist in the payment verification server 402;
  • a second judging module configured to: when the judgment result of the first judging module is that the payment account and the mobile terminal number exist in the payment verification server 402, determine whether a set of verification passwords corresponding to the payment account exists a one-time verification password corresponding to the one-time payment password; a payment module, configured to: when the judgment result of the second judgment module is that the set of verification passwords corresponding to the payment account has a one-time corresponding to the one-time payment password When verifying the password, it is determined that the one-time payment password insurance is successful.
  • the payment verification server 402 further includes:
  • a second obtaining module configured to acquire mobile payment verification information set by the user, and store the mobile payment verification information in the payment verification server 402, before the first obtaining module acquires the one-time payment password and the mobile terminal number sent by the mobile terminal
  • the mobile payment verification information includes: a mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of risk certificate passwords corresponding to the payment account.
  • the payment verification server 402 further includes:
  • a setting module configured to: after the payment module determines that the one-time payment password is successfully verified, set a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the group of verification passwords Deleted.
  • the mobile payment security verification system performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment. And, specifically, The one-time verification password corresponding to the one-time payment password is set to be unavailable or the one-time verification password is deleted from the set of risk passwords, and the one-time payment password and the one-time insurance password can be used only once. .
  • All or part of the technical solutions provided by the above embodiments may be implemented by software programming, and the software program is stored in a readable storage medium such as a hard disk, an optical disk or a floppy disk in a computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Provided are a method, an apparatus, and a system for security authentication in mobile payment, which relate to the field of communications. The method comprises: acquiring a payment account, a one-off payment password, and a mobile terminal number sent by a mobile terminal; judging whether the payment account and the mobile terminal number exist locally; if the payment account and the mobile terminal number exist locally, judging whether a one-off authentication password corresponding to the one-off payment password exists in a group of authentication passwords corresponding to the payment account; and if the one-off authentication password corresponding to the one-off payment password exists in the group of authentication passwords corresponding to the payment account, determining that the authentication of the one-off payment password is successful. The apparatus comprises a first acquiring module, a first judging module, a second judging module, and a payment module. The system comprises a mobile terminal, and a payment authentication server. The present invention improves the security of payment.

