CN104850996B - Transaction method, system and server based on external security equipment - Google Patents

Transaction method, system and server based on external security equipment Download PDF

Info

Publication number
CN104850996B
CN104850996B CN201510220965.6A CN201510220965A CN104850996B CN 104850996 B CN104850996 B CN 104850996B CN 201510220965 A CN201510220965 A CN 201510220965A CN 104850996 B CN104850996 B CN 104850996B
Authority
CN
China
Prior art keywords
transaction
information
server
terminal
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510220965.6A
Other languages
Chinese (zh)
Other versions
CN104850996A (en
Inventor
贾小龙
杨桥邦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HIERSTAR (SUZHOU) Ltd
Original Assignee
HIERSTAR (SUZHOU) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HIERSTAR (SUZHOU) Ltd filed Critical HIERSTAR (SUZHOU) Ltd
Priority to CN201510220965.6A priority Critical patent/CN104850996B/en
Publication of CN104850996A publication Critical patent/CN104850996A/en
Application granted granted Critical
Publication of CN104850996B publication Critical patent/CN104850996B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to a transaction method, a system and a server based on external safety equipment, wherein the method comprises the following steps: the mobile equipment terminal scans the coded information to obtain the safe transaction information, and the server receives the safe transaction information and verifies the legality; if the transaction is legal, extracting transaction confirmation request information; sending the information to external safety equipment through a mobile equipment terminal; the external security equipment generates signature information; the mobile equipment terminal receives the signature information and sends the signature information to the server; the server verifies the validity and sends the confirmation result to the transaction initiating terminal. The system comprises: the system comprises a transaction initiating terminal, a server, a mobile device terminal and an external safety device. The server includes: the device comprises a receiving unit, a sending unit, a verification unit, a payment unit and a processing unit. The transaction method, the transaction system and the server improve the transaction security of the traditional transaction initiating terminal, increase the application range of the external security equipment and reduce the development of related accessories of the transaction initiating terminal by using the external security equipment.

