Summary of the invention
Object of the present invention is exactly security in order to solve mobile payment and compatibility issue, and provides a kind of mobile-payment system based on the virtual card number of bank and method, compatible non-banking system Third-party payment account can carry out the mobile payment operation of high security.
Object of the present invention can be achieved through the following technical solutions:
A kind of mobile-payment system based on the virtual card number of bank, comprise payment devices, issuers server, Third-party payment server, POS, receive single file server, card organization server, merchant server and BVA SP (BankVirtual Account Service Provider, the virtual account service provider of bank) server, described payment devices connects POS respectively, issuers server, merchant server and BVA SP server, described POS connects receipts single file server, described receipts single file server Connection Card organization server, described card organization server connects issuers server, described issuers server connects BVA SP server, described BVA SP server connects Third-party payment server and merchant server respectively,
Payment devices directly accepts the payment request (short range represents that payment devices is on-the-spot in payment) that POS short range is initiated, or the payment request (long-range expression payment devices is not on-the-spot in payment) of the long-range initiation of merchant server is accepted through BVA SP server, or directly request deposited by long-range circle of initiating to BVA SP server, payment devices generates and is used for as paying primary account number (the Primary Account Number asking or enclose request of depositing, PAN) the virtual card number of bank, POS is passed through in payment request, receive single file server, the request of depositing of the transfer transmission of card organization server or circle sends to issuers server by the transfer transmission of BVA SP server, payment devices is fed back to after issuers server process, complete to pay or enclose and deposit,
When payment devices use Third-party payment account carry out paying or enclose deposit time, issuers server passes through transfer transmission and the Third-party payment server communication of BVASP server, after request is deposited in validation of payment request or circle, feed back to payment devices, complete to pay or enclose and deposit.
Described payment devices is the electric terminal equipment supporting mobile payment, comprises following functions module:
For controlling the CPU of modules and computation key;
For exchanging the short range payment module of payment data with POS, described short range payment module includes but not limited to NFC module, magnetic stripe module, contact IC module and bluetooth module;
For the embedded-type security element of storage key data;
For the communication module communicated with issuers server, BVA SP server, merchant server.
Described issuers server comprises following functions module:
For controlling the CPU of modules and computation key;
For the key database of storage key data;
For storing the payment data storehouse of payment data;
For the communication module with payment devices, card organization server, BVA SP server communication;
Described Third-party payment server comprises following functions module:
For controlling the CPU of modules;
For storing the payment data storehouse of payment data;
For the communication module with BVA SP server communication;
Described merchant server comprises following functions module:
For controlling the CPU of modules;
For storing the payment data storehouse of payment data;
For the communication module with payment devices, BVA SP server communication;
Described BVA SP server, POS, receipts single file server and card organization server include following functions module:
For controlling the CPU of modules;
For storing the interim data storehouse of interim data;
For setting up the communication module of communication network;
Described POS also comprises the short range payment module for communicating with payment devices.
Realize the method for mobile payment based on the virtual card number of bank according to above-mentioned system, comprise the following steps:
Step S1: payment devices binds the true card number of at least one Zhang Yinhang, and obtain the key based on the true card number of this bank by this mode that bank's cabinet dough figurine work stores or download online stores, continue other Third-party payment accounts of binding according to the certification binding flow process of Third-party payment server simultaneously, when binding completes, generate the sequence number of binding card number or account in order, sequence number identifies this binding card number or account;
Step S2: payment devices directly accepts the payment request that POS short range is initiated, or the payment request of the long-range initiation of merchant server is accepted through BVA SP server, or directly request deposited by long-range circle of initiating to BVA SP server, payment devices is encrypted the true card number of bank, the virtual card number of bank that this payment of stochastic generation or circle are deposited, and to be sent to issuers server by the short range modes of payments or remote payment mode virtual for this bank card number is deposited request as the payment request of primary account number or circle, wherein, the short range modes of payments comprises short range on-line payment mode and short range offline electronic payment mode, remote payment mode comprises the remote online modes of payments and electronic cash payment mode deposited by long-range circle,
Step S3: issuers server accepts to pay request or enclose to deposit request, the true card number of rear acquisition bank is decrypted to the virtual card number of bank, judge that this pays or circle deposits whether use the true card number of the bank of this issuers server, if not, perform step S4, if so, issuers server generates to pay or enclose and deposits requests verification result, performs step S5;
Step S4: issuers server will pay request forward to corresponding Third-party payment server by BVA SP server, Third-party payment server generates to pay or enclose deposits requests verification result, and through BVA SP server forwards to issuers server;
Step S5: payment or circle are deposited requests verification result feedback to payment devices by issuers server, completes this payment or circle is deposited.
