A kind of mobile-payment system and method based on the virtual card number of bank
Technical field
The present invention relates to a kind of system and method for mobile payment, more particularly, to a kind of shifting based on the virtual card number of bank
Dynamic payment system and method.
Background technology
Existing method of mobile payment from pay scene for be divided into payment devices not pay scene remote payment and
Payment devices pay scene short range pays, the currently used more remote payment of user mainly have Alipay, Unionpay and its
The means of payment, the short range pays such as the account balance that his Third-party payment company provides is paid or bank's card number is paid mainly have tradition
Point-of-sale terminal (Point Of Sale, POS) magnetic stripe, contact IC, contactless dodge pay (a Quick Pass), Alipay
The means of payment such as barcode scanning is paid and sound wave is paid.
Compare and developed relatively stable remote payment, short range pays development at present is very fast, especially 2014 9
The Apple Pay functions of moon apple issue, have only issued 2 wheat harvesting period numbers of users and have just breached 3,000,000.And in China, Unionpay
Contactless to dodge the clear ahead status paid and occupy short range pays field, the engineered POS for supporting that sudden strain of a muscle is paid has been over 360
Ten thousand.Apple Pay and sudden strain of a muscle, which are paid, belongs to near-field communication (Near Field Communication, NFC) technology, also known as low coverage
It is a kind of short-range high frequency wireless communication technology, it is allowed to carried out between electronic equipment contactless point-to-point from radio communication
Data transfer exchanges data.This technology by contact-free formula RF identification (Radio Frequency Identification,
RFID) develop, developed jointly by Philips Semiconductors (existing grace intelligence Pu semiconductor), Nokia and Sony, its basis
It is RFID and interconnection technique.Compared with we use more Bluetooth technology at present, NFC uses are more convenient, and cost is lower, energy
Consumption is lower, establishes the speed of connection also faster, only needs 0.1 second, thus mobile phone, gate inhibition, all-purpose card, bank card field also by
Gradually it is widely used.
But prevailing with hacker and fishing website, it is hidden larger safety to be present in existing remote payment and short range pays
Suffer from, the particularly leakage of bank's card number and Third-party payment account, great security risk can be brought to user's fund.
And either emerging NFC or traditional magnetic stripe and IC only support the user's identification mark of own standard,
As POS within Chinese territory only supports the 16-19 positions bank card number that meets Unionpay's requirement, can not compatible non-banking system third party
Payment accounts, so as to cause Third-party payment account to can be used scope very narrow and small, it can not popularize and use in short range pays field.
The content of the invention
The purpose of the present invention is exactly to solve the security of mobile payment and compatibility issue, and is provided a kind of based on silver
The mobile-payment system and method for the virtual card number of row, compatible non-banking system Third-party payment account carry out the shifting of high security
Dynamic delivery operation.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of mobile-payment system based on the virtual card number of bank, including payment devices, issuers server, third party's branch
Pay server, POS, receive single file server, card organization server, merchant server and BVA SP (Bank Virtual
Account Service Provider, the virtual account service provider of bank) server, the payment devices connect respectively
Single file server, the receipts single file are received in POS, issuers server, merchant server and BVA SP servers, the POS connections
Server connection card organization server, the card organization server connect issuers server, the issuers server connection
BVA SP servers, the BVA SP servers connect Third-party payment server and merchant server respectively;
Payment devices directly receive the payment request (short range represents that payment devices are paying scene) of POS short ranges initiation, or
It is (long-range to represent payment devices not in Zhi Fuxian that person through BVA SP servers receives the payment request that merchant server remotely initiates
), or request remotely directly is deposited to the circle of BVA SP servers initiation, payment devices generate to be used to be used as and pay request or enclose
The virtual card number of bank of the primary account number (Primary Account Number, PAN) of request is deposited, it is single by POS, receipts to pay request
Row server, the transfer transmission of card organization server or circle are deposited request and are sent to by the transfer transmission of BVA SP servers
Card row server, payment devices are fed back to after issuers server processing, complete to pay or circle is deposited;
When payment devices, which are paid or enclosed using Third-party payment account, to be deposited, issuers server is taken by BVA SP
It is engaged in transfer transmission and the Third-party payment server communication of device, asks or enclose to deposit in validation of payment and feed back to payment after request and set
It is standby, complete to pay or circle is deposited.
The payment devices is support the electric terminal equipment of mobile payment, including following functions module:
For controlling the CPU of modules and computation key;
For exchanging the short range pays module of payment data with POS, the short range pays module includes but is not limited to NFC moulds
Block, magnetic stripe module, contact IC modules and bluetooth module;
For storing the embedded-type security element of key data;
For the communication module to be communicated with issuers server, BVA SP servers, merchant server.
The issuers server includes following functions module:
For controlling the CPU of modules and computation key;
For storing the key database of key data;
For storing the payment data storehouse of payment data;
For with payment devices, card organization server, BVA SP server communications communication module;
The Third-party payment server includes following functions module:
For controlling the CPU of modules;
For storing the payment data storehouse of payment data;
For the communication module with BVA SP server communications;
The merchant server includes following functions module:
For controlling the CPU of modules;
For storing the payment data storehouse of payment data;
For the communication module with payment devices, BVA SP server communications;
The BVA SP servers, POS, receipts single file server and card organization server include following functions module:
For controlling the CPU of modules;
For storing the interim data storehouse of interim data;
For establishing the communication module of communication network;
The POS also includes being used for the short range pays module to communicate with payment devices.
It is a kind of that the method for mobile payment based on the virtual card number of bank is realized according to above-mentioned system, comprise the following steps:
Step S1:Payment devices bind an at least true card number of bank, and by the bank counter manually storage or
The mode that line downloads storage obtains the key based on the true card number of the bank, while is tied up according to the certification of Third-party payment server
Constant current journey continues to bind other Third-party payment accounts, when binding completion, is sequentially generated the sequence number of binding card number or account,
Sequence number identifies the binding card number or account;
Step S2:Payment devices directly receive the payment request of POS short ranges initiation, or receive business through BVA SP servers
The payment request that family Server remote is initiated, or the circle directly remotely initiated to BVA SP servers deposit request, payment devices
The true card number of bank is encrypted, generates the virtual card number of bank that this is paid or circle is deposited at random, and pass through short range pays side
Formula or remote payment mode are sent using the virtual card number of the bank as the payment of primary account number to issuers server asks or encloses to deposit
Request, wherein, short range pays mode, which includes short range on-line payment mode and short range offline electronic payment mode, remote payment mode, to be included
The remote online means of payment and long-range circle deposit electronic cash payment mode;
Step S3:Issuers server receives to pay request or circle deposits request, is obtained after the virtual card number of bank is decrypted
The true card number of bank is obtained, judges that this pays or circle deposits the true card number of bank for whether using the issuers server, if it is not, holding
Row step S4, if so, issuers server generation is paid or circle deposits requests verification result, perform step S5;
Step S4:Issuers server will pay request by BVA SP servers and be transmitted to corresponding Third-party payment clothes
Business device, the generation of Third-party payment server is paid or circle deposits requests verification result, and is transmitted to credit card issuer through BVA SP servers
Server;
Step S5:Issuers server will be paid or circle deposits requests verification result and feeds back to payment devices, complete this branch
Pay or circle is deposited.
The short range on-line payment mode comprises the following steps:
101:POS initiates to pay request, and payment devices generate the virtual card number of bank of this payment, by short-haul connections side
Formula responds the payment request of POS initiations using the virtual card number of the bank as primary account number, and short-haul connections mode includes but is not limited to
NFC communication mode, magnetic stripe communication mode, contact IC communication modes and Blue-tooth communication method;
102:POS will pay request by network special line and be transmitted to receipts single file server;
103:Receive single file server and card organization server is transmitted to by request is paid by network special line;
104:BIN of the card organization server in the virtual card number of bank will pay request and be transmitted to corresponding credit card issuer clothes
Business device, issuers server identify current card number to be decrypted after the virtual card number of bank, obtain the true card number of bank and sequence number,
Judge that this pays the true card number of bank for whether using the issuers server, if it is not, step 105 is performed, if so, then hair fastener
Row server asks to carry out validation verification to paying, and performs step 109;
105:Issuers server will pay request, user's mark of card number true with bank binding and sequence number and be transmitted to
BVA SP servers;
106:BVA SP servers identify according to user and sequence number will pay request and be transmitted to corresponding Third-party payment clothes
Business device;
107:Third-party payment server asks to carry out validation verification to paying, and will pay requests verification result feedback
To BVA SP servers;
108:BVA SP servers feed back to issuers server by requests verification result is paid;
109:Issuers server feeds back to card organization server by requests verification result is paid;
110:Card organization server will pay requests verification result and feed back to receipts single file server;
111:Receive single file server and feed back to POS by requests verification result is paid;
112:POS locally completes to pay requests verification, and feeds back to payment devices by requests verification result is paid, and completes this
Secondary payment.
The short range offline electronic payment mode comprises the following steps:
201:POS initiates to pay request, and payment devices generate the virtual card number of bank of this payment, and pass through short-haul connections
Mode responds the payment request of POS initiations using the virtual card number of the bank as primary account number, and short-haul connections mode includes but unlimited
In NFC communication mode, magnetic stripe communication mode, contact IC communication modes and Blue-tooth communication method;
202:POS locally completes to pay requests verification, and feeds back to payment devices by requests verification result is paid, and completes this
Secondary payment;
203:POS is transmitted to by the asynchronous all payments request batch by Offtime section of network special line and receives single file clothes
Business device;
204:Receive single file server and the payment request of batch is transmitted to card organization server by the way that special line is asynchronous;
205:BIN of the card organization server in the virtual card number of bank will pay request and be transmitted to corresponding credit card issuer clothes
Business device, issuers server identify current card number to be decrypted after the virtual card number of bank, obtain the true card number of bank and sequence number,
Judge that this pays the true card number of bank for whether using the issuers server, if it is not, step 206 is performed, if so, then hair fastener
Row server asks to carry out validation verification to paying, and performs step 210;
206:Issuers server will pay request, user's mark of card number true with bank binding and sequence number and be transmitted to
BVA SP servers;
207:BVA SP servers identify according to user and sequence number is transmitted to corresponding Third-party payment service by request is paid
Device;
208:Third-party payment server asks to carry out validation verification to paying, and will pay requests verification result feedback
To BVA SP servers;
209:BVA SP servers feed back to issuers server by requests verification result is paid;
210:Issuers server feeds back to card organization server by requests verification result is paid;
211:Card organization server will pay requests verification result and feed back to receipts single file server;
212:Receive single file server and feed back to POS by requests verification result is paid.
The long-range circle is deposited electronic cash payment mode and comprised the following steps:
301:Payment devices generate the virtual card number of bank of this payment, and virtual with the bank by communication
Card number deposits request as primary account number to initiate circle to BVA SP servers;
302:Circle is deposited request and is transmitted to corresponding credit card issuer by BIN of the BVA SP servers in the virtual card number of bank,
Issuers server identifies current card number to be decrypted after the virtual card number of bank, obtains the true card number of bank and sequence number, judges
This pays the true card number of bank for whether using the issuers server, if it is not, step 303 is performed, if so, then credit card issuer takes
Business device deposits request to circle and carries out validation verification, and performs step 307;
303:The user's mark and sequence number that card number true with the bank is bound are transmitted to BVA SP clothes by issuers server
Business device;
304:BVA SP servers are identified according to user and circle is deposited request and is transmitted to corresponding Third-party payment clothes by sequence number
Business device;
305:Third-party payment server deposits request to circle and carries out validation verification, and circle is deposited into requests verification result feedback
To BVA SP servers;
306:Circle is deposited requests verification result and feeds back to issuers server by BVA SP servers;
307:Circle is deposited requests verification result and feeds back to payment devices by issuers server, is completed this circle and is deposited.