Description

Transaction method, system and server based on external security equipment
Technical Field
The invention relates to the field of communication, in particular to a transaction method, a transaction system and a transaction server based on external safety equipment.
Background
With the development of electronic industry, people have more and more ways to trade through electronic equipment, and meanwhile, the requirement of people on trade safety is higher and higher. For example, a transaction or transfer of money is made using a payroll, and a transaction may also be made using an electronic cash register system. However, when the payment bank is used for transaction or transfer, the relevant information of a customer needs to be input, the safety of the customer information account number is completely confirmed manually, the transaction safety only needs a static password, and the safety of the transaction account number can be well guaranteed by the transaction mode.
The current intelligent mobile device can perform relatively safe transaction by using an external safety device, the intelligent mobile device needs the external safety device to confirm when performing safe transaction information transmission, and data transmission between the external safety device and the intelligent mobile device is performed in a wireless mode, such as a wireless Bluetooth communication mode or a wireless near field communication mode. However, the external security device used by the conventional transaction initiation terminal (e.g., PC terminal) generally transmits data through the USB interface, but if the external security device does not have the USB interface, the external security device cannot be compatible with the PC.
Disclosure of Invention
The invention aims to provide a transaction method, a transaction system and a transaction server based on an external security device, aiming at the defects of the prior art, so as to realize the use of the external security device in the conventional transaction initiation terminal transaction.
To achieve the above object, in a first aspect, the present invention provides a transaction method based on an external security device, the transaction method including:
the server receives the safe transaction information sent by the mobile equipment terminal; the safety transaction information is obtained by scanning the coded information by the mobile equipment terminal;
the server verifies the validity of the safe transaction information;
when the result of the safety transaction information is verified to be legal, the server extracts transaction confirmation request information of the external safety equipment participating in confirmation;
the server sends the transaction confirmation request information to the mobile equipment terminal; the server receives the signature information sent by the mobile equipment terminal; wherein the signature information is generated by the external security device through calculation according to the transaction confirmation request information;
the server verifies the validity of the signature information;
and when the signature information verification result is legal, the server performs payment processing and sends a confirmation result to the transaction initiating terminal.
Further, before the server receives the secure transaction information sent by the mobile device, the transaction method further includes:
the transaction initiating terminal generates safe transaction information and generates the coded information through coded information generating software.
Further, the verifying the validity of the secure transaction information specifically includes:
the server verifies whether the safe transaction information sent by the transaction initiating terminal is consistent with the safe transaction information sent by the mobile equipment terminal;
if so, verifying that the result of the safe transaction information is legal;
if not, the result of the safety transaction information is verified to be illegal.
Preferably, the transaction method further comprises: and when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
Preferably, the transaction confirmation request information includes payment account information, order information, and collection account information.
Preferably, the wireless transmission mode includes: wireless bluetooth communication mode or wireless near field communication mode.
Preferably, the transaction method further comprises: and when the signature information verification result is illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
In a second aspect, the present invention provides another transaction method for an external security device, the transaction method comprising:
the mobile equipment terminal scans the coded information generated by the transaction initiating terminal, acquires the safe transaction information and sends the safe transaction information to the server; the server receives the safe transaction information and verifies the validity of the safe transaction information;
when the server verifies that the result of the safety transaction information is legal, the mobile equipment receives the transaction confirmation request information from the server and forwards the transaction confirmation request information to external safety equipment in a wireless transmission mode; the transaction confirmation request information is extracted by the server when the server verifies that the safe transaction information is legal;
the mobile equipment terminal receives signature information in the wireless transmission mode and sends the signature information to the server; wherein the signature information is generated by the external security device through calculation according to the transaction confirmation request information; and the server verifies the validity of the signature information, and when the signature information is verified to be legal, the server performs payment processing and sends a confirmation result to the transaction initiating terminal.
In a third aspect, the present invention provides a transaction system for an external security device, the transaction system comprising: the system comprises a transaction initiating terminal, a mobile equipment terminal, a server and external safety equipment;
the transaction initiating terminal is used for receiving transaction information and generating coded information;
the mobile equipment terminal is used for scanning the coded information, acquiring safe transaction information and sending the safe transaction information to a server;
the server is used for receiving the safe transaction information and verifying the legality of the safe transaction information;
the server is also used for extracting transaction confirmation request information of external safety equipment participating in confirmation when the result of the safety transaction information is verified to be legal, and sending the transaction confirmation request information to the mobile equipment terminal;
the mobile equipment terminal is also used for receiving the transaction confirmation request information and sending the transaction confirmation request information to the external safety equipment in a wireless transmission mode;
the external safety equipment is used for participating in calculation according to the transaction confirmation request information, generating signature information and sending the signature information to the mobile equipment end;
the mobile equipment terminal is also used for receiving the signature information and sending the signature information to the server;
the server is also used for verifying the validity of the signature information, and when the result of the signature information is verified to be legal, the server carries out payment processing and sends the confirmation result to the transaction initiating terminal.
Preferably, the server is further configured to terminate the transaction and send an error prompt message to the mobile device terminal when the result of verifying the signature information is illegal.
Preferably, the server is further configured to terminate the transaction and send an error prompt message to the mobile device terminal when the result of verifying the secure transaction information is illegal.
Preferably, the wireless transmission mode includes: wireless bluetooth communication mode or wireless near field communication mode.
Preferably, the transaction confirmation request information includes payment account information, order information, and collection account information.
Further, the verifying the validity of the secure transaction information specifically includes: the server verifies whether the safe transaction information sent by the transaction initiating terminal is consistent with the safe transaction information sent by the mobile equipment terminal;
if so, verifying that the result of the safe transaction information is legal;
if not, the result of the safety transaction information is verified to be illegal.
In a fourth aspect, the present invention provides an external security device based transaction server, the server comprising: the payment system comprises a receiving unit, a sending unit, a verification unit and a payment unit;
the receiving unit is used