WO2015096754A1 - Smart device-based payment platform system and payment method - Google Patents

Smart device-based payment platform system and payment method Download PDF

Info

Publication number
WO2015096754A1
WO2015096754A1 PCT/CN2014/094881 CN2014094881W WO2015096754A1 WO 2015096754 A1 WO2015096754 A1 WO 2015096754A1 CN 2014094881 W CN2014094881 W CN 2014094881W WO 2015096754 A1 WO2015096754 A1 WO 2015096754A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
smart device
electronic signature
mpos
message
Prior art date
Application number
PCT/CN2014/094881
Other languages
French (fr)
Chinese (zh)
Inventor
陈建荣
林翔
张璐
陈瑞兵
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2015096754A1 publication Critical patent/WO2015096754A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the invention relates to the field of payment based on smart devices, in particular to a payment device system based on smart device and a payment method.
  • the network connection method is connected to the acquiring system for transaction, and each transaction generates communication fee.
  • the completion of the transaction requires the printing of a paper transaction receipt, which increases the investment in printing supplies.
  • TMS Traditional POS
  • the terminal application is upgraded, it is necessary to manually upgrade to the terminal deployment point or build it one by one.
  • TMS The terminal management system is remotely upgraded, and the terminal master key is manually injected, and the operation and maintenance cost is high.
  • terminal application function is homogenized seriously, and there is no business management system with the merchant. ( Such as insurance marketing industry system, logistics management system, etc. ) Integration or poor compatibility, easy to be used by other acquirers POS Terminal replacement, merchant viscosity is low, which is not conducive to the expansion of new merchants and the maintenance of stock merchants.
  • POS Terminal cost due to tradition POS The terminal cost is high, the transaction cost is high, and the operation and maintenance cost is high.
  • the acquirer is often more willing to POS The terminal is deployed to large and medium-sized quality merchants that can bring better returns.
  • Due to POS Terminal homogeneity is serious, it is not integrated with the business management system, and it is very easy to be replaced.
  • the acquiring institution In order to seize a limited number of high-quality merchants, the acquiring institution often fights the price war on the processing fee.
  • a large number of small and micro businesses are difficult to apply for.
  • POS The terminal has affected the expansion of bank card acceptance channels in small and micro merchants. A large number of small and micro merchants cannot accept bank cards for payment settlement, which in turn affects cardholders' card enthusiasm.
  • the object of the present invention is to overcome the above drawbacks, and to provide a payment device system and a payment method based on a smart device.
  • the object of the present invention is achieved by the present invention: a smart device-based payment method, characterized in that it comprises the steps,
  • the user logs in from the application of the smart device, performs a business management operation, and when payment is required, the smart device sends the payment information including the transaction type and the transaction amount to mPOS ;
  • smart device VPN The access gateway initiates a connection request. After the handshake, the two parties establish a session key based on the negotiation.
  • the smart device encrypts the transaction request message by using the session key, and sends the encrypted transaction request message to VPN Access gateway
  • VPN The access gateway decrypts the received encrypted transaction request message and forwards it to the transaction processing system;
  • the transaction processing system preprocesses the transaction request message and forwards it to the back office of the acquirer, and the back office system of the acquirer performs the transaction processing of the transaction and returns the transaction success.
  • the transaction response message of the failure code includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and recording transaction log;
  • the transaction processing system performs subsequent processing of the transaction according to the response result of the back office system of the acquirer, and forwards the transaction response message to VPN Access gateway
  • VPN The access gateway encrypts the transaction response message by using the session key, and then forwards the encrypted transaction response message to the smart device;
  • the smart device decrypts the received encrypted transaction response message and sends it to mPOS ;
  • the smart device performs subsequent processing according to the transaction result. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and after obtaining the electronic signature, the Unicom transaction element is compressed and calculated. Hash After the value is combined with other transaction elements, the message string is sent. mPOS
  • the transaction elements include the cardholder's main account, transaction date, transaction time, transaction type and transaction amount;
  • mPOS Calculate the received message string MAC Return to the smart device
  • Smart device will compress the electronic signature with MAC Organize into an electronic signature request message, encrypt it with the session key, and send it to VPN Access gateway
  • VPN The access gateway decrypts the electronic signature request message encrypted by using the session key, and then forwards the electronic signature request message to the transaction processing system;
  • the transaction processing service forwards the electronic signature request message to the electronic signature system
  • the electronic signature system verifies the electronic signature request message MAC If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format;
  • the transaction processing system forwards the electronic signature response message to VPN Access gateway
  • VPN The access gateway encrypts the electronic signature response message by using the session key, and sends the response message to the smart device;
  • the smart device After receiving the electronic signature response message, the smart device decrypts the message and performs corresponding processing according to the response result.
  • steps S1 Previously included smart device mPOS Initiating a remote download request for the terminal master key, mPOS Interact with the transaction processing system through the smart device, after two-way authentication, mPOS Securely obtain the terminal master key; mPOS Initiate a check-in request, mPOS Interact with the transaction processing system through the smart device, synchronize the transaction serial number, the work key, and obtain the configuration of the terminal in the background.
  • APP The steps of the information.
  • steps S1 Application access after the user logs in from the smart device application APP
  • the management system detects whether the versions are consistent.
  • APP The management system initiates a request to download an application.
  • step S16 The decompressed electronic signature and the other transaction elements are combined with the other transaction elements to be saved to the specified location.
  • Said step S16 It also includes the step of returning a portal URL that can access the electronic purchase order.
  • mPOS smart device, mobile payment platform and bank host system
  • mPOS smart devices, mobile payment platforms between the Internet and / Or mobile communication network to exchange data
  • the mobile payment platform includes VPN Access gateway, electronic signature system, transaction processing system, and acquiring institution back-office system;
  • the smart device as mPOS
  • the interaction medium with the mobile payment platform is provided by the application software, including: after the user login verification, the business management operation needs to be paid, the payment transaction amount is input, and the payment transaction amount is sent to mPOS ;Roger that mPOS After sending the transaction request message, it will be sent to the mobile payment platform.
  • VPN The access gateway initiates a connection request to be established.
  • VPN After the channel the session key is used to encrypt the transaction request message and sent to VPN Access gateway; decrypts the received encrypted transaction response message and sends it to mPOS According to the transaction result, the subsequent processing is performed. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and the electronic signature is obtained, compressed and calculated.
  • Hash After the value is combined with other transaction elements, the message string is sent.
  • mPOS receive mPOS return MAC And composing an electronic signature request message with the compressed electronic signature, and encrypting with the session key and then sending it to VPN Access gateway VPN After the electronic signature response message sent by the access gateway is decrypted, it is processed according to the response result;
  • Said mPOS for receiving the transaction amount sent from the smart device and displaying, after reading the information on the user card, accepting the user password input, organizing the transaction request message to be sent to the smart device; and transmitting the message to the smart device according to the transaction response message Feedback transaction results; calculation of the received message string MAC Return to the smart device;
  • the access gateway is used on the smart device after receiving the smart device connection request VPN
  • the session key negotiation is completed between the access gateways. VPN Channel; the encrypted transaction request message sent by the receiving smart device is decrypted and forwarded to the transaction processing system; after receiving the transaction response message sent by the transaction processing system, the session key is used to encrypt, and then the encrypted transaction response message is forwarded to the smart
  • the device receives the encrypted electronic signature request message sent by the smart device, decrypts it, and forwards it to the transaction processing system; receives the electronic signature response message forwarded by the transaction processing system, encrypts it by using the session key, and sends the message to the smart device;
  • the transaction processing system for VPN The transaction request message forwarded by the access gateway is pre-processed and forwarded to the back-office system of the acquiring institution.
  • the pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and record transaction.
  • Log follow-up processing of the transaction according to the response result of the acquirer back-end system, and forwarding the transaction response message to VPN Access gateway; will VPN
  • the electronic signature request message forwarded by the access gateway is forwarded to the electronic signature system; the electronic signature response message fed back by the electronic signature system is received and forwarded to VPN Access gateway
  • the acquiring institution back-office system is configured to perform transaction processing on the transaction request message sent by the transaction processing system;
  • the electronic signature system is configured to receive an electronic signature request message forwarded by the transaction processing system, and first verify the MAC If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format.
  • the mobile payment platform further includes APP Management system, said APP Management system for comparing application versions during the transaction process, if the smart device is in use version APP Remind the smart device when the application configuration on the management system does not match APP
  • the management system initiates an application update request.
  • the mobile payment platform further includes a transfer monitoring system, and the transfer monitoring system is configured to receive the base position information of the smart device and the base station information of the transaction location uploaded by the transaction processing system, and then the distance between the two locations After the calculation, compare whether the distance is beyond the allowable range, thus monitoring mPOS Whether a transfer occurred.
  • the mobile payment platform further includes a service management server; the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis.
  • the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis.
  • the beneficial effect of the invention is that the smart device and the external device mPOS Collaboration, with powerful processing power, good user interface, remote communication capabilities, and commercial mPOS Safe payment ability, reduced mPOS Cost and transaction communication costs, combined with the application of electronic signatures, reduce the cost of transaction receipt printing.
  • Remote download of terminal master key, APP The remote update function design reduces operating and maintenance costs.
  • a low-cost secure mobile payment solution that provides merchants with business management applications and electronic payment application convergence, information flow and capital flow integration.
  • Figure 1 A flowchart of a method of the present invention
  • Figure 2 It is a topology diagram of the payment platform system of the present invention.
  • the present invention relates to a smart device-based payment method, which includes the steps,
  • the user logs in from the application of the smart device, performs a business management operation, and when payment is required, the smart device sends the payment information including the transaction type and the transaction amount to mPOS ;
  • smart device VPN The access gateway initiates a connection request. After the handshake, the two parties establish a session key based on the negotiation.
  • the smart device encrypts the transaction request message by using the session key, and sends the encrypted transaction request message to VPN Access gateway