Description

一种移动支付安全^ £的方法、 装置和系统 技术领域  Method, device and system for mobile payment security
本发明涉及通信技术领域, 特别涉及一种移动支付安全验证的方法、 装置和系统。 背景技术  The present invention relates to the field of communications technologies, and in particular, to a method, device and system for mobile payment security verification. Background technique
随着移动通信从话音业务转向数字业务, 各种移动增值业务层出不穷, 而移动支付就是其中的一个。 所谓移动支付, 是指交易双方为了某种货物 或者业务, 使用移动终端通过无线方式进行支付。 移动支付所使用的移动 终端可以是手机、 PDA ( Personal Digital Assistant, 个人数字助理)等。  As mobile communications shift from voice services to digital services, various mobile value-added services are emerging, and mobile payment is one of them. The so-called mobile payment means that the two parties use the mobile terminal to make a payment by wireless means for a certain goods or business. The mobile terminal used for mobile payment can be a mobile phone, a PDA (Personal Digital Assistant), or the like.
目前在通过移动终端进行支付时, 为了保证支付的安全, 用户会通过 移动终端输入支付密码, 然后移动终端再将支付密码传输到运营商服务器, 运营商服务器再将支付密码传输到支付验证服务器, 支付验证服务器对支 付密码进行验证通过后, 再进行支付。  At present, when paying through the mobile terminal, in order to ensure the security of the payment, the user inputs the payment password through the mobile terminal, and then the mobile terminal transmits the payment password to the operator server, and the operator server transmits the payment password to the payment verification server. After the payment verification server verifies the payment password, the payment is made.
然而, 在实现本发明的过程中, 发明人发现现有技术至少存在以下问 题:  However, in the process of implementing the present invention, the inventors have found that the prior art has at least the following problems:
在移动终端通过基站将支付密码传输到运营商服务器, 运营商服务器 再将支付密码传输到支付验证服务器的过程中, 支付密码可能被不法用户 捕获, 使得不法用户可以利用该支付密码通过支付验证服务器的验证进行 支付, 使得现有支付方法很不安全。 发明内容  The mobile terminal transmits the payment password to the operator server through the base station, and the carrier server transmits the payment password to the payment verification server, and the payment password may be captured by the illegal user, so that the illegal user can use the payment password to pass the payment verification server. The verification of the payment makes the existing payment method very unsafe. Summary of the invention
为了增强在利用移动终端进行支付中的安全性, 本发明实施例提供了 一种移动支付安全险证的方法、 装置和系统。 所述技术方案如下: 一种移动支付安全 3 证的方法, 包括: In order to enhance the security in the payment by the mobile terminal, the embodiment of the invention provides a method, device and system for the mobile payment security risk certificate. The technical solution is as follows: A method of mobile payment security 3 certification, comprising:
获取移动终端发送的支付账户、 一次性支付密码和移动终端号码; 判断本地是否存在有所述支付账户和所述移动终端号码;  Obtaining a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal; determining whether the payment account and the mobile terminal number exist locally;
如果本地存在有所述支付账户和所述移动终端号码, 则判断与所述支 付账户对应的一组险证密码中是否存在有与所述一次性支付密码相对应的 一次性验证密码;  If the payment account and the mobile terminal number exist locally, determining whether a one-time verification password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account;
如果与所述支付账户对应的一组险证密码中存在有与所述一次性支付 密码相对应的一次性险证密码, 则确定对所述一次性支付密码险证成功。  If there is a one-time insurance password corresponding to the one-time payment password in a set of risk code corresponding to the payment account, it is determined that the one-time payment password insurance is successful.
进一步地, 所述在获取移动终端发送的支付账户、 一次性支付密码和 移动终端号码之前, 所述方法还包括:  Further, the method further includes: before acquiring the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the method further includes:
获取用户设定的移动支付验证信息, 并将所述移动支付验证信息存储 在本地, 其中, 所述移动支付险证信息包括: 所述移动终端号码, 与所述 移动终端号码对应的支付账户, 以及与所述支付账户对应的一组验证密码。  Obtaining the mobile payment verification information set by the user, and storing the mobile payment verification information locally, where the mobile payment insurance information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, And a set of verification passwords corresponding to the payment account.
进一步地, 对所述一次性支付密码险证成功之后, 所述方法还包括: 将与所述一次性支付密码相对应的一次性验证密码设置为不可用或将 所述一次性验证密码从所述一组验证密码中删除。  Further, after the one-time payment password insurance is successful, the method further includes: setting a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the Deleted in a set of authentication passwords.
一种移动支付安全险证的装置, 包括:  A device for mobile payment security insurance, comprising:
第一获取模块, 用于获取移动终端发送的支付账户、 一次性支付密码 和移动终端号码;  a first obtaining module, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal;
第一判断模块, 用于在所述第一获取模块获取到移动终端发送的支付 账户、 一次性支付密码和移动终端号码后, 判断所述装置中是否存在有所 述支付账户和所述移动终端号码;  a first determining module, configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal exist in the device Number
第二判断模块, 用于当所述第一判断模块的判断结果是所述装置中存 在有所述支付账户和所述移动终端号码时, 判断与所述支付账户对应的一 组验证密码中是否存在有与所述一次性支付密码相对应的一次性验证密 码; a second judging module, configured to: when the judgment result of the first judging module is that the payment account and the mobile terminal number are present in the device, determine whether a group of verification passwords corresponding to the payment account is There is a one-time verification password corresponding to the one-time payment password code;
支付模块, 用于当所述第二判断模块的判断结果是与所述支付账户对 应的一组险证密码中存在有与所述一次性支付密码相对应的一次性险证密 码时, 确定对所述一次性支付密码险证成功。  a payment module, configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
进一步地, 所述装置还包括: 第二获取模块, 用于在所述第一获取模 块获取移动终端发送的支付账户、 一次性支付密码和移动终端号码之前, 获取用户设定的移动支付验证信息, 并将所述移动支付验证信息存储在所 述装置中, 其中, 所述移动支付险证信息包括: 所述移动终端号码, 与所 述移动终端号码对应的支付账户, 以及与所述支付账户对应的一组验证密 码。  Further, the device further includes: a second obtaining module, configured to acquire, after the first acquiring module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the mobile payment verification information set by the user And storing the mobile payment verification information in the device, where the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and the payment account A corresponding set of verification passwords.
进一步地, 所述装置还包括: 设置模块, 用于在所述支付模块确定对 所述一次性支付密码验证成功后, 将与所述一次性支付密码相对应的一次 性验证密码设置为不可用或将所述一次性验证密码从所述一组验证密码中 删除。  Further, the device further includes: a setting module, configured to: after the payment module determines that the one-time payment password is successfully verified, set a one-time verification password corresponding to the one-time payment password to be unavailable Or deleting the one-time verification password from the set of verification passwords.
一种移动支付安全验证的系统, 包括: 移动终端和支付验证服务器; 所述移动终端, 用于获取用户输入的支付账户、 一次性支付密码, 将 所述支付账户、 一次性支付密码和移动终端号码发送给支付验证服务器; 所述支付验证服务器, 用于获取所述移动终端发送的支付账户、 一次 性支付密码和移动终端号码, 判断本地是否存在有该支付账户和该移动终 端号码; 如果本地存在有该支付账户和该移动终端号码, 则判断与该支付 账户对应的一组险证密码中是否存在有与该一次性支付密码相对应的一次 性险证密码。  A system for mobile payment security verification, comprising: a mobile terminal and a payment verification server; the mobile terminal, configured to acquire a payment account input by a user, a one-time payment password, the payment account, a one-time payment password, and a mobile terminal The number is sent to the payment verification server; the payment verification server is configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, and determine whether the payment account and the mobile terminal number exist locally; If the payment account and the mobile terminal number exist, it is determined whether a one-time insurance password corresponding to the one-time payment password exists in a group of insurance passwords corresponding to the payment account.
所述支付验证服务器包括:  The payment verification server includes:
第一获取模块, 用于获取所述移动终端发送的支付账户、 一次性支付 密码和移动终端号码; 第一判断模块, 用于在所述第一获取模块获取到移动终端发送的支付 账户、 一次性支付密码和移动终端号码后, 判断所述支付验证服务器中是 否存在有所述支付账户和所述移动终端号码; a first obtaining module, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal; a first determining module, configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the Mobile terminal number;
第二判断模块, 用于当所述第一判断模块的判断结果是所述支付验证 服务器中存在有所述支付账户和所述移动终端号码时, 判断与所述支付账 户对应的一组险证密码中是否存在有与所述一次性支付密码相对应的一次 性险证密码;  a second judging module, configured to determine, when the judgment result of the first judging module is that the payment account and the mobile terminal number exist in the payment verification server, determine a group of insurance risks corresponding to the payment account Whether there is a one-time insurance password corresponding to the one-time payment password in the password;
支付模块, 用于当所述第二判断模块的判断结果是与所述支付账户对 应的一组险证密码中存在有与所述一次性支付密码相对应的一次性险证密 码时, 确定对所述一次性支付密码险证成功。  a payment module, configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
进一步地, 所述支付验证服务器还包括: 第二获取模块, 用于在所述 第一获取模块获取移动终端发送的支付账户、 一次性支付密码和移动终端 号码之前, 获取用户设定的移动支付验证信息, 并将所述移动支付验证信 息存储在所述支付验证服务器中, 其中, 所述移动支付验证信息包括: 所 述移动终端号码, 与所述移动终端号码对应的支付账户, 以及与所述支付 账户对应的一组险证密码。  Further, the payment verification server further includes: a second obtaining module, configured to acquire a mobile payment set by the user before the first obtaining module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal Verifying the information, and storing the mobile payment verification information in the payment verification server, where the mobile payment verification information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and A set of risk code corresponding to the payment account.
进一步地, 所述支付验证服务器还包括: 设置模块, 用于在所述支付 模块确定对所述一次性支付密码验证成功后, 将与所述一次性支付密码相 对应的一次性验证密码设置为不可用或将所述一次性验证密码从所述一组 验证密码中删除。  Further, the payment verification server further includes: a setting module, configured to: after the payment module determines that the one-time payment password verification is successful, set a one-time verification password corresponding to the one-time payment password to Not available or remove the one-time verification password from the set of verification passwords.
本发明实施例提供的技术方案的有益效果是:  The beneficial effects of the technical solutions provided by the embodiments of the present invention are:
通过使用只可以使用一次的一次性支付密码和一次性验证密码进行验 证, 使得即使在支付过程中一次性支付密码被不法用户捕获, 不法用户也 不可以利用该一次性支付密码通过险证进行支付, 增加了支付的安全性。 附图说明 By using a one-time payment password and a one-time verification password that can be used only once, the verification is performed, so that even if the one-time payment password is captured by the unlawful user during the payment process, the unlawful user can not use the one-time payment password to pay through the risk certificate. , increased security of payment. DRAWINGS
图 1是本发明实施例 1提供的一种移动支付安全验证的方法流程示意 图;  1 is a schematic flow chart of a method for mobile payment security verification according to Embodiment 1 of the present invention;
图 2是本发明实施例 2提供的一种移动支付安全验证的方法流程示意 图;  2 is a schematic flow chart of a method for mobile payment security verification according to Embodiment 2 of the present invention;
图 3是本发明实施例 3提供的第一种移动支付安全验证的装置结构示 意图;  FIG. 3 is a schematic diagram showing the structure of a first mobile payment security verification apparatus according to Embodiment 3 of the present invention; FIG.
图 4是本发明实施例 3提供的第二种移动支付安全验证的装置结构示 意图;  4 is a schematic diagram showing the structure of a second mobile payment security verification apparatus according to Embodiment 3 of the present invention;
图 5是本发明实施例 3提供的第三种移动支付安全验证的装置结构示 意图;  FIG. 5 is a schematic structural diagram of a third apparatus for mobile payment security verification according to Embodiment 3 of the present invention; FIG.
图 6是本发明实施例 3提供的第四种移动支付安全验证的装置结构示 意图;  6 is a schematic diagram showing the structure of a fourth mobile payment security verification apparatus according to Embodiment 3 of the present invention;
图 7是本发明实施例 4提供的一种移动支付安全验证的系统结构示意 图。 具体实施方式  FIG. 7 is a schematic structural diagram of a system for mobile payment security verification according to Embodiment 4 of the present invention. detailed description
为使本发明的目的、 技术方案和优点更加清楚, 下面将结合附图对本 发明实施方式作进一步地详细描述。  The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
实施例 1  Example 1
参见图 1 , 本发明实施例提供了一种移动支付安全验证的方法, 包括: 步驟 101 : 获取移动终端发送的支付账户、一次性支付密码和移动终端 号码。  Referring to FIG. 1, an embodiment of the present invention provides a method for mobile payment security verification, including: Step 101: Acquire a payment account, a one-time payment password, and a mobile terminal number sent by a mobile terminal.
步驟 102: 判断本地是否存在有该支付账户和该移动终端号码。  Step 102: Determine whether the payment account and the mobile terminal number exist locally.
步驟 103: 如果本地存在有该支付账户和该移动终端号码, 则判断与该 支付账户对应的一组验证密码中是否存在有与该一次性支付密码相对应的 一次性验证密码。 Step 103: If the payment account and the mobile terminal number exist locally, determine whether there is a corresponding one of the set of verification passwords corresponding to the payment account corresponding to the one-time payment password. Verify the password once.
