WO2023142436A1

WO2023142436A1 - Authentication method and apparatus, payment method and apparatus, and device

Info

Publication number: WO2023142436A1
Application number: PCT/CN2022/112455
Authority: WO
Inventors: 刘刚; 詹成初; 才华
Original assignee: 中国银联股份有限公司
Priority date: 2022-01-26
Filing date: 2022-08-15
Publication date: 2023-08-03
Also published as: CN114463012A

Abstract

Disclosed in the embodiments of the present application are an authentication method and apparatus, a payment method and apparatus, and a device. The authentication method comprises: acquiring identity information of an Internet-of-Things device and payment information of a user by means of a mobile device, wherein a first token is provided in the Internet-of-Things device; sending the identity information and the payment information to a first server, so that the first server sends the payment information to a second server for authentication after the identity information passes authentication; and generating a second token after the second server authenticates the payment information, sending the second token to the first server, generating first information and second information on the basis of association information between the first token, the second token and the payment information, and respectively sending the first information and the second information to the mobile device and the Internet-of-Things device, so as to complete authentication. A first token serves as a device token of an Internet-of-Things device, a second token serves as a service token corresponding to payment information, and during a payment process, the transaction security can be improved on the basis of a binding relationship between the tokens and the payment information.

Description

Authentication method, payment method, device and equipment

Cross References to Related Applications

This application claims the priority of Chinese patent application 202210096244.9 entitled "Authentication Method, Payment Method, Device and Equipment" filed on January 26, 2022, the entire content of which is incorporated herein by reference.

technical field

The application belongs to the technical field of payment security, and in particular relates to an authentication method, payment method, device and equipment.

Background technique

With the rapid development of IoT technology, the types of IoT devices in the market are more diverse, there are many manufacturers, and the management is complicated, which makes the risk involved in the participation of IoT devices in payment scenarios higher.

Current IoT devices only support online transactions in payment scenarios, and transaction security is low.

Contents of the invention

Embodiments of the present application provide an authentication method, a payment method, a device, and a device, which can improve transaction security of IoT devices in a payment scenario.

In the first aspect, the embodiment of the present application provides an authentication method, which is applied to an Internet of Things device, and the Internet of Things device has a built-in first token, and the method includes:

Sending the identity information of the IoT device to the mobile device, so that the mobile device sends the identity information and the user's payment information to the first server for authentication;

Receive the first information sent by the first server, the first information includes the first token and the association information between the second token and the identity information and payment information, wherein the first token is the first server pair It is determined after the authentication of the identity information is passed, and the second token is generated by the second server after the authentication of the payment information is passed;

The first information is stored in the security chip.

In some embodiments, the IoT device is provided with a security chip,

Before sending the identity information of the IoT device to the mobile device, the method also includes;

A pair of keys is generated through the security chip, and the keys include a first public key and a first private key;

sending the first public key to the first server;

Send the identity information of the IoT device to the mobile device, including:

The identity information is encrypted by the first private key and sent to the mobile device, so that the mobile device authenticates the identity information by the first public key after sending the identity information to the first server.

In some embodiments, the first token is encrypted and stored in the security chip.

In some embodiments, the payment information corresponds to one or more payment cards, and there are one or more second tokens, and the second tokens are in one-to-one correspondence with the payment cards.

In the second aspect, the embodiment of the present application provides an authentication method, which is applied to the first server, and the method includes:

Receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

Authentication of identity information through preset rules;

After the authentication of the identity information is passed, the payment information is sent to the second server for authentication;

receiving the second token sent by the second server, the second token is generated after the second server passes the authentication of the payment information;

The association information after associating the first token and the second token with the identity information and payment information is sent to the IoT device and the mobile device.

In some embodiments, the identity information is information encrypted by a first private key, and the first private key is generated by a security chip of the IoT device;

Authentication of identity information through preset rules, including:

The identity information is authenticated through the first public key, which is generated by the security chip and corresponds to the first private key.

In some embodiments, before receiving the identity information of the IoT device and the payment information of the user sent by the mobile device, the method further includes:

Receive the first public key sent by the IoT device;

Save the first public key.

In a third aspect, the embodiment of the present application provides an authentication method applied to a mobile device, and the method includes:

Obtain the identity information of the IoT device and the user's payment information, and the IoT device has the first token built into it;

Send the identity information and payment information to the first server, so that after the first server passes the authentication of the identity information, send the payment information to the second server for authentication;

receiving the second information sent by the first server, the second information including the first token, the association information between the second token and identity information and payment information, wherein the first token is determined by the first server according to the identity information, The second token is generated after the second server passes the authentication of the payment information.

In some embodiments, obtaining the identity information of the IoT device and the payment information of the user includes:

Obtain the identification code of the IoT device, which includes the identity information and page address of the IoT device;

According to the identification code, analyze and obtain the identity information, and jump to the first interface corresponding to the page address;

The payment information input by the user from the first interface is received.

In some embodiments, the Internet of Things device is provided with a security chip, and the first token is encrypted and stored in the security chip.

In a fourth aspect, the embodiment of the present application provides a payment method, which is applied to the first server, and the method includes:

receiving a transaction request sent by the IoT device, the transaction request including transaction information corresponding to the transaction event, the first token and identity information of the IoT device, and the transaction information including payment information;

Parse the first token from the transaction request;

According to the pre-stored mapping information in the first token and the first server, determine the corresponding second token, the pre-stored mapping information is the association information of the first token, the second token, identity information and payment information;

Sending the second token and the transaction information to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the third server performs the balance deduction operation of the corresponding transaction event based on the payment information And generate balance change information;

The balance change information sent by the second server is received and forwarded to the IoT device.

In some embodiments, the transaction request is information encrypted by a first private key on the IoT device, and the first private key is generated by a security chip of the IoT device;

The first token is parsed from the transaction request, including:

The transaction request is decrypted by using the first public key to parse the transaction request to obtain the first token. The first public key is generated by the security chip and corresponds to the first private key.

In the fifth aspect, the embodiment of the present application provides an authentication device, which is applied to a mobile device, and the device includes:

The first acquisition module is used to acquire the identity information of the IoT device and the payment information of the user, and the IoT device has a built-in first token;

The first sending module is configured to send the identity information and payment information to the first server, so that after the first server passes the authentication of the identity information, it sends the payment information to the second server for authentication;

The first receiving module is configured to receive the first information sent by the first server, the first information includes the association information between the first token, the second token, identity information and payment information, wherein the first token is the first token A server determines according to the identity information, and the second token is generated after the second server passes the authentication of the payment information.

In the sixth aspect, the embodiment of the present application provides an authentication device, which is applied to an Internet of Things device, and the Internet of Things device has a built-in first token, which is characterized in that the device includes:

The second sending module is configured to send the identity information of the IoT device to the mobile device, so that the mobile device sends the identity information and the payment information of the user to the first server for authentication;

The second receiving module is used to receive the second information sent by the first server, the second information includes the first token, the association information between the second token and identity information and payment information, wherein the first token is the first token The first server is determined after passing the authentication of the identity information, and the second token is generated after the second server passes the authentication of the payment information;

The saving module is used for saving the second information in the security chip.

In the seventh aspect, the embodiment of the present application provides an authentication device, which is applied to the first server, and is characterized in that the device includes:

The third receiving module is used to receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

A first authentication module, configured to authenticate identity information through preset rules;

The third sending module is used to send payment information to the second server for authentication after the identity information authentication is passed;

The fourth receiving module is used to receive the second token sent by the second server, and the second token is generated after the second server passes the payment information authentication;

The fourth sending module is used to send the associated information after the first token and the second token are associated with identity information and payment information to the IoT device and the mobile device.

In the eighth aspect, the embodiment of the present application provides a payment device, which is applied to the first server, and the device includes:

The fifth receiving module is configured to receive a transaction request sent by the Internet of Things device, the transaction request includes transaction information corresponding to the transaction event, the first token and identity information of the Internet of Things device, and the transaction information includes payment information;

The first parsing module is configured to parse the transaction request to obtain the first token;

A determining module, configured to determine a corresponding second token according to the first token and pre-stored mapping information in the first server, where the pre-stored mapping information is association information between the first token, the second token, identity information, and payment information ;

The fifth sending module is configured to send the second token and the transaction information to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the third server performs the transaction based on the payment information. The balance deduction operation corresponding to the transaction event generates balance change information;

A sixth receiving module, configured to receive the balance change information sent by the second server, and forward it to the Internet of Things device.

In a ninth aspect, the embodiment of the present application provides an electronic device, the device comprising: a processor and a memory storing computer program instructions;

When the processor executes the computer program instructions, the method described in any embodiment of the first aspect, the second aspect, the third aspect, or the fourth aspect is implemented.

In the tenth aspect, the embodiment of the present application provides a computer storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, the above first aspect, second aspect, and third aspect are realized , or the method described in any embodiment of the fourth aspect.

In the eleventh aspect, the embodiment of the present application provides a computer program product. When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device executes the above-mentioned first aspect, the second aspect, and the third aspect. aspect, or the method described in any embodiment of the fourth aspect.

The embodiment of the present application provides an authentication method, payment method, device and equipment, wherein in the authentication method, the identity information of the IoT device and the user's payment information are obtained through the mobile device, and the IoT device has a built-in first token; Send the identity information and payment information to the first server, so that after the first server passes the authentication of the identity information, it sends the payment information to the second server for authentication; when the second server passes the authentication of the payment information, a second order is generated. The card is sent to the first server, and the first information and the second information are generated based on the first token, the second token and the associated information between the payment information and sent to the mobile device and the Internet of Things device respectively to complete the authentication. The first token is used as the device token of the IoT device, and the second token is used as the service token corresponding to the payment information. During the payment process, the transaction security can be improved based on the binding relationship between the token and the payment information.

Description of drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following will briefly introduce the accompanying drawings that need to be used in the embodiments of the present application. Additional figures can be derived from these figures.

FIG. 1 is a schematic flow diagram of an authentication method provided by an embodiment of the present application;

Fig. 2 is a schematic flow diagram of an authentication method in a specific example of the present application;

FIG. 3 is a schematic flowchart of an authentication method provided in another embodiment of the present application;

Fig. 4 is a schematic flowchart of an authentication method provided in another embodiment of the present application;

FIG. 5 is a schematic flowchart of an authentication method provided in another embodiment of the present application;

Fig. 6 is a schematic flowchart of a payment method provided by an embodiment of the present application;

Figure 7 is a schematic flow diagram of a payment method in a specific example of the present application;

Fig. 8 is a schematic structural diagram of an authentication device provided by an embodiment of the present application;

Fig. 9 is a schematic structural diagram of an authentication device provided in another embodiment of the present application;

Fig. 10 is a schematic structural diagram of an authentication device provided in another embodiment of the present application;

Fig. 11 is a schematic structural diagram of a payment device provided by an embodiment of the present application;

Fig. 12 is a schematic structural diagram of an electronic device provided by another embodiment of the present application.

Detailed ways

The characteristics and exemplary embodiments of various aspects of the application will be described in detail below. In order to make the purpose, technical solution and advantages of the application clearer, the application will be further described in detail below in conjunction with the accompanying drawings and specific embodiments. It should be understood that the specific embodiments described here are only intended to explain the present application rather than limit the present application. It will be apparent to one skilled in the art that the present application may be practiced without some of these specific details. The following description of the embodiments is only to provide a better understanding of the present application by showing examples of the present application.

It should be noted that in this article, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that there is a relationship between these entities or operations. There is no such actual relationship or order between them. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the statement "comprising..." does not exclude the presence of additional same elements in the process, method, article or device comprising said element.

In the current IoT device payment scenario, the payment method usually used is: the IoT device sends a payment request including the device ID and payment amount to the server, and the server queries the associated payment account according to the device ID, and from the payment account Make a deduction.

The disadvantage of this payment method is that the payment security is low, and the payment can only be deducted from the associated payment account determined by the background server, and the IoT device does not have independent payment capabilities.

In addition, currently IoT devices only support online transactions in payment scenarios, and cannot support offline transactions without the participation of offline POS (Point of sales) devices. Because as far as the current payment technology is concerned, if IoT devices conduct offline transactions, most of them need to rely on IC cards (Integrated Circuit Cards, integrated circuit cards), and POS devices need to be used to initiate transactions based on IC cards, which reduces the convenience of front-end operations. , the complexity of the operation process is high.

In order to solve the problems in the prior art, the embodiments of the present application provide an authentication method, payment method, device and equipment. Safe payment is realized through the security chip and device token set in the IoT device. The following firstly introduces the authentication method provided by the embodiment of the present application.

Fig. 1 shows a schematic flowchart of an authentication method provided by an embodiment of the present application. As shown in Figure 1, the authentication method is applied to an Internet of Things device, and the first token is built in the Internet of Things device, and the method includes steps S101 to S103:

S101. Provide the mobile device with the identity information of the IoT device, so that the mobile device sends the identity information and the user's payment information to the first server for authentication;

S102. Receive the first information sent by the first server, the first information includes the association information between the first token, the second token, and the payment information, wherein the first token is the determined after the first server passes the authentication of the identity information, and the second token is generated after the second server passes the authentication of the payment information;

S103. Save the first information.

In the authentication method of the embodiment of the present application, the identity information of the IoT device and the payment information of the user are acquired through the mobile device, and are sent together to the first server for authentication. After the first server authenticates the identity information of the IoT device, it can determine the first token of the IoT device based on the identity information, that is, the token of the IoT device does not need to be transmitted, and the IoT device can be pre-stored in the first server. The corresponding relationship between the device identity information and the first token, after verifying that the identity information of the IoT device is legal, it can be determined that the device corresponds to the first token; then the payment information is sent to the second server, and the second server authenticates the payment The legitimacy of the information, and after the authentication is passed, the second token is generated and returned to the first server, and the first server completes the binding of the corresponding IoT device, that is, associates the first token, the second token and the payment information, Sent to IoT devices for storage. In this way, before the payment is realized, the authentication is completed based on the device token of the Internet of Things device (ie, the first token, the same below) and the server, so as to ensure the security of the subsequent payment.

In some specific embodiments, in order to strengthen payment security, it can be realized by increasing the hardware capabilities of IoT devices. Optionally, in this embodiment of the application, the processor of the Internet of Things device, such as MCU (Micro Controller Unit, Micro Control Unit), is connected to a security chip SE (Secure Element), and the security chip SE presets a security domain to establish its The security foundation for IoT devices.

It can be understood that the security domain can verify the legitimacy and security of the server to which the IoT device belongs, and the verification of the security domain can use mature technologies in the field, which will not be repeated here.

Exemplarily, the security chip SE of the IoT device can be used as a transaction security shield of the device, and based on its own high security performance, the hardware capability of the IoT device can be improved. And the first token is encrypted and stored in the security chip SE, and the first token, as the device Token of the IoT device, can be preset into the IoT device together with the security chip at the factory stage or before it is put into use. For example, it can be injected by payment card manufacturers, or by IoT device manufacturers.

The first token, that is, the device Token of the IoT device, has a unique correspondence with the IoT device, and each IoT device has a device Token, so the device Token of the IoT device is globally unique .

Optionally, after the security domain of the security chip SE is verified, before step S101, the authentication method in this embodiment of the present application may also include S104-S105:

S104. Generate a pair of keys through the security chip, where the keys include a first public key and a first private key;

S105. Send the first public key to the first server.

Exemplarily, the security chip SE generates a pair of asymmetric keys, the key includes a first public key and a first private key, wherein the first private key is stored in the security chip, and the first public key is sent to the first server save.

In this way, the identity information of the IoT device is provided to the mobile device in step S101, which may specifically include:

The identity information is encrypted by the first private key and then sent to the mobile device, so that after the mobile device sends the identity information to the first server, the identity information is encrypted by the first public key Information authentication.

In step S101, the IoT identity information may include one or more of a device ID (Identity Document, identity code), a device manufacturer ID, and a device chip ID (that is, the chip serial number corresponding to the above-mentioned MCU of the device). In some examples, when the identity information of the IoT device is provided to the mobile device, the identification code of the IoT device identity information can be displayed for the mobile device to obtain, or the IoT device provides an MCU access interface for the mobile device to obtain the IoT device. Device identity information.