  • VPN The access gateway decrypts the received encrypted transaction request message and forwards it to the transaction processing system;
  • the transaction processing system preprocesses the transaction request message and forwards it to the back office of the acquirer, and the back office system of the acquirer performs the transaction processing of the transaction and returns the transaction success.
  • the transaction response message of the failure code includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and recording transaction log;
  • the transaction processing system performs subsequent processing of the transaction according to the response result of the back office system of the acquirer, and forwards the transaction response message to VPN Access gateway
  • the transaction processing system performs transaction follow-up processing according to the response result of the acquirer back-end system. If the acquirer background return code indicates that the transaction fails, a transaction response message containing the return code is generated, and the message is sent to VPN Access gateway; if the acquirer background return code indicates that the transaction is successful, a transaction response message containing the transaction success return code is generated, and the message is forwarded to VPN Access gateway.
  • VPN The access gateway encrypts the transaction response message by using the session key, and then forwards the encrypted transaction response message to the smart device;
  • the smart device decrypts the received encrypted transaction response message and sends it to mPOS ;
  • the smart device performs subsequent processing according to the transaction result. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, obtain the electronic signature, compress and calculate Hash After the value is combined with the transaction element, the message string is sent.
  • the transaction elements include the cardholder's primary account number, transaction date, transaction time, transaction type, and transaction amount;
  • mPOS Calculate the received message string MAC Return to the smart device
  • Smart device will compress the electronic signature with MAC Organize into an electronic signature request message, encrypt it with the session key, and send it to VPN Access gateway
  • VPN The access gateway decrypts the electronic signature request message encrypted by using the session key, and then forwards the electronic signature request message to the transaction processing system;
  • the transaction processing service forwards the electronic signature request message to the electronic signature system
  • the electronic signature system verifies the electronic signature request message MAC If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format;
  • the electronic signature system if the verification is passed, the electronic signature system generates an electronic signature response message including the success response code, and then sends the electronic signature response message to the transaction processing system, and performs electronic signature decompression, and The decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format; if the verification fails, the electronic signature system generates an electronic signature response message containing the failure response code and sends it to the transaction processing system.
  • the transaction processing system forwards the electronic signature response message to VPN Access gateway
  • VPN The access gateway encrypts the electronic signature response message by using the session key, and sends the response message to the smart device;
  • the smart device After receiving the electronic signature response message, the smart device decrypts the message and performs corresponding processing according to the response result.
  • the response results here have a variety of settings depending on the situation, but generally include both success and failure. That is, if the message returns successfully, the transaction is deemed successful; if the message returns, the transaction is determined to have failed, and the smart device automatically initiates the call.
  • the technical solution of the invention is connected to the external device through the smart device mPOS Collaboration, with powerful processing power, good user interface, remote communication capabilities, and commercial mPOS Safe payment ability, reduced mPOS Cost and transaction communication costs, combined with the application of electronic signatures, reduce the cost of transaction receipt printing.
  • Remote download of terminal master key, APP The remote update function design reduces operating and maintenance costs.
  • a low-cost secure mobile payment solution that provides merchants with business management applications and electronic payment application convergence, information flow and capital flow integration.
  • the steps S1 Previously included smart device mPOS Initiating a remote download request for the terminal master key, mPOS Interact with the transaction processing system through the smart device, after two-way authentication, mPOS Securely obtain the terminal master key; mPOS Initiate a check-in request, mPOS Interact with the transaction processing system through the smart device, synchronize the transaction serial number, the work key, and obtain the configuration of the terminal in the background.
  • APP The steps of the information.
  • the master key is used to encrypt and decrypt the work key that needs to be transmitted, and realize the online transfer of the work key.
  • the work key is the lowest-level data encryption key of the terminal, and is also the most frequently updated key, including ensuring the integrity of the terminal information.
  • MAC Key and PIN The protection key, the update of the two keys is completed by online transaction, signing, and is transmitted after being encrypted by using the master key.
  • the steps S1 Application access after the user logs in from the smart device application APP
  • the management system detects whether the versions are consistent.
  • APP The management system initiates a request to download an application.
  • This step ensures that applications on the smart device can be updated in a timely manner and remain up-to-date with the latest version to ensure security during the transaction.
  • mPOS Preset the processing of all transactions, the steps S1 Medium smart device sent to mPOS
  • the data needs to include the transaction type and transaction amount, the steps S2 in mPOS Organizing transaction messages according to the transaction type according to the preset processing procedure;
  • mPOS The programmable space on the space is limited, and the implementation scenario is that the business needs are high or the business needs are changed.
  • mPOS As a script processing device, a preset script parser is run by a script driver, and the steps are S1 Medium smart device sent to mPOS The type of transaction and the transaction amount are included in the transaction mPOS In the trading script, sent to mPOS Also included in the trading script mPOS Process flow S2 in mPOS The script of the received transaction is parsed, and the transaction message is organized according to the data and processing flow in the transaction script.
  • the steps S16 The decompressed electronic signature and the other transaction elements are combined with the other transaction elements to be saved to the specified location. Therefore, the data related to the transaction can be uniformly stored in an electronic purchase order picture, which is convenient for subsequent calls and viewing.
  • the step S16 It also includes the step of returning a portal URL that can access the electronic purchase order.
  • the user making the payment can be through the smart device or PC Log in to the portal to query and access the electronic purchase order, and keep abreast of its payment and consumption status.
  • the invention also relates to a smart device based payment platform system, which comprises mPOS , smart device, mobile payment platform and bank host system; mPOS , smart devices, mobile payment platforms between the Internet and / Or mobile communication network to exchange data;
  • the mobile payment platform includes VPN Access gateway, electronic signature system, transaction processing system, and acquiring institution back-office system;
  • the smart device as mPOS
  • the interaction medium with the mobile payment platform is provided by the application software, including: after the user login verification, the business management operation needs to be paid, the payment transaction amount is input, and the payment transaction amount is sent to mPOS ;Roger that mPOS After sending the transaction request message, it will be sent to the mobile payment platform.
  • VPN The access gateway initiates a connection request to be established.
  • VPN After the channel the session key is used to encrypt the transaction request message and sent to VPN Access gateway; decrypts the received encrypted transaction response message and sends it to mPOS According to the transaction result, the subsequent processing is performed. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and the electronic signature is obtained, compressed and calculated.
  • Hash After the value is combined with other transaction elements, the message string is sent.
  • mPOS receive mPOS return MAC And composing an electronic signature request message with the compressed electronic signature, and encrypting with the session key and then sending it to VPN Access gateway VPN After the electronic signature response message sent by the access gateway is decrypted, it is processed according to the response result;
  • Said mPOS for receiving the transaction amount sent from the smart device and displaying, after reading the information on the user card, accepting the user password input, organizing the transaction request message to be sent to the smart device; and transmitting the message to the smart device according to the transaction response message Feedback transaction results; calculation of the received message string MAC Return to the smart device;
  • the access gateway is used on the smart device after receiving the smart device connection request VPN
  • the session key negotiation is completed between the access gateways. VPN Channel; the encrypted transaction request message sent by the receiving smart device is decrypted and forwarded to the transaction processing system; after receiving the transaction response message sent by the transaction processing system, the session key is used to encrypt, and then the encrypted transaction response message is forwarded to the smart
  • the device receives the encrypted electronic signature request message sent by the smart device, decrypts it, and forwards it to the transaction processing system; receives the electronic signature response message forwarded by the transaction processing system, encrypts it by using the session key, and sends the message to the smart device;
  • the transaction processing system for VPN The transaction request message forwarded by the access gateway is pre-processed and forwarded to the back-office system of the acquiring institution.
  • the pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and record transaction.
  • Log follow-up processing of the transaction according to the response result of the acquirer back-end system, and forwarding the transaction response message to VPN Access gateway; will VPN
  • the electronic signature request message forwarded by the access gateway is forwarded to the electronic signature system; the electronic signature response message fed back by the electronic signature system is received and forwarded to VPN Access gateway
  • the acquiring institution back-office system is configured to perform transaction processing on the transaction request message sent by the transaction processing system;
  • the electronic signature system is configured to receive an electronic signature request message forwarded by the transaction processing system, and first verify the MAC If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format.
  • the present invention provides a low-cost and secure payment platform system, which has a low transaction cost, a low-cost operation and maintenance mode, a perfect integration of service management and electronic payment, and a low cost, strong function, and security.
  • the high mobile payment platform further expands the bank card acceptance channel, expands the application range of bank cards, improves the user environment, enhances the user experience, and enhances the viscosity of merchants.
  • the system further includes other service platforms, and other service platforms such as LBS System, member management system, third party order management system, etc. Functions such as machine positioning, member information management, and third-party order management can be realized.
  • the mobile payment platform further includes APP Management system, said APP Management system for comparing application versions during the transaction process, if the smart device is in use version APP Remind the smart device when the application configuration on the management system does not match APP
  • the management system initiates an application update request.
  • the mobile payment platform further includes a transfer monitoring system, configured to receive base station information of a reference location and a transaction location of the smart device uploaded by the transaction processing system, and then to the two locations. The distance between them is calculated and compared to see if the distance is outside the allowable range, thus monitoring mPOS Whether a transfer occurred.
  • a transfer monitoring system configured to receive base station information of a reference location and a transaction location of the smart device uploaded by the transaction processing system, and then to the two locations. The distance between them is calculated and compared to see if the distance is outside the allowable range, thus monitoring mPOS Whether a transfer occurred.
  • the mobile payment platform further includes a service management server; the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis. Wait.
  • the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis. Wait.