Described short range on-line payment mode comprises the following steps:
101:POS initiates to pay request, payment devices generates this virtual card number of bank paid, responded the payment request of POS initiation using the virtual card number of this bank as primary account number by short-haul connections mode, short-haul connections mode includes but not limited to NFC communication mode, magnetic stripe communication mode, contact IC communication mode and Blue-tooth communication method;
102:POS will pay request forward to receiving single file server by network special line;
103: receive single file server and will pay request forward to card organization server by network special line;
104: card organization server will pay request forward to corresponding issuers server according to the BIN in the virtual card number of bank, the current card number of issuers server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank and sequence number, judge whether this payment uses the true card number of the bank of this issuers server, if not, perform step 105, if, then issuers server carries out validation verification to payment request, and performs step 109;
105: issuers server by paying request, the user ID of binding with the true card number of this bank and sequence number be transmitted to BVA SP server;
106:BVA SP server will pay request forward to corresponding Third-party payment server according to user ID and sequence number;
107: Third-party payment server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server;
108:BVA SP server will pay requests verification result feedback to issuers server;
109: issuers server will pay requests verification result feedback to card organization server;
110: card organization server will pay requests verification result feedback to receiving single file server;
111: receive single file server and will pay requests verification result feedback to POS;
112:POS this locality completes payment requests verification, and will pay requests verification result feedback to payment devices, completes this and pays.
Described short range offline electronic payment mode comprises the following steps:
201:POS initiates to pay request, payment devices generates this virtual card number of bank paid, and being responded the payment request of POS initiation using the virtual card number of this bank as primary account number by short-haul connections mode, short-haul connections mode includes but not limited to NFC communication mode, magnetic stripe communication mode, contact IC communication mode and Blue-tooth communication method;
202:POS this locality completes payment requests verification, and will pay requests verification result feedback to payment devices, completes this and pays;
All payment request batches in Offtime section are transmitted to receipts single file server by network special line is asynchronous by 203:POS;
204: receive single file server by special line asynchronous by the payment request forward of batch to card organization server;
205: card organization server will pay request forward to corresponding issuers server according to the BIN in the virtual card number of bank, the current card number of issuers server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank and sequence number, judge whether this payment uses the true card number of the bank of this issuers server, if not, perform step 206, if, then issuers server carries out validation verification to payment request, and performs step 210;
206: issuers server by paying request, the user ID of binding with the true card number of this bank and sequence number be transmitted to BVA SP server;
207:BVA SP server will pay request forward to corresponding Third-party payment server according to user ID and sequence number;
208: Third-party payment server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server;
209:BVA SP server will pay requests verification result feedback to issuers server;
210: issuers server will pay requests verification result feedback to card organization server;
211: card organization server will pay requests verification result feedback to receiving single file server;
212: receive single file server and will pay requests verification result feedback to POS.
Described long-range circle is deposited electronic cash payment mode and is comprised the following steps:
301: payment devices generates this virtual card number of bank paid, and deposit request by communication using the virtual card number of this bank as primary account number to BVA SP server initiation circle;
Circle is deposited request forward to corresponding credit card issuer according to the BIN in the virtual card number of bank by 302:BVA SP server, the current card number of issuers server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank and sequence number, judge whether this payment uses the true card number of the bank of this issuers server, if not, perform step 303, if, then issuers server carries out validation verification to the circle request of depositing, and performs step 307;
303: the user ID of binding with this bank true card number and sequence number are transmitted to BVASP server by issuers server;
Circle is deposited request forward to corresponding Third-party payment server according to user ID and sequence number by 304:BVA SP server;
305: Third-party payment server carries out validation verification to the circle request of depositing, and circle is deposited requests verification result feedback to BVA SP server;
Circle is deposited requests verification result feedback to issuers server by 306:BVA SP server;
307: circle is deposited requests verification result feedback to payment devices by issuers server, complete this circle and deposit.
The described remote online modes of payments comprises the following steps:
401: user initiates to pay request to BVA SP server at the payment platform of merchant server;
402:BVP SP server is sent to payment devices by communication;
403: payment devices generates this virtual card number of bank paid, and is responded the payment request initiated by merchant server to BVA SP server using the virtual card number of this bank as primary account number by communication;
404:BVA SP server will pay request forward to corresponding issuers server according to the BIN in the virtual card number of bank, the current card number of issuers server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank and sequence number, judge whether this payment uses the true card number of the bank of this issuers server, if not, perform step 405, if, then issuers server carries out validation verification to payment request, and performs step 409;
405: the user ID of binding with this bank true card number and sequence number are transmitted to BVASP server by issuers server;
406:BVA SP server will pay request forward to corresponding Third-party payment server according to user ID and sequence number;
407: Third-party payment server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server;
408:BVA SP server will pay requests verification result feedback to issuers server;
409: issuers server will pay requests verification result feedback to merchant server;
410: merchant server will pay requests verification result feedback to payment devices, complete this and pay.
The virtual card number of described bank is that encryption generates on the basis of the true card number of bank of binding, the figure place Q of the true card number of bank
1with the figure place Q of the virtual card number of bank
2meet the figure place collection Q of card organization prescribed, i.e. Q
1, Q
2∈ Q, Q ∈ { 16,17,18,19}.