Referring to Figure 2, when the identity information is provided through the identification code, the identification code may include acquisition request information, and through steps S201-S202, the mobile device scans the identification code to initiate a request to the IoT device, and the IoT device based on the request The identity information is returned to the mobile device, and the mobile device obtains the payment information input by the user through the first interface after receiving the identity information.

The identification code may include identity information such as the device ID and device manufacturer ID of the IoT device, and a page address link. The mobile device obtains the identity information of the IoT device by scanning the identification code, and at the same time jumps to the first interface corresponding to the page address to receive the payment information input by the user from the first interface.

Or the Internet of Things device provides an MCU access interface, and the mobile device uses the access interface to obtain the identity information of the Internet of Things device, and then obtains the payment information input by the user through the first interface.

Exemplarily, the identification code can be a two-dimensional code, or other forms of graphic codes; the identification code can be a static code, or can also be a dynamic code; the identification code can be displayed on the display screen of the IoT device, or It can be displayed in other forms; the embodiment of this application does not make a unique limitation.

Exemplarily, the identity information obtained by the mobile device is information encrypted by the first private key stored in the security chip SE by the IoT device, which can avoid information leakage during information transmission during the authentication process and cause The risk of being attacked by malicious analysis.

Exemplarily, the payment information input by the user may include one or more of payment card (such as bank card) card number, anti-counterfeiting code (such as security code CVN2, Card Validation Number 2) and verification code. In a specific example, the payment information may include one or more payment cards.

In the embodiment of this application, through step S203 shown in Figure 2, the mobile device sends the identity information of the IoT device and the user's payment information to the first server, and the legality of the identity information is authenticated by the first server After the authentication of the identity information of the IoT device is passed, the user's payment is authenticated through the second server.

Exemplarily, the first server may be an IoT device management platform. The mapping relationship between the IoT device and its corresponding first public key and device Token is stored in the database in advance in the first server. Referring to FIG. 2, when the first server receives the identity information of the IoT device sent by the mobile terminal, in step S204, it decrypts and authenticates the identity information through the first public key. If the decryption is successful, the identity of the IoT device is legal and the authentication Pass; otherwise, it is invalid and IoT identity authentication fails.

In step S204, after passing the authentication of the identity information of the IoT device, the first server determines the first token corresponding to the IoT device based on the analyzed identity information. At the same time, through step S205, the first server also sends the user's payment information to the second server. Exemplarily, the second server may be the transaction platform of the operator to which the payment card belongs (such as the UnionPay transaction platform corresponding to the UnionPay card). The second server verifies the card number, anti-counterfeiting code, and verification code in the payment information, and confirms the legitimacy of the payment information.

It can be understood that the authentication of the validity of the payment card by the server corresponding to the payment card operator is a mature technology in the field, and will not be repeated here.

Referring to FIG. 2, through step S206, the second server generates a second token corresponding to the payment information after authenticating the payment information of the user. Exemplarily, the second token, as a business token, has a one-to-one relationship with the payment card in the payment information. When the payment information contains a payment card information, a first token can be generated; when the payment information contains When the information of multiple payment cards is included, multiple second tokens may be respectively generated corresponding to these payment cards.

Through step S207, the second token generated by the second server is returned to the first server, and through step S208, the first server returns the first token corresponding to the above-identified Internet of Things device and the second token returned by the second server The card is bound with the corresponding identity information and payment information, and the corresponding associated information is generated and stored in the first server. In this association information, one first token can correspond to one or more second tokens, that is, in the embodiment of this application, an IoT device is allowed to bind multiple payment cards for subsequent transactions, satisfying the needs of users. card payment requirements. In an example, in order to improve the convenience of subsequent payment, one of the payment cards can be set as the default payment card during the binding process of the above-mentioned associated information, and the corresponding default payment identifier can be marked in the associated information.

After the associated information is generated by the first server, the IoT device receives the associated information (that is, the first information) sent by the first server through step S102, and securely stores the first information in the IoT device through step S103. And the associated information can also be sent to the mobile device and displayed for the user to understand.

In the embodiment of this application, the first information is safely stored in the IoT device, and in the subsequent payment scenario, transaction payment can be initiated through the payment information in the first information stored in the security chip SE, and the IoT device has the ability to use The hardware capability of secure payment expands the transaction attributes of IoT devices and improves the device's secure payment capabilities. In this way, IoT devices authenticated by identity information and payment information can have separate payment capabilities in the subsequent payment process. On the one hand, compared with traditional online transactions, IoT devices in this embodiment of the application can be based on security The hardware foundation established by the chip initiates transaction payment based on the securely stored payment information and the first token certified by the platform to ensure transaction security and avoid the risk of information being maliciously cracked and attacked during the transmission of transaction information. On the other hand, the first information authenticated by the authentication method of the embodiment of the application is stored in the Internet of Things device and used in the scenario of subsequent transaction payment initiation. Compared with the traditional offline transaction that relies on the IC card to complete, this application When the Internet of Things device in the embodiment initiates a transaction based on the payment information of the payment card, it can break away from the front-end's dependence on the IC card physical card body, which is beneficial to improve transaction convenience.

Optionally, in order to meet various needs of the user, the embodiment of the present application may also allow the user to update the payment information stored in the IoT device. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the Internet of Things device to request authentication and binding, or wants to delete the bound payment card, as shown in Figure 3, the authentication method may also include Steps S301-S303, the specific steps are as follows.

S301. Provide the mobile device with the identity information and payment information of the IoT device, so that the mobile device generates updated payment information according to the payment information, and sends the updated payment information and identity information to the first server for authentication .

The mobile terminal can obtain the identity information of the IoT device by scanning the identification code or accessing the MCU access interface of the IoT device, and jump to the second interface to display the payment information of the existing payment card stored on the IoT device.

Based on the payment information displayed on the second interface on the mobile device, the user can generate corresponding updated payment information by inputting operations such as adding a new payment card or deleting a payment card. If the original payment information of payment card 1 is displayed on the second interface, the user enters the payment information of payment card 2 and payment card 3 on the second interface, and marks the payment information of payment card 2 as the default payment card, and deletes the payment The payment information of card 1 generates updated payment information corresponding to payment card 2 and payment card 3. The mobile device sends the identity information and updated payment information to the first server for authentication.

S302. Receive third information sent by the first server, where the third information includes association information between the first token, the third token, the identity information, and the updated payment information, wherein the The first token is determined after the first server passes the authentication of the identity information, and the third token is generated after the second server passes the authentication of the updated payment information.

S303. Save the third information.

In this embodiment, the authentication process of the first server for the identity information of the IoT device is the same as the identity information authentication process in the above embodiment, and the authentication process of the second server for updating the payment information is the same as the authentication process of the payment information in the above embodiment , the second server generates a new technical Token after passing the authentication of the updated payment information, that is, the third token, and returns it to the second server, and the second server sends the first token, the third token, the identity information and The updated payment information is bound to generate new associated information (that is, the third information), which is sent to the Internet of Things device for storage, and then sent to the mobile device for display to the user.

FIG. 4 shows a schematic flowchart of an authentication method provided by an embodiment of the present application. As shown in Figure 4, the authentication method is applied to the first server, and the method includes steps S401-S405:

S401. Receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

S402. Authenticate the identity information through preset rules;

S403. After the identity information is authenticated, send the payment information to the second server for authentication;

S404. Receive a second token sent by the second server, where the second token is generated after the second server authenticates the payment information;

S405. Send the associated information after the first token and the second token are associated with the identity information and the payment information to the IoT device and the mobile device.

In the embodiment of the present application, the first server may be an Internet of Things device management platform, and the first server may perform unified management on several Internet of Things devices. In the authentication method of the embodiment of the present application, the identity information of the IoT device and the payment information of the user are obtained through the mobile device, and are sent together to the first server for authentication. After the first server authenticates the identity information of the IoT device, it can determine the first token of the IoT device based on the identity information, that is, the token of the IoT device does not need to be transmitted, and the IoT device can be pre-stored in the first server. The corresponding relationship between the device identity information and the first token, after verifying that the identity information of the IoT device is legal, it can be determined that the device corresponds to the first token; then the payment information is sent to the second server, and the second server authenticates the payment The legitimacy of the information, and after the authentication is passed, the second token is generated and returned to the first server, and the first server completes the binding of the corresponding IoT device, that is, associates the first token, the second token and the payment information, Sent to IoT devices for storage. In this way, before the payment is realized, the authentication is completed based on the device token of the Internet of Things device (ie, the first token, the same below) and the server, so as to ensure the security of the subsequent payment.

Optionally, in order to enhance payment security, the processor of the IoT device, such as MCU (Micro Controller Unit, Micro Control Unit), is connected to a security chip SE (Secure Element), and the security chip SE presets a security domain to establish its IoT The security foundation for connected devices.

Exemplarily, the security chip SE of the IoT device can be used as a transaction security shield of the device, and based on its own high security performance, the hardware capability of the IoT device can be improved. And the first token is encrypted and stored in the security chip SE. There is a unique correspondence between the first token and the IoT device, and each IoT device has a device Token, that is, the device Token of the IoT device is globally unique.

In addition to safely storing the first token, the security chip of the IoT device is also used to generate a pair of asymmetric keys. The key includes a first public key and a first private key, the first private key is stored in the security chip, and the first public key is sent to the first server for storage. Therefore, before the above step S401, the method may also include:

receiving the first public key sent by the IoT device;

Save the first public key.

The first server may pre-save the mapping association between the identity information of the IoT device and its first token in the database, and after receiving the first public key, associate the first public key with the corresponding IoT device Identity information is stored in association.

After the first server saves the first public key, it receives the identity information of the IoT device and the payment information of the user sent by the mobile device through step S401, wherein the identity information of the IoT device may include a device ID (Identity Document, identity code) , device manufacturer ID, and device chip ID. The user's payment information can include one or more of payment card (such as bank card) card number, anti-counterfeiting code (such as security code CVN2, Card Validation Number 2) and verification code. In a specific example, the payment information may include one or more payment cards.

Exemplarily, in order to improve the security of the authentication information, the identity information may be information encrypted by the first private key stored in the security chip of the IoT device, then after receiving the identity information of the IoT device and the user's payment After receiving the information, the first server may authenticate the identity information through a preset rule in step S402. Specifically, step S402 may include:

The identity information is authenticated by using a first public key, wherein the first public key is generated by the security chip and corresponds to the first private key.

The identity information encrypted by the first private key is a piece of ciphertext. If the ciphertext can be decrypted by the first public key corresponding to the first private key, the identity of the IoT device is legal and the authentication is passed; if the decryption fails, the identity of the IoT device is invalid. , IoT authentication failed.

After verifying that the identity of the IoT device is legal, the plaintext of the identity information is decrypted, and the first server can match the corresponding first token from the database based on the plaintext. And through step S403, the payment information is sent to the second server for authentication. In one example, the second server may be the transaction platform of the operator to which the payment card belongs (such as the UnionPay transaction platform corresponding to the UnionPay card). The second server verifies the card number, anti-counterfeiting code, and verification code in the payment information, and confirms the legitimacy of the payment information.

After the second server authenticates that the payment information of the user is legal, it generates a second token corresponding to the payment information. Exemplarily, the second token, as a business token, has a one-to-one relationship with the payment card in the payment information. When the payment information contains a payment card information, a first token can be generated; when the payment information contains When the information of multiple payment cards is included, multiple second tokens may be respectively generated corresponding to these payment cards.

After the second server generates the second token, the first server receives the second token sent by the second server through step S404, and combines the first token and the second token with the decrypted identity information and the payment The information is associated and bound to generate corresponding associated information, the associated information is stored in the database of the first server, and the associated information is sent to the IoT device and the mobile device respectively through step S405, and the IoT device stores the associated information The associated information enables subsequent transaction payments to be initiated based on the associated information, and the mobile device can display the associated information for the user to view.

In the embodiment of the present application, after the identity information of the IoT device is authenticated by the first server, the payment information is authenticated by the second server, thereby ensuring information security. The first server associates and binds the identity information and payment information of the IoT device with the unique device Token of the IoT device, and feeds it back to the IoT device for storage, so that it can be used in the security chip SE of the IoT device in subsequent payment scenarios. The saved payment information initiates transaction payment, so that IoT devices have independent payment capabilities. On the one hand, compared to traditional online transactions, the IoT device in the embodiment of the present application can initiate transaction payment based on the hardware foundation established by the security chip and the payment information and the first token that are safely stored and authenticated by the platform. Ensure transaction security and avoid the risk of information being maliciously cracked and attacked during the transmission of transaction information. On the other hand, the associated information authenticated by the authentication method of the embodiment of the application is stored in the IoT device and used in the scenario of subsequent transaction payment initiation. Compared with the traditional offline transaction that relies on the IC card to complete, the implementation When the Internet of Things device in the example initiates a transaction based on the payment information of the payment card, it can break away from the front-end's dependence on the IC card physical card body, which is conducive to improving transaction convenience.

Optionally, in order to meet various needs of the user, the embodiment of the present application may also allow the user to update the payment information stored in the IoT device. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the Internet of Things device for authentication and binding, or wants to delete the bound payment card, the authentication method may also include steps S406-S410, specifically The steps are as follows.

S406. Receive the identity information of the IoT device and the updated payment information of the user sent by the mobile device.

Based on the payment information displayed on the second interface on the mobile device, the user can generate corresponding updated payment information by inputting a new payment card or deleting a payment card, etc., and send the identity information and updated payment information to the first The server is authenticated.

S407. Authenticate the identity information through a preset rule.

S408. After the identity information is authenticated, send the updated payment information to the second server for authentication.

S409. Receive a third token sent by the second server, where the third token is generated after the second server passes the authentication of the updated payment information.

S410. Send the associated information after the first token and the third token are associated with the identity information and the updated payment information to the IoT device and the mobile device.

In this embodiment, the authentication process of the first server for the identity information of the IoT device is the same as the identity information authentication process of step S402 in the above embodiment, and the authentication process of the second server for updating the payment information is the same as the authentication process of the payment information in the above embodiment The process is the same, the second server generates a new technical Token after passing the authentication of the updated payment information, that is, the third token, and returns it to the second server, and the second server passes the first token, the third token, the identity The information and the updated payment information are bound to generate new associated information (that is, the third information), which is sent to the Internet of Things device for storage, and then sent to the mobile device for display to the user.

Fig. 5 shows a schematic flowchart of an authentication method provided by an embodiment of the present application. As shown in Figure 5, the method is applied to mobile devices, and the method includes steps S501-S503:

S501. Obtain the identity information of the IoT device and the payment information of the user, and the IoT device has a built-in first token;

S502. Send the identity information and payment information to the first server, so that after the first server passes the authentication of the identity information, send the payment information to the second server for authentication;

S503. Receive the second information sent by the first server, the second information includes the first token and the association information between the second token, the identity information and the payment information, wherein the The first token is determined by the first server according to the identity information, and the second token is generated after the second server authenticates the payment information.

Exemplarily, in order to enhance payment security, the processor of the IoT device, such as MCU (Micro Controller Unit, Micro Control Unit), is connected to a security chip SE (Secure Element), and the security chip SE presets a security domain to establish its IoT The security foundation for connected devices.

In addition to the first token stored safely in the security chip, it is also used to generate a key, which is an asymmetric key, and the key includes a first public key and a first private key, and the first private key is stored in In the security chip, the first public key is sent to the first server for storage. Therefore, in step S501, in obtaining the identity information of the IoT device and the payment information of the user, the identity information can be information encrypted by the first private key in the security chip of the IoT device, which can avoid information transmission during the authentication process The risk of information leakage that may lead to malicious analysis attacks.

In some examples, when the mobile device acquires the identity information of the IoT device, it may obtain it through parsing the identification code of the IoT device identity information, or obtain it through an MCU access interface provided by the IoT device.

Optionally, if the identity information of the Internet of Things device is obtained by parsing the identification code of the identity information of the Internet of Things device, the identification code may include acquisition request information, so that the mobile device scans the identification code to initiate a request to the Internet of Things device, and then the Internet of Things The device returns the identity information to the mobile device based on the request, and the mobile device obtains the payment information input by the user through the first interface after receiving the identity information.

Or, optionally, the identification code may include identity information such as the device ID and device manufacturer ID of the IoT device, and a page address link, and step S501 may specifically include steps S5011-S5013:

S5011. Obtain the identification code of the IoT device, where the identification code includes the identity information and page address of the IoT device;

S5012. According to the identification code, parse to obtain the identity information, and jump to the first interface corresponding to the page address;

S5013. Receive payment information input by the user from the first interface.

The mobile device obtains the identity information of the IoT device by scanning the identification code, and at the same time jumps to the first interface corresponding to the page address to receive the payment information input by the user from the first interface. In this embodiment, the convenience of inputting payment information can be improved by scanning a code for input.

After acquiring the identity information and payment information, the mobile device sends the identity information and payment information to the first server through step S502. In the first server, the legality of the identity information is first authenticated, and after the authentication of the identity information of the IoT device is passed, the first server sends the payment information to the second server, and then the user's payment is processed through the second server. certified.

Exemplarily, the first server may be an IoT device management platform. The mapping relationship between the IoT device and its corresponding first public key and device Token is stored in the database in advance in the first server. When the first server receives the identity information of the IoT device sent by the mobile terminal, it decrypts and authenticates the identity information through the first public key. If the decryption is successful, the identity of the IoT device is legal and the authentication is passed; Authentication failed.

After passing the authentication of the identity information of the IoT device, the first server determines the first token corresponding to the IoT device based on the analyzed identity information. At the same time, the first server also sends the user's payment information to the second server. Exemplarily, the second server may be the transaction platform of the operator to which the payment card belongs (such as the UnionPay transaction platform corresponding to the UnionPay card). The second server verifies the card number, anti-counterfeiting code, and verification code in the payment information to confirm the legitimacy of the payment information.

The second token generated by the second server is returned to the first server, and the first server determines the first token corresponding to the Internet of Things device, the second token returned by the second server, and the corresponding identity information and payment information Binding is performed to generate corresponding associated information, then the mobile device may receive the second information (that is, the associated information) sent by the first server through step S503, and display the second information for the user to view.

In the second information, one first token can correspond to one or more second tokens, that is, in the embodiment of this application, an IoT device is allowed to bind multiple payment cards for subsequent transactions, satisfying the needs of users. card payment requirements. In an example, in order to improve the convenience of subsequent payment, one of the payment cards can be set as the default payment card during the binding process of the above-mentioned associated information, and the corresponding default payment identifier can be marked in the associated information.

In the embodiment of the present application, based on the authentication method between the Internet of Things device and the platform implemented by the mobile device, transaction payment can be initiated through the payment information in the associated information stored in the security chip SE in the subsequent payment scenario. In this way, IoT devices authenticated by identity information and payment information can have separate payment capabilities in the subsequent payment process. On the one hand, compared with traditional online transactions, IoT devices in this embodiment of the application can be based on security The hardware foundation established by the chip initiates transaction payment based on the securely stored payment information and the first token certified by the platform to ensure transaction security and avoid the risk of transaction information being maliciously cracked and attacked during transmission. On the other hand, the associated information authenticated by the authentication method of the embodiment of the application is stored in the IoT device and used in the scenario of subsequent transaction payment initiation. Compared with the traditional offline transaction that relies on the IC card to complete, the implementation When the Internet of Things device in the example initiates a transaction based on the payment information of the payment card, it can break away from the front-end's dependence on the IC card physical card body, which is conducive to improving transaction convenience.

Optionally, in order to meet various needs of the user, the embodiment of the present application may also allow the user to update the payment information stored in the IoT device. Specifically, in this embodiment of the application, if the user needs to add a new payment card to the Internet of Things device for authentication and binding, or wants to delete the bound payment card, the authentication method may also include steps S504-S506:

S504. Obtain the identity information of the IoT device and the updated payment information of the user, and the IoT device has a built-in first token;

S505. Send the identity information and updated payment information to the first server, so that after the first server passes the authentication of the identity information, send the updated payment information to the second server for authentication;

S303. Receive fourth information sent by the first server, where the fourth information includes association information between the first token and the third token, the identity information, and the updated payment information, wherein, The first token is determined by the first server according to the identity information, and the third token is generated after the second server passes the authentication of the updated payment information.

Based on the payment information displayed on the second interface on the mobile device, the user can generate corresponding updated payment information by inputting operations such as adding a new payment card or deleting a payment card. The mobile device sends the identity information and updated payment information to the first server for authentication.

In this embodiment, the authentication process of the first server for the identity information of the IoT device is the same as the identity information authentication process in the above embodiment, and the authentication process of the second server for updating the payment information is the same as the authentication process of the payment information in the above embodiment , the second server generates a new technical Token after passing the authentication of the updated payment information, that is, the third token, and returns it to the second server, and the second server sends the first token, the third token, the identity information and The updated payment information is bound to generate new associated information (that is, the fourth information), which is sent to the Internet of Things device for storage, and then sent to the mobile device for display to the user.

It can be understood that, in the foregoing embodiments, after the same associated information is sent to different devices, it may be represented by different technical terms. For example, the first information and the second information may include the same associated information, and the third information and the second information may include the same associated information. The four information may include the same associated information.

Exemplarily, the aforementioned IoT device may be an electronic license plate.

After completing the authentication and binding of IoT devices and payment information through the information interaction between IoT devices, mobile devices, the first server and the second server, it can facilitate the participation of IoT devices in transaction payment scenarios and guarantee transactions safety. Therefore, the embodiment of the present application also provides a payment method.

Fig. 6 shows a schematic flowchart of a payment method provided by an embodiment of the present application. As shown in Figure 6, the method is applied to the first server, and the method includes steps S601-S605:

S601. Receive a transaction request sent by the IoT device, the transaction request includes transaction information corresponding to the transaction event, the first token and identity information of the IoT device, and the transaction information includes payment information;

S602. Obtain the first token by parsing from the transaction request;

S603. Determine the corresponding second token according to the first token and the pre-stored mapping information in the first server, where the pre-stored mapping information is the association information between the first token, the second token and the payment information;

S604. Send the second token and the transaction information to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the balance of the corresponding transaction event is performed by the third server based on the payment information Deduct operations and generate balance change information;

S605. Receive the balance change information sent by the second server, and forward it to the IoT device.

The first server in this embodiment of the present application may be an Internet of Things device management platform. In the payment method of the embodiment of the present application, the transaction payment is initiated based on the authenticated identity information and payment information and the first token stored in the security chip. Compared with the traditional online transaction, the legality of the transaction information is guaranteed, and the efficiency of the transaction is improved. Transaction security: Compared with the traditional IC card transaction, the method of the embodiment of the present application can realize the transaction process based on the payment information of the payment card, but not rely on the physical card body of the payment card, and improve the convenience of payment.

Optionally, in this embodiment of the application, as shown in FIG. 7 , when a transaction is performed, through step S701, the IoT device sends the transaction information corresponding to the transaction event, the first token of the IoT device stored in the security chip and identity information, encapsulate the data packet generating the transaction request, and send it to the first server.

The transaction information may include the time of the current transaction event, event identifier, payment information (such as the payment information of the default payment card), payment amount, and the like.

In the data packet of the transaction request, the transaction information, the first token and identity information of the Internet of Things device, etc., can be encrypted by the first private key in the security chip to ensure the security of sensitive information.

Correspondingly, after the first server receives the transaction request sent by the Internet of Things device through step S601, it obtains the first token from the transaction request through step S602, which may specifically include steps:

The first server pre-stores the associated information of the first public key, the first token, the second token, the identity information of the IoT device, and the payment information. The data packet of the transaction request is decrypted by using the first public key, and the plaintext of information such as the first token, identity information, and transaction information is decrypted. Then the corresponding second token can be determined according to the first token and the pre-stored mapping information in the first server through step S603, wherein the pre-stored mapping information is the associated information.

After confirming the second token corresponding to the transaction request, the first server sends a message including the second token and the transaction information to the second server through step S604. Exemplarily, the second server may be a transaction platform of the operator to which the payment card belongs (such as a UnionPay transaction platform corresponding to a UnionPay card). The second server pre-stores the mapping relationship data between the second token and the payment information, as shown in FIG. 7, through step S702, the second server can determine the corresponding payment information according to the second token in the message. legality.

After verifying that the payment information is legal, through step S703, the second server sends the payment amount and payment information (such as payment card number) in the transaction information to the third server. Exemplarily, the third server may be a card issuer system. Through step S704, the third server performs a balance deduction operation based on corresponding transaction events such as payment information and payment amount, and generates balance change information of the payment card. Through steps S705- S707. Return to the second server, and the second server returns step by step.

Therefore, the first server receives the balance change information sent by the second server through step S605, and forwards it to the IoT device to complete the transaction payment.

In addition, the term "and/or" in this article is only an association relationship describing associated objects, which means that there may be three relationships, for example, A and/or B may mean: A exists alone, A and B exist at the same time, There are three cases of B alone. In addition, the character "/" in this paper generally indicates that the associated objects before and after are in an "or" relationship.

It should be understood that in this embodiment of the present application, "B corresponding to A" means that B is associated with A, and B can be determined according to A. However, it should also be understood that determining B according to A does not mean determining B only according to A, and B may also be determined according to A and/or other information.

FIG. 8 shows a schematic structural diagram of an authentication device provided by an embodiment of the present application. As shown in Figure 8, the device is applied to an Internet of Things device, and the first token is built in the Internet of Things device, and the device includes:

The first sending module 801 is configured to provide the mobile device with the identity information of the IoT device, so that the mobile device sends the identity information and the user's payment information to the first server for authentication;

The first receiving module 802 is configured to receive second information sent by the first server, where the second information includes association information between the first token and the second token, the identity information, and the payment information , wherein the first token is determined after the first server authenticates the identity information, and the second token is generated after the second server authenticates the payment information;

A saving module 803, configured to save the first information.

In the embodiment of the present application, the identity information of the IoT device and the payment information of the user are obtained through the mobile device, and are sent together to the first server for authentication. After the first server authenticates the identity information of the IoT device, it can determine the first token of the IoT device based on the identity information, that is, the token of the IoT device does not need to be transmitted, and the IoT device can be pre-stored in the first server. The corresponding relationship between the device identity information and the first token, after verifying that the identity information of the IoT device is legal, it can be determined that the device corresponds to the first token; then the payment information is sent to the second server, and the second server authenticates the payment The legitimacy of the information, and after the authentication is passed, the second token is generated and returned to the first server, and the first server completes the binding of the corresponding IoT device, that is, associates the first token, the second token and the payment information, Sent to IoT devices for storage. In this way, before the payment is realized, the authentication is completed based on the device token of the Internet of Things device (ie, the first token, the same below) and the server, so as to ensure the security of the subsequent payment.

Optionally, in this embodiment of the application, the processor of the Internet of Things device, such as MCU (Micro Controller Unit, Micro Control Unit), is connected to a security chip SE (Secure Element), and the security chip SE presets a security domain to establish its IoT device. The security foundation for connected devices.

Exemplarily, the security chip SE of the IoT device can be used as a transaction security shield of the device, and based on its own high security performance, the hardware capability of the IoT device can be improved. And the first token is encrypted and stored in the security chip SE.

Optionally, in this embodiment of the application, the device may also include:

a first generation module, configured to generate a pair of keys through the security chip, the keys include a first public key and a first private key;

A sixth sending module, configured to send the first public key to the first server.

Correspondingly, the first sending module 801 can specifically be used for:

Exemplarily, the identity information of the Internet of Things may include one or more of a device ID (Identity Document, identity code), a device manufacturer ID, and a device chip ID (in this example, the serial number of the chip corresponding to the above-mentioned MCU of the device) kind.

The payment information input by the user may include one or more of payment card (such as bank card) card number, anti-counterfeiting code (such as security code CVN2, Card Validation Number 2) and verification code. In a specific example, the payment information may include one or more payment cards.

Exemplarily, the second token, as a business token, has a one-to-one relationship with the payment card in the payment information. When the payment information contains a payment card information, a first token can be generated; when the payment information contains When the information of multiple payment cards is included, multiple second tokens may be respectively generated corresponding to these payment cards.

Optionally, in this embodiment of the application, the device may also include:

The second providing module is configured to provide the mobile device with the identity information and payment information of the IoT device, so that the mobile device generates updated payment information according to the payment information, and sends the updated payment information and identity information To the first server authentication;

A seventh receiving module, configured to receive third information sent by the first server, where the third information includes the first token, the third token, the identity information, and the association information between the updated payment information , wherein the first token is determined after the first server authenticates the identity information, and the third token is generated after the second server authenticates the updated payment information;

A second saving module, configured to save the third information.

FIG. 9 shows a schematic structural diagram of an authentication device provided by an embodiment of the present application. As shown in Figure 9, the device is applied to the first server, and the device includes:

The second receiving module 901 is configured to receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

The first authentication module 902 is configured to authenticate the identity information through preset rules;

The second sending module 903 is configured to send the payment information to the second server for authentication after the identity information is authenticated;

The third receiving module 904 is configured to receive the second token sent by the second server, the second token is generated after the second server passes the authentication of the payment information;

The third sending module 905 is configured to send the associated information after the first token and the second token are associated with the identity information and the payment information to the IoT device and the mobile device.

In the embodiment of the present application, the first server may be an Internet of Things device management platform, and the first server may perform unified management on several Internet of Things devices. Obtain the identity information of the IoT device and the payment information of the user through the mobile device, and send them together to the first server for authentication. After the first server authenticates the identity information of the IoT device, it can determine the first token of the IoT device based on the identity information, that is, the token of the IoT device does not need to be transmitted, and the IoT device can be pre-stored in the first server. The corresponding relationship between the device identity information and the first token, after verifying that the identity information of the IoT device is legal, it can be determined that the device corresponds to the first token; then the payment information is sent to the second server, and the second server authenticates the payment The legitimacy of the information, and after the authentication is passed, the second token is generated and returned to the first server, and the first server completes the binding of the corresponding IoT device, that is, associates the first token, the second token and the payment information, Sent to IoT devices for storage. In this way, before the payment is realized, the authentication is completed based on the device token of the IoT device (that is, the first token, the same below) and the server to ensure the security of subsequent payments.

Optionally, in this embodiment of the application, the device may also include:

An eighth receiving module, configured to receive the first public key sent by the IoT device;

A third saving module, configured to save the first public key.

Exemplarily, the IoT identity information may include one or more of a device ID (Identity Document, identity code), a device manufacturer ID, and a device chip ID.

Optionally, in this embodiment of the application, the device may also include:

The ninth receiving module is used to receive the identity information of the IoT device and the updated payment information of the user sent by the mobile device;

A second authentication module, configured to authenticate the identity information through preset rules;

A ninth sending module, configured to send the updated payment information to the second server for authentication after the identity information is authenticated;

The tenth receiving module is configured to receive a third token sent by the second server, the third token is generated after the second server passes the authentication of the updated payment information;

A tenth sending module, configured to send association information after the first token and the third token are associated with the identity information and the updated payment information to the IoT device and the mobile device.

FIG. 10 shows a schematic structural diagram of an authentication device provided by an embodiment of the present application. As shown in Figure 10, the device is applied to mobile devices, and the device includes:

The first obtaining module 1001 is used to obtain the identity information of the IoT device and the payment information of the user, and the IoT device has a built-in first token;

The fourth sending module 1002 is configured to send the identity information and payment information to the first server, so that the first server sends the payment information to the second server for authentication after passing the authentication of the identity information;

The fourth receiving module 1003 is configured to receive the first information sent by the first server, the first information includes association information between the first token and the second token, the identity information and the payment information , wherein the first token is determined by the first server according to the identity information, and the second token is generated after the second server passes the authentication of the payment information.

In this embodiment of the present application, the identity information of the IoT device and the payment information of the user are acquired through the mobile device, and are sent together to the first server for authentication. After the first server authenticates the identity information of the IoT device, it can determine the first token of the IoT device based on the identity information, that is, the token of the IoT device does not need to be transmitted, and the IoT device can be pre-stored in the first server. The corresponding relationship between the device identity information and the first token, after verifying that the identity information of the IoT device is legal, it can be determined that the device corresponds to the first token; then the payment information is sent to the second server, and the second server authenticates the payment The legitimacy of the information, and after the authentication is passed, the second token is generated and returned to the first server, and the first server completes the binding of the corresponding IoT device, that is, associates the first token, the second token and the payment information, Sent to IoT devices for storage. In this way, before the payment is realized, the authentication is completed based on the device token of the Internet of Things device (ie, the first token, the same below) and the server, so as to ensure the security of the subsequent payment.

Optionally, in this embodiment of the application, the device may also include:

The second acquiring module is configured to acquire the identification code of the IoT device, the identification code including the identity information and the page address of the IoT device;

The second parsing module is configured to parse the identity information according to the identification code, and jump to the first interface corresponding to the page address;

An eleventh receiving module, configured to receive payment information input by the user through the first interface.

Optionally, in this embodiment of the application, the device may also include:

The third obtaining module is used to obtain the identity information of the Internet of Things device and the updated payment information of the user, and the first token is built in the Internet of Things device;

An eleventh sending module, configured to send the identity information and updated payment information to the first server, so that the first server sends the updated payment information to the second server after passing the authentication of the identity information certification;

A twelfth receiving module, configured to receive fourth information sent by the first server, the fourth information including the first token, the third token, the identity information and the updated payment information The associated information, wherein the first token is determined by the first server according to the identity information, and the third token is generated after the second server passes the authentication of the updated payment information.

FIG. 11 shows a schematic structural diagram of a payment device provided by an embodiment of the present application. As shown in Figure 11, the device is applied to the first server, and the device includes:

The fifth receiving module 1101 is configured to receive the transaction request sent by the IoT device, the transaction request is initiated based on the payment information saved by the IoT device, and the transaction request includes the transaction information corresponding to the transaction event, the first token and the identity of the IoT device information;

The first parsing module 1102 is configured to parse the transaction request to obtain the first token;

A determining module 1103, configured to determine a corresponding second token according to the first token and pre-stored mapping information in the first server, where the pre-stored mapping information is the association information of the first token, the second token, and payment information;

The fifth sending module 1104 is configured to send the second token and the transaction information to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the third server will send the payment information based on the payment information. Perform the balance deduction operation corresponding to the transaction event and generate balance change information;

The sixth receiving module 1105 is configured to receive the balance change information sent by the second server, and forward it to the IoT device.

The first server in this embodiment of the present application may be an Internet of Things device management platform. In the embodiment of this application, the transaction payment is initiated based on the authenticated identity information and payment information and the first token stored in the security chip. Compared with the traditional online transaction, the legality of the transaction information is guaranteed and the transaction security is improved. ; Compared with traditional IC card transactions, the method of the embodiment of the present application can realize the transaction process initiated based on the payment information of the payment card, but not relying on the physical card body of the payment card, and improve the convenience of payment.

It should be noted that all the relevant content of each step involved in the above method embodiments can be referred to the functional description of the corresponding functional module, and can achieve its corresponding technical effect. For the sake of concise description, it will not be repeated here.

FIG. 12 shows a schematic diagram of a hardware structure of an electronic device provided by an embodiment of the present application.

The electronic device may include a processor 1201 and a memory 1202 storing computer program instructions.

Specifically, the processor 1201 may include a central processing unit (CPU), or an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or may be configured to implement one or more integrated circuits in the embodiments of the present application.

Memory 1202 may include mass storage for data or instructions. By way of example and not limitation, memory 1202 may include a hard disk drive (Hard Disk Drive, HDD), a floppy disk drive, a flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a Universal Serial Bus (Universal Serial Bus, USB) drive or two or more Combinations of multiple of the above. Storage 1202 may include removable or non-removable (or fixed) media, where appropriate. Under appropriate circumstances, the storage 1202 can be inside or outside the comprehensive gateway disaster recovery device. In a particular embodiment, memory 1202 is a non-volatile solid-state memory.

Memory may include read only memory (ROM), random access memory (RAM), magnetic disk storage media devices, optical storage media devices, flash memory devices, electrical, optical, or other physical/tangible memory storage devices. Thus, in general, memory includes one or more tangible (non-transitory) computer-readable storage media (e.g., memory devices) encoded with software comprising computer-executable instructions, and when the software is executed (e.g., by one or multiple processors), it is operable to perform the operations described with reference to the authentication method or the payment method according to any of the above-mentioned embodiments of the present application.

The processor 1201 reads and executes the computer program instructions stored in the memory 1202 to implement the authentication method or payment method in any of the above embodiments.

In one example, the electronic device may further include a communication interface 1203 and a bus 1210 . Wherein, as shown in FIG. 12 , a processor 1201 , a memory 1202 , and a communication interface 1203 are connected through a bus 1210 to complete mutual communication.

The communication interface 1203 is mainly used to realize the communication between various modules, devices, units and/or devices in the embodiments of the present application.

Bus 1210 includes hardware, software, or both, and couples the components of the electronic device to each other. By way of example and not limitation, the bus may include Accelerated Graphics Port (AGP) or other graphics bus, Enhanced Industry Standard Architecture (EISA) bus, Front Side Bus (FSB), HyperTransport (HT) interconnect, Industry Standard Architecture (ISA) Bus, Infiniband Interconnect, Low Pin Count (LPC) Bus, Memory Bus, Micro Channel Architecture (MCA) Bus, Peripheral Component Interconnect (PCI) Bus, PCI-Express (PCI-X) Bus, Serial Advanced Technology Attachment (SATA) bus, Video Electronics Standards Association Local (VLB) bus or other suitable bus or a combination of two or more of these. Bus 1210 may comprise one or more buses, where appropriate. Although the embodiments of this application describe and illustrate a particular bus, this application contemplates any suitable bus or interconnect.

In addition, in combination with the authentication method or payment method in the foregoing embodiments, the embodiments of the present application may provide a computer storage medium for implementation. Computer program instructions are stored on the computer storage medium; when the computer program instructions are executed by a processor, the authentication method or payment method in any of the above embodiments is implemented.

In addition, in combination with the authentication method or payment method in the foregoing embodiments, the embodiments of the present application may provide a computer program product for implementation. When the instructions in the computer program product are executed by the processor of the electronic device, the electronic device is made to execute the authentication method or the payment method of any of the above embodiments. Examples of computer readable storage media include non-transitory computer readable storage media such as portable disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory) ), portable compact disc read-only memory (CD-ROM), optical storage devices, magnetic storage devices, etc.

It is to be understood that the application is not limited to the specific configurations and processes described above and shown in the figures. For conciseness, detailed descriptions of known methods are omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method process of the present application is not limited to the specific steps described and shown, and those skilled in the art may make various changes, modifications and additions, or change the order of the steps after understanding the spirit of the present application.

The functional modules shown in the above structural block diagrams may be implemented as hardware, software, firmware or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an application specific integrated circuit (ASIC), suitable firmware, a plug-in, a function card, or the like. When implemented in software, the elements of the present application are the programs or code segments employed to perform the required tasks. Programs or code segments can be stored in machine-readable media, or transmitted over transmission media or communication links by data signals carried in carrier waves. "Machine-readable medium" may include any medium that can store or transmit information. Examples of machine-readable media include electronic circuits, semiconductor memory devices, ROM, flash memory, erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, radio frequency (RF) links, and the like. Code segments may be downloaded via a computer network such as the Internet, an Intranet, or the like.

It should also be noted that the exemplary embodiments mentioned in this application describe some methods or systems based on a series of steps or devices. However, the present application is not limited to the order of the above steps, that is, the steps may be performed in the order mentioned in the embodiment, or may be different from the order in the embodiment, or several steps may be performed simultaneously.

Aspects of the present application are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present application. It will be understood that each block of the flowchart and/or block diagrams, and combinations of blocks in the flowchart and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine such that execution of these instructions via the processor of the computer or other programmable data processing apparatus enables Implementation of the functions/actions specified in one or more blocks of the flowchart and/or block diagrams. Such processors may be, but are not limited to, general purpose processors, special purpose processors, application specific processors, or field programmable logic circuits. It can also be understood that each block in the block diagrams and/or flowcharts and combinations of blocks in the block diagrams and/or flowcharts can also be realized by dedicated hardware for performing specified functions or actions, or can be implemented by dedicated hardware and Combination of computer instructions to achieve.

The above is only a specific implementation of the present application, and those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described systems, modules and units can refer to the foregoing method embodiments The corresponding process in , will not be repeated here. It should be understood that the protection scope of the present application is not limited thereto, and any person familiar with the technical field can easily think of various equivalent modifications or replacements within the technical scope disclosed in the application, and these modifications or replacements should cover all Within the protection scope of this application.

Claims

An authentication method applied to an Internet of Things device, the Internet of Things device has a built-in first token, and the method includes:

providing the mobile device with the identity information of the IoT device, so that the mobile device sends the identity information and the user's payment information to the first server for authentication;

Receive the first information sent by the first server, the first information includes the association information between the first token, the second token, the identity information, and the payment information, wherein the first order The card is determined after the first server passes the authentication of the identity information, and the second token is generated after the second server passes the authentication of the payment information;

Save the first information.
The method according to claim 1, wherein a security chip is provided in the IoT device,

Before said providing the identity information of the IoT device to the mobile device, the method further includes;

generating a pair of keys through the security chip, the keys including a first public key and a first private key;

sending the first public key to the first server;

The providing the identity information of the IoT device to the mobile device includes:

The identity information is encrypted by the first private key and then sent to the mobile device, so that after the mobile device sends the identity information to the first server, the identity information is encrypted by the first public key Information authentication.
The method according to claim 2, wherein the first token is encrypted and stored in the security chip.
The method according to claim 1, wherein the payment information corresponds to one or more payment cards, and there are one or more second tokens, and the second tokens are in one-to-one correspondence with the payment cards.
An authentication method applied to a first server, the method comprising:

Receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

Authenticating the identity information through preset rules;

After the identity information is authenticated, sending the payment information to the second server for authentication;

receiving a second token sent by a second server, where the second token is generated after the second server authenticates the payment information;

Sending association information after associating the first token and the second token with the identity information and the payment information to the Internet of Things device and the mobile device.
The method according to claim 5, wherein the identity information is information encrypted by a first private key, and the first private key is generated by a security chip of the IoT device;

The authenticating the identity information through preset rules includes:

The identity information is authenticated by a first public key, the first public key is generated for the security chip and corresponds to the first private key.
The method according to claim 6, wherein, before receiving the identity information of the IoT device and the payment information of the user sent by the mobile device, the method further comprises:

receiving the first public key sent by the IoT device;

Save the first public key.
The method according to claim 5, wherein the payment information corresponds to one or more payment cards, the second tokens are one or more, and the second tokens correspond to the payment cards one by one.
An authentication method applied to a mobile device, the method comprising:

Obtaining the identity information of the IoT device and the payment information of the user, the IoT device having a built-in first token;

Send the identity information and payment information to the first server, so that after the first server passes the authentication of the identity information, send the payment information to the second server for authentication;

receiving the second information sent by the first server, the second information including the first token and the association information between the second token and the identity information and the payment information, wherein the first A token is determined by the first server according to the identity information, and the second token is generated after the second server authenticates the payment information.
The method according to claim 9, wherein said obtaining the identity information of the IoT device and the payment information of the user comprises:

Acquiring the identification code of the IoT device, the identification code including the identity information and page address of the IoT device;

Analyzing the identity information according to the identification code, and jumping to the first interface corresponding to the page address;

The payment information input by the user from the first interface is received.
The method according to claim 10, wherein a security chip is provided in the IoT device, and the first token is encrypted and stored in the security chip.
The method according to claim 9, wherein the payment information corresponds to one or more payment cards, and there are one or more second tokens, and the second tokens correspond to the payment cards one by one.
A payment method applied to a first server, the method comprising:

receiving a transaction request sent by the IoT device, the transaction request including transaction information corresponding to the transaction event, the first token and identity information of the IoT device, and the transaction information including payment information;

Obtaining the first token by parsing from the transaction request;

Determine the corresponding second token according to the first token and the pre-stored mapping information in the first server, the pre-stored mapping information is the first token, the second token and the identity Information related to information and payment information;

Send the second token and the transaction information to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the third server performs the corresponding transaction based on the payment information. The balance deduction operation of the transaction event generates balance change information;

The balance change information sent by the second server is received and forwarded to the Internet of Things device.
The method according to claim 13, wherein the transaction request is information encrypted by a first private key on the Internet of Things device, and the first private key is generated by a security chip of the Internet of Things device;

The obtaining the first token by parsing from the transaction request includes:

The transaction request is decrypted by using a first public key to parse the transaction request to obtain the first token, the first public key is generated by the security chip and corresponds to the first private key.
An authentication device, applied to an Internet of Things device, the Internet of Things device has a first token built in, characterized in that the device includes:

The first sending module is used to provide the mobile device with the identity information of the IoT device, so that the mobile device sends the identity information and the user's payment information to the first server for authentication;

The first receiving module is configured to receive the second information sent by the first server, the second information includes association information between the first token and the second token, the identity information and the payment information, Wherein, the first token is determined after the first server authenticates the identity information, and the second token is generated after the second server authenticates the payment information;

A saving module, configured to save the first information.
An authentication device applied to a first server, characterized in that the device includes:

The second receiving module is used to receive the identity information of the IoT device and the payment information of the user sent by the mobile device;

a first authentication module, configured to authenticate the identity information through preset rules;

The second sending module is configured to send the payment information to a second server for authentication after the identity information is authenticated;

The third receiving module is configured to receive the second token sent by the second server, the second token is generated after the second server passes the authentication of the payment information;

A third sending module, configured to send association information after the first token and the second token are associated with the identity information and the payment information to the IoT device and the mobile device.
An authentication device applied to a mobile device, the device comprising:

The first obtaining module is used to obtain the identity information of the Internet of Things device and the payment information of the user, and the first token is built in the Internet of Things device;

A fourth sending module, configured to send the identity information and payment information to the first server, so that the first server sends the payment information to the second server for authentication after passing the authentication of the identity information;

The fourth receiving module is configured to receive the first information sent by the first server, the first information includes association information between the first token and the second token, the identity information and the payment information, Wherein, the first token is determined by the first server according to the identity information, and the second token is generated after the second server authenticates the payment information.
A payment device applied to a first server, the device comprising:

The fifth receiving module is configured to receive a transaction request sent by the Internet of Things device, the transaction request includes transaction information corresponding to the transaction event, the first token and identity information of the Internet of Things device, and the transaction information includes payment information;

A first parsing module, configured to parse the transaction request to obtain the first token;

A determining module, configured to determine a corresponding second token according to the first token and pre-stored mapping information in the first server, where the pre-stored mapping information is the first token, the second command The association information between the card and the identity information and payment information;

The fifth sending module is configured to send the second token to the second server, so that after the second server passes the verification of the payment information corresponding to the second token, the third server performs corresponding payment based on the payment information The balance deduction operation of the transaction event and generate balance change information;

A sixth receiving module, configured to receive the balance change information sent by the second server, and forward it to the Internet of Things device.
An electronic device, comprising: a processor and a memory storing computer program instructions;

When the processor executes the computer program instructions, the method according to any one of claims 1-4, or claims 5-8, or claims 9-12, or any one of claims 13-14 is implemented.
A computer storage medium, on which computer program instructions are stored, and when the computer program instructions are executed by a processor, claims 1-4, or claims 5-8, or claims 9-12, Or the method described in any one of claims 13-14.
A computer program product, when the instructions in the computer program product are executed by the processor of the electronic device, the electronic device is executed as claimed in claims 1-4, or claims 5-8, or claims 9-12, Or the method described in any one of claims 13-14.