Abstract

Provided are a smart device-based payment platform system and payment method; by means of a coordination of a smart device with an external mPOS, and with the aid of the strong processing capacity of the smart device, a good user interface, remote communication capacity, and commercial mPOS secure payment capacity, mPOS and transaction communication costs are reduced, the application of digital signatures is further integrated, and transaction printing costs are lowered. The design of the functions of remote download of the terminal master key and remote update of apps reduces operation and maintenance costs. Merchants are provided with a low-cost, secure mobile payment solution with service management application and electronic payment application integration and information flow and resource flow integration.

Description

基于智能设备的支付平台系统及支付方法Intelligent device-based payment platform system and payment method
技术领域Technical field
本发明涉及基于智能设备的支付领域,尤其是指一种基于智能设备的支付平台系统及支付方法。The invention relates to the field of payment based on smart devices, in particular to a payment device system based on smart device and a payment method.
背景技术Background technique
传统Traditional POSPOS 终端在使用过程中存在以下几个问题:There are several problems in the use of the terminal:
终端成本高High terminal cost
传统Traditional POSPOS 终端需要配置通讯模块、打印模块,终端成本较高。The terminal needs to configure the communication module and the printing module, and the terminal cost is high.
交易成本高High transaction costs
传统Traditional POSPOS 一般采用Generally adopted PSTNPSTN , GPRSGPRS , CDMACDMA 等联网方式与收单系统相连进行交易,每笔交易都会产生通讯费用。交易完成需要打印纸质交易凭条,增加了打印耗材投入。The network connection method is connected to the acquiring system for transaction, and each transaction generates communication fee. The completion of the transaction requires the printing of a paper transaction receipt, which increases the investment in printing supplies.
运维成本高High operating cost
传统Traditional POSPOS 终端应用程序升级时,需人工到终端布放点逐台升级或搭建When the terminal application is upgraded, it is necessary to manually upgrade to the terminal deployment point or build it one by one. TMSTMS 终端管理系统进行远程升级,终端主密钥采用人工方式注入,运维成本高。The terminal management system is remotely upgraded, and the terminal master key is manually injected, and the operation and maintenance cost is high.
应用功能单一,同质化严重Application function is single, serious homogenization
受制于终端硬件(尤其是显示屏)与底层系统,传统Subject to terminal hardware (especially display) and underlying systems, traditional POSPOS 只是个单纯的支付工具,终端应用功能同质化严重,没有与商户业务管理系统Just a simple payment tool, the terminal application function is homogenized seriously, and there is no business management system with the merchant. (( 例如保险营销展业系统、物流管理系统等Such as insurance marketing industry system, logistics management system, etc. )) 进行集成或兼容性差,容易被其他收单机构的Integration or poor compatibility, easy to be used by other acquirers POSPOS 终端替换,商户粘度低,不利于新商户的拓展及存量商户的保持。Terminal replacement, merchant viscosity is low, which is not conducive to the expansion of new merchants and the maintenance of stock merchants.
综上所述,由于传统In summary, due to tradition POSPOS 的终端成本高、交易成本高、运维成本高,收单机构往往更愿意将The terminal cost is high, the transaction cost is high, and the operation and maintenance cost is high. The acquirer is often more willing to POSPOS 终端布放到能带来较好收益的大中型优质商户。由于The terminal is deployed to large and medium-sized quality merchants that can bring better returns. due to POSPOS 终端同质化严重,没有与业务管理系统集成,非常容易被替代,收单机构为了抢夺数量有限的优质商户,往往在收单手续费率上大打价格战。而另一方面大量的小微商户却难以申请到Terminal homogeneity is serious, it is not integrated with the business management system, and it is very easy to be replaced. In order to seize a limited number of high-quality merchants, the acquiring institution often fights the price war on the processing fee. On the other hand, a large number of small and micro businesses are difficult to apply for. POSPOS 终端,影响了银行卡受理渠道在小微商户的拓展,大量小微商户不能受理银行卡进行支付结算,反过来又影响了持卡人用卡积极性。The terminal has affected the expansion of bank card acceptance channels in small and micro merchants. A large number of small and micro merchants cannot accept bank cards for payment settlement, which in turn affects cardholders' card enthusiasm.
发明内容Summary of the invention
本发明的目的在于克服了上述缺陷,提供一种基于智能设备的支付平台系统及支付方法。The object of the present invention is to overcome the above drawbacks, and to provide a payment device system and a payment method based on a smart device.
本发明的目的是这样实现的:本发明提供一种基于智能设备的支付方法,其特征在于:它包括步骤,The object of the present invention is achieved by the present invention: a smart device-based payment method, characterized in that it comprises the steps,
)、用户从智能设备的应用程序中登录,进行业务管理操作,需要支付时,智能设备将包含交易类型和交易金额的支付信息发送到), the user logs in from the application of the smart device, performs a business management operation, and when payment is required, the smart device sends the payment information including the transaction type and the transaction amount to mPOSmPOS ;
)、), mPOSmPOS 接收交易金额并显示,待读取到用户卡信息并收到用户密码后,将其组织形成交易请求报文后发送至智能设备;Receiving the transaction amount and displaying, after the user card information is read and the user password is received, the organization forms a transaction request message and sends it to the smart device;
)、智能设备向), smart device VPNVPN 接入网关发起连接请求,握手后双方根据协商的会话密钥建立The access gateway initiates a connection request. After the handshake, the two parties establish a session key based on the negotiation. VPNVPN 通道;aisle;
)、智能设备使用会话密钥加密交易请求报文,将加密后交易请求报文发送至The smart device encrypts the transaction request message by using the session key, and sends the encrypted transaction request message to VPNVPN 接入网关;Access gateway
)、), VPNVPN 接入网关对收到的加密交易请求报文解密后转发给交易处理系统;The access gateway decrypts the received encrypted transaction request message and forwards it to the transaction processing system;
)、交易处理系统对交易请求报文进行预处理后转发至收单机构后台系统,收单机构后台系统进行交易的账务处理并返回包含交易成功The transaction processing system preprocesses the transaction request message and forwards it to the back office of the acquirer, and the back office system of the acquirer performs the transaction processing of the transaction and returns the transaction success. // 失败码的交易应答报文;所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;The transaction response message of the failure code; the pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and recording transaction log;
)、交易处理系统根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至The transaction processing system performs subsequent processing of the transaction according to the response result of the back office system of the acquirer, and forwards the transaction response message to VPNVPN 接入网关;Access gateway
)、), VPNVPN 接入网关使用会话密钥加密交易应答报文,而后将加密的交易应答报文转发至智能设备;The access gateway encrypts the transaction response message by using the session key, and then forwards the encrypted transaction response message to the smart device;
)、智能设备对接收到的加密的交易应答报文进行解密后发送至The smart device decrypts the received encrypted transaction response message and sends it to mPOSmPOS ;
)、), mPOSmPOS 根据交易应答报文向智能设备反馈交易结果;Returning the transaction result to the smart device according to the transaction response message;
、智能设备根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后联通交易要素压缩并计算其The smart device performs subsequent processing according to the transaction result. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and after obtaining the electronic signature, the Unicom transaction element is compressed and calculated. hashHash 值后与其他交易要素组成报文串后送入After the value is combined with other transaction elements, the message string is sent. mPOSmPOS ;所述交易要素包括持卡人主账号,交易日期,交易时间,交易类型和交易金额;The transaction elements include the cardholder's main account, transaction date, transaction time, transaction type and transaction amount;
, mPOSmPOS 对所接到的报文串计算Calculate the received message string MACMAC 后返回给智能设备;Return to the smart device;
、智能设备将压缩的电子签名与Smart device will compress the electronic signature with MACMAC 组织成电子签名请求报文,并用会话密钥加密后发送至Organize into an electronic signature request message, encrypt it with the session key, and send it to VPNVPN 接入网关;Access gateway
, VPNVPN 接入网关对使用会话密钥加密的电子签名请求报文解密后转发电子签名请求报文至交易处理系统;The access gateway decrypts the electronic signature request message encrypted by using the session key, and then forwards the electronic signature request message to the transaction processing system;
、交易处理服务将该电子签名请求报文转发至电子签名系统;The transaction processing service forwards the electronic signature request message to the electronic signature system;
、电子签名系统验证电子签名请求报文中的, the electronic signature system verifies the electronic signature request message MACMAC ,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置;If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format;
、交易处理系统将电子签名应答报文转发给The transaction processing system forwards the electronic signature response message to VPNVPN 接入网关;Access gateway
, VPNVPN 接入网关使用会话密钥加密电子签名应答报文,并发送给智能设备;The access gateway encrypts the electronic signature response message by using the session key, and sends the response message to the smart device;
、智能设备接收电子签名应答报文后对其进行解密,依应答结果做相应处理。After receiving the electronic signature response message, the smart device decrypts the message and performs corresponding processing according to the response result.
其中,所述步骤Wherein the steps S1S1 之前还包括智能设备向Previously included smart device mPOSmPOS 发起终端主密钥远程下载请求,Initiating a remote download request for the terminal master key, mPOSmPOS 通过智能设备与交易处理系统交互,双向认证后,Interact with the transaction processing system through the smart device, after two-way authentication, mPOSmPOS 安全获得终端主密钥;向Securely obtain the terminal master key; mPOSmPOS 发起签到请求,Initiate a check-in request, mPOSmPOS 透过智能设备与交易处理系统交互,同步交易流水号、工作密钥,并获得该终端在后台配置的Interact with the transaction processing system through the smart device, synchronize the transaction serial number, the work key, and obtain the configuration of the terminal in the background. APPAPP 信息的步骤。The steps of the information.
其中,所述步骤Wherein the steps S1S1 中用户从智能设备的应用程序中登录后,应用程序访问Application access after the user logs in from the smart device application APPAPP 管理系统检测版本是否一致,不一致时则向The management system detects whether the versions are consistent. APPAPP 管理系统发起下载应用程序的请求。The management system initiates a request to download an application.
其中among them ,, 所述步骤Said step S16S16 中所述解压得的电子签名与其他交易要素合成电子签购单图片后保存到指定位置。The decompressed electronic signature and the other transaction elements are combined with the other transaction elements to be saved to the specified location.
其中among them ,, 所述步骤Said step S16S16 后还包括返回可访问该电子签购单的门户网址的步骤。It also includes the step of returning a portal URL that can access the electronic purchase order.
其中among them ,, 它包括it includes mPOSmPOS 、智能设备、移动支付平台及银行主机系统;所述, smart device, mobile payment platform and bank host system; mPOSmPOS 、智能设备、移动支付平台之间通过互联网和, smart devices, mobile payment platforms between the Internet and // 或移动通讯网交互进行数据交换;Or mobile communication network to exchange data;
所述移动支付平台包括The mobile payment platform includes VPNVPN 接入网关,电子签名系统、交易处理系统、收单机构后台系统;Access gateway, electronic signature system, transaction processing system, and acquiring institution back-office system;
所述Said mPOSmPOS 与智能设备通过音频口、With the smart device through the audio port, USBUSB 口或蓝牙与Or Bluetooth and mPOSmPOS 连接;connection;
所述智能设备,作为The smart device, as mPOSmPOS 与进行移动支付平台的交互媒介,用于通过应用软件提供包括:用户登录验证后,进行业务管理操作需要支付时输入支付交易金额后将支付交易金额发送到The interaction medium with the mobile payment platform is provided by the application software, including: after the user login verification, the business management operation needs to be paid, the payment transaction amount is input, and the payment transaction amount is sent to mPOSmPOS ;收到;Roger that mPOSmPOS 发送来的交易请求报文后后向移动支付平台的After sending the transaction request message, it will be sent to the mobile payment platform. VPNVPN 接入网关发起连接请求,待建立The access gateway initiates a connection request to be established. VPNVPN 通道后使用会话密钥加密交易请求报文后发送至After the channel, the session key is used to encrypt the transaction request message and sent to VPNVPN 接入网关;对接收到的加密的交易应答报文进行解密后发送至Access gateway; decrypts the received encrypted transaction response message and sends it to mPOSmPOS ;根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后压缩并计算其According to the transaction result, the subsequent processing is performed. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and the electronic signature is obtained, compressed and calculated. hashHash 值后与其他交易要素组成报文串后送入After the value is combined with other transaction elements, the message string is sent. mPOSmPOS ;接收;receive mPOSmPOS 返回的return MACMAC ,与压缩的电子签名组织成电子签名请求报文,并用会话密钥加密后发送至And composing an electronic signature request message with the compressed electronic signature, and encrypting with the session key and then sending it to VPNVPN 接入网关;接收Access gateway VPNVPN 接入网关发送来的电子签名应答报文后对其进行解密后依应答结果做相应处理;After the electronic signature response message sent by the access gateway is decrypted, it is processed according to the response result;
所述Said mPOSmPOS ,用于接收来自智能设备发送的交易金额并显示,待读取用户卡上信息、接受用户密码输入后,将其组织形成交易请求报文后发送至智能设备;根据交易应答报文向智能设备反馈交易结果;对所接到的报文串计算, for receiving the transaction amount sent from the smart device and displaying, after reading the information on the user card, accepting the user password input, organizing the transaction request message to be sent to the smart device; and transmitting the message to the smart device according to the transaction response message Feedback transaction results; calculation of the received message string MACMAC 后返回给智能设备;Return to the smart device;
所述Said VPNVPN 接入网关,用于在收到智能设备连接请求后在智能设备与The access gateway is used on the smart device after receiving the smart device connection request VPNVPN 接入网关之间完成会话密钥的协商,建立The session key negotiation is completed between the access gateways. VPNVPN 通道;接收智能设备发送的加密交易请求报文解密后转发给交易处理系统;接收交易处理系统发来的交易应答报文后,使用会话密钥加密,而后将加密的交易应答报文转发至智能设备;接收智能设备发送的加密的电子签名请求报文,对其解密后转发至交易处理系统;接收交易处理系统转发的电子签名应答报文,对其使用会话密钥加密后发送给智能设备;Channel; the encrypted transaction request message sent by the receiving smart device is decrypted and forwarded to the transaction processing system; after receiving the transaction response message sent by the transaction processing system, the session key is used to encrypt, and then the encrypted transaction response message is forwarded to the smart The device receives the encrypted electronic signature request message sent by the smart device, decrypts it, and forwards it to the transaction processing system; receives the electronic signature response message forwarded by the transaction processing system, encrypts it by using the session key, and sends the message to the smart device;
所述交易处理系统,用于对The transaction processing system for VPNVPN 接入网关转发的交易请求报文进行预处理后转发至收单机构后台系统,所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至The transaction request message forwarded by the access gateway is pre-processed and forwarded to the back-office system of the acquiring institution. The pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and record transaction. Log; follow-up processing of the transaction according to the response result of the acquirer back-end system, and forwarding the transaction response message to VPNVPN 接入网关;将Access gateway; will VPNVPN 接入网关转发来的电子签名请求报文转发至电子签名系统;接收电子签名系统反馈的电子签名应答报文并转发给The electronic signature request message forwarded by the access gateway is forwarded to the electronic signature system; the electronic signature response message fed back by the electronic signature system is received and forwarded to VPNVPN 接入网关;Access gateway
所述收单机构后台系统,用于对交易处理系统发来的交易请求报文进行交易的账务处理;The acquiring institution back-office system is configured to perform transaction processing on the transaction request message sent by the transaction processing system;
所述电子签名系统,用于接收交易处理系统转发的电子签名请求报文,首先验证其的The electronic signature system is configured to receive an electronic signature request message forwarded by the transaction processing system, and first verify the MACMAC ,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置。If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format.
其中,所述移动支付平台还包括Wherein, the mobile payment platform further includes APPAPP 管理系统,所述Management system, said APPAPP 管理系统,用于在交易过程中进行应用程序版本比对,若智能设备在用版本与Management system for comparing application versions during the transaction process, if the smart device is in use version APPAPP 管理系统上应用程序配置不符时,提醒智能设备向Remind the smart device when the application configuration on the management system does not match APPAPP 管理系统发起应用程序更新请求。The management system initiates an application update request.
其中,所述移动支付平台还包括移机监控系统,所述移机监控系统,用于接收交易处理系统上传来的智能设备的基准位置和交易位置的基站信息,而后对两位置之间的距离进行计算后比较该距离是否超出允许的范围,从而监控The mobile payment platform further includes a transfer monitoring system, and the transfer monitoring system is configured to receive the base position information of the smart device and the base station information of the transaction location uploaded by the transaction processing system, and then the distance between the two locations After the calculation, compare whether the distance is beyond the allowable range, thus monitoring mPOSmPOS 是否发生移机。Whether a transfer occurred.
其中,所述移动支付平台还包括业务管理服务器;所述业务管理服务器,用于负责系统内商户资料、终端资料、卡表信息等基本信息的维护管理,系统参数设置,交易统计分析等。The mobile payment platform further includes a service management server; the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis.
相比于常见的基于Compared to common based POSPOS 终端的支付平台,本发明的有益效果在于通过智能设备与外接The payment platform of the terminal, the beneficial effect of the invention is that the smart device and the external device mPOSmPOS 协作,借助智能设备强大处理能力、良好用户界面、远程通讯能力以及商用Collaboration, with powerful processing power, good user interface, remote communication capabilities, and commercial mPOSmPOS 安全支付能力,降低了Safe payment ability, reduced mPOSmPOS 成本及交易通讯成本,进一步结合了电子签名的应用,降低了交易凭条打印成本。终端主密钥远程下载、Cost and transaction communication costs, combined with the application of electronic signatures, reduce the cost of transaction receipt printing. Remote download of terminal master key, APPAPP 远程更新的功能设计,降低了运营维护成本。为商户提供业务管理应用和电子支付应用融合、信息流和资金流融合的低成本的安全的移动支付解决方案。The remote update function design reduces operating and maintenance costs. A low-cost secure mobile payment solution that provides merchants with business management applications and electronic payment application convergence, information flow and capital flow integration.
附图说明DRAWINGS
下面结合附图详述本发明的具体结构The specific structure of the present invention is described in detail below with reference to the accompanying
Figure 11 为本发明的方法流程图;A flowchart of a method of the present invention;
Figure 22 为本发明的支付平台系统拓扑图。It is a topology diagram of the payment platform system of the present invention.
具体实施方式detailed description
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。The detailed description of the technical contents, structural features, and the objects and effects of the present invention will be described in detail below with reference to the accompanying drawings.
请参阅图Please refer to the picture 11 ,本发明涉及一种基于智能设备的支付方法,它包括步骤,The present invention relates to a smart device-based payment method, which includes the steps,
)、用户从智能设备的应用程序中登录,进行业务管理操作,需要支付时,智能设备将包含交易类型和交易金额的支付信息发送到), the user logs in from the application of the smart device, performs a business management operation, and when payment is required, the smart device sends the payment information including the transaction type and the transaction amount to mPOSmPOS ;
