CN104850996A - External security equipment-based transaction method, system and server - Google Patents
External security equipment-based transaction method, system and server Download PDFInfo
- Publication number
- CN104850996A CN104850996A CN201510220965.6A CN201510220965A CN104850996A CN 104850996 A CN104850996 A CN 104850996A CN 201510220965 A CN201510220965 A CN 201510220965A CN 104850996 A CN104850996 A CN 104850996A
- Authority
- CN
- China
- Prior art keywords
- transaction
- server
- information
- mobile device
- device end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to an external security equipment-based transaction method, a system and a server. The method comprises the steps of scanning the coded information by means of a mobile equipment terminal; acquiring the security transaction information; receiving the security transaction information by means of a server and verifying the validity of the security transaction information; if valid, extracting the transaction confirmation requesting information; transmitting the transaction confirmation requesting information to external security equipment by means of the mobile equipment terminal; generating the signing information by means of the external security equipment; receiving and transmitting the signing information to the server by means of the mobile equipment terminal; verifying the validity of the signing information by means of the server; and sending the confirmation result to a transaction initiating terminal. The system comprises the transaction initiating terminal, the server, the mobile equipment terminal and the external security equipment. The server comprises a receiving unit, a sending unit, a verifying unit, a paying unit and a processing unit. By means of the transaction method, the system and the server, the transaction security of the traditional transaction initiating terminal is improved due to the adoption of the external security equipment, and the application range of the external security equipment is expanded. Meanwhile, the development of accessories related to the transaction initiating terminal is reduced.
Description
Technical field
The present invention relates to communication field, particularly relate to a kind of method of commerce based on external security device, system and server.
Background technology
Along with the development of electronic utility, the mode that people are undertaken concluding the business by electronic equipment also gets more and more, and meanwhile, the requirement of people to transaction security is also more and more higher.Such as, use Alipay to carry out concluding the business or transferring accounts, point of sells can also be used to conclude the business.But when using Alipay to carry out concluding the business or transferring accounts, need the relevant information inputting client, safety for customer information account leans on manual confirmation completely, and transaction security only needs static password, and this mode of doing business also can well be ensured the safety of Transaction Account number.
Intelligent mobile equipment of today can by using external security device, compare safe transaction, Intelligent mobile equipment is when carrying out secure transaction transmission, external security device is needed to confirm, data transmission between external security device and Intelligent mobile equipment wirelessly transmits, such as wireless blue tooth communication mode or wireless near field communication mode etc.But the external security device that traditional transaction initiating terminal (such as, PC hold) uses normally transmits data by USB interface, if but external security device does not possess USB interface, then cannot be compatible with PC.
Summary of the invention
The object of the invention is the defect for prior art, a kind of method of commerce based on external security device, system and server are provided, to realize the use of external security device when conventional transaction initiating terminal is concluded the business.
For achieving the above object, first aspect, the invention provides a kind of method of commerce based on external security device, and this method of commerce comprises:
Server receives the secure transaction that mobile device end sends; Described secure transaction is that mobile device end is by scanning encoding information acquisition;
The legitimacy of described server authentication secure transaction;
When authenticating security Transaction Information result is legal, described server extracts the trade confirmation solicited message that external security device participates in confirming;
Described trade confirmation solicited message is sent to described mobile device end by described server; Described server receives the described signing messages that described mobile device end sends; Wherein, described signing messages calculates generation by described external security device according to described trade confirmation solicited message;
The legitimacy of described server to described signing messages is verified;
When certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
Further, receive the secure transaction of mobile device end transmission at described server before, described method of commerce also comprises:
Described transaction initiating terminal produces secure transaction, and generates coded message described in Software Create by coded message.
Further, the legitimacy of described authenticating security Transaction Information is specially:
Whether the secure transaction that the secure transaction that initiating terminal of concluding the business described in described server authentication sends and described mobile device end send is consistent;
If so, then authenticating security Transaction Information result is legal;
If not, then authenticating security Transaction Information result is illegal.
Preferably, described method of commerce also comprises: when authenticating security Transaction Information result is illegal, and described server stops transaction, and miscue information is sent to described mobile device end.
Preferably, described trade confirmation solicited message comprises payment account information, sequence information and collecting account information.
Preferably, described wireless transmission method comprises: wireless blue tooth communication mode or wireless near field communication mode.
Preferably, described method of commerce also comprises: when certifying signature information result is illegal, and described server stops transaction, and miscue information is sent to described mobile device end.