The remote online means of payment comprises the following steps:
401:User initiates to pay and asked in the payment platform of merchant server to BVA SP servers;
402:BVP SP servers are sent to payment devices by communication;
403:Payment devices generate the virtual card number of bank of this payment, and virtual with the bank by communication
Card number responds the payment initiated by merchant server to BVA SP servers as primary account number and asked;
404:BIN of the BVA SP servers in the virtual card number of bank is transmitted to corresponding credit card issuer service by request is paid
Device, issuers server identify current card number to be decrypted after the virtual card number of bank, obtain the true card number of bank and sequence number, sentence
Breaking, this pays the true card number of bank for whether using the issuers server, if it is not, step 405 is performed, if so, then credit card issuer
Server asks to carry out validation verification to paying, and performs step 409;
405:The user's mark and sequence number that card number true with the bank is bound are transmitted to BVA SP clothes by issuers server
Business device;
406:BVA SP servers identify according to user and sequence number will pay request and be transmitted to corresponding Third-party payment clothes
Business device;
407:Third-party payment server asks to carry out validation verification to paying, and will pay requests verification result feedback
To BVA SP servers;
408:BVA SP servers feed back to issuers server by requests verification result is paid;
409:Issuers server feeds back to merchant server by requests verification result is paid;
410:Merchant server feeds back to payment devices by requests verification result is paid, and completes this payment.
The virtual card number of bank is that generation is encrypted on the basis of the true card number of bank of binding, the true card number of bank
Digit Q1With the digit Q of bank virtual card number2Meet digit the collection Q, i.e. Q of card organization prescribed1,Q2∈ Q, Q ∈ 16,17,18,
19}。
The content of the true card number of bank includes BIN, identification code, fixed value, client's serial number and check code, wherein:
The BIN fields include n1Bit digital, it is designated as B, n1=6;
The identification code field includes n2Bit digital, S is designated as, if BIN fields are used to identify whether as the virtual card number of bank,
n2=0, i.e., identification code field, otherwise, n are not shown in card number2=1, identification code is used to identify whether as the virtual card number of bank;
The fixed value field includes n3Bit digital, it is designated as G, n3∈ { 0,1 ..., 4 }, is set by credit card issuer, available for knowing
The branch and subbranch of other hair fastener, it can also be used to currency type and other self-defined identification functions that bank card is supported are identified, if n3=0,
Fixed value field is not shown in card number;
Client's serial number field includes n4Bit digital, it is designated as L, n4∈ { 4,5 ..., 12 }, for identifying client's body
Part, it is corresponding with fixed value field when credit card issuer, which is set, has fixed value field in card number;
The check code field is by (the n before this by card organizational standard1+n2+n3+n4) bit digital calculated by Luhn
1 bit digital that method is calculated, is designated as J, then Q1=n1+n2+n3+n4+ 1, the true card number of bank is B+S+G+L+J;
The content of the virtual card number of bank includes BIN, identification code, fixed value, encryption client's serial number and check code, its
In:
The BIN fields include n1Bit digital, it is designated as B;
The identification code field includes n2Bit digital, S is designated as, if BIN fields are used to identify whether as the virtual card number of bank,
n2=0, i.e., identification code field, otherwise, n are not shown in card number2=1, identification code is used to identify whether as the virtual card number of bank;
The fixed value field includes n3Bit digital, it is designated as G, n3∈ { 0,1 ..., 4 }, is set by credit card issuer, available for knowing
The branch and subbranch of other hair fastener, it can also be used to currency type and other self-defined identification functions that bank card is supported are identified, it is empty in bank
Intend being set for casting out or being retained by credit card issuer in card number, if casting out, fixed value field do not shown in the virtual card number of bank,
Fixed value is reduced according to client's serial number in decryption bank virtual card number;
Encryption client's serial number field includes n5Bit digital, it is designated as L', n5∈ { 5,6 ..., 12 }, and n5> n4;
The check code field is by (the n before this by card organizational standard1+n2+n3+n5) or (n1+n2+n5) bit digital
1 bit digital being calculated by Luhn algorithms, is designated as J', then Q2=n1+n2+n3+n5+ 1 or Q2=n1+n2+n5+ 1, bank is empty
It is B+S+G+L'+J' or B+S+L'+J', B, S, G field of the virtual card number of bank and B, S, G of the true card number of bank to intend card number
Field is identical, casts out because fixed value field may be set when being encrypted as the virtual card number of bank by credit card issuer, bank
Above-mentioned two situations be present in virtual card number;
The payment devices and issuers server are equipped with the key for encrypting, decrypting, including pay cipher key T1With
KI T2, T1For the consistent key of all users, for the true card number of bank to be encrypted as into the virtual card number of bank, T2To be every
The key that individual user uniquely uses, as periodically updating T by way of download online1When identification authentication key;
The step of payment devices encryption bank true card number, includes:
A:Pay every time or circle is deposited, payment devices obtain the value of X used in this, and X value is for indicating this institute
The 1-2 positions sequence number that the true card number of bank or Third-party payment account are bound in payment devices, 0<X<99, then L and X is suitable
Sequence arranges, and by T1Encryption generation L'
B:It is set for casting out or retaining G according to credit card issuer, then J' is obtained after being calculated by Luhn algorithms, by B+S+G+L'
+ J' or B+S+L'+J' are combined, and obtain the virtual card number of bank for this payment, complete encryption;
The step of issuers server decryption bank virtual card number, includes:
a:After issuers server receives the virtual card number of bank, first pass through Luhn algorithms verification J' it is whether legal, if so,
Step b is then performed, if it is not, then feedback pays request failure information;
b:Use T1L' is decrypted, so as to obtain L and X;
c:J is obtained after B+S+G+L is calculated by Luhn algorithms, if G is cast out in encryption by credit card issuer setting, root
Corresponding G is obtained according to L, then B+S+G+L+J is combined, obtains the true card number of bank for this payment, completes decryption.