)、), mPOSmPOS 接收交易金额并显示,待读取到用户卡信息并收到用户密码后,将其组织形成交易请求报文后发送至智能设备;Receiving the transaction amount and displaying, after the user card information is read and the user password is received, the organization forms a transaction request message and sends it to the smart device;
)、智能设备向), smart device VPNVPN 接入网关发起连接请求,握手后双方根据协商的会话密钥建立The access gateway initiates a connection request. After the handshake, the two parties establish a session key based on the negotiation. VPNVPN 通道;aisle;
)、智能设备使用会话密钥加密交易请求报文,将加密后交易请求报文发送至The smart device encrypts the transaction request message by using the session key, and sends the encrypted transaction request message to VPNVPN 接入网关;Access gateway
)、), VPNVPN 接入网关对收到的加密交易请求报文解密后转发给交易处理系统;The access gateway decrypts the received encrypted transaction request message and forwards it to the transaction processing system;
)、交易处理系统对交易请求报文进行预处理后转发至收单机构后台系统,收单机构后台系统进行交易的账务处理并返回包含交易成功The transaction processing system preprocesses the transaction request message and forwards it to the back office of the acquirer, and the back office system of the acquirer performs the transaction processing of the transaction and returns the transaction success. // 失败码的交易应答报文;所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;The transaction response message of the failure code; the pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and recording transaction log;
)、交易处理系统根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至The transaction processing system performs subsequent processing of the transaction according to the response result of the back office system of the acquirer, and forwards the transaction response message to VPNVPN 接入网关;Access gateway
此处,交易处理系统根据收单机构后台系统响应结果进行交易后续处理,如果收单机构后台返回码指明交易失败,则生成将包含此返回码的交易应答报文,并将报文发至Here, the transaction processing system performs transaction follow-up processing according to the response result of the acquirer back-end system. If the acquirer background return code indicates that the transaction fails, a transaction response message containing the return code is generated, and the message is sent to VPNVPN 接入网关;如果收单机构后台返回码指明交易成功,则生成包含交易成功返回码的交易应答报文,并将报文转发至Access gateway; if the acquirer background return code indicates that the transaction is successful, a transaction response message containing the transaction success return code is generated, and the message is forwarded to VPNVPN 接入网关。Access gateway.
)、), VPNVPN 接入网关使用会话密钥加密交易应答报文,而后将加密的交易应答报文转发至智能设备;The access gateway encrypts the transaction response message by using the session key, and then forwards the encrypted transaction response message to the smart device;
)、智能设备对接收到的加密的交易应答报文进行解密后发送至The smart device decrypts the received encrypted transaction response message and sends it to mPOSmPOS ;
)、), mPOSmPOS 根据交易应答报文向智能设备反馈交易结果;Returning the transaction result to the smart device according to the transaction response message;
、智能设备根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后压缩并计算其The smart device performs subsequent processing according to the transaction result. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, obtain the electronic signature, compress and calculate hashHash 值后与交易要素组成报文串后送入After the value is combined with the transaction element, the message string is sent. mPOSmPOS ;所述交易要素包括持卡人主账号、交易日期、交易时间、交易类型和交易金额;The transaction elements include the cardholder's primary account number, transaction date, transaction time, transaction type, and transaction amount;
, mPOSmPOS 对所接到的报文串计算Calculate the received message string MACMAC 后返回给智能设备;Return to the smart device;
、智能设备将压缩的电子签名与Smart device will compress the electronic signature with MACMAC 组织成电子签名请求报文,并用会话密钥加密后发送至Organize into an electronic signature request message, encrypt it with the session key, and send it to VPNVPN 接入网关;Access gateway
, VPNVPN 接入网关对使用会话密钥加密的电子签名请求报文解密后转发电子签名请求报文至交易处理系统;The access gateway decrypts the electronic signature request message encrypted by using the session key, and then forwards the electronic signature request message to the transaction processing system;
、交易处理服务将该电子签名请求报文转发至电子签名系统;The transaction processing service forwards the electronic signature request message to the electronic signature system;
、电子签名系统验证电子签名请求报文中的, the electronic signature system verifies the electronic signature request message MACMAC ,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置;If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format;
具体地说,此步骤中,若验证通过,电子签名系统会生成包含成功响应码的电子签名应答报文,而后将该电子签名应答报文发送给交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置;若验证失败,电子签名系统生成包含失败响应码的电子签名应答报文,并发送给交易处理系统。Specifically, in this step, if the verification is passed, the electronic signature system generates an electronic signature response message including the success response code, and then sends the electronic signature response message to the transaction processing system, and performs electronic signature decompression, and The decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format; if the verification fails, the electronic signature system generates an electronic signature response message containing the failure response code and sends it to the transaction processing system.
、交易处理系统将电子签名应答报文转发给The transaction processing system forwards the electronic signature response message to VPNVPN 接入网关;Access gateway
, VPNVPN 接入网关使用会话密钥加密电子签名应答报文,并发送给智能设备;The access gateway encrypts the electronic signature response message by using the session key, and sends the response message to the smart device;
、智能设备接收电子签名应答报文后对其进行解密,依应答结果做相应处理。After receiving the electronic signature response message, the smart device decrypts the message and performs corresponding processing according to the response result.
此处的应答结果根据不同情况有多种设置方式,但一般包括成功和失败两种。即,如果报文返回成功,则认定该笔交易成功;如果报文返回失败,则认定该笔交易失败,并由智能设备自动发起冲正。The response results here have a variety of settings depending on the situation, but generally include both success and failure. That is, if the message returns successfully, the transaction is deemed successful; if the message returns, the transaction is determined to have failed, and the smart device automatically initiates the call.
本发明技术方案通过智能设备与外接The technical solution of the invention is connected to the external device through the smart device mPOSmPOS 协作,借助智能设备强大处理能力、良好用户界面、远程通讯能力以及商用Collaboration, with powerful processing power, good user interface, remote communication capabilities, and commercial mPOSmPOS 安全支付能力,降低了Safe payment ability, reduced mPOSmPOS 成本及交易通讯成本,进一步结合了电子签名的应用,降低了交易凭条打印成本。终端主密钥远程下载、Cost and transaction communication costs, combined with the application of electronic signatures, reduce the cost of transaction receipt printing. Remote download of terminal master key, APPAPP 远程更新的功能设计,降低了运营维护成本。为商户提供业务管理应用和电子支付应用融合、信息流和资金流融合的低成本的安全的移动支付解决方案。The remote update function design reduces operating and maintenance costs. A low-cost secure mobile payment solution that provides merchants with business management applications and electronic payment application convergence, information flow and capital flow integration.
作为一实施例,所述步骤As an embodiment, the steps S1S1 之前还包括智能设备向Previously included smart device mPOSmPOS 发起终端主密钥远程下载请求,Initiating a remote download request for the terminal master key, mPOSmPOS 通过智能设备与交易处理系统交互,双向认证后,Interact with the transaction processing system through the smart device, after two-way authentication, mPOSmPOS 安全获得终端主密钥;向Securely obtain the terminal master key; mPOSmPOS 发起签到请求,Initiate a check-in request, mPOSmPOS 透过智能设备与交易处理系统交互,同步交易流水号、工作密钥,并获得该终端在后台配置的Interact with the transaction processing system through the smart device, synchronize the transaction serial number, the work key, and obtain the configuration of the terminal in the background. APPAPP 信息的步骤。The steps of the information.
此处,主密钥是用来加密、解密需要传输的工作密钥,实现工作密钥联机传送。而工作密钥则是终端最底层的数据加密密钥,也是更新最频繁的密钥,包括保证终端信息完整性的Here, the master key is used to encrypt and decrypt the work key that needs to be transmitted, and realize the online transfer of the work key. The work key is the lowest-level data encryption key of the terminal, and is also the most frequently updated key, including ensuring the integrity of the terminal information. MACMAC 密钥和Key and PINPIN 保护密钥,这两个密钥的更新都是通过联机交易即签到来完成,使用主密钥加密后进行传送。The protection key, the update of the two keys is completed by online transaction, signing, and is transmitted after being encrypted by using the master key.
作为一实施例,所述步骤As an embodiment, the steps S1S1 中用户从智能设备的应用程序中登录后,应用程序访问Application access after the user logs in from the smart device application APPAPP 管理系统检测版本是否一致,不一致时则向The management system detects whether the versions are consistent. APPAPP 管理系统发起下载应用程序的请求。The management system initiates a request to download an application.
该步骤可确保智能设备中的应用程序可以得到及时更新,随时保持在最新版本的情况下运作,从而确保交易过程中的安全度。This step ensures that applications on the smart device can be updated in a timely manner and remain up-to-date with the latest version to ensure security during the transaction.
进一步的,作为一实施例,对于业务需求少且固定的实施场景,Further, as an embodiment, for a implementation scenario with less business requirements and a fixed implementation, mPOSmPOS 预置所有交易的处理程序,所述步骤Preset the processing of all transactions, the steps S1S1 中智能设备发往Medium smart device sent to mPOSmPOS 的数据需包含交易类型和交易金额,所述步骤The data needs to include the transaction type and transaction amount, the steps S2S2 in mPOSmPOS 根据交易类型根据预置的处理程序进行交易报文的组织;Organizing transaction messages according to the transaction type according to the preset processing procedure;