Second aspect, the invention provides the method for commerce of another kind of external security device, and this method of commerce comprises:
The coded message that mobile device end scanning transaction initiating terminal generates, obtains secure transaction, and described secure transaction is sent to server; Server receives secure transaction, and the legitimacy of authenticating security Transaction Information;
When server authentication secure transaction result is legal, described mobile device termination is received the trade confirmation solicited message from described server and is transmitted to external security device by wireless transmission method; Described trade confirmation solicited message is that described server extracts when authenticating security Transaction Information is legal;
Described mobile device end receives signing messages by described wireless transmission method, and sends to described server; Wherein, described signing messages calculates generation by described external security device according to described trade confirmation solicited message; The legitimacy of described server to described signing messages is verified, when certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
The third aspect, the invention provides a kind of transaction system of external security device, and this transaction system comprises: transaction initiating terminal, mobile device end, server and external security device;
Described transaction initiating terminal, for receiving Transaction Information, and generates coded message;
Described mobile device end, for scanning described coded message, obtaining secure transaction, and described secure transaction is sent to server;
Described server, for receiving secure transaction, and the legitimacy of authenticating security Transaction Information;
Described server also for, when authenticating security Transaction Information result is legal, extracts the trade confirmation solicited message that external security device participates in confirming, and send to described mobile device end;
Described mobile device end also for, receive described trade confirmation solicited message, and send described trade confirmation solicited message by wireless transmission method to described external security device;
Described external security device, for participating in calculating according to described trade confirmation solicited message, generating signing messages, and sending to described mobile device end;
Described mobile device end also for, receive described signing messages, and send to described server;
Described server also for, verify the legitimacy of described signing messages, when certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
Preferably, described server also for, when certifying signature information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
Preferably, described server also for, when authenticating security Transaction Information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
Preferably, described wireless transmission method comprises: wireless blue tooth communication mode or wireless near field communication mode.
Preferably, described trade confirmation solicited message comprises payment account information, sequence information and collecting account information.
Further, the legitimacy of described authenticating security Transaction Information is specially: whether the secure transaction that the secure transaction that initiating terminal of concluding the business described in described server authentication sends and described mobile device end send is consistent;
If so, then authenticating security Transaction Information result is legal;
If not, then authenticating security Transaction Information result is illegal.
Fourth aspect, the invention provides a kind of trading server based on external security device, and this server comprises: receiving element, transmitting element, authentication unit and payment unit;
Described receiving element, for receiving the secure transaction that transaction initiating terminal sends, and the transaction security information that mobile device end sends;
Described authentication unit, for verifying the legitimacy of described transaction security information;
Described transmitting element, for sending trade confirmation solicited message to mobile device end; External unit participates in calculating according to described trade confirmation solicited message, generates signing messages;
Described receiving element also for, receive described signing messages;
Described authentication unit also for, verify the legitimacy of described signing messages;
Described payment unit, for when verifying that described signing messages result is legal, according to payment account information, sequence information and collecting account information, carries out payment processes;
Described transmitting element also for, when verify described signing messages result legal time, confirmation result is sent to described transaction initiating terminal; When verifying that described signing messages result is illegal, miscue information is sent to described mobile device end.
Preferably, described server also comprises: processing unit, for extracting the trade confirmation solicited message that described external security device participates in confirming.
Preferably, described transmitting element also for, when verify described transaction security information illegal time, miscue information is sent to described mobile device end by described server.
Advantage of the present invention is by using external security device to conclude the business on transaction initiating terminal, improve the security of transaction, add the scope of application of external security device, decrease the exploitation of transaction initiating terminal related accessories, saved cost simultaneously; The use of coded message, adds the convenience of transaction while improving transaction security.
Accompanying drawing explanation
The process flow diagram of the method for commerce based on external security device that Fig. 1 provides for the embodiment of the present invention one;
The process flow diagram of the method for commerce based on external security device that Fig. 2 provides for the embodiment of the present invention two;
The schematic diagram of the transaction system based on external security device that Fig. 3 provides for the embodiment of the present invention three;
The schematic diagram of the trading server based on external security device that Fig. 4 provides for the embodiment of the present invention four.
Embodiment
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Method of commerce of the present invention, system and server are the method for commerce of transaction initiating terminal based on external security device, system and server, coded message scanning Transaction Information is carried out by mobile device end, and carry out transfer transmission information by mobile device end, traditional transaction initiating terminal is concluded the business by external security device.
Embodiment one
The process flow diagram of the method for commerce based on external security device that Fig. 1 provides for the embodiment of the present invention one, as shown in the figure, the method comprises the following steps:
Step 101, server receives the secure transaction that mobile device end sends.