步驟 104:如果与该支付账户对应的一组险证密码中存在有与该一次性 支付密码相对应的一次性险证密码, 则确定对该一次性支付密码险证成功。  Step 104: If there is a one-time insurance password corresponding to the one-time payment password in the set of license password corresponding to the payment account, it is determined that the one-time payment password insurance is successful.
进一步地, 在获取移动终端发送的支付账户、 一次性支付密码和移动 终端号码之前, 该方法还包括:  Further, before acquiring the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the method further includes:
获取用户设定的移动支付验证信息, 并将该移动支付验证信息存储在 本地, 其中, 该移动支付险证信息包括: 该移动终端号码, 与该移动终端 号码对应的支付账户, 以及与该支付账户对应的一组险证密码。  Obtaining mobile payment verification information set by the user, and storing the mobile payment verification information locally, wherein the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and the payment A set of risk code corresponding to the account.
进一步地, 确定对该一次性支付密码险证成功之后, 该方法还包括: 将与该一次性支付密码相对应的一次性验证密码设置为不可用或将该 一次性验证密码从该一组验证密码中删除。  Further, after determining that the one-time payment password insurance is successful, the method further includes: setting a one-time verification password corresponding to the one-time payment password to be unavailable or verifying the one-time verification password from the group Deleted in the password.
本发明实施例所述的移动支付安全验证的方法, 通过使用只可以使用 一次的一次性支付密码和一次性验证密码进行验证, 使得即使在支付过程 中一次性支付密码被不法用户捕获, 不法用户也不可以利用该一次性支付 密码通过险证进行支付, 增加了支付的安全性。 并且, 具体可以通过将与 该一次性支付密码相对应的一次性验证密码设置为不可用或将该一次性验 证密码从该一组险证密码中删除的方式, 实现一次性支付密码和一次性险 证密码只可以使用一次。  The mobile payment security verification method according to the embodiment of the present invention performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment. And, the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords. The license code can only be used once.
实施例 2  Example 2
参见图 2, 本发明实施例提供了一种移动支付安全验证的方法, 包括: 步驟 201 : 支付验证服务器获取移动支付验证信息, 并将该移动支付验 证信息存储在支付验证服务器中, 其中, 该移动支付验证信息包括: 该移 动终端号码, 与该移动终端号码对应的支付账户, 以及与该支付账户对应 的一组验证密码。 其中, 一组验证密码中至少包括两个一次性验证密码。  Referring to FIG. 2, an embodiment of the present invention provides a method for mobile payment security verification, including: Step 201: A payment verification server obtains mobile payment verification information, and stores the mobile payment verification information in a payment verification server, where The mobile payment verification information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of verification passwords corresponding to the payment account. Wherein, one set of verification passwords includes at least two one-time verification passwords.
其中, 移动终端号码是可以识别该移动终端的号码, 如手机的手机号 码等。 支付账户可以是 4艮行卡号、 信用卡号、 Q 币账号、 财富通账号等可 以支持移动支付的账户。 并且与该移动终端号码对应的支付账户, 可以设 置一个或多个, 可以根据实际应用状况进行设置, 对此不做限定。 另外由 于在本发明实施例所述的方法中, 验证密码只能使用一次, 因此可以称为 一次性验证密码。 Wherein, the mobile terminal number is a number that can identify the mobile terminal, such as a mobile phone number of the mobile phone Code and so on. The payment account can be an account that can support mobile payment, such as a 4 credit card number, a credit card number, a Q currency account number, and a Fortune account. And the payment account corresponding to the mobile terminal number may be set one or more, and may be set according to the actual application status, which is not limited thereto. In addition, in the method described in the embodiment of the present invention, the verification password can be used only once, and thus can be referred to as a one-time verification password.
具体地, 用户在设定移动终端号码、 与移动终端号码对应的支付账户, 以及与支付账户对应的一组验证密码时, 可以直接到支付验证服务器的提 供商处进行设置, 也可以通过计算机等远程连接支付验证服务器的提供商 进行设置, 对此不做具体限定。 其中, 一组验证密码中至少包括两个一次 性验证密码, 例如: 本发明实施例设定一组验证密码中包括 5个一次性验 证密码分别为: 0123、 x456、 abc、 3789和 8888。  Specifically, when setting the mobile terminal number, the payment account corresponding to the mobile terminal number, and the set of verification passwords corresponding to the payment account, the user may directly set to the provider of the payment verification server, or may use a computer or the like. The provider of the remote connection payment verification server performs setting, which is not specifically limited. The set of verification passwords includes at least two one-time verification passwords. For example, the method for setting a group of verification passwords includes five one-time verification passwords: 0123, x456, abc, 3789, and 8888.
具体地, 支付验证服务器在将移动终端号码、 与移动终端号码对应的 支付账户, 以及与支付账户对应的一组验证密码进行存储时, 可以以列表 的方式存储在支付验证服务器中, 也可以以其他方式进行存储, 对存储方 式不做具体限定。  Specifically, when the payment verification server stores the mobile terminal number, the payment account corresponding to the mobile terminal number, and the set of verification passwords corresponding to the payment account, the payment verification server may be stored in the payment verification server in a list manner, or may be Other ways to store, the storage method is not specifically limited.
步驟 202: 当用户通过移动终端进行支付时, 移动终端请求用户输入支 付账户和一次性支付密码。  Step 202: When the user makes a payment through the mobile terminal, the mobile terminal requests the user to input the payment account and the one-time payment password.
由于在本发明实施例所述的方法中, 支付密码只能使用一次, 因此可 以称为一次性支付密码。  Since the payment password can only be used once in the method of the embodiment of the present invention, it can be referred to as a one-time payment password.
步驟 203: 移动终端获取用户输入的支付账户和一次性支付密码, 将支 付账户、 一次性支付密码和移动终端号码通过基站和运营商服务器发送给 支付验证服务器。  Step 203: The mobile terminal acquires the payment account and the one-time payment password input by the user, and sends the payment account, the one-time payment password and the mobile terminal number to the payment verification server through the base station and the operator server.
步驟 204: 支付验证服务器接收移动终端发送的支付账户、一次性支付 密码和移动终端号码, 判断支付验证服务器中是否存在有该支付账户和该 移动终端号码, 如果有, 则执行步驟 205; 否则, 结束当前流程。 步驟 205:支付验证服务器判断与该支付账户对应的一组验证密码中是 否存在有与用户本次输入的一次性支付密码相对应的一次性险证密码, 如 果有, 则执行步驟 206; 否则, 执行步驟 207。 Step 204: The payment verification server receives the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, and determines whether the payment account and the mobile terminal number exist in the payment verification server. If yes, step 205 is performed; otherwise, End the current process. Step 205: The payment verification server determines whether there is a one-time insurance password corresponding to the one-time payment password input by the user this time in the group of verification passwords corresponding to the payment account, and if yes, step 206 is performed; otherwise, Go to step 207.
步驟 206: 支付险证服务器确定对该一次性支付密码险证成功,将与移 动终端本次发送来的一次性支付密码对应的一次性验证密码设置为不可用 或将其从其对应的一组险证密码中删除, 然后结束当前流程。  Step 206: The payment insurance certificate server determines that the one-time payment password insurance is successful, and sets the one-time verification password corresponding to the one-time payment password sent by the mobile terminal to be unavailable or from its corresponding group. The license is removed from the password and the current process ends.
在支付验证服务器对该一次性支付密码验证成功后, 就可以使用该支 付账户进行支付。  After the payment verification server successfully verifies the one-time payment password, the payment account can be used for payment.
另外, 在支付验证服务器对该一次性支付密码验证成功后, 支付验证 服务器可以通过运营商服务器和基站向移动终端发送一次性支付密码验证 成功的消息, 告知移动终端一次性支付密码险证成功。  In addition, after the payment verification server successfully verifies the one-time payment password, the payment verification server may send a one-time payment password verification success message to the mobile terminal through the operator server and the base station, and notify the mobile terminal to successfully pay the password insurance certificate in one time.
通过将用户本次输入的一次性验证密码设置为不可用或将其从该一组 验证密码中删除, 使得一次性支付密码和一次性验证密码只可以使用一次, 使得即使在支付过程中一次性支付密码被不法用户捕获, 不法用户也不可 以利用该一次性支付密码进行支付, 增加了支付的安全性。  By setting the one-time verification password entered by the user this time to be unavailable or deleting it from the set of verification passwords, the one-time payment password and the one-time verification password can be used only once, even in the payment process. The payment password is captured by the unlawful user, and the unlawful user cannot use the one-time payment password to pay, which increases the security of the payment.
并且, 并不限于通过将用户本次输入的一次性验证密码设置为不可用 或将其从该一组验证密码中删除, 使得一次性支付密码和一次性验证密码 步驟 207:支付验证服务器判断移动终端中输入一次性支付密码的次数 是否超过预设的次数, 如果超过, 则结束当前流程; 否则, 执行步驟 208。  And, it is not limited to the one-time payment password and the one-time verification password step 207: the payment verification server judges the movement by setting the one-time verification password input by the user this time to be unavailable or deleting it from the group of verification passwords. Whether the number of times the one-time payment password is input in the terminal exceeds a preset number of times. If it is exceeded, the current process is ended; otherwise, step 208 is performed.
其中, 预设的次数可以是 3次、 5次等, 可以根据实际应用状况进行灵 活设置, 对此不做限定。  The preset number of times may be 3 times, 5 times, etc., and may be flexibly set according to actual application conditions, which is not limited thereto.
步驟 208: 支付验证服务器请求移动终端重新输入一次性支付密码,移 动终端接收到支付验证服务器的请求后, 请求用户重新输入一次性支付密 码, 然后执行步驟 203。 本发明实施例所述的移动支付安全验证的方法, 通过使用只可以使用 一次的一次性支付密码和一次性验证密码进行验证, 使得即使在支付过程 中一次性支付密码被不法用户捕获, 不法用户也不可以利用该一次性支付 密码通过险证进行支付, 增加了支付的安全性。 并且, 具体可以通过将与 该一次性支付密码相对应的一次性验证密码设置为不可用或将该一次性验 证密码从该一组险证密码中删除的方式, 实现一次性支付密码和一次性险 证密码只可以使用一次。 Step 208: The payment verification server requests the mobile terminal to re-enter the one-time payment password. After receiving the request from the payment verification server, the mobile terminal requests the user to re-enter the one-time payment password, and then performs step 203. The mobile payment security verification method according to the embodiment of the present invention performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment. And, the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords. The license code can only be used once.
实施例 3  Example 3
参见图 3 , 本发明实施例提供了一种移动支付安全验证的装置, 该装置 包括:  Referring to FIG. 3, an embodiment of the present invention provides a device for mobile payment security verification, where the device includes:
第一获取模块 301 , 用于获取移动终端发送的支付账户、一次性支付密 码和移动终端号码。  The first obtaining module 301 is configured to obtain a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal.
第一判断模块 302,用于在第一获取模块 301获取到移动终端发送的支 付账户、 一次性支付密码和移动终端号码后, 判断该装置中是否存在有该 支付账户和该移动终端号码对应的支付账户。  The first determining module 302 is configured to determine, after the first obtaining module 301 obtains the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal number are corresponding to the device. Payment account.
第二判断模块 303 ,用于当第一判断模块 302的判断结果是该装置中存 在有该支付账户和该移动终端号码时, 判断与该支付账户对应的一组险证 密码中是否存在有与该一次性支付密码相对应的一次性验证密码。  The second judging module 303 is configured to: when the judgment result of the first judging module 302 is that the payment account and the mobile terminal number are present in the device, determine whether there is a pair of license code passwords corresponding to the payment account The one-time payment password corresponds to the one-time verification password.
支付模块 304,用于当第二判断模块 303的判断结果是与该支付账户对 应的一组验证密码中存在有与该一次性支付密码相对应的一次性验证密码 时, 确定对该一次性支付密码险证成功。  The payment module 304 is configured to determine, when the determination result of the second determining module 303 is that the one-time verification password corresponding to the one-time payment password exists in a group of verification passwords corresponding to the payment account, determining the one-time payment The password insurance certificate was successful.
进一步地, 参见图 4, 该装置还包括:  Further, referring to FIG. 4, the apparatus further includes:
第二获取模块 305 ,用于在第一获取模块 301获取移动终端发送的支付 账户、 一次性支付密码和移动终端号码之前, 获取用户设定的移动支付验 证信息, 并将该移动支付验证信息存储在该装置中, 其中, 该移动支付验 证信息包括: 该移动终端号码, 与该移动终端号码对应的支付账户, 以及 与该支付账户对应的一组险证密码。 The second obtaining module 305 is configured to obtain the mobile payment verification information set by the user, and store the mobile payment verification information, before the first obtaining module 301 acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal. In the device, wherein the mobile payment check The license information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of risk certificate passwords corresponding to the payment account.
进一步地, 参见图 5或图 6, 该装置还包括:  Further, referring to FIG. 5 or FIG. 6, the device further includes:
设置模块 306,用于在支付模块 304确定对该一次性支付密码验证成功 后, 将与该一次性支付密码相对应的一次性验证密码设置为不可用或将该 一次性验证密码从该一组验证密码中删除。  The setting module 306 is configured to: after the payment module 304 determines that the one-time payment password is successfully verified, set the one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the group Verify the password is removed.
本发明实施例所述的移动支付安全验证的装置, 通过使用只可以使用 一次的一次性支付密码和一次性验证密码进行验证, 使得即使在支付过程 中一次性支付密码被不法用户捕获, 不法用户也不可以利用该一次性支付 密码通过险证进行支付, 增加了支付的安全性。 并且, 具体可以通过将与 该一次性支付密码相对应的一次性验证密码设置为不可用或将该一次性验 证密码从该一组险证密码中删除的方式, 实现一次性支付密码和一次性险 证密码只可以使用一次。  The mobile payment security verification apparatus according to the embodiment of the present invention performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment. And, the one-time payment password and the one-time payment can be realized by setting the one-time verification password corresponding to the one-time payment password to be unavailable or deleting the one-time verification password from the group of the license passwords. The license code can only be used once.
实施例 4  Example 4
参见图 7, 本发明实施例提供了一种移动支付安全验证的系统, 该系统 包括: 移动终端 401和支付验证服务器 402。  Referring to FIG. 7, an embodiment of the present invention provides a system for mobile payment security verification, where the system includes: a mobile terminal 401 and a payment verification server 402.
移动终端 401 , 用于获取用户输入的支付账户、 一次性支付密码, 将该 支付账户、 该一次性支付密码和该移动终端号码发送给支付验证服务器 402。  The mobile terminal 401 is configured to obtain a payment account input by the user, a one-time payment password, and send the payment account, the one-time payment password, and the mobile terminal number to the payment verification server 402.
支付验证服务器 402, 用于获取移动终端 401发送的支付账户、一次性 支付密码和移动终端号码, 判断本地是否存在有该支付账户和该移动终端 号码; 如果本地存在有该支付账户和该移动终端号码, 则判断与该支付账 户对应的一组险证密码中是否存在有与该一次性支付密码相对应的一次性 验证密码。  a payment verification server 402, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal 401, and determine whether the payment account and the mobile terminal number exist locally; if the payment account and the mobile terminal exist locally The number determines whether a one-time verification password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account.
支付验证服务器 402包括: 第一获取模块, 用于获取移动终端 401发送的支付账户、 一次性支付 密码和移动终端号码; The payment verification server 402 includes: a first obtaining module, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal 401;
第一判断模块, 用于在第一获取模块获取到移动终端发送的支付账户、 一次性支付密码和移动终端号码后, 判断支付验证服务器 402 中是否存在 有该支付账户和该移动终端号码;  a first determining module, configured to determine, after the first obtaining module obtains the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal number exist in the payment verification server 402;
第二判断模块,用于当第一判断模块的判断结果是支付验证服务器 402 中存在有该支付账户和该移动终端号码时, 判断与该支付账户对应的一组 验证密码中是否存在有与该一次性支付密码相对应的一次性验证密码; 支付模块 , 用于当第二判断模块的判断结果是与该支付账户对应的一 组验证密码中存在有与该一次性支付密码相对应的一次性验证密码时, 确 定对该一次性支付密码险证成功。  a second judging module, configured to: when the judgment result of the first judging module is that the payment account and the mobile terminal number exist in the payment verification server 402, determine whether a set of verification passwords corresponding to the payment account exists a one-time verification password corresponding to the one-time payment password; a payment module, configured to: when the judgment result of the second judgment module is that the set of verification passwords corresponding to the payment account has a one-time corresponding to the one-time payment password When verifying the password, it is determined that the one-time payment password insurance is successful.
进一步地, 支付验证服务器 402还包括:  Further, the payment verification server 402 further includes:
第二获取模块, 用于在第一获取模块获取移动终端发送的一次性支付 密码和移动终端号码之前, 获取用户设定的移动支付验证信息, 并将该移 动支付验证信息存储在支付验证服务器 402 中, 其中, 该移动支付验证信 息包括: 移动终端号码, 与移动终端号码对应的支付账户, 以及与该支付 账户对应的一组险证密码。  a second obtaining module, configured to acquire mobile payment verification information set by the user, and store the mobile payment verification information in the payment verification server 402, before the first obtaining module acquires the one-time payment password and the mobile terminal number sent by the mobile terminal The mobile payment verification information includes: a mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of risk certificate passwords corresponding to the payment account.
进一步地, 支付验证服务器 402还包括:  Further, the payment verification server 402 further includes:
设置模块, 用于在支付模块确定对该一次性支付密码验证成功后, 将 与该一次性支付密码相对应的一次性验证密码设置为不可用或将该一次性 验证密码从该一组验证密码中删除。  a setting module, configured to: after the payment module determines that the one-time payment password is successfully verified, set a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from the group of verification passwords Deleted.
本发明实施例所述的移动支付安全验证的系统, 通过使用只可以使用 一次的一次性支付密码和一次性验证密码进行验证, 使得即使在支付过程 中一次性支付密码被不法用户捕获, 不法用户也不可以利用该一次性支付 密码通过险证进行支付, 增加了支付的安全性。 并且, 具体可以通过将与 该一次性支付密码相对应的一次性验证密码设置为不可用或将该一次性验 证密码从该一组险证密码中删除的方式, 实现一次性支付密码和一次性险 证密码只可以使用一次。 The mobile payment security verification system according to the embodiment of the present invention performs verification by using a one-time payment password and a one-time verification password that can be used only once, so that even if the one-time payment password is captured by the illegal user during the payment process, the illegal user It is also not possible to use the one-time payment password to pay through the risk certificate, which increases the security of the payment. And, specifically, The one-time verification password corresponding to the one-time payment password is set to be unavailable or the one-time verification password is deleted from the set of risk passwords, and the one-time payment password and the one-time insurance password can be used only once. .
以上实施例提供的技术方案中的全部或部分内容可以通过软件编程实 现, 其软件程序存储在可读取的存储介质中, 存储介质例如: 计算机中的 硬盘、 光盘或软盘。  All or part of the technical solutions provided by the above embodiments may be implemented by software programming, and the software program is stored in a readable storage medium such as a hard disk, an optical disk or a floppy disk in a computer.
以上所述仅为本发明的较佳实施例, 并不用以限制本发明, 凡在本发 明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在 本发明的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., which are within the spirit and scope of the present invention, should be included in the protection of the present invention. Within the scope.

Claims

权利要求书 Claim
1、 一种移动支付安全验证的方法, 其特征在于, 所述方法包括: 获取移动终端发送的支付账户、 一次性支付密码和移动终端号码; 判断本地是否存在有所述支付账户和所述移动终端号码;  A mobile payment security verification method, the method comprising: acquiring a payment account, a one-time payment password, and a mobile terminal number sent by a mobile terminal; determining whether the payment account and the mobile are locally present Terminal number
如果本地存在有所述支付账户和所述移动终端号码, 则判断与所述支 付账户对应的一组险证密码中是否存在有与所述一次性支付密码相对应的 一次性验证密码;  If the payment account and the mobile terminal number exist locally, determining whether a one-time verification password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account;
如果与所述支付账户对应的一组险证密码中存在有与所述一次性支付 密码相对应的一次性险证密码, 则确定对所述一次性支付密码险证成功。  If there is a one-time insurance password corresponding to the one-time payment password in a set of risk code corresponding to the payment account, it is determined that the one-time payment password insurance is successful.
2、 根据权利要求 1所述的移动支付安全验证的方法, 其特征在于, 所 述在获取移动终端发送的支付账户、 一次性支付密码和移动终端号码之前, 所述方法还包括:  The method of claim 1, wherein the method further comprises: before acquiring the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal, the method further includes:
获取用户设定的移动支付验证信息, 并将所述移动支付验证信息存储 在本地, 其中, 所述移动支付险证信息包括: 所述移动终端号码, 与所述 移动终端号码对应的支付账户, 以及与所述支付账户对应的一组验证密码。  Obtaining the mobile payment verification information set by the user, and storing the mobile payment verification information locally, where the mobile payment insurance information includes: the mobile terminal number, a payment account corresponding to the mobile terminal number, And a set of verification passwords corresponding to the payment account.
3、根据权利要求 1或 2所述的移动支付安全验证的方法,其特征在于, 所述确定对所述一次性支付密码险证成功之后, 所述方法还包括:  The method for verifying the security of the mobile payment according to claim 1 or 2, wherein after the determining that the one-time payment password insurance is successful, the method further includes:
将与所述一次性支付密码相对应的一次性验证密码设置为不可用或将 所述一次性验证密码从所述一组验证密码中删除。  A one-time verification password corresponding to the one-time payment password is set to be unavailable or the one-time verification password is deleted from the group of verification passwords.
4、 一种移动支付安全验证的装置, 其特征在于, 所述装置包括: 第一获取模块, 用于获取移动终端发送的支付账户、 一次性支付密码 和移动终端号码;  A device for mobile payment security verification, the device comprising: a first obtaining module, configured to acquire a payment account, a one-time payment password and a mobile terminal number sent by the mobile terminal;
第一判断模块, 用于在所述第一获取模块获取到移动终端发送的支付 账户、 一次性支付密码和移动终端号码后, 判断所述装置中是否存在有所 述支付账户和所述移动终端号码; 第二判断模块, 用于当所述第一判断模块的判断结果是所述装置中存 在有所述支付账户和所述移动终端号码时, 判断与所述支付账户对应的一 组验证密码中是否存在有与所述一次性支付密码相对应的一次性验证密 码; a first determining module, configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the mobile terminal exist in the device number; a second judging module, configured to: when the judgment result of the first judging module is that the payment account and the mobile terminal number are present in the device, determine whether a group of verification passwords corresponding to the payment account is There is a one-time verification password corresponding to the one-time payment password;
支付模块, 用于当所述第二判断模块的判断结果是与所述支付账户对 应的一组险证密码中存在有与所述一次性支付密码相对应的一次性险证密 码时, 确定对所述一次性支付密码险证成功。  a payment module, configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
5、 根据权利要求 4所述的移动支付安全验证的装置, 其特征在于, 所 述装置还包括:  The device for secure verification of mobile payment according to claim 4, wherein the device further comprises:
第二获取模块, 用于在所述第一获取模块获取移动终端发送的支付账 户、 一次性支付密码和移动终端号码之前, 获取用户设定的移动支付验证 信息, 并将所述移动支付验证信息存储在所述装置中, 其中, 所述移动支 付险证信息包括: 所述移动终端号码, 与所述移动终端号码对应的支付账 户, 以及与所述支付账户对应的一组险证密码。  a second acquiring module, configured to acquire mobile payment verification information set by the user, and the mobile payment verification information, before the first obtaining module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal Stored in the device, wherein the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of risk certificate passwords corresponding to the payment account.
6、根据权利要求 4或 5所述的移动支付安全验证的装置,其特征在于, 所述装置还包括:  The device of the mobile payment security verification according to claim 4 or 5, wherein the device further comprises:
设置模块, 用于在所述支付模块确定对所述一次性支付密码验证成功 后, 将与所述一次性支付密码相对应的一次性验证密码设置为不可用或将 所述一次性验证密码从所述一组验证密码中删除。  a setting module, configured to: after the payment module determines that the one-time payment password verification is successful, set a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time verification password from The set of verification passwords is deleted.
7、 一种移动支付安全验证的系统, 其特征在于, 所述系统包括: 移动 终端和支付验证服务器;  7. A system for mobile payment security verification, the system comprising: a mobile terminal and a payment verification server;
所述移动终端, 用于获取用户输入的支付账户、 一次性支付密码, 将 所述支付账户、 一次性支付密码和移动终端号码发送给支付验证服务器; 所述支付验证服务器, 用于获取所述移动终端发送的支付账户、 一次 性支付密码和移动终端号码, 判断本地是否存在有该支付账户和该移动终 端号码; 如果本地存在有该支付账户和该移动终端号码, 则判断与该支付 账户对应的一组险证密码中是否存在有与该一次性支付密码相对应的一次 性险证密码。 The mobile terminal is configured to acquire a payment account input by a user, a one-time payment password, and send the payment account, a one-time payment password, and a mobile terminal number to a payment verification server, where the payment verification server is configured to acquire the a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, determining whether the payment account and the mobile terminal exist locally If the payment account and the mobile terminal number exist locally, it is determined whether a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account.
8、 根据权利要求 7所述的移动支付安全验证的系统, 其特征在于, 所 述支付验证服务器包括:  8. The mobile payment security verification system according to claim 7, wherein the payment verification server comprises:
第一获取模块, 用于获取所述移动终端发送的支付账户、 一次性支付 密码和移动终端号码;  a first obtaining module, configured to acquire a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal;
第一判断模块, 用于在所述第一获取模块获取到移动终端发送的支付 账户、 一次性支付密码和移动终端号码后, 判断所述支付验证服务器中是 否存在有所述支付账户和所述移动终端号码;  a first determining module, configured to determine, after the first acquiring module acquires a payment account, a one-time payment password, and a mobile terminal number sent by the mobile terminal, whether the payment account and the Mobile terminal number;
第二判断模块, 用于当所述第一判断模块的判断结果是所述支付验证 服务器中存在有所述支付账户和所述移动终端号码时, 判断与所述支付账 户对应的一组险证密码中是否存在有与所述一次性支付密码相对应的一次 性险证密码;  a second judging module, configured to determine, when the judgment result of the first judging module is that the payment account and the mobile terminal number exist in the payment verification server, determine a group of insurance risks corresponding to the payment account Whether there is a one-time insurance password corresponding to the one-time payment password in the password;
支付模块, 用于当所述第二判断模块的判断结果是与所述支付账户对 应的一组险证密码中存在有与所述一次性支付密码相对应的一次性险证密 码时, 确定对所述一次性支付密码险证成功。  a payment module, configured to: when the judgment result of the second judging module is that a one-time insurance password corresponding to the one-time payment password exists in a group of license passwords corresponding to the payment account, The one-time payment password insurance certificate is successful.
9、 根据权利要求 8所述的移动支付安全验证的系统, 其特征在于, 所 述支付验证服务器还包括:  The mobile payment security verification system according to claim 8, wherein the payment verification server further comprises:
第二获取模块, 用于在所述第一获取模块获取移动终端发送的支付账 户、 一次性支付密码和移动终端号码之前, 获取用户设定的移动支付验证 信息, 并将所述移动支付验证信息存储在所述支付验证服务器中, 其中, 所述移动支付险证信息包括: 所述移动终端号码, 与所述移动终端号码对 应的支付账户, 以及与所述支付账户对应的一组险证密码。  a second acquiring module, configured to acquire mobile payment verification information set by the user, and the mobile payment verification information, before the first obtaining module acquires the payment account, the one-time payment password, and the mobile terminal number sent by the mobile terminal Stored in the payment verification server, wherein the mobile payment insurance information comprises: the mobile terminal number, a payment account corresponding to the mobile terminal number, and a set of insurance password corresponding to the payment account .
10、 根据权利要求 8或 9所述的移动支付安全验证的系统, 其特征在 于, 所述支付验证服务器还包括: 10. The system for mobile payment security verification according to claim 8 or 9, characterized in that The payment verification server further includes:
设置模块, 用于在所述支付模块确定对所述一次性支付密码验证成功 后, 将与所述一次性支付密码相对应的一次性验证密码设置为不可用或将 所述一次性险证密码从所述一组险证密码中删除。  a setting module, configured to: after the payment module determines that the one-time payment password verification is successful, set a one-time verification password corresponding to the one-time payment password to be unavailable or the one-time insurance password Remove from the set of risk codes.
PCT/CN2011/079374 2010-09-09 2011-09-06 Method, apparatus, and system for security authentication in mobile payment WO2012031549A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010280433.9A CN102402746B (en) 2010-09-09 2010-09-09 A kind of methods, devices and systems of mobile payment security checking
CN201010280433.9 2010-09-09

Publications (1)

Publication Number Publication Date
WO2012031549A1 true WO2012031549A1 (en) 2012-03-15

Family

ID=45810127

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/079374 WO2012031549A1 (en) 2010-09-09 2011-09-06 Method, apparatus, and system for security authentication in mobile payment

Country Status (2)

Country Link
CN (1) CN102402746B (en)
WO (1) WO2012031549A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9276910B2 (en) 2013-11-19 2016-03-01 Wayne Fueling Systems Llc Systems and methods for convenient and secure mobile transactions

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014101127A1 (en) * 2012-12-28 2014-07-03 Rong Weihua Method for implementing security verification by using dynamic payment password
CN104580125B (en) 2013-10-29 2019-03-01 腾讯科技(深圳)有限公司 A kind of payment verification methods, devices and systems
CN103714461A (en) * 2013-12-23 2014-04-09 兰红明 Cash method and payment system
CN104751323B (en) * 2013-12-31 2020-04-24 腾讯科技(深圳)有限公司 Electronic account data transfer method and related equipment and system
CN104217328A (en) * 2014-08-12 2014-12-17 小米科技有限责任公司 Multi-verification payment method and multi-verification payment device
CN104899730B (en) * 2014-09-22 2020-02-18 腾讯科技(深圳)有限公司 Mobile terminal data processing method, terminal and system
CN105678543B (en) * 2015-12-31 2019-11-29 深圳前海微众银行股份有限公司 Pay cipher key calculation method and apparatus
WO2018098925A1 (en) * 2016-11-29 2018-06-07 华为技术有限公司 Method for payment and terminal device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001055979A1 (en) * 2000-01-24 2001-08-02 Smarttrust Systems Oy Payment device and method for secure payment
WO2005038684A1 (en) * 2003-10-16 2005-04-28 Mobilians Co., Ltd. Method for approving electronic payment using the short message service including url call back and system for implementing the same
CN1941009A (en) * 2005-09-29 2007-04-04 普天信息技术研究院 Method for realizing fee payment by mobile telecommunication terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1153431C (en) * 2001-10-10 2004-06-09 明日工作室股份有限公司 Log-in method and system used for portable electronic device
CN1323538C (en) * 2003-12-12 2007-06-27 华中科技大学 A dynamic identity certification method and system
CN100440241C (en) * 2007-02-15 2008-12-03 北京中星微电子有限公司 Digital copyright managerial approach and content server and media player
CN101593380A (en) * 2008-05-28 2009-12-02 北京飞天诚信科技有限公司 A kind of gate control system and authentication method that generates and verify based on dynamic password

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001055979A1 (en) * 2000-01-24 2001-08-02 Smarttrust Systems Oy Payment device and method for secure payment
WO2005038684A1 (en) * 2003-10-16 2005-04-28 Mobilians Co., Ltd. Method for approving electronic payment using the short message service including url call back and system for implementing the same
CN1941009A (en) * 2005-09-29 2007-04-04 普天信息技术研究院 Method for realizing fee payment by mobile telecommunication terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9276910B2 (en) 2013-11-19 2016-03-01 Wayne Fueling Systems Llc Systems and methods for convenient and secure mobile transactions
US10217096B2 (en) 2013-11-19 2019-02-26 Wayne Fueling Systems Llc Systems and methods for convenient and secure mobile transactions
US11276051B2 (en) 2013-11-19 2022-03-15 Wayne Fueling Systems Llc Systems and methods for convenient and secure mobile transactions

Also Published As

Publication number Publication date
CN102402746A (en) 2012-04-04
CN102402746B (en) 2016-11-02

Similar Documents

Publication Publication Date Title
WO2012031549A1 (en) Method, apparatus, and system for security authentication in mobile payment
US10911951B2 (en) Methods and systems for validating mobile devices of customers via third parties
US10460309B2 (en) Payment verification method, apparatus and system
JP5231433B2 (en) System and method for authenticating remote server access
KR101451214B1 (en) Payment method, server performing the same, storage media storing the same and system performing the same
US9813399B2 (en) Secure remote user device unlock for carrier locked user devices
CN103944737A (en) User identity authentication method, third-party authentication platform and operator authentication platform
WO2014040479A1 (en) User identity authenticating method and device for preventing malicious harassment
US20170286873A1 (en) Electronic ticket management
JP2005209083A (en) Service system, and communication system and communication method using the same
JP2013097650A (en) Authentication system, authentication method and authentication server
WO2015077993A1 (en) Installation package authorization method and device
KR20200003162A (en) Identity authentication methods and devices, electronic devices
JP2014106593A (en) Transaction authentication method and system
JP2008097263A (en) Authentication system, authentication method and service providing server
KR20150003297A (en) Method and system using a cyber id to provide secure transactions
KR101548933B1 (en) System for securiting mobile and method therefor
CN109379388B (en) Identity recognition method, terminal and wearable device
WO2017185458A1 (en) Method and device for generating and acquiring authorization for deleting isd-p domain
CN111698204B (en) Bidirectional identity authentication method and device
KR100563544B1 (en) Method for authenticating a user with one-time password
WO2017067455A1 (en) Verification device and method based on fingerprint application
CN106060791B (en) Method and system for sending and obtaining short message verification code
KR101331575B1 (en) Method and system blocking for detour hacking of telephone certification
CN105117904A (en) Mobile terminal payment transaction method, mobile terminal, service provider, and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11823072

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 26/07/2013)

122 Ep: pct application non-entry in european phase

Ref document number: 11823072

Country of ref document: EP

Kind code of ref document: A1