进一步的,作为一实施例,鉴于Further, as an embodiment, mPOSmPOS 上的可编程空间有限,对于业务需求多或业务需求多变的实施场景,The programmable space on the space is limited, and the implementation scenario is that the business needs are high or the business needs are changed. mPOSmPOS 作为脚本处理设备,预置脚本解析程序,由脚本驱动运行,所述步骤As a script processing device, a preset script parser is run by a script driver, and the steps are S1S1 中智能设备发往Medium smart device sent to mPOSmPOS 的交易类型和交易金额都包含在发往The type of transaction and the transaction amount are included in the transaction mPOSmPOS 的交易脚本中,发往In the trading script, sent to mPOSmPOS 的交易脚本中还包含Also included in the trading script mPOSmPOS 的处理流程,所述步骤Process flow S2S2 in mPOSmPOS 对收到的交易的脚本进行解析,根据交易脚本中的数据和处理流程进行交易报文的组织。The script of the received transaction is parsed, and the transaction message is organized according to the data and processing flow in the transaction script.
作为一实施例,所述步骤As an embodiment, the steps S16S16 中所述解压得的电子签名与其他交易要素合成电子签购单图片后保存到指定位置。由此可将本次交易有关的数据统一保存在一个电子签购单图片中,便于后续调用,查看。The decompressed electronic signature and the other transaction elements are combined with the other transaction elements to be saved to the specified location. Therefore, the data related to the transaction can be uniformly stored in an electronic purchase order picture, which is convenient for subsequent calls and viewing.
进一步的,在一实施例中,所述步骤Further, in an embodiment, the step S16S16 后还包括返回可访问该电子签购单的门户网址的步骤。由此,进行支付消费的用户可通过智能设备或It also includes the step of returning a portal URL that can access the electronic purchase order. Thus, the user making the payment can be through the smart device or PCPC 登录门户网站查询、调阅该电子签购单,及时掌握其支付消费状况。Log in to the portal to query and access the electronic purchase order, and keep abreast of its payment and consumption status.
参见图See picture 22 ,本发明还涉及一种基于智能设备的支付平台系统,它包括The invention also relates to a smart device based payment platform system, which comprises mPOSmPOS 、智能设备、移动支付平台及银行主机系统;所述, smart device, mobile payment platform and bank host system; mPOSmPOS 、智能设备、移动支付平台之间通过互联网和, smart devices, mobile payment platforms between the Internet and // 或移动通讯网交互进行数据交换;Or mobile communication network to exchange data;
所述移动支付平台包括The mobile payment platform includes VPNVPN 接入网关,电子签名系统、交易处理系统、收单机构后台系统;Access gateway, electronic signature system, transaction processing system, and acquiring institution back-office system;
所述Said mPOSmPOS 与智能设备通过音频口、With the smart device through the audio port, USBUSB 口或蓝牙与Or Bluetooth and mPOSmPOS 连接;connection;
所述智能设备,作为The smart device, as mPOSmPOS 与进行移动支付平台的交互媒介,用于通过应用软件提供包括:用户登录验证后,进行业务管理操作需要支付时输入支付交易金额后将支付交易金额发送到The interaction medium with the mobile payment platform is provided by the application software, including: after the user login verification, the business management operation needs to be paid, the payment transaction amount is input, and the payment transaction amount is sent to mPOSmPOS ;收到;Roger that mPOSmPOS 发送来的交易请求报文后后向移动支付平台的After sending the transaction request message, it will be sent to the mobile payment platform. VPNVPN 接入网关发起连接请求,待建立The access gateway initiates a connection request to be established. VPNVPN 通道后使用会话密钥加密交易请求报文后发送至After the channel, the session key is used to encrypt the transaction request message and sent to VPNVPN 接入网关;对接收到的加密的交易应答报文进行解密后发送至Access gateway; decrypts the received encrypted transaction response message and sends it to mPOSmPOS ;根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后压缩并计算其According to the transaction result, the subsequent processing is performed. If the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and the electronic signature is obtained, compressed and calculated. hashHash 值后与其他交易要素组成报文串后送入After the value is combined with other transaction elements, the message string is sent. mPOSmPOS ;接收;receive mPOSmPOS 返回的return MACMAC ,与压缩的电子签名组织成电子签名请求报文,并用会话密钥加密后发送至And composing an electronic signature request message with the compressed electronic signature, and encrypting with the session key and then sending it to VPNVPN 接入网关;接收Access gateway VPNVPN 接入网关发送来的电子签名应答报文后对其进行解密后依应答结果做相应处理;After the electronic signature response message sent by the access gateway is decrypted, it is processed according to the response result;
所述Said mPOSmPOS ,用于接收来自智能设备发送的交易金额并显示,待读取用户卡上信息、接受用户密码输入后,将其组织形成交易请求报文后发送至智能设备;根据交易应答报文向智能设备反馈交易结果;对所接到的报文串计算, for receiving the transaction amount sent from the smart device and displaying, after reading the information on the user card, accepting the user password input, organizing the transaction request message to be sent to the smart device; and transmitting the message to the smart device according to the transaction response message Feedback transaction results; calculation of the received message string MACMAC 后返回给智能设备;Return to the smart device;
所述Said VPNVPN 接入网关,用于在收到智能设备连接请求后在智能设备与The access gateway is used on the smart device after receiving the smart device connection request VPNVPN 接入网关之间完成会话密钥的协商,建立The session key negotiation is completed between the access gateways. VPNVPN 通道;接收智能设备发送的加密交易请求报文解密后转发给交易处理系统;接收交易处理系统发来的交易应答报文后,使用会话密钥加密,而后将加密的交易应答报文转发至智能设备;接收智能设备发送的加密的电子签名请求报文,对其解密后转发至交易处理系统;接收交易处理系统转发的电子签名应答报文,对其使用会话密钥加密后发送给智能设备;Channel; the encrypted transaction request message sent by the receiving smart device is decrypted and forwarded to the transaction processing system; after receiving the transaction response message sent by the transaction processing system, the session key is used to encrypt, and then the encrypted transaction response message is forwarded to the smart The device receives the encrypted electronic signature request message sent by the smart device, decrypts it, and forwards it to the transaction processing system; receives the electronic signature response message forwarded by the transaction processing system, encrypts it by using the session key, and sends the message to the smart device;
所述交易处理系统,用于对The transaction processing system for VPNVPN 接入网关转发的交易请求报文进行预处理后转发至收单机构后台系统,所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至The transaction request message forwarded by the access gateway is pre-processed and forwarded to the back-office system of the acquiring institution. The pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and record transaction. Log; follow-up processing of the transaction according to the response result of the acquirer back-end system, and forwarding the transaction response message to VPNVPN 接入网关;将Access gateway; will VPNVPN 接入网关转发来的电子签名请求报文转发至电子签名系统;接收电子签名系统反馈的电子签名应答报文并转发给The electronic signature request message forwarded by the access gateway is forwarded to the electronic signature system; the electronic signature response message fed back by the electronic signature system is received and forwarded to VPNVPN 接入网关;Access gateway
所述收单机构后台系统,用于对交易处理系统发来的交易请求报文进行交易的账务处理;The acquiring institution back-office system is configured to perform transaction processing on the transaction request message sent by the transaction processing system;
所述电子签名系统,用于接收交易处理系统转发的电子签名请求报文,首先验证其的The electronic signature system is configured to receive an electronic signature request message forwarded by the transaction processing system, and first verify the MACMAC ,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置。If the verification is passed through the feedback electronic signature response message to the transaction processing system, and the electronic signature is decompressed, and the decompressed electronic signature and other transaction elements are saved to the designated location according to the set purchase order format.
综上可见,本发明提供了一种低廉安全的支付平台系统,其支付终端具有极低交易成本、低成本运维模式、业务管理和电子支付完美集成,构筑了成本低、功能强、安全性高的移动支付平台,进一步拓展银行卡受理渠道,扩大银行卡应用范围,改善用户环境,提升用户体验,增强商户粘度。In summary, the present invention provides a low-cost and secure payment platform system, which has a low transaction cost, a low-cost operation and maintenance mode, a perfect integration of service management and electronic payment, and a low cost, strong function, and security. The high mobile payment platform further expands the bank card acceptance channel, expands the application range of bank cards, improves the user environment, enhances the user experience, and enhances the viscosity of merchants.
作为一实施例,本系统还包括其他服务平台,其他服务平台如As an embodiment, the system further includes other service platforms, and other service platforms such as LBSLBS 系统,会员管理系统,第三方订单管理系统等。可实现诸如机具定位、会员信息管理、第三方订单管理等功能。System, member management system, third party order management system, etc. Functions such as machine positioning, member information management, and third-party order management can be realized.
作为一实施例,所述移动支付平台还包括As an embodiment, the mobile payment platform further includes APPAPP 管理系统,所述Management system, said APPAPP 管理系统,用于在交易过程中进行应用程序版本比对,若智能设备在用版本与Management system for comparing application versions during the transaction process, if the smart device is in use version APPAPP 管理系统上应用程序配置不符时,提醒智能设备向Remind the smart device when the application configuration on the management system does not match APPAPP 管理系统发起应用程序更新请求。The management system initiates an application update request.
作为一实施例,所述移动支付平台还包括移机监控系统,所述移机监控系统,用于接收通过交易处理系统上传来的智能设备的基准位置和交易位置的基站信息,而后对两位置之间的距离进行计算后比较该距离是否超出允许的范围,从而监控In an embodiment, the mobile payment platform further includes a transfer monitoring system, configured to receive base station information of a reference location and a transaction location of the smart device uploaded by the transaction processing system, and then to the two locations. The distance between them is calculated and compared to see if the distance is outside the allowable range, thus monitoring mPOSmPOS 是否发生移机。Whether a transfer occurred.
作为一实施例,所述移动支付平台还包括业务管理服务器;所述业务管理服务器,用于负责系统内商户资料、终端资料、卡表信息等基本信息的维护管理,系统参数设置,交易统计分析等。As an embodiment, the mobile payment platform further includes a service management server; the service management server is configured to be responsible for maintaining and managing basic information such as merchant data, terminal data, and card table information in the system, system parameter setting, and transaction statistical analysis. Wait.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.

Claims (9)

  1. 一种基于智能设备的支付方法,其特征在于:它包括步骤,A smart device-based payment method, characterized in that it comprises steps,
    S1)、用户从智能设备的应用程序中登录,进行业务管理操作,需要支付时,智能设备将包含交易类型和交易金额的支付信息发送到mPOS;S1), the user logs in from the application of the smart device, performs a business management operation, and when the payment is required, the smart device sends the payment information including the transaction type and the transaction amount to the mPOS;
    S2)、mPOS接收交易金额并显示,待读取到用户卡信息并收到用户密码后,将其组织形成交易请求报文后发送至智能设备;S2), mPOS receives the transaction amount and displays, after the user card information is read and the user password is received, it is organized into a transaction request message and sent to the smart device;
    S3)、智能设备向VPN接入网关发起连接请求,握手后双方根据协商的会话密钥建立VPN通道;S3), the smart device initiates a connection request to the VPN access gateway, and the two parties establish a VPN channel according to the negotiated session key after the handshake;
    S4)、智能设备使用会话密钥加密交易请求报文,将加密后交易请求报文发送至VPN接入网关;S4), the smart device encrypts the transaction request message by using the session key, and sends the encrypted transaction request message to the VPN access gateway;
    S5)、VPN接入网关对收到的加密交易请求报文解密后转发给交易处理系统;S5), the VPN access gateway decrypts the received encrypted transaction request message and forwards the message to the transaction processing system;
    S6)、交易处理系统对交易请求报文进行预处理后转发至收单机构后台系统,收单机构后台系统进行交易的账务处理并返回包含交易成功/失败码的交易应答报文;所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;S6), the transaction processing system preprocesses the transaction request message and forwards it to the acquiring institution back-end system, and the acquiring institution back-office system performs transaction processing of the transaction and returns a transaction response message including the transaction success/failure code; Pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, message format conversion, password-to-encryption, and record transaction log;
    S7)、交易处理系统根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至VPN接入网关;S7), the transaction processing system performs subsequent processing of the transaction according to the response result of the back office system of the acquiring institution, and forwards the transaction response message to the VPN access gateway;
    S8)、VPN接入网关使用会话密钥加密交易应答报文,而后将加密的交易应答报文转发至智能设备;S8), the VPN access gateway encrypts the transaction response message by using the session key, and then forwards the encrypted transaction response message to the smart device;
    S9)、智能设备对接收到的加密的交易应答报文进行解密后发送至mPOS;S9), the smart device decrypts the received encrypted transaction response message and sends it to mPOS;
    S10)、mPOS根据交易应答报文向智能设备反馈交易结果;S10), mPOS feeds back the transaction result to the smart device according to the transaction response message;
    S11)、智能设备根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后联通交易要素压缩并计算其hash值后与其他交易要素组成报文串后送入mPOS;所述交易要素包括持卡人主账号,交易日期,交易时间,交易类型和交易金额;S11), the smart device performs subsequent processing according to the transaction result, and if the transaction fails, the failure information is displayed. If the transaction is successful, the cardholder is prompted to sign, and after the electronic signature is obtained, the Unicom transaction element is compressed and the hash value is calculated and composed with other transaction elements. The message string is sent to mPOS; the transaction elements include the cardholder's main account, transaction date, transaction time, transaction type and transaction amount;
    S12)、mPOS对所接到的报文串计算MAC后返回给智能设备;S12), mPOS calculates a MAC for the received message string and returns it to the smart device;
    S13)、智能设备将压缩的电子签名与MAC组织成电子签名请求报文,并用会话密钥加密后发送至VPN接入网关;S13), the smart device organizes the compressed electronic signature and the MAC into an electronic signature request message, and encrypts the session identifier and sends the message to the VPN access gateway.
    S14)、VPN接入网关对使用会话密钥加密的电子签名请求报文解密后转发电子签名请求报文至交易处理系统;S14), the VPN access gateway decrypts the electronic signature request message encrypted by using the session key, and then forwards the electronic signature request message to the transaction processing system;
    S15)、交易处理服务将该电子签名请求报文转发至电子签名系统;S15), the transaction processing service forwards the electronic signature request message to the electronic signature system;
    S16)、电子签名系统验证电子签名请求报文中的MAC,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置;S16), the electronic signature system verifies the MAC in the electronic signature request message, and if the verification passes the feedback electronic signature response message to the transaction processing system, and performs electronic signature decompression, and decompresses according to the set purchase order format. Electronic signatures and other transaction elements are saved to a specified location;
    S17)、交易处理系统将电子签名应答报文转发给VPN接入网关;S17), the transaction processing system forwards the electronic signature response message to the VPN access gateway;
    S18)、VPN接入网关使用会话密钥加密电子签名应答报文,并发送给智能设备;S18), the VPN access gateway encrypts the electronic signature response message by using the session key, and sends the response message to the smart device;
    S19)、智能设备接收电子签名应答报文后对其进行解密,依应答结果做相应处理。S19): After receiving the electronic signature response message, the smart device decrypts the message and performs corresponding processing according to the response result.
  2. 如权利要求1所述的基于智能设备的支付方法,其特征在于:所述步骤S1之前还包括智能设备向mPOS发起终端主密钥远程下载请求,mPOS通过智能设备与交易处理系统交互,双向认证后,mPOS安全获得终端主密钥;向mPOS发起签到请求,mPOS透过智能设备与交易处理系统交互,同步交易流水号、工作密钥,并获得该终端在后台配置的APP信息的步骤。The smart device-based payment method according to claim 1, wherein before the step S1, the smart device further initiates a remote key download request of the terminal master key to the mPOS, and the mPOS interacts with the transaction processing system through the smart device, and the two-way authentication is performed. After that, the mPOS securely obtains the terminal master key; initiates a check-in request to the mPOS, and the mPOS interacts with the transaction processing system through the smart device, synchronizes the transaction serial number, the work key, and obtains the APP information configured by the terminal in the background.
  3. 如权利Right 要求1Request 1 所述的基于智能设备的支付方法,其特征在于:所述步骤S1The smart device-based payment method is characterized in that: step S1 中用户从智能设备的应用程序中登录后,应用程序访问APPAfter the user logs in from the smart device application, the application accesses the APP 管理系统检测版本是否一致,不一致时则向APPThe management system detects whether the versions are consistent. If they are inconsistent, they apply to the APP. 管理系统发起下载应用程序的请求。The management system initiates a request to download an application.
  4. 如权利要求1所述的基于智能设备的支付方法,其特征在于:所述步骤S16中所述解压得的电子签名与其他交易要素合成电子签购单图片后保存到指定位置。The smart device-based payment method according to claim 1, wherein in step S16, the decompressed electronic signature is combined with other transaction elements to synthesize an electronic purchase order picture and saved to a designated location.
  5. 如权利要求1所述的基于智能设备的支付方法,其特征在于:所述步骤S16后还包括返回可访问该电子签购单的门户网址的步骤。The smart device-based payment method according to claim 1, wherein the step S16 further comprises the step of returning a portal URL that can access the electronic purchase order.
  6. 一种基于智能设备的支付平台系统,其特征在于:它包括mPOS、智能设备、移动支付平台及银行主机系统;所述mPOS、智能设备、移动支付平台之间通过互联网和/或移动通讯网交互进行数据交换;A smart device-based payment platform system, which comprises: mPOS, smart device, mobile payment platform and bank host system; the mPOS, smart device and mobile payment platform interact through the internet and/or mobile communication network Data exchange
    所述移动支付平台包括VPN接入网关,电子签名系统、交易处理系统、收单机构后台系统;The mobile payment platform includes a VPN access gateway, an electronic signature system, a transaction processing system, and a back office system of an acquiring institution;
    所述mPOS与智能设备通过音频口、USB口或蓝牙与mPOS连接;The mPOS and the smart device are connected to the mPOS through an audio port, a USB port or Bluetooth;
    所述智能设备,作为mPOS与进行移动支付平台的交互媒介,用于通过应用软件提供包括:用户登录验证后,进行业务管理操作需要支付时输入支付交易金额后将支付交易金额发送到mPOS;收到mPOS发送来的交易请求报文后后向移动支付平台的VPN接入网关发起连接请求,待建立VPN通道后使用会话密钥加密交易请求报文后发送至VPN接入网关;对接收到的加密的交易应答报文进行解密后发送至mPOS;根据交易结果进行后续处理,若交易失败则显示失败信息,若交易成功,则提示持卡人签名,获取电子签名后压缩并计算其hash值后与其他交易要素组成报文串后送入mPOS;接收mPOS返回的MAC,与压缩的电子签名组织成电子签名请求报文,并用会话密钥加密后发送至VPN接入网关;接收VPN接入网关发送来的电子签名应答报文后对其进行解密后依应答结果做相应处理;The smart device, as an interaction medium between the mPOS and the mobile payment platform, is configured to be provided by the application software, including: after the user login verification, the service management operation needs to be paid, and the payment transaction amount is sent to the mPOS after receiving the payment transaction amount; After the transaction request message sent by the mPOS, the connection request is initiated to the VPN access gateway of the mobile payment platform, and after the VPN channel is established, the session request key is used to encrypt the transaction request message and then sent to the VPN access gateway; The encrypted transaction response message is decrypted and sent to mPOS; subsequent processing is performed according to the transaction result. If the transaction fails, the failure information is displayed. If the transaction is successful, the card holder is prompted to sign, and after obtaining the electronic signature, the hash value is compressed and calculated. After forming a message string with other transaction elements, it is sent to mPOS; the MAC returned by the mPOS is received, and the compressed electronic signature is organized into an electronic signature request message, which is encrypted by the session key and sent to the VPN access gateway; and the VPN access gateway is received. After the sent electronic signature response message is decrypted, it is processed according to the response result;
    所述mPOS,用于接收来自智能设备发送的交易金额并显示,待读取用户卡上信息、接受用户密码输入后,将其组织形成交易请求报文后发送至智能设备;根据交易应答报文向智能设备反馈交易结果;对所接到的报文串计算MAC后返回给智能设备;The mPOS is configured to receive the transaction amount sent by the smart device and display the information on the user card after receiving the user password input, and then organize the transaction request message to be sent to the smart device; according to the transaction response message Returning the transaction result to the smart device; calculating the MAC of the received message string and returning to the smart device;
    所述VPN接入网关,用于在收到智能设备连接请求后在智能设备与VPN接入网关之间完成会话密钥的协商,建立VPN通道;接收智能设备发送的加密交易请求报文解密后转发给交易处理系统;接收交易处理系统发来的交易应答报文后,使用会话密钥加密,而后将加密的交易应答报文转发至智能设备;接收智能设备发送的加密的电子签名请求报文,对其解密后转发至交易处理系统;接收交易处理系统转发的电子签名应答报文,对其使用会话密钥加密后发送给智能设备;The VPN access gateway is configured to complete a session key negotiation between the smart device and the VPN access gateway after receiving the smart device connection request, and establish a VPN channel; and after receiving the encrypted transaction request message sent by the smart device, decrypt the message Forwarding to the transaction processing system; receiving the transaction response message sent by the transaction processing system, encrypting with the session key, and then forwarding the encrypted transaction response message to the smart device; receiving the encrypted electronic signature request message sent by the smart device Decrypting and forwarding to the transaction processing system; receiving the electronic signature response message forwarded by the transaction processing system, encrypting it by using the session key, and transmitting the message to the smart device;
    所述交易处理系统,用于对VPN接入网关转发的交易请求报文进行预处理后转发至收单机构后台系统,所述预处理包括交易合法性检查、交易风险监控、交易位置监控、报文格式转换、密码转加密、记录交易日志;根据收单机构后台系统响应结果进行交易后续处理,同时将交易应答报文转发至VPN接入网关;将VPN接入网关转发来的电子签名请求报文转发至电子签名系统;接收电子签名系统反馈的电子签名应答报文并转发给VPN接入网关;The transaction processing system is configured to preprocess the transaction request message forwarded by the VPN access gateway and forward it to the acquiring institution back-end system, where the pre-processing includes transaction legality check, transaction risk monitoring, transaction location monitoring, and reporting. Text format conversion, password-to-encryption, record transaction log; follow-up processing of the transaction according to the response result of the acquirer back-end system, and forward the transaction response message to the VPN access gateway; the electronic signature request message forwarded by the VPN access gateway Forwarding to the electronic signature system; receiving the electronic signature response message fed back by the electronic signature system and forwarding the message to the VPN access gateway;
    所述收单机构后台系统,用于对交易处理系统发来的交易请求报文进行交易的账务处理;The acquiring institution back-office system is configured to perform transaction processing on the transaction request message sent by the transaction processing system;
    所述电子签名系统,用于接收交易处理系统转发的电子签名请求报文,首先验证其的MAC,若验证通过反馈电子签名应答报文至交易处理系统,并进行电子签名解压缩,并依据设定的签购单格式将解压得的电子签名与其他交易要素保存到指定位置。The electronic signature system is configured to receive an electronic signature request message forwarded by the transaction processing system, first verifying the MAC of the transaction, and if the verification passes the feedback electronic signature response message to the transaction processing system, and performing electronic signature decompression, and according to the setting The fixed purchase order format saves the decompressed electronic signature and other transaction elements to the specified location.
  7. 如权利要求6所述的基于智能设备的支付平台系统,其特征在于:所述移动支付平台还包括APP管理系统,所述APP管理系统,用于在交易过程中进行应用程序版本比对,若智能设备在用版本与APP管理系统上应用程序配置不符时,提醒智能设备向APP管理系统发起应用程序更新请求。The smart device-based payment platform system according to claim 6, wherein the mobile payment platform further comprises an APP management system, and the APP management system is configured to perform an application version comparison in a transaction process, if The smart device reminds the smart device to initiate an application update request to the APP management system when the version does not match the application configuration on the APP management system.
  8. 如权利Right 要求6Request 6 所述的基于智能设备的支付平台系统,其特征在于:所述移动支付平台还包括移机监控系统,所述移机监控系统,用于接收交易处理系统上传来的智能设备的基准位置和交易位置的基站信息,而后对两位置之间的距离进行计算后比较该距离是否超出允许的范围,从而监控mPOSThe smart device-based payment platform system is characterized in that: the mobile payment platform further comprises a transfer monitoring system, and the transfer monitoring system is configured to receive a reference position and a transaction of the smart device uploaded by the transaction processing system. The base station information of the location, and then calculate the distance between the two locations and compare whether the distance exceeds the allowable range, thereby monitoring the mPOS 是否发生移机。Whether a transfer occurred.
  9. 如权利要求6所述的基于智能设备的支付平台系统,其特征在于:所述移动支付平台还包括业务管理服务器;所述业务管理服务器,用于负责系统内商户资料、终端资料、卡表信息等基本信息的维护管理,系统参数设置,交易统计分析等。The smart device-based payment platform system according to claim 6, wherein the mobile payment platform further comprises a service management server; and the service management server is configured to be responsible for the merchant information, the terminal data, and the card table information in the system. Maintenance and management of basic information, system parameter settings, transaction statistics analysis, etc.
     
PCT/CN2014/094881 2013-12-27 2014-12-25 Smart device-based payment platform system and payment method WO2015096754A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310745893.8A CN103699989B (en) 2013-12-27 2013-12-27 Payment platform system based on smart machine and method of payment
CN201310745893.8 2013-12-27

Publications (1)

Publication Number Publication Date
WO2015096754A1 true WO2015096754A1 (en) 2015-07-02

Family

ID=50361511

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/094881 WO2015096754A1 (en) 2013-12-27 2014-12-25 Smart device-based payment platform system and payment method

Country Status (2)

Country Link
CN (1) CN103699989B (en)
WO (1) WO2015096754A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108460937A (en) * 2018-04-25 2018-08-28 北京百汇安科技有限公司 A kind of intelligence POS system and method for payment
CN110430052A (en) * 2019-08-05 2019-11-08 中国工商银行股份有限公司 A kind of online filling method and device of POS key
CN111628903A (en) * 2020-04-27 2020-09-04 交通银行股份有限公司北京市分行 Monitoring method and monitoring system for transaction system running state
CN112950200A (en) * 2021-02-05 2021-06-11 中国建设银行股份有限公司 Transaction management method and system suitable for bankbook
CN115249191A (en) * 2022-09-20 2022-10-28 北京结慧科技有限公司 Transaction message processing system and method
CN116092244A (en) * 2023-01-12 2023-05-09 厦门大学 POS machine supervisory systems based on 5G signal

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103699989B (en) * 2013-12-27 2016-08-17 福建联迪商用设备有限公司 Payment platform system based on smart machine and method of payment
CN104268744A (en) * 2014-09-19 2015-01-07 上海鹏逸电子商务有限公司 Mobile payment achieving method and system
CN104881782B (en) * 2015-05-11 2019-02-05 福建联迪商用设备有限公司 A kind of method based on Secure Transaction, system
CN106920091A (en) * 2015-12-25 2017-07-04 北京数码视讯科技股份有限公司 A kind of method of payment and SOS
CN105635164B (en) * 2016-01-21 2019-01-08 北京智能果技术有限公司 The method and apparatus of safety certification
US9591066B1 (en) * 2016-01-29 2017-03-07 Xero Limited Multiple server automation for secure cloud reconciliation
CN106469371A (en) * 2016-08-31 2017-03-01 江苏鸿信系统集成有限公司 A kind of system and method for raising campus enterprise's cloud card payment safety
CN109905626B (en) * 2017-12-08 2021-02-26 华平信息技术股份有限公司 Remote video assistance method and system for POS machine, video assistance initiating end and receiving end
CN109586946B (en) * 2018-09-29 2021-11-30 创新先进技术有限公司 Exception handling method and device and computer readable storage medium
CN110046906A (en) * 2019-04-18 2019-07-23 郑建建 A kind of the two-way authentication method of commerce and system of MPOS machine and server
CN112702376B (en) * 2019-10-23 2022-09-06 上海云桓信息科技有限公司 Real-time transaction monitoring method
CN112465492A (en) * 2020-11-20 2021-03-09 银盛支付服务股份有限公司 Distributed high-concurrency condition-based accounting processing method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102360478A (en) * 2011-10-14 2012-02-22 快钱支付清算信息有限公司 Mobile terminal-based payment method and system
WO2013117775A1 (en) * 2012-02-10 2013-08-15 What You Look For, S.L. Method for paying by mobile phone in shops
CN103366469A (en) * 2012-03-30 2013-10-23 株式会社毕索龙 POS terminal and POS system using mobile terminal
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8027917B2 (en) * 2006-08-15 2011-09-27 Frank Easterly Method for facilitating financial and non financial transactions between customers, retailers and suppliers
US8966610B2 (en) * 2008-11-05 2015-02-24 Apriva, Llc Method and system for securing data from a non-point of sale device over an external network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102360478A (en) * 2011-10-14 2012-02-22 快钱支付清算信息有限公司 Mobile terminal-based payment method and system
WO2013117775A1 (en) * 2012-02-10 2013-08-15 What You Look For, S.L. Method for paying by mobile phone in shops
CN103366469A (en) * 2012-03-30 2013-10-23 株式会社毕索龙 POS terminal and POS system using mobile terminal
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108460937A (en) * 2018-04-25 2018-08-28 北京百汇安科技有限公司 A kind of intelligence POS system and method for payment
CN108460937B (en) * 2018-04-25 2024-04-26 北京百汇安科技有限公司 Intelligent POS system and payment method
CN110430052A (en) * 2019-08-05 2019-11-08 中国工商银行股份有限公司 A kind of online filling method and device of POS key
CN110430052B (en) * 2019-08-05 2023-01-31 中国工商银行股份有限公司 POS key online filling method and device
CN111628903A (en) * 2020-04-27 2020-09-04 交通银行股份有限公司北京市分行 Monitoring method and monitoring system for transaction system running state
CN111628903B (en) * 2020-04-27 2022-04-05 交通银行股份有限公司北京市分行 Monitoring method and monitoring system for transaction system running state
CN112950200A (en) * 2021-02-05 2021-06-11 中国建设银行股份有限公司 Transaction management method and system suitable for bankbook
CN115249191A (en) * 2022-09-20 2022-10-28 北京结慧科技有限公司 Transaction message processing system and method
CN116092244A (en) * 2023-01-12 2023-05-09 厦门大学 POS machine supervisory systems based on 5G signal

Also Published As

Publication number Publication date
CN103699989B (en) 2016-08-17
CN103699989A (en) 2014-04-02

Similar Documents

Publication Publication Date Title
WO2015096754A1 (en) Smart device-based payment platform system and payment method
US11483157B2 (en) Management of cryptographically secure exchanges of data using permissioned distributed ledgers
US11321680B2 (en) System and method for processing and management of transactions using electronic currency
US9558492B2 (en) Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction
US20170032362A1 (en) Streamlined enrollment of credit cards in mobile wallets
CN104424565A (en) Digital card-based payment system and method
CN105556892A (en) Systems and methods for secure communication
CN103714453B (en) Payment platform system based on smart machine and method of payment
CA2979250C (en) Management of cryptographically secure exchanges of data using permissioned distributed ledgers
GB2515057A (en) System and Method for Obtaining a Digital Signature
CN105959265A (en) Electronic form filling system and method thereof
CN103761644A (en) Ordering processing method for mobile Internet online payment
CN104574049A (en) Real-time electronic payment and settlement system based on SET (security electronic transaction) protocol
CN102354418B (en) System for processing trade information and method therefor
US20220191013A1 (en) Techniques For Secure Channel Communications
WO2017080355A1 (en) Method for confirming on-line transaction security by means of mobile phone and system thereof
CN105635164A (en) Method and device for security authentication
KR101407737B1 (en) Apparatus and Method for Processing Finance Banking Information of Smart Device Using QR Code
JP2022537864A (en) Secure mobile payment and back-office application solutions that can be accepted as contactless payments for on-shelf transaction devices
US20190311354A1 (en) Model and method to advanced authentication and authorization process for payment transactions in a banking system with no cards issued to customers
US20190311355A1 (en) Model and method to advanced authentication and authorization process for payment transactions in a banking system with no cards issued to customers
US20210385093A1 (en) Digital signature terminal and secure communication method
US11928672B2 (en) Personalization method and system for financial IC card having dynamic verification code
TWI722333B (en) Card reading transaction system and method for operating a card reading transaction system
WO2020142994A1 (en) Control method, ticketing rule server, ticket checking rule server and apparatus

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14875639

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 14875639

Country of ref document: EP

Kind code of ref document: A1