The content of the true card number of described bank comprises BIN, identification code, fixed value, client's serial number and check code, wherein:
Described BIN field comprises n
1bit digital, is designated as B, n
1=6;
Described identification code field comprises n
2bit digital, is designated as S, if BIN field is used for identifying whether as the virtual card number of bank, and n
2=0, i.e. not Identification display code field in card number, otherwise, n
2=1, identification code is used for identifying whether as the virtual card number of bank;
Described fixed value field comprises n
3bit digital, is designated as G, n
3∈ 0,1 ..., 4}, is set by credit card issuer, can be used for the branch and the subbranch that identify hair fastener, also can be used for the Currency Type and other the self-defined recognition functions that identify bank card support, if n
3=0, namely do not show fixed value field in card number;
Described client's serial number field comprises n
4bit digital, is designated as L, n
4∈ 4,5 ..., 12} is for identifying client identity, when there being fixed value field in credit card issuer setting card number, corresponding with fixed value field;
Described check code field is by (the n before this by card organizational standard
1+ n
2+ n
3+ n
4) 1 bit digital that bit digital is calculated by Luhn algorithm, be designated as J, then Q
1=n
1+ n
2+ n
3+ n
4+ 1, the true card number of bank is B+S+G+L+J;
The content of the virtual card number of described bank comprises BIN, identification code, fixed value, encryption client serial number and check code, wherein:
Described BIN field comprises n
1bit digital, is designated as B;
Described identification code field comprises n
2bit digital, is designated as S, if BIN field is used for identifying whether as the virtual card number of bank, and n
2=0, i.e. not Identification display code field in card number, otherwise, n
2=1, identification code is used for identifying whether as the virtual card number of bank;
Described fixed value field comprises n
3bit digital, is designated as G, n
3∈ { 0,1, ..., 4}, is set by credit card issuer, can be used for the branch and the subbranch that identify hair fastener, also can be used for the Currency Type and other the self-defined recognition functions that identify bank card support, undertaken casting out or retaining, if cast out by credit card issuer setting in the virtual card number of bank, then in the virtual card number of bank, do not show fixed value field, when the virtual card number of deciphering bank according to client's serial number reduction fixed value;
Described encryption client serial number field comprises n
5bit digital, is designated as L', n
5∈ 5,6 ..., 12}, and n
5> n
4;
Described check code field is by (the n before this by card organizational standard
1+ n
2+ n
3+ n
5) or (n
1+ n
2+ n
5) 1 bit digital that bit digital is calculated by Luhn algorithm, be designated as J', then Q
2=n
1+ n
2+ n
3+ n
5+ 1 or Q
2=n
1+ n
2+ n
5+ 1, the virtual card number of bank is B+S+G+L'+J' or B+S+L'+J', B, S, G field of the virtual card number of bank is identical with B, S, G field of the true card number of bank, because fixed value field may be cast out, so the virtual card number of bank exists above-mentioned two situations by credit card issuer setting when being encrypted as the virtual card number of bank;
Described payment devices and issuers server are equipped with the key for encrypting, deciphering, and comprise payment cipher key T
1with KI T
2, T
1for the key that all users are consistent, for true for bank card number being encrypted as the virtual card number of bank, T
2for the key that each user uniquely uses, upgrade T as the regular mode by download online
1time identification authentication key;
The step of the true card number of described payment devices encryption bank comprises:
A: each payment or circle are deposited, payment devices obtains the value of the X this time used, the value of X is for indicating the 1-2 position sequence number that this true card number of bank used or Third-party payment account are bound in payment devices, 0<X<99, again by the arrangement of L and X order, and by T
1encryption generates L'
B: carry out casting out or retaining G according to credit card issuer setting, then obtain J' after being calculated by Luhn algorithm, B+S+G+L'+J' or B+S+L'+J' is combined, obtains the virtual card number of bank being used for this and paying, complete encryption;
The step of the virtual card number of described issuers server deciphering bank comprises:
A: after issuers server receives the virtual card number of bank, whether first legal by Luhn algorithm verification J', if so, then perform step b, if not, then feedback pays request failure information;
B: use T
1deciphering L', thus obtain L and X;
C: obtain J after being calculated by B+S+G+L by Luhn algorithm, if G is cast out by credit card issuer setting when encrypting, then obtain corresponding G according to L, then B+S+G+L+J is combined, obtain the true card number of bank being used for this and paying, complete deciphering.
Compared with prior art, the present invention has the following advantages:
1) pass through to use secret key encryption mode at each transaction virtual card number of bank that all generation one is random, thus avoid the risk of bank's card number and the leakage of Third-party payment account, significantly improve the security of mobile payment.The virtual card number of bank, in ciphering process, uses T
1the Bank Account Number use client's serial number and this payment transaction or the sequence number of third party's account carry out accidental enciphering, thus realize generating the virtual card number of unduplicated bank.
2) generate meet the virtual card number of bank of card organizational norms by paying request for the short range of Third-party payment account, thus make Third-party payment account and can dodge and pay a function and carry out mobile payment by the magnetic stripe of POS, contact IC.Under the prerequisite not transforming POS, greatly improve the compatibility of POS and non-banking system Third-party payment account.
3) by depositing the support of request to the long-range circle of Third-party payment account, make the Third-party payment account of user can carry out all kinds of quick payment under off-line state, improve the experience of user and add the payment scene of Third-party payment account.
4) multiple bank cards and multiple Third-party payment account can be bound by a payment devices, solve the problem that user need carry with multiple bank cards and multiple payment devices, improve the convenience of user.
5) the virtual account service provider server of bank is added in mobile payment link, the situation not using the true card number of the bank of this issuers server is deposited for payment or circle, establish Third-party payment company to communicate with between issuers server, can transmit and virtual for this bank card number is deposited request as the payment request of primary account number or circle, under achieving line, pay the function of Third-party payment in scene.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.The present embodiment is implemented premised on technical solution of the present invention, give detailed embodiment and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
Embodiment one
As shown in Figure 1, a kind of mobile-payment system based on the virtual card number of bank comprises payment devices 1, issuers server 2, Third-party payment server 3, POS4, receive single file server 5, card organization server 6, merchant server 7 and BVA SP server 8, payment devices 1 connects POS4 respectively, issuers server 2, merchant server 7 and BVA SP server 8, POS4 connects receipts single file server 5, receive single file server 5 Connection Card organization server 6, card organization server 6 connects issuers server 2, issuers server 2 connects BVA SP server 8, BVA SP server 8 connects Third-party payment server 3 and merchant server 7 respectively.Wherein, payment devices 1 includes but not limited to that the electric terminal equipment of mobile payment can be carried with, be supported to multi-purpose card, mobile phone, panel computer, intelligent watch and Intelligent bracelet etc.; Issuers server 2 comprises the server of the commercial banks such as industrial and commercial bank, Construction Bank and Bank of Communications; Third-party payment server 3 comprises the commercial bank of non-credit card issuer and Alipay, China fir moral card etc. have the relevant server paying the Third-party payment company of licence plate; Receive single file server 5 to comprise the commercial bank such as industrial and commercial bank, Construction Bank and easy treasured, pay to the inferior server with the Third-party payment company of receiving single qualification in sky; Card organization server 6 comprises the server of the clearing organization such as China Unionpay, VISA and MASTER; Merchant server 7 comprises Taobao, takes the server that there are the trade company of mobile payment demand in journey and U.S. group etc.
Payment devices 1 directly accepts POS4 at payment scene and (includes but not limited to NFC communication mode by short-haul connections mode, magnetic stripe communication mode, contact IC communication mode and Blue-tooth communication method) the payment request initiated, or the payment request of the long-range initiation of merchant server 7 is accepted through BVA SP server 8, or directly long-rangely initiate circle to BVA SP server 8 and deposit request, payment devices 1 generates and is used for as paying request or enclosing the virtual card number of bank depositing the primary account number of request, POS4 is passed through in payment request, receive single file server 5, the request of depositing of the transfer transmission of card organization server 6 or circle sends to issuers server 2 by the transfer transmission of BVA SP server 8, issuers server 2 feeds back to payment devices 1 after processing, complete to pay or enclose and deposit,
When payment devices 1 use Third-party payment account (comprising the true card number of other banks of non-credit card issuer and the payment accounts of non-banking system Third-party payment company) carry out paying or enclose deposit time, then issuers server 2 is communicated with Third-party payment server 3 by the transfer transmission of BVA SP server 8, after request is deposited in validation of payment request or circle, feed back to payment devices 1, complete to pay or enclose and deposit.
Payment devices 1 can be the terminal device that mobile phone, flat board, intelligent watch and Intelligent bracelet etc. support mobile payment, as the user's link in mobile-payment system, mainly comprises with lower module:
For controlling the CPU15 of modules and computation key;
For exchanging the short range payment module 9 of payment data with POS4, short range payment module 9 includes but not limited to NFC module, magnetic stripe module, contact IC module and bluetooth module;
For the embedded-type security element (Embedded Secure Equipment, eSE) 10 of storage key data;
For the communication module 11 communicated with issuers server 2, BVA SP server 8, merchant server 7.
Issuers server 2, as the encryption and decryption in mobile-payment system and payment (circle is deposited) requests verification link, comprising:
For controlling the CPU15 of modules and computation key;
For the key database 13 of storage key data;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 communicated with payment devices 1, card organization server 6, BVA SP server 8;
Third-party payment server 3, as payment (circle is deposited) requests verification link, comprising:
For controlling the CPU15 of modules;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 communicated with BVA SP server 8 by network special line.
Merchant server 7 comprises following functions module:
For controlling the CPU15 of modules;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 communicated with payment devices 1, BVA SP server 8.
BVA SP server 8, POS4, receipts single file server 5 and card organization server 6, as swivel link in mobile-payment system, include:
For controlling the CPU15 of modules;
For storing the interim data storehouse 12 of interim data;
For setting up the communication module 11 of network special line communication.
POS4 also comprises the short range payment module 9 for communicating with payment devices 1.
For the mobile-payment system that NFC mobile phone (i.e. payment devices 1), China Merchants Bank's server (i.e. issuers server 2), Alipay server (i.e. Third-party payment server 3), POS4, industrial and commercial bank's server (namely receiving single file server 5), Unionpay's server (i.e. card organization server 6), Taobao's server (i.e. merchant server 7) and BVA SP server 8 are formed, as shown in Figure 2, the method for mobile payment realized in the present embodiment system based on the virtual card number of bank comprises the following steps:
The true card number of step S1:NFC handset binding China Merchants Bank, and obtain the key based on the true card number of this bank by this mode that bank's cabinet dough figurine work stores or download online stores, simultaneously according to the certification binding flow process binding Alipay account of Alipay server, when binding completes, generate the sequence number of binding card number or account in order, in order to identify this binding card number or account;
Step S2:NFC mobile phone directly accepts POS4, and by short-haul connections mode, (short-haul connections mode includes but not limited to NFC communication mode, magnetic stripe communication mode, contact IC communication mode and Blue-tooth communication method, NFC mobile phone adopts NFC communication mode herein) the payment request initiated, or the payment request of Taobao's Server remote initiation is accepted through BVA SP server 8, or directly long-rangely initiate circle to BVA SP server 8 and deposit request, NFC mobile phone is encrypted the true card number of bank, the virtual card number of bank that this payment of stochastic generation or circle are deposited, and to be sent to China Merchants Bank's server by the short range modes of payments or remote payment mode virtual for this bank card number is deposited request as the payment request of primary account number or circle, wherein, the short range modes of payments comprises short range on-line payment mode and short range offline electronic payment mode, remote payment mode comprises long-range circle and deposits electronic cash payment mode and the remote online modes of payments,
Step S3: China Merchants Bank's server accepts to pay request or enclose to deposit request, the true card number of rear acquisition bank is decrypted to the virtual card number of bank, judge that this pays or circle deposits whether use the true card number of the bank of this China Merchants Bank's server, if not, perform step S4, if so, China Merchants Bank's server generates to pay or enclose and deposits requests verification result, performs step S5;
Step S4: payment or circle are deposited request forward to corresponding Alipay server by BVA SP server 8 by China Merchants Bank's server, Alipay server generates to pay or enclose deposits requests verification result, and is transmitted to China Merchants Bank's server through BVA SP server 8;
Step S5: payment or circle are deposited requests verification result feedback to NFC mobile phone by China Merchants Bank's server, completes this payment or circle is deposited.
Wherein, the virtual card number of bank is that encryption generates on the basis of the true card number of bank of binding, the figure place Q of the true card number of bank
1with the figure place Q of the virtual card number of bank
2meet the figure place collection Q of card organization prescribed, i.e. Q
1, Q
2∈ Q, Q ∈ { 16,17,18,19}.
The content of the true card number of bank comprises BIN, identification code, fixed value, client's serial number and check code, wherein:
BIN field comprises n
1bit digital, is designated as B, n
1=6;
Identification code field comprises n
2bit digital, is designated as S, if BIN field is used for identifying whether as the virtual card number of bank, and n
2=0, i.e. not Identification display code field in card number, otherwise, n
2=1, identification code is used for identifying whether as the virtual card number of bank;
Fixed value field comprises n
3bit digital, is designated as G, n
3∈ 0,1 ..., 4}, is set by credit card issuer, can be used for the branch and the subbranch that identify hair fastener, also can be used for the Currency Type and other the self-defined recognition functions that identify bank card support, if n
3=0, namely do not show fixed value field in card number;
Client's serial number field comprises n
4bit digital, is designated as L, n
4∈ 4,5 ..., 12} is for identifying client identity, when there being fixed value field in credit card issuer setting card number, corresponding with fixed value field;
Check code field is by (the n before this by card organizational standard
1+ n
2+ n
3+ n
4) 1 bit digital that bit digital is calculated by Luhn algorithm, be designated as J, then Q
1=n
1+ n
2+ n
3+ n
4+ 1, the true card number of bank is B+S+G+L+J;
The content of the virtual card number of bank comprises BIN, identification code, fixed value, encryption client serial number and check code, wherein:
BIN field comprises n
1bit digital, is designated as B;
Identification code field comprises n
2bit digital, is designated as S, if BIN field is used for identifying whether as the virtual card number of bank, and n
2=0, otherwise, n
2=1, identification code is used for identifying whether as the virtual card number of bank;
Fixed value field comprises n
3bit digital, is designated as G, n
3∈ { 0,1, ..., 4}, is set by credit card issuer, can be used for the branch and the subbranch that identify hair fastener, also can be used for the Currency Type and other the self-defined recognition functions that identify bank card support, undertaken casting out or retaining, if cast out by credit card issuer setting in the virtual card number of bank, then in the virtual card number of bank, do not show fixed value field, when the virtual card number of deciphering bank according to client's serial number reduction fixed value;
Encryption client serial number field comprises n
5bit digital, is designated as L', n
5∈ 5,6 ..., 12}, and n
5> n
4;
Check code field is by (the n before this by card organizational standard
1+ n
2+ n
3+ n
5) or (n
1+ n
2+ n
5) 1 bit digital that bit digital is calculated by Luhn algorithm, be designated as J', then Q
2=n
1+ n
2+ n
3+ n
5+ 1 or Q
2=n
1+ n
2+ n
5+ 1, the virtual card number of bank is B+S+G+L'+J' or B+S+L'+J', B, S, G field of the virtual card number of bank is identical with B, S, G field of the true card number of bank, because fixed value field may be cast out, so the virtual card number of bank exists above-mentioned two situations by credit card issuer setting when being encrypted as the virtual card number of bank;
Payment devices 1 and issuers server 2 are equipped with the key for encrypting, deciphering, and comprise payment cipher key T
1with KI T
2, T
1for the key that all users are consistent, for true for bank card number being encrypted as the virtual card number of bank, T
2for the key that each user uniquely uses, upgrade T as the regular mode by download online
1time identification authentication key;
In embodiment one, China Merchants Bank's 16 true card numbers are 6,225 8,801 1,234 5675, wherein:
622588 is BIN field, is designated as B;
0 is identification code field, is designated as S;
11 is fixed value field, is designated as G;
234567 is client's serial number field, is designated as L;
5 is check code field, is designated as J.
The step of NFC mobile phone encryption comprises:
A:NFC mobile phone obtains the X (X=01) this time used, then by the arrangement of L and X order, and by T
1encryption generates encryption client serial number 43211234, i.e. L';
B: by Luhn algorithm by B+S+G+L', (i.e. 622588+0+11+43211234) obtains J'(J'=8 after calculating), again B+S+G+L'+J' is combined, obtain the virtual card number 6,222 6,001 1,432 1,123 48 of 18 China Merchants Banks being used for this and paying, complete encryption.
The step of China Merchants Bank's server deciphering comprises:
A: after China Merchants Bank's server receives the virtual card number of China Merchants Bank, whether first legal by Luhn algorithm verification J', if so, then perform step b, if not, then feedback pays request failure information;
B: use T
1deciphering L', thus obtain L and X;
C: obtain J after being calculated by B+S+G+L by Luhn algorithm, then B+S+G+L+J is combined, obtain the true card number 6,225 8,801 1,234 5675 of 16 China Merchants Banks being used for this and paying, complete deciphering.
Below four kinds of modes of payments are specifically described:
When user uses NFC mobile phone to be paid at POS4 place of trade company by short-haul connections mode, if when electronic cash balances is not enough or this trade company's mandatory requirement networking online verification pays legitimacy, then the mode of online verification (namely POS4 needs networking certification) must be used to carry out meeting the mobile payment of Unionpay's specification.As shown in Figure 3, short range on-line payment mode comprises the following steps (step that the dotted line in Fig. 3 represents the just needs execution when account publisher is Third-party payment company):
101:POS4 initiates to pay request, NFC mobile phone generates this virtual card number of bank paid, responded the payment request of POS4 initiation using the virtual card number of this bank as primary account number by short-haul connections mode, wherein need to change the primary account number that is transferred to POS4 and the 2nd, primary account number information in 3 magnetic tracks, pay in request and comprise the data messages such as primary account number, the card term of validity, card sequence number, the 2nd track data and the 3rd track data;
102:POS4 will pay request forward to industrial and commercial bank's server by network special line;
103: industrial and commercial bank's server will pay request forward to Unionpay's server by network special line;
104: according to the BIN in the virtual card number of bank, (card tissue distributes to 6 bit digital BIN fields of credit card issuer to Unionpay's server, for identifying different credit card issuers) request forward will be paid to corresponding China Merchants Bank server, credit card issuer is according to identification code (1 bit digital identification code field of credit card issuer self-defining after 6 BIN, for identifying that this account uses bank's virtual card number modes of payments) judge that current card number is after the virtual card number of bank, it is decrypted, obtain the true card number of bank and sequence number, judge whether this payment uses the true card number of the bank of China Merchants Bank's server, if not, perform step 105, if, then China Merchants Bank's server carries out validation verification to payment request, and perform step 109,
105: by the user ID paying request, bind with this bank true card number, (user ID refers to the mobile device world identification code of NFC mobile phone to China Merchants Bank's server, International Mobile Equipment Identity, IMEI) and sequence number be transmitted to BVA SP server 8;
106:BVA SP server 8 will pay request forward to corresponding Alipay server according to user ID and sequence number;
107: Alipay server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server 8;
108:BVA SP server 8 will pay requests verification result feedback to China Merchants Bank's server;
109: China Merchants Bank's server will pay requests verification result feedback to Unionpay's server;
110: Unionpay's server will pay requests verification result feedback to industrial and commercial bank's server;
111: industrial and commercial bank's server will pay requests verification result feedback to POS4;
112:POS4 this locality completes payment requests verification, and will pay requests verification result feedback to NFC mobile phone, completes this and pays.
When user uses NFC mobile phone to be paid at POS4 place of trade company by short-haul connections mode, if enough and this trade company of electronic cash balances when mandatory requirement networking online verification does not pay legitimacy, then can use the mode of off-line verification (namely POS4 is without the need to networking certification) to carry out meeting the mobile payment of card organizational norms.As shown in Figure 4, short range offline electronic payment mode comprises the following steps (in Fig. 4, represented by dotted arrows just needs the step performed when account publisher is Third-party payment company, and dotted line represents the step of asynchronous execution):
201:POS4 initiates to pay request, NFC mobile phone generates this virtual card number of bank paid, and to respond by short-haul connections mode the payment request that POS4 initiates using the virtual card number of this bank as primary account number, namely change the primary account number being transferred to POS4 and the 2nd, primary account number information in 3 magnetic tracks;
202:POS4 this locality completes payment requests verification, and will pay requests verification result feedback to NFC mobile phone, completes this and pays;
All payment request batches in Offtime section are transmitted to industrial and commercial bank's server by network special line is asynchronous by 203:POS4;
204: industrial and commercial bank's server by special line asynchronous by batch payment request forward to Unionpay's server;
205: Unionpay's server will pay request forward to corresponding China Merchants Bank server according to the BIN in the virtual card number of bank, the current card number of China Merchants Bank's server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank, judge whether this payment uses the true card number of the bank of China Merchants Bank's server, if not, perform step 206, if, then China Merchants Bank's server carries out validation verification to payment request, and performs step 210;
206: China Merchants Bank's server by paying request, the user ID of binding with the true card number of this bank and sequence number be transmitted to BVA SP server 8;
207:BVA SP server 8 will pay request forward to the precious server of respective pay according to user ID and sequence number;
208: Alipay server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server 8;
209:BVA SP server 8 will pay requests verification result feedback to China Merchants Bank's server;
210: China Merchants Bank's server will pay requests verification result feedback to Unionpay's server;
211: Unionpay's server will pay requests verification result feedback to industrial and commercial bank's server;
212: industrial and commercial bank's server will pay requests verification result feedback to POS4.
When user use remote payment mode in NFC mobile phone to certain account of having bound carry out electronic cash circle deposit time, then must complete electronic cash circle by BVA SP direct connection credit card issuer to deposit, if account deposited by circle is Third-party payment company, then also must connect Third-party payment company.As shown in Figure 5, long-range circle is deposited electronic cash payment mode and is comprised the following steps (in Fig. 5 the same Fig. 3 of dotted line implication):
301:NFC mobile phone generates this virtual card number of bank paid, and initiates circle using the virtual card number of this bank as primary account number to BVA SP server 8 by communication and deposit request;
Circle is deposited request forward to corresponding credit card issuer according to the BIN in the virtual card number of bank by 302:BVA SP server 8, the current card number of China Merchants Bank's server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank, judge whether this payment uses the true card number of the bank of China Merchants Bank's server, if not, perform step 303, if, then China Merchants Bank's server carries out validation verification to the circle request of depositing, and performs step 307;
303: the user ID of binding with this bank true card number and sequence number are transmitted to BVASP server 8 by China Merchants Bank's server;
Circle is deposited request forward to corresponding Alipay server according to user ID and sequence number by 304:BVA SP server 8;
305: Alipay server carries out validation verification to the circle request of depositing, and circle is deposited requests verification result feedback to BVA SP server 8;
Circle is deposited requests verification result feedback to China Merchants Bank's server by 306:BVA SP server 8;
307: circle is deposited requests verification result feedback to NFC mobile phone by China Merchants Bank's server, complete this circle and deposit.
When user uses remote payment mode to carry out on-line payment in NFC mobile phone, then must complete on-line payment by BVA SP direct connection credit card issuer, if the account used is Third-party payment company, then also must connect Third-party payment company.As shown in Figure 6, the remote online modes of payments comprises the following steps (in Fig. 6 the same Fig. 3 of dotted line implication):
401: user initiates to pay request to BVA SP server 8 at the payment platform of Taobao's server;
402:BVP SP server 8 is sent to NFC mobile phone by communication;
403:NFC mobile phone generates this virtual card number of bank paid, and is responded the payment request initiated by Taobao's server to BVA SP server 8 using the virtual card number of this bank as primary account number by communication;
404:BVA SP server 8 will pay request forward to corresponding China Merchants Bank server according to the BIN in the virtual card number of bank, the current card number of China Merchants Bank's server identification is the laggard row deciphering of the virtual card number of bank, obtain the true card number of bank, judge whether this payment uses the true card number of the bank of China Merchants Bank's server, if not, perform step 405, if, then China Merchants Bank's server carries out validation verification to payment request, and performs step 409;
405: the user ID of binding with this bank true card number and sequence number are transmitted to BVASP server 8 by China Merchants Bank's server;
406:BVA SP server 8 will pay request forward to corresponding Alipay server according to user ID and sequence number;
407: Alipay server carries out validation verification to payment request, and requests verification result feedback will be paid to BVA SP server 8;
408:BVA SP server 8 will pay requests verification result feedback to China Merchants Bank's server;
409: China Merchants Bank's server will pay requests verification result feedback to Taobao's server;
410: Taobao's server will pay requests verification result feedback to NFC mobile phone, complete this and pay.
To sum up, key element of the present invention is the role by introducing BVA SP in mobile payment link, and effect comprises:
1) payment platform of the payment devices 1 held of user or the remote-operated merchant server 7 of user carries out communication with BVA SP server 8 by the pattern of communication module Wireless Networking respectively, has come submission and the transfer work of the requests such as binding, inquiry and payment.
2) pattern that BVA SP server 8 and issuers server 2 are networked by communication module special line carries out communication, has come transfer and the feedback operation of the requests such as binding, inquiry and payment.
3) pattern that BVA SP server 8 and Third-party payment server 3 are networked by communication module special line carries out communication, has come transfer and the feedback operation of the requests such as binding, inquiry and payment.
When user carries out mobile payment, on the basis that it has been bound to the true card number of bank on payment devices 1, use T
1the Bank Account Number use client's serial number and this payment transaction or the sequence number of third party's account carry out accidental enciphering, generate the virtual card number of bank meeting card organizational requirements, in the transmitting procedure of payment flow, adopt the virtual card number of bank to transmit, overcome and directly use the true card number of bank to carry out transmitting the hidden danger existed, even if the virtual card number of bank is acquired in transmitting procedure, but does not pay cipher key T
1, still cannot obtain the true card number of bank containing user's real information, significantly improve the security of mobile payment with compatible.
Embodiment two
The difference of the present embodiment and embodiment one is, Bank of Communications's server is as issuers server 2, and wherein, the encryption process of the virtual card number of the true card number of bank and bank is:
Bank of Communications's 19 true card numbers are 6,222 6,001 1,234 5,678 909, wherein:
622260 is BIN field, is designated as B;
0 is identification code field, is designated as S;
11 is fixed value field, is designated as G;
234567890 is client's serial number field, is designated as L;
9 is check code field, is designated as J.
Payment devices 1 encrypting step comprises:
A: payment devices 1 obtains the X (02) this time used, then by the arrangement of L and X order, and by T
1encryption generates encryption client serial number 0987654321, i.e. L';
B: (G field still exists by casting out G during Bank of Communications's setting encryption, just do not show in the virtual card number of bank), by Luhn algorithm by B+S+L'(and 622260+0+09876543210) calculate after obtain J'(J'=1), again B+S+L'+J' is combined, obtain the virtual card number 6,222 60,009,876 5,432 101 of 19 Bank of Communications being used for this and paying, complete encryption.
The step of Bank of Communications's server deciphering comprises:
A: after Bank of Communications's server receives the virtual card number of Bank of Communications, whether first legal by Luhn algorithm verification J', if so, then perform step b, if not, then feedback pays request failure information;
B: use T
1deciphering L', thus obtain L and X;
C: obtain corresponding G according to L, and obtain J after being calculated by B+S+G+L by Luhn algorithm, then B+S+G+L+J is combined, obtain the true card number 6,222 60,011,234 5,678 909 of the Bank of Communications of 19 being used for this and paying, complete deciphering.
Bank of Communications's server is identical with embodiment one as four kinds of modes of payments of issuers server 2.
Embodiment three
The difference of the present embodiment and embodiment one is, Guangdong Development Bank's server is as issuers server 2, and wherein, the encryption process of the virtual card number of the true card number of bank and bank is:
Guangdong Development Bank's 19 true card numbers are 6,225 6,812 2,212 3,456 785, wherein:
622568 is BIN field, is designated as B, and Guangdong Development Bank sets this BIN as supporting the virtual card number of bank, does not therefore need identification code S;
1222 is fixed value field, is designated as G;
12345678 is client's serial number field, is designated as L;
5 is check code field, is designated as J.
Payment devices 1 encrypting step comprises:
A: payment devices 1 obtains the X (X=03) this time used, then by the arrangement of L and X order, and by T
1encryption generates encryption client serial number 0987654321, i.e. L';
B: cast out G by during Guangdong Development Bank's setting encryption, by Luhn algorithm by B+L', (i.e. 622568+0987654321) obtains J'(J'=1 after calculating), again B+L'+J' is combined, obtain the virtual card number 6,222 6,009 8,765 43211 of 17 Guangdong Development Bank being used for this and paying, complete encryption.
The step of Guangdong Development Bank's server deciphering comprises:
A: after Guangdong Development Bank's server receives the virtual card number of bank, whether first legal by Luhn algorithm verification J', if so, then perform step b, if not, then feedback pays request failure information;
B: use T
1deciphering L', thus obtain L and X;
C: obtain corresponding G according to L, and obtain J after being calculated by B+S+G+L by Luhn algorithm, then B+S+G+L+J is combined, obtain the true card number 6,225 6,812 22,123,456 785 of 19 Guangdong Development Bank being used for this and paying, complete deciphering.
Adopt BIN to identify whether current card number is the virtual card number of bank, and other steps are identical with embodiment one in the step of Guangdong Development Bank's server as four kinds of modes of payments of issuers server 2.