Compared with prior art, the present invention has advantages below:
1) a virtual card number of random bank is generated in each transaction by using key cipher mode, so as to avoid
Bank's card number and the risk of Third-party payment account leakage, greatly improved the security of mobile payment.The virtual card number of bank
In ciphering process, T is used1To client's serial number and this sequence of Bank Account Number or third party's account used in payment transaction
Number accidental enciphering is carried out, so as to realize the unduplicated virtual card number of bank of generation.
2) the virtual card number of bank of card organizational norms is met by the short range pays request generation for Third-party payment account,
Paid so that Third-party payment account can pay function by POS magnetic stripe, contact IC and sudden strain of a muscle to move.Not
On the premise of transforming POS, POS and non-banking system Third-party payment account compatibility are greatly improved.
3) by the way that to Third-party payment account, remotely circle deposits the support of request so that the Third-party payment account of user can be with
All kinds of quick payments are carried out under off-line state, the experience of user is improved and adds the payment field of Third-party payment account
Scape.
4) multiple bank cards and multiple Third-party payment accounts can be bound by a payment devices, solving user need to be with
Body carries the problem of multiple bank cards and multiple payment devices, improves the convenience of user.
5) add bank virtual account service provider server in mobile payment link, for pay or enclose deposit it is unused
The situation of the true card number of bank of the issuers server, establish and lead between Third-party payment company and issuers server
Letter, it can transmit and request is deposited into payment request of the virtual card number of the bank as primary account number or circle, realize and paid under line in scene
The function of Third-party payment.
Brief description of the drawings
Fig. 1 is the structured flowchart of present system;
Fig. 2 is the flow chart of the inventive method;
Fig. 3 is the schematic diagram of short range on-line payment mode in the present embodiment;
Fig. 4 is the schematic diagram of short range offline electronic payment mode in the present embodiment;
Fig. 5 is the schematic diagram that the present embodiment medium-long range circle deposits electronic cash payment mode;
Fig. 6 is the schematic diagram of the present embodiment medium-long range on-line payment mode.
In figure:1st, payment devices, 2, issuers server, 3, Third-party payment server, 4, POS, 5, receive single file service
Device, 6, card organization server, 7, merchant server, 8, BVA SP servers, 9, short range pays module, 10, embedded-type security member
Part, 11, communication module, 12, interim data storehouse, 13, key database, 14, payment data storehouse, 15, CPU.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention
Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to
Following embodiments.
Embodiment one
As shown in figure 1, a kind of mobile-payment system based on the virtual card number of bank includes payment devices 1, credit card issuer service
Device 2, Third-party payment server 3, POS4, receipts single file server 5, card organization server 6, merchant server 7 and BVA SP clothes
Business device 8, payment devices 1 connect POS4, issuers server 2, merchant server 7 and BVA SP servers 8, POS4 connections respectively
Single file server 5 to be received, receives the connection card organization server 6 of single file server 5, card organization server 6 connects issuers server 2,
Issuers server 2 connects BVA SP servers 8, and BVA SP servers 8 connect Third-party payment server 3 and trade company's clothes respectively
Business device 7.Wherein, including but not limited to multi-purpose card, mobile phone, tablet personal computer, intelligent watch and Intelligent bracelet etc. can for payment devices 1
Carry with, support the electric terminal equipment of mobile payment;Issuers server 2 includes industrial and commercial bank, Construction Bank and traffic
The server of the business banks such as bank;Third-party payment server 3 includes business bank and Alipay, the Shan Deka of non-credit card issuer
Deng the server with the related Third-party payment company for paying licence plate;Receiving single file server 5 includes industrial and commercial bank, Construction Bank
Deng business bank and server that is easily precious, paying to the inferior Third-party payment company with the single qualification of receipts in day;Card organization server 6
Include the server of the clearing organizations such as China Unionpay, VISA and MASTER;Merchant server 7 includes Taobao, takes journey and U.S. group etc.
There is the server of the trade company of mobile payment demand.
Payment devices 1 directly receive POS4 at the scene that pays and (include but is not limited to NFC communication side by short-haul connections mode
Formula, magnetic stripe communication mode, contact IC communication modes and Blue-tooth communication method) initiate payment request, or through BVA SP take
Business device 8 receives the payment request that merchant server 7 is remotely initiated, or directly remotely deposits and ask to the initiation circle of BVA SP servers 8
Ask, payment devices 1 are generated for as paying request or enclosing the virtual card number of bank for the primary account number for depositing request, paying request and passing through
POS4, receipts single file server 5, the transfer transmission of card organization server 6 or circle deposit transfer of the request by BVA SP servers 8
Transmission is sent to issuers server 2, and payment devices 1 are fed back to after the processing of issuers server 2, completes to pay or circle is deposited;
When payment devices 1 (include the true card number of other banks and non-banking of non-credit card issuer using Third-party payment account
The payment accounts of system Third-party payment company) paid or enclosed when depositing, then issuers server 2 passes through BVA SP servers
8 transfer transmission is communicated with Third-party payment server 3, and payment devices 1 are fed back to after validation of payment is asked or enclosed and deposits request,
Complete to pay or circle is deposited.
Payment devices 1 can be the terminal device that mobile phone, flat board, intelligent watch and Intelligent bracelet etc. support mobile payment,
It is main to include with lower module as user's link in mobile-payment system:
For controlling the CPU15 of modules and computation key;
For exchanging the short range pays module 9 of payment data with POS4, short range pays module 9 includes but is not limited to NFC moulds
Block, magnetic stripe module, contact IC modules and bluetooth module;
For storing the embedded-type security element (Embedded Secure Equipment, eSE) 10 of key data;
For the communication module 11 to be communicated with issuers server 2, BVA SP servers 8, merchant server 7.
Issuers server 2 as the encryption and decryption in mobile-payment system and payment (circle is deposited) requests verification link, including:
For controlling the CPU15 of modules and computation key;
For storing the key database 13 of key data;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 to be communicated with payment devices 1, card organization server 6, BVA SP servers 8;
Third-party payment server 3, which is used as, pays (circle is deposited) requests verification link, including:
For controlling the CPU15 of modules;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 to be communicated by network special line with BVA SP servers 8.
Merchant server 7 includes following functions module:
For controlling the CPU15 of modules;
For storing the payment data storehouse 14 of payment data;
For the communication module 11 to be communicated with payment devices 1, BVA SP servers 8.
BVA SP servers 8, POS4, single file server 5 and card organization server 6 are received as in mobile-payment system
Swivel link, include:
For controlling the CPU15 of modules;
For storing the interim data storehouse 12 of interim data;
For establishing the communication module 11 of network special line communication.
POS4 also includes being used for the short range pays module 9 to communicate with payment devices 1.
With NFC mobile phone (i.e. payment devices 1), China Merchants Bank's server (i.e. issuers server 2), Alipay server
(i.e. Third-party payment server 3), POS4, industrial and commercial bank's server (receiving single file server 5), Unionpay's server (i.e. card group
Knit server 6), exemplified by the mobile-payment system that forms of Taobao's server (i.e. merchant server 7) and BVA SP servers 8, such as
Shown in Fig. 2, realize that the method for mobile payment based on the virtual card number of bank comprises the following steps in the present embodiment system:
Step S1:The true card number of NFC mobile phone binding China Merchants Bank, and pass through the artificial storage of the bank counter or download online
The mode of storage obtains the key based on the true card number of the bank, while binds flow binding according to the certification of Alipay server
Alipay account, when binding completion, the sequence number of binding card number or account is sequentially generated, to identify the binding card number or account
Number;
Step S2:NFC mobile phone directly receives POS4, and by short-haul connections mode, (short-haul connections mode includes but is not limited to
NFC communication mode, magnetic stripe communication mode, contact IC communication modes and Blue-tooth communication method, herein NFC mobile phone led to using NFC
Letter mode) the payment request initiated, or receive the payment that Taobao Server remote initiates through BVA SP servers 8 and ask, or
Person directly remotely initiates circle to BVA SP servers 8 and deposits request, and the true card number of bank is encrypted NFC mobile phone, random generation
This pays or the virtual card number of bank deposited of circle, and by short range pays mode or remote payment mode to China Merchants Bank's server
Send and ask or enclose using the virtual card number of the bank as the payment of primary account number to deposit request, wherein, short range pays mode includes short range
On-line payment mode and short range offline electronic payment mode, remote payment mode include long-range circle and deposit electronic cash payment mode and long-range
On-line payment mode;
Step S3:China Merchants Bank's server receives to pay request or circle deposits request, after the virtual card number of bank is decrypted
The true card number of bank is obtained, judges that this pays or circle deposits the true card number of bank for whether using China Merchants Bank's server, if
It is no, step S4 is performed, if so, China Merchants Bank's server generation is paid or circle deposits requests verification result, performs step S5;
Step S4:China Merchants Bank's server will be paid by BVA SP servers 8 or circle deposits request and is transmitted to corresponding branch
Precious server is paid, the generation of Alipay server is paid or circle deposits requests verification result, and is transmitted to trade and investment promotion through BVA SP servers 8
Bank server;
Step S5:China Merchants Bank's server will be paid or circle deposits requests verification result and feeds back to NFC mobile phone, complete this branch
Pay or circle is deposited.
Wherein, the virtual card number of bank is that generation, the true card number of bank are encrypted on the basis of the true card number of bank of binding
Digit Q1With the digit Q of bank virtual card number2Meet digit the collection Q, i.e. Q of card organization prescribed1,Q2∈ Q, Q ∈ 16,17,18,
19}。
The content of the true card number of bank includes BIN, identification code, fixed value, client's serial number and check code, wherein:
BIN fields include n1Bit digital, it is designated as B, n1=6;
Identification code field includes n2Bit digital, S is designated as, if BIN fields are used to identify whether as the virtual card number of bank, n2=
0, i.e., identification code field, otherwise, n are not shown in card number2=1, identification code is used to identify whether as the virtual card number of bank;
Fixed value field includes n3Bit digital, it is designated as G, n3∈ { 0,1 ..., 4 }, is set by credit card issuer, is sent out available for identification
The branch and subbranch of card, it can also be used to currency type and other self-defined identification functions that bank card is supported are identified, if n3=0, that is, block
Fixed value field is not shown in number;
Client's serial number field includes n4Bit digital, it is designated as L, n4∈ { 4,5 ..., 12 }, for identifying client identity, when
It is corresponding with fixed value field when having fixed value field in credit card issuer setting card number;
Check code field is by (the n before this by card organizational standard1+n2+n3+n4) bit digital passes through Luhn algorithm meters
1 bit digital drawn, is designated as J, then Q1=n1+n2+n3+n4+ 1, the true card number of bank is B+S+G+L+J;
The content of the virtual card number of bank includes BIN, identification code, fixed value, encryption client's serial number and check code, wherein:
BIN fields include n1Bit digital, it is designated as B;
Identification code field includes n2Bit digital, S is designated as, if BIN fields are used to identify whether as the virtual card number of bank, n2=
0, otherwise, n2=1, identification code is used to identify whether as the virtual card number of bank;
Fixed value field includes n3Bit digital, it is designated as G, n3∈ { 0,1 ..., 4 }, is set by credit card issuer, is sent out available for identification
The branch and subbranch of card, it can also be used to currency type and other self-defined identification functions that bank card is supported are identified, in bank's virtual card
It is set for casting out or is retained by credit card issuer in number, if casting out, is not shown fixed value field in the virtual card number of bank, solving
Fixed value is reduced according to client's serial number during close bank virtual card number;
Encryption client's serial number field includes n5Bit digital, it is designated as L', n5∈ { 5,6 ..., 12 }, and n5> n4;
Check code field is by (the n before this by card organizational standard1+n2+n3+n5) or (n1+n2+n5) bit digital passes through
1 bit digital that Luhn algorithms are calculated, is designated as J', then Q2=n1+n2+n3+n5+ 1 or Q2=n1+n2+n5+ 1, bank's virtual card
Number it is B+S+G+L'+J' or B+S+L'+J', B, S, G field of the virtual card number of bank and B, S, G field of the true card number of bank
It is identical, cast out because fixed value field may be set when being encrypted as the virtual card number of bank by credit card issuer, bank is virtual
Above-mentioned two situations be present in card number;
Payment devices 1 and issuers server 2 are equipped with the key for encrypting, decrypting, including pay cipher key T1And mirror
Weigh cipher key T2, T1For the consistent key of all users, for the true card number of bank to be encrypted as into the virtual card number of bank, T2To be each
The key that user uniquely uses, as periodically updating T by way of download online1When identification authentication key;
In embodiment one, the true card number of China Merchants Bank 16 is 6,225 8,801 1,234 5675, wherein:
622588 be BIN fields, is designated as B;
0 is identification code field, is designated as S;
11 be fixed value field, is designated as G;
234567 be client's serial number field, is designated as L;
5 be check code field, is designated as J.
The step of NFC mobile phone is encrypted includes:
A:NFC mobile phone obtains this time used X (X=01), then L and X orders are arranged, and by T1Encryption generation encryption
Client's serial number 43211234, i.e. L';
B:B+S+G+L', (i.e. 622588+0+11+43211234) are obtained by J'(J'=8 after calculating by Luhn algorithms),
B+S+G+L'+J' is combined again, obtains the virtual card number 6,222 6,001 1,432 1123 of 18 China Merchants Banks for this payment
48, complete encryption.
The step of China Merchants Bank's server decryption, includes:
a:After China Merchants Bank's server receives the virtual card number of China Merchants Bank, first pass through whether Luhn algorithms verification J' closes
Method, if so, step b is then performed, if it is not, then feedback pays request failure information;
b:Use T1L' is decrypted, so as to obtain L and X;
c:J is obtained after B+S+G+L is calculated by Luhn algorithms, then B+S+G+L+J is combined, is obtained for this payment
The true card number 6,225 8,801 1,234 5675 of 16 China Merchants Banks, complete decryption.
Four kinds of means of payment are specifically described below:
When user is paid using NFC mobile phone by short-haul connections mode at trade company POS4, if more than electronic cash
When volume deficiency or trade company compulsive requirement networking online verification pay legitimacy, then mode (the i.e. POS4 of online verification must be used
Need networking certification) carry out the mobile payment that meets Unionpay's specification.As shown in figure 3, short range on-line payment mode comprises the following steps
(the step of dotted line in Fig. 3 represents just to need to perform when account publisher is Third-party payment company):
101:POS4 initiates to pay request, and NFC mobile phone generates the virtual card number of bank of this payment, by short-haul connections side
Formula responds the payment request of POS4 initiations using the virtual card number of the bank as primary account number, wherein needing change to be transferred to POS4's
Primary account number information in primary account number and the 2nd, 3 magnetic tracks, paying includes primary account number, the card term of validity, card sequence number, the 2nd in request
The data message such as track data and the 3rd track data;
102:POS4 is transmitted to industrial and commercial bank's server by network special line by request is paid;
103:Industrial and commercial bank's server is transmitted to Unionpay's server by network special line by request is paid;
104:(card tissue distributes to 6 bit digital BIN of credit card issuer to BIN of Unionpay's server in the virtual card number of bank
Field, for identifying different credit card issuers) by pay request be transmitted to corresponding China Merchants Bank's server, credit card issuer is according to identification
Code (the 1 bit digital identification code field of credit card issuer self-defining after 6 BIN, for identifying that the account uses the virtual card number of bank
The means of payment) judge current card number for the virtual card number of bank after, it is decrypted, the true card number of bank and sequence number is obtained, sentences
Breaking, this pays the true card number of bank for whether using China Merchants Bank's server, if it is not, step 105 is performed, if so, silver of then promoting trade and investment
Row server asks to carry out validation verification to paying, and performs step 109;
105:China Merchants Bank's server will pay request, (user identifies user's mark of card number true with bank binding
Refer to the mobile device world identification code of NFC mobile phone, International Mobile Equipment Identity, IMEI) and
Sequence number is transmitted to BVA SP servers 8;
106:BVA SP servers 8 identify according to user and sequence number is transmitted to corresponding Alipay service by request is paid
Device;
107:Alipay server asks to carry out validation verification to paying, and is fed back to requests verification result is paid
BVA SP servers 8;
108:BVA SP servers 8 feed back to China Merchants Bank's server by requests verification result is paid;
109:China Merchants Bank's server feeds back to Unionpay's server by requests verification result is paid;
110:Unionpay's server feeds back to industrial and commercial bank's server by requests verification result is paid;
111:Industrial and commercial bank's server feeds back to POS4 by requests verification result is paid;
112:POS4 locally completes to pay requests verification, and feeds back to NFC mobile phone by requests verification result is paid, and completes this
Secondary payment.
When user is paid using NFC mobile phone by short-haul connections mode at trade company POS4, if more than electronic cash
When volume is enough and the trade company does not Qiang Zhiyaoqiu that networking online verification pays legitimacy, then the mode of off-line verification can be used (i.e.
POS4 is without networking certification) carry out the mobile payment that meets card organizational norms.As shown in figure 4, short range offline electronic payment mode includes
Following steps (in Fig. 4 dotted line represent account publisher as Third-party payment company when just need perform the step of, dotted line represent
The step of asynchronous execution):
201:POS4 initiates to pay request, and NFC mobile phone generates the virtual card number of bank of this payment, and passes through short-haul connections
Mode responds the payment request of POS4 initiations using the virtual card number of the bank as primary account number, i.e. change is transferred to POS4 main account
Number and the 2nd, 3 magnetic tracks in primary account number information;
202:POS4 locally completes to pay requests verification, and feeds back to NFC mobile phone by requests verification result is paid, and completes this
Secondary payment;
203:POS4 is transmitted to industrial and commercial silver by the asynchronous all payments request batch by Offtime section of network special line
Row server;
204:The payment request of batch is transmitted to Unionpay's server by industrial and commercial bank's server by the way that special line is asynchronous;
205:BIN of Unionpay's server in the virtual card number of bank will pay request and be transmitted to corresponding China Merchants Bank's clothes
Business device, China Merchants Bank's server identifies current card number to be decrypted after the virtual card number of bank, obtains the true card number of bank, judges
This pays the true card number of bank for whether using China Merchants Bank's server, if it is not, step 206 is performed, if so, then China Merchants Bank
Server asks to carry out validation verification to paying, and performs step 210;
206:China Merchants Bank's server will pay request, user's mark of card number true with bank binding and sequence number and forward
To BVA SP servers 8;
207:BVA SP servers 8 identify according to user and sequence number is transmitted to respective pay treasured server by request is paid;
208:Alipay server asks to carry out validation verification to paying, and is fed back to requests verification result is paid
BVA SP servers 8;
209:BVA SP servers 8 feed back to China Merchants Bank's server by requests verification result is paid;
210:China Merchants Bank's server feeds back to Unionpay's server by requests verification result is paid;
211:Unionpay's server feeds back to industrial and commercial bank's server by requests verification result is paid;
212:Industrial and commercial bank's server feeds back to POS4 by requests verification result is paid.
Deposited when user carries out electronic cash circle in NFC mobile phone using remote payment mode to the account that some has been bound
When, then it must be deposited by BVA SP direct connections credit card issuers to complete electronic cash circle, if it is Third-party payment company that circle, which deposits account, also
Must connection Third-party payment company.As shown in figure 5, long-range circle, which deposits electronic cash payment mode, comprises the following steps (dotted line in Fig. 5
Same Fig. 3 of implication):
301:NFC mobile phone generates the virtual card number of bank of this payment, and virtual with the bank by communication
Card number deposits request as primary account number to initiate circle to BVA SP servers 8;
302:Circle is deposited request and is transmitted to corresponding credit card issuer by BIN of the BVA SP servers 8 in the virtual card number of bank,
China Merchants Bank's server identifies current card number to be decrypted after the virtual card number of bank, obtains the true card number of bank, judges this
The true card number of bank for whether using China Merchants Bank's server is paid, if it is not, step 303 is performed, if so, then China Merchants Bank services
Device deposits request to circle and carries out validation verification, and performs step 307;
303:The user's mark and sequence number that card number true with the bank is bound are transmitted to BVA SP by China Merchants Bank's server
Server 8;
304:BVA SP servers 8 are identified according to user and circle is deposited request and is transmitted to corresponding Alipay service by sequence number
Device;
305:Alipay server deposits request to circle and carries out validation verification, and circle is deposited into requests verification result and fed back to
BVA SP servers 8;
306:Circle is deposited requests verification result and feeds back to China Merchants Bank's server by BVA SP servers 8;
307:Circle is deposited requests verification result and feeds back to NFC mobile phone by China Merchants Bank's server, is completed this circle and is deposited.
When user carries out on-line payment using remote payment mode in NFC mobile phone, then must be sent out by BVA SP direct connections
Card is gone to complete on-line payment, if used account is Third-party payment company, must also couple Third-party payment company.Such as
Shown in Fig. 6, the remote online means of payment comprises the following steps (same Fig. 3 of dotted line implication in Fig. 6):
401:User initiates to pay and asked in the payment platform of Taobao's server to BVA SP servers 8;
402:BVP SP servers 8 are sent to NFC mobile phone by communication;
403:NFC mobile phone generates the virtual card number of bank of this payment, and virtual with the bank by communication
Card number is asked as primary account number to respond the payment initiated by Taobao's server to BVA SP servers 8;
404:BIN of the BVA SP servers 8 in the virtual card number of bank is transmitted to corresponding China Merchants Bank by request is paid
Server, China Merchants Bank's server identify current card number to be decrypted after the virtual card number of bank, obtain the true card number of bank, sentence
Breaking, this pays the true card number of bank for whether using China Merchants Bank's server, if it is not, step 405 is performed, if so, silver of then promoting trade and investment
Row server asks to carry out validation verification to paying, and performs step 409;
405:The user's mark and sequence number that card number true with the bank is bound are transmitted to BVA SP by China Merchants Bank's server
Server 8;
406:BVA SP servers 8 identify according to user and sequence number is transmitted to corresponding Alipay service by request is paid
Device;
407:Alipay server asks to carry out validation verification to paying, and is fed back to requests verification result is paid
BVA SP servers 8;
408:BVA SP servers 8 feed back to China Merchants Bank's server by requests verification result is paid;
409:China Merchants Bank's server feeds back to Taobao's server by requests verification result is paid;
410:Taobao's server feeds back to NFC mobile phone by requests verification result is paid, and completes this payment.
To sum up, key element of the invention is the role by introducing BVA SP in mobile payment link, and effect includes:
1) payment platform for the remote-operated merchant server 7 of payment devices 1 or user that user is held respectively with BVA
SP servers 8 are communicated by the pattern of communication module Wireless Networking, the submission of request such as to complete to bind, inquire about and pay
And transfer work.
2) pattern that BVA SP servers 8 are networked with issuers server 2 by communication module special line is communicated, and has been come
Transfer and feedback operation into requests such as binding, inquiry and payments.
3) pattern that BVA SP servers 8 are networked with Third-party payment server 3 by communication module special line is communicated,
The transfer of request and the feedback operation such as to complete to bind, inquire about and pay.
When user moves payment, on the basis of the true card number of bank that it has been bound on payment devices 1, make
Use T1Accidental enciphering is carried out to client's serial number and this sequence number of Bank Account Number or third party's account used in payment transaction,
Generation meets the virtual card number of bank of card organizational requirements, is passed in the transmitting procedure of payment flow using the virtual card number of bank
It is defeated, overcome and be directly transmitted existing hidden danger using the true card number of bank, even if the virtual card number of bank is transmitting
During be acquired, but without pay cipher key T1, the true card number of the bank containing user's real information still can not be obtained, greatly
Width improves the security and compatibility of mobile payment.
Embodiment two
The present embodiment and the difference of embodiment one be, Bank of Communications's server as issuers server 2, wherein, silver
The encryption process of the virtual card number of the true card number of row and bank is:
The true card number of Bank of Communications 19 is 6,222 6,001 1,234 5,678 909, wherein:
622260 be BIN fields, is designated as B;
0 is identification code field, is designated as S;
11 be fixed value field, is designated as G;
234567890 be client's serial number field, is designated as L;
9 be check code field, is designated as J.
The encrypting step of payment devices 1 includes:
A:Payment devices 1 obtain this time used X (02), then L and X orders are arranged, and by T1Encryption generation encryption
Client's serial number 0987654321, i.e. L';
B:Casting out G when being set and encrypted by Bank of Communications, (G fields still have, and simply show not in the virtual card number of bank
Show), by B+S+L'(be 622260+0+09876543210 by Luhn algorithms) calculate after obtain J'(J'=1), then by B+S+
L'+J' is combined, and obtains the virtual card number 6,222 6,000 9,876 5,432 101 of 19 Bank of Communications for this payment, is completed
Encryption.
The step of Bank of Communications's server decryption, includes:
a:After Bank of Communications's server receives the virtual card number of Bank of Communications, first pass through whether Luhn algorithms verification J' closes
Method, if so, step b is then performed, if it is not, then feedback pays request failure information;
b:Use T1L' is decrypted, so as to obtain L and X;
c:Corresponding G is obtained according to L, and J is obtained after B+S+G+L is calculated by Luhn algorithms, then by B+S+G+L+J
Combination, the true card number 6,222 6,001 1,234 5,678 909 of the Bank of Communications of 19 for this payment is obtained, complete solution
It is close.
Bank of Communications's server is identical with embodiment one as four kinds of means of payment of issuers server 2.
Embodiment three
The present embodiment and the difference of embodiment one be, Guangdong Development Bank's server as issuers server 2, wherein, silver
The encryption process of the virtual card number of the true card number of row and bank is:
The true card number of Guangdong Development Bank 19 is 6,225 6,812 2,212 3,456 785, wherein:
622568 be BIN fields, is designated as B, and Guangdong Development Bank sets this BIN to support the virtual card number of bank, therefore need not
Identification code S;
1222 be fixed value field, is designated as G;
12345678 be client's serial number field, is designated as L;
5 be check code field, is designated as J.
The encrypting step of payment devices 1 includes:
A:Payment devices 1 obtain this time used X (X=03), then L and X orders are arranged, and by T1Encryption generation adds
Close client's serial number 0987654321, i.e. L';
B:Cast out G when being set and encrypted by Guangdong Development Bank, by Luhn algorithms by B+L', (i.e. 622568+0987654321)
J'(J'=1 is obtained after calculating), then B+L'+J' is combined, obtain 17 virtual card numbers of Guangdong Development Bank for this payment
6222 6,009 8,765 43211, complete encryption.
The step of Guangdong Development Bank's server decryption, includes:
a:After Guangdong Development Bank's server receives the virtual card number of bank, first pass through Luhn algorithms verification J' it is whether legal, if
It is then to perform step b, if it is not, then feedback pays request failure information;
b:Use T1L' is decrypted, so as to obtain L and X;
c:Corresponding G is obtained according to L, and J is obtained after B+S+G+L is calculated by Luhn algorithms, then by B+S+G+L+J
Combination, the true card number 6,225 6,812 2,212 3,456 785 of 19 Guangdong Development Bank for this payment is obtained, complete decryption.
Worked as in the step of four kinds of means of payment of Guangdong Development Bank's server as issuers server 2 using BIN to identify
Whether preceding card number is the virtual card number of bank, and other steps are identical with embodiment one.