Particularly, the coded message that mobile device end scanning transaction initiating terminal generates, obtain secure transaction, and secure transaction is sent to server, server receives secure transaction.
Transaction initiating terminal can comprise desk-top computer, notebook computer and the personal computer etc. being compatible with IBM system; Mobile device end can comprise mobile phone, panel computer etc.; Coded message can comprise Quick Response Code, bar code etc.
Step 102, the legitimacy of server authentication secure transaction.
Particularly, server receives the secure transaction sent by mobile device end, and the legitimacy of authenticating security Transaction Information.
Such as, whether server compares the secure transaction sent by transaction initiating terminal, consistent with the secure transaction that mobile device end sends; If consistent, then server authentication secure transaction result is legal, if inconsistent, then server authentication secure transaction result is illegal.
Step 103, when the result is legal, server extracts trade confirmation solicited message.
Particularly, when server authentication secure transaction result is legal, server extracts the trade confirmation solicited message that external security device participates in confirming.
External security device can comprise intelligent finance card, certificate Key etc.; Trade confirmation solicited message comprises payment account information, sequence information and collecting account information etc.
Step 105, trade confirmation solicited message is sent to mobile device end by server.
Step 106, server receives the signing messages that mobile device end sends.
Particularly, server receives the signing messages that mobile device end sends; Wherein, signing messages calculates generation by external security device according to trade confirmation solicited message.
First, trade confirmation solicited message is sent to external security device by wireless transmission method by mobile device end.Wireless transmission method comprises wireless blue tooth communication mode or wireless near field communication mode.
Such as, mobile device end is connected with external security device by Blue-tooth communication method, when mobile device end is with the mode paging external security device of frequency hopping, external security device can run-down outer loop at set intervals, when scanning mobile device end, just can respond mobile device end, and connect with mobile device end, thus by mobile device end payment account information, sequence information and collecting account information transmission to external security device.
When wireless transmission method is wireless near field communication mode, mobile device end only needs to be connected with external security device by the mode of " touching ", and then by mobile device end payment account information, sequence information and collecting account information transmission to external security device.
Then, external security device calculates according to the trade confirmation solicited message received, and generates signing messages, and sends to mobile device end by wireless transmission method.
Such as, external security device uses Blue-tooth communication method or wireless near field communication mode to be connected with mobile device end, carry out generating signing messages based on the digital signature of Public Key Infrastructure (Public Key Infrastructure PKI) according to the payment account information received, sequence information and collecting account information, and send the signing messages of generation to mobile device end.
Step 107, the legitimacy of server to signing messages is verified.
Particularly, server is verified by corresponding digital certificate on the server according to the Transaction Information received and signing messages.
Such as, external security device carries out dynamic password signature according to payment account information, sequence information and collecting account information and generates signing messages, the signing messages that mobile device receives also sends it to server, and the dynamic signature of storage inside and signing messages are compared by server.
Step 108, when the result is legal, server carries out payment processes, and confirmation result is sent to transaction initiating terminal.
Particularly, when the result is legal, server, according to payment account information, sequence information and collecting account information, carries out payment processes, and the confirmation result of Transaction Success is sent to transaction initiating terminal.
Step 109, when the result is illegal, miscue information is sent to mobile device end by server.
Particularly, when authenticating security Transaction Information result is illegal, server stops transaction, and miscue information is sent to mobile device end.
Further, before step 101, this method of commerce also comprises:
Transaction initiating terminal produces secure transaction, and generates coded message described in Software Create by coded message.
After step 102, this method of commerce also comprises:
Step 104, when the result is illegal, sends to mobile device end by miscue information.
Particularly, when authenticating security Transaction Information result is illegal, server stops transaction, and miscue information is sent to mobile device end.
Embodiment two
The process flow diagram of the method for commerce based on external security device that Fig. 2 provides for the embodiment of the present invention two, as shown in the figure, the method comprises the following steps:
Step 201, the coded message that mobile device end scanning transaction initiating terminal generates, obtains secure transaction, and secure transaction is sent to server; Server receives secure transaction, and the legitimacy of authenticating security Transaction Information.
Particularly, transaction initiating terminal can comprise desk-top computer, notebook computer and the personal computer etc. being compatible with IBM system; Mobile device end can comprise mobile phone, panel computer etc.; Coded message can comprise Quick Response Code, bar code etc.
Whether server compares the secure transaction sent by transaction initiating terminal, consistent with the secure transaction that mobile device end sends; If consistent, then server authentication secure transaction result is legal, if inconsistent, then server authentication secure transaction result is illegal.
Step 202, when authenticating security Transaction Information result is legal, mobile device termination receives trade confirmation solicited message.
Particularly, when authenticating security Transaction Information result is legal, mobile device termination receives trade confirmation solicited message; Trade confirmation solicited message is sent to external security device by wireless transmission method by mobile device end; Trade confirmation solicited message is specially that server extracts, so that external security device participates in the trade confirmation solicited message confirmed.
External security device can comprise intelligent finance card, certificate Key etc.; Trade confirmation solicited message comprises payment account information, sequence information and collecting account information etc.
Wireless transmission method comprises wireless blue tooth communication mode or wireless near field communication mode.
Such as, mobile device end is connected with external security device by Blue-tooth communication method, when mobile device end is with the mode paging external security device of frequency hopping, external security device can run-down outer loop at set intervals, when scanning mobile device end, just can respond mobile device end, and connect with mobile device end, thus by mobile device end payment account information, sequence information and collecting account information transmission to external security device.
When wireless transmission method is wireless near field communication mode, mobile device end only needs to be connected with external security device by the mode of " touching ", and then by mobile device end payment account information, sequence information and collecting account information transmission to external security device.
External security device participates in calculating according to the trade confirmation solicited message received, and generates signing messages, and sends to mobile device end by wireless transmission method.
Such as, external security device uses Blue-tooth communication method or wireless near field communication mode to be connected with mobile device end, carry out generating signing messages based on the digital signature of Public Key Infrastructure (Public Key Infrastructure PKI) according to the payment account information received, sequence information and collecting account information, and send the signing messages of generation to mobile device end.
Step 204, mobile device termination receives signing messages, and sends to server; The legitimacy of server to signing messages is verified, when certifying signature information result is legal, server carries out payment processes, and confirmation result is sent to transaction initiating terminal.
Particularly, server is verified by corresponding digital certificate on the server according to the Transaction Information received and signing messages.
Such as, external security device carries out dynamic password signature according to payment account information, sequence information and collecting account information and generates signing messages, the signing messages that mobile device receives also sends it to server, and the dynamic signature of storage inside and signing messages are compared by server.
When the result is legal, server, according to payment account information, sequence information and collecting account information, carries out payment processes, and the confirmation result of Transaction Success is sent to transaction initiating terminal.
Step 205, when the result is illegal, miscue information is sent to mobile device end by server.
Particularly, when authenticating security Transaction Information result is illegal, server stops transaction, and miscue information is sent to mobile device end.
Further, before step 201, this method of commerce also comprises:
Transaction initiating terminal produces secure transaction, and generates coded message described in Software Create by coded message.
After step 201, this method of commerce also comprises:
Step 203, when the result is illegal, sends to mobile device end by miscue information.
Particularly, when authenticating security Transaction Information result is illegal, server stops transaction, and miscue information is sent to mobile device end.
The method of commerce of the transaction initiating terminal based on external security device of the present invention, by the use of coded message, improves the security of transaction, adds the convenience of transaction; By the transfer transmission of mobile device as information, achieve the use of external security device on transaction initiating terminal, solving external security device cannot the problem of compatible transaction initiating terminal.Improve the security of conventional transaction initiating terminal transaction, add the scope of application of external security device, decrease the exploitation of transaction initiating terminal related accessories simultaneously, saved cost.
Embodiment three
The schematic diagram of the transaction system based on external security device that Fig. 3 provides for the embodiment of the present invention three, as shown in the figure, this transaction system comprises: transaction initiating terminal 301, server 302, mobile device end 303 and external security device 304.
Transaction initiating terminal 301 produces secure transaction, and generates Software Create coded message by coded message.Meanwhile, the secure transaction of generation is sent to server 302.
Server 302, for receiving the secure transaction that mobile device end 303 sends, and the legitimacy of authenticating security Transaction Information.Server 302 also for, when authenticating security Transaction Information result is legal, extracts the trade confirmation solicited message that external security device 304 participates in confirming, and send to mobile device end 303; When authenticating security Transaction Information result is illegal, server 302 stops transaction, and miscue information is sent to mobile device end 303.Server 302 also for, receive and the legitimacy of certifying signature information, when certifying signature information result is legal, server 302 carries out payment processes, and confirmations result is sent to initiating terminal 301 of concluding the business; Server 302 also for, when certifying signature information result is illegal, server 302 stops transaction, and miscue information is sent to mobile device end 303.
Mobile device end 303, for scanning the coded message that transaction initiating terminal 301 produces, obtaining secure transaction, and secure transaction is sent to server 302.Mobile device end 303 also for the trade confirmation solicited message that, reception server 302 sends, and by wireless transmission method externally safety equipment 304 send trade confirmation solicited message.Mobile device end 303 also for, receive signing messages, and send to server 302.
External security device 304, for participating in calculating according to trade confirmation solicited message, generating signing messages, and sending to mobile device end 303.
Preferably, wireless transmission method comprises wireless blue tooth communication mode or wireless near field communication mode.
Preferably, transaction initiating terminal 301 can comprise desk-top computer, notebook computer and the personal computer etc. being compatible with IBM system; Mobile device end 303 can comprise mobile phone, panel computer etc.; Coded message can comprise Quick Response Code, bar code etc.; External security device 304 can comprise intelligent finance card, certificate Key etc.; Trade confirmation solicited message comprises payment account information, sequence information and collecting account information etc.
Further, the legitimacy of server 302 authenticating security Transaction Information, especially by comparing the secure transaction sent by transaction initiating terminal 301, whether the secure transaction sent with mobile device end 303 is consistent; If consistent, then server 302 authenticating security Transaction Information result is legal, if inconsistent, then server 302 authenticating security Transaction Information result is illegal.
The course of work of the transaction system of the embodiment of the present invention three is as follows:
Transaction initiating terminal 301 produces secure transaction, and generates the coded message of secure transaction by coded message maker.Mobile device end 303 scans the coded message that transaction initiating terminal 301 generates, and obtains secure transaction, and secure transaction is sent to server 302.Server 302 is by comparing the secure transaction sent by transaction initiating terminal, whether consistent with the secure transaction that mobile device end sends, whether authenticating security Transaction Information is legal, if unanimously, then server 302 authenticating security Transaction Information result is legal; If inconsistent, then server 302 authenticating security Transaction Information result is illegal.When authenticating security Transaction Information result is legal, server 302 extracts the trade confirmation solicited message that external security device 304 participates in confirming, specifically comprise payment account information, sequence information and collecting account information etc., and trade confirmation solicited message is sent to mobile device end 303.
Mobile device end 303 is by wireless blue tooth communication mode or wireless near field communication mode externally safety equipment 304 Sending Payments accounts information, sequence information and collecting account information.External security device 304 calculates according to the payment account information received, sequence information and collecting account information, generates signing messages, and sends to mobile device end 303 by wireless blue tooth communication mode or wireless near field communication mode.Mobile device end 303 receives signing messages, and sends to server 302.
Server 302 is verified by corresponding digital certificate on a server 302 according to the Transaction Information received and signing messages.When the result is legal, server 302, according to money accounts information, sequence information and collecting account information, carries out payment processes, and the confirmation result of Transaction Success is sent to transaction initiating terminal 301.When the result is illegal, server 302 stops transaction, and miscue information is sent to mobile device end 303.
The transaction system of transaction initiating terminal of the present invention, uses external security device 304 to participate in business the transaction of initiating terminal, improves the security of conventional transaction initiating terminal transaction; By the transfer transmission of mobile device 303 as information, achieve the use of external security device 304 on transaction initiating terminal 301, add the scope of application of external security device 304, solving external security device 304 cannot the problem of compatible transaction initiating terminal 301; Decrease the exploitation of transaction initiating terminal related accessories simultaneously, save cost.By using coded message on transaction initiating terminal 301, improve the security of transaction, adding the convenience of transaction.
Embodiment four
The schematic diagram of the trading server based on external security device that Fig. 4 provides for the embodiment of the present invention four, as shown in the figure, this trading server comprises: receiving element 401, transmitting element 402, authentication unit 403 and payment unit 404.
Receiving element 401, for receiving the secure transaction that transaction initiating terminal sends, and the transaction security information that mobile device end sends; Also for receiving the signing messages that external unit generates.
Transmitting element 402, for sending trade confirmation solicited message to mobile device end, external unit participates in calculating according to trade confirmation solicited message, generates signing messages; Confirmation result also for when the result is legal, is sent to transaction initiating terminal by transmitting element 402; When the result is illegal, miscue information is sent to mobile device end; Transmitting element 402 also for, when verifying that transaction security information is illegal, miscue information is sent to mobile device end.
Authentication unit 403, for verifying the legitimacy of transaction security information; Also for the legitimacy of certifying signature information.
Payment unit 404, for when certifying signature information result is legal, according to payment account information, sequence information and collecting account information, carries out payment processes.
Further, processing unit 405, for extracting the trade confirmation solicited message that external security device participates in confirming.
The course of work of the trading server of the embodiment of the present invention four is as follows:
The receiving element 401 of server receives the secure transaction of transaction initiating terminal transmission and the transaction security information that mobile device end sends; Whether authentication unit 403 is consistent with the transaction security information that mobile device end sends by the secure transaction comparing the transmission of transaction initiating terminal, verifies the legitimacy of transaction security information; If consistent, then authenticating security Transaction Information result is legal; If inconsistent, then authenticating security Transaction Information result is illegal.When authenticating security Transaction Information result is illegal, miscue information is sent to mobile device end by transmitting element 402.
When authenticating security Transaction Information result is legal, processing unit 405, according to secure transaction, extracts the trade confirmation solicited message that external security device participates in confirming, specifically comprises payment account information, sequence information and collecting account information etc.; Transmitting element 402, sends trade confirmation solicited message to mobile device end; External unit participates in calculating according to trade confirmation solicited message, generates signing messages, and sends to mobile device end by wireless blue tooth communication mode or wireless near field communication mode; Mobile device termination receives signing messages, and sends to receiving element 401; Authentication unit 403, the legitimacy of certifying signature information.
When certifying signature information result is legal, the payment unit 404 of server, according to payment account information, sequence information and collecting account information, carries out payment processes, and the confirmation result of Transaction Success is sent to transaction initiating terminal by transmitting element 402; When the result is illegal, miscue information is sent to mobile device end by transmitting element 402.
The trading server of transaction initiating terminal of the present invention, secure transaction is received by receiving element, and pass through the legitimacy of authentication unit authenticating security Transaction Information, when verifying legal, after processing unit processes, extract trade confirmation solicited message, improve the security of transaction, too increase the convenience of transaction.After receiving element receives the signing messages of external unit generation, verified by authentication unit again, carry out payment processes by payment unit according to payment account information, sequence information and collecting account information after being proved to be successful, improve accuracy and the security of Send only Account and collecting account; By the transfer transmission of mobile device as information, achieve the use of external security device on transaction initiating terminal, add the scope of application of external security device, solving external security device cannot the problem of compatible transaction initiating terminal.
Professional should recognize further, in conjunction with unit and the algorithm steps of each example of embodiment disclosed herein description, can realize with electronic hardware, computer software or the combination of the two, in order to the interchangeability of hardware and software is clearly described, generally describe composition and the step of each example in the above description according to function.These functions perform with hardware or software mode actually, depend on application-specific and the design constraint of technical scheme.Professional and technical personnel can use distinct methods to realize described function to each specifically should being used for, but this realization should not thought and exceeds scope of the present invention.
The software module that the method described in conjunction with embodiment disclosed herein or the step of algorithm can use hardware, processor to perform, or the combination of the two is implemented.Software module can be placed in the storage medium of other form any known in random access memory (RAM), internal memory, ROM (read-only memory) (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field.
Above-described embodiment; object of the present invention, technical scheme and beneficial effect are further described; be understood that; the foregoing is only the specific embodiment of the present invention; the protection domain be not intended to limit the present invention; within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (17)
1. based on a method of commerce for external security device, it is characterized in that, described method of commerce comprises:
Server receives the secure transaction that mobile device end sends; Described secure transaction is that mobile device end is by scanning encoding information acquisition;
The legitimacy of described server authentication secure transaction;
When authenticating security Transaction Information result is legal, described server extracts the trade confirmation solicited message that external security device participates in confirming;
Described trade confirmation solicited message is sent to described mobile device end by described server;
Described server receives the described signing messages that described mobile device end sends; Wherein, described signing messages calculates generation by described external security device according to described trade confirmation solicited message;
The legitimacy of described server to described signing messages is verified;
When certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
2. method of commerce according to claim 1, is characterized in that, receive the secure transaction of mobile device end transmission at described server before, described method of commerce also comprises:
Described transaction initiating terminal produces secure transaction, and generates coded message described in Software Create by coded message.
3. method of commerce according to claim 1, is characterized in that, the legitimacy of described authenticating security Transaction Information is specially:
Whether the secure transaction that the secure transaction that initiating terminal of concluding the business described in described server authentication sends and described mobile device end send is consistent;
If so, then authenticating security Transaction Information result is legal;
If not, then authenticating security Transaction Information result is illegal.
4. method of commerce according to claim 1, is characterized in that, described method of commerce also comprises:
When authenticating security Transaction Information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
5. method of commerce according to claim 1, is characterized in that, described trade confirmation solicited message comprises payment account information, sequence information and collecting account information.
6. method of commerce according to claim 1, is characterized in that, described wireless transmission method comprises: wireless blue tooth communication mode or wireless near field communication mode.
7. method of commerce according to claim 1, is characterized in that, described method of commerce also comprises:
When certifying signature information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
8. based on a method of commerce for external security device, it is characterized in that, described method of commerce comprises:
The coded message that mobile device end scanning transaction initiating terminal generates, obtains secure transaction, and described secure transaction is sent to server; Server receives secure transaction, and the legitimacy of authenticating security Transaction Information;
When server authentication secure transaction result is legal, described mobile device termination is received the trade confirmation solicited message from described server and is transmitted to external security device by wireless transmission method; Described trade confirmation solicited message is that described server extracts when authenticating security Transaction Information is legal;
Described mobile device end receives signing messages by described wireless transmission method, and sends to described server; Wherein, described signing messages calculates generation by described external security device according to described trade confirmation solicited message; The legitimacy of described server to described signing messages is verified, when certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
9. based on a transaction system for external security device, it is characterized in that, described transaction system comprises: transaction initiating terminal, mobile device end, server and external security device;
Described transaction initiating terminal, for receiving Transaction Information, and generates coded message;
Described mobile device end, for scanning described coded message, obtaining secure transaction, and described secure transaction is sent to server;
Described server, for receiving secure transaction, and the legitimacy of authenticating security Transaction Information;
Described server also for, when authenticating security Transaction Information result is legal, extracts the trade confirmation solicited message that external security device participates in confirming, and send to described mobile device end;
Described mobile device end also for, receive described trade confirmation solicited message, and send described trade confirmation solicited message by wireless transmission method to described external security device;
Described external security device, for participating in calculating according to described trade confirmation solicited message, generating signing messages, and sending to described mobile device end;
Described mobile device end also for, receive described signing messages, and send to described server;
Described server also for, verify the legitimacy of described signing messages, when certifying signature information result is legal, described server carries out payment processes, and confirmation result is sent to described transaction initiating terminal.
10. transaction system according to claim 9, is characterized in that, described server also for, when certifying signature information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
11. transaction systems according to claim 9, is characterized in that, described server also for, when authenticating security Transaction Information result is illegal, described server stops transaction, and miscue information is sent to described mobile device end.
12. transaction systems according to claim 9, is characterized in that, described wireless transmission method comprises: wireless blue tooth communication mode or wireless near field communication mode.
13. transaction systems according to claim 9, is characterized in that, described trade confirmation solicited message comprises payment account information, sequence information and collecting account information.
14. transaction systems according to claim 9, it is characterized in that, the legitimacy of described authenticating security Transaction Information is specially: whether the secure transaction that the secure transaction that initiating terminal of concluding the business described in described server authentication sends and described mobile device end send is consistent;
If so, then authenticating security Transaction Information result is legal;
If not, then authenticating security Transaction Information result is illegal.
15. 1 kinds, based on the trading server of external security device, is characterized in that, described server comprises: receiving element, transmitting element, authentication unit and payment unit;
Described receiving element, for receiving the secure transaction that transaction initiating terminal sends, and the transaction security information that mobile device end sends;
Described authentication unit, for verifying the legitimacy of described transaction security information;
Described transmitting element, for sending trade confirmation solicited message to mobile device end; External unit participates in calculating according to described trade confirmation solicited message, generates signing messages;
Described receiving element also for, receive described signing messages;
Described authentication unit also for, verify the legitimacy of described signing messages;
Described payment unit, for when verifying that described signing messages result is legal, according to payment account information, sequence information and collecting account information, carries out payment processes;
Described transmitting element also for, when verify described signing messages result legal time, confirmation result is sent to described transaction initiating terminal; When verifying that described signing messages result is illegal, miscue information is sent to described mobile device end.
16. trading servers according to claim 15, is characterized in that, described server also comprises: processing unit, for extracting the trade confirmation solicited message that described external security device participates in confirming.
17. trading servers according to claim 15, is characterized in that, described transmitting element also for, when verify described transaction security information illegal time, miscue information is sent to described mobile device end by described server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510220965.6A CN104850996B (en) | 2015-05-04 | 2015-05-04 | Transaction method, system and server based on external security equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510220965.6A CN104850996B (en) | 2015-05-04 | 2015-05-04 | Transaction method, system and server based on external security equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104850996A true CN104850996A (en) | 2015-08-19 |
| CN104850996B CN104850996B (en) | 2021-12-10 |
Family
ID=53850626
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510220965.6A Active CN104850996B (en) | 2015-05-04 | 2015-05-04 | Transaction method, system and server based on external security equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104850996B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106056419A (en) * | 2015-11-25 | 2016-10-26 | 天地融科技股份有限公司 | Method, system and device for realizing independent transaction by using electronic signature equipment |
| CN106372942A (en) * | 2016-08-31 | 2017-02-01 | 中城智慧科技有限公司 | Payment method and system based on safety certificate mechanism |
| CN107230121A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Transaction processing method, device and server |
| CN109389392A (en) * | 2018-09-25 | 2019-02-26 | 中国银行股份有限公司 | A kind of authentication transaction method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102509213A (en) * | 2011-11-16 | 2012-06-20 | 上海翰鑫信息科技有限公司 | System and method for remote payment and trade, mobile terminal and subscriber identity module (SIM) card |
| CN102789607A (en) * | 2012-07-04 | 2012-11-21 | 北京天龙融和软件有限公司 | Network transaction method and system |
| CN103116844A (en) * | 2013-03-06 | 2013-05-22 | 李锦风 | Near field communication payment method authenticated by both sides of deal |
-
2015
- 2015-05-04 CN CN201510220965.6A patent/CN104850996B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102509213A (en) * | 2011-11-16 | 2012-06-20 | 上海翰鑫信息科技有限公司 | System and method for remote payment and trade, mobile terminal and subscriber identity module (SIM) card |
| CN102789607A (en) * | 2012-07-04 | 2012-11-21 | 北京天龙融和软件有限公司 | Network transaction method and system |
| CN103116844A (en) * | 2013-03-06 | 2013-05-22 | 李锦风 | Near field communication payment method authenticated by both sides of deal |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106056419A (en) * | 2015-11-25 | 2016-10-26 | 天地融科技股份有限公司 | Method, system and device for realizing independent transaction by using electronic signature equipment |
| CN107230121A (en) * | 2016-03-25 | 2017-10-03 | 阿里巴巴集团控股有限公司 | Transaction processing method, device and server |
| CN107230121B (en) * | 2016-03-25 | 2020-10-02 | 阿里巴巴集团控股有限公司 | Transaction processing method and device and server |
| CN106372942A (en) * | 2016-08-31 | 2017-02-01 | 中城智慧科技有限公司 | Payment method and system based on safety certificate mechanism |
| WO2018040651A1 (en) * | 2016-08-31 | 2018-03-08 | 中城智慧科技有限公司 | Payment method and payment system based on security authentication mechanism |
| CN106372942B (en) * | 2016-08-31 | 2018-09-21 | 中城智慧科技有限公司 | A kind of method of payment and payment system based on security authentication mechanism |
| CN109389392A (en) * | 2018-09-25 | 2019-02-26 | 中国银行股份有限公司 | A kind of authentication transaction method and device |
| CN109389392B (en) * | 2018-09-25 | 2022-08-19 | 中国银行股份有限公司 | Security authentication transaction method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104850996B (en) | 2021-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210081928A1 (en) | Systems and methods for linking devices to user accounts | |
| CN105608577B (en) | Method for realizing non-repudiation, payment management server and user terminal thereof | |
| CN101651675B (en) | By the method and system that authentication code is verified client | |
| US8112627B2 (en) | System for self-service recharging and method for the same | |
| EP3779753A2 (en) | Validation cryptogram for interaction | |
| EP2961094A1 (en) | System and method for generating a random number | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| CN103617531A (en) | Safety payment method and device based on credible two-dimension code | |
| CN202771476U (en) | Security certification system | |
| CN102790767B (en) | Information safety control method, information safety display equipment and electronic trading system | |
| CN104301110A (en) | Authentication method, authentication device and system applied to intelligent terminal | |
| CN103839157A (en) | Electronic payment method, device and system | |
| CN104079562A (en) | Safety authentication method based on payment terminal and related device | |
| CN101561956A (en) | Method and system for information interaction | |
| CN103973711A (en) | Verification method and device | |
| CN101790166A (en) | Digital signing method based on mobile phone intelligent card | |
| CN104850996A (en) | External security equipment-based transaction method, system and server | |
| CN105704092A (en) | User identity authentication method, device and system | |
| CN104657860A (en) | Mobile banking security authentication method | |
| CN106980977B (en) | Payment method and system based on Internet of things | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN103218717A (en) | Credit authorization method based on plane code | |
| CN103139210A (en) | Method of safety authentication | |
| CN102819799A (en) | Multi-channel safety authenticating system and authenticating method based on U-Key | |
| CN106779672A (en) | The method and device that mobile terminal safety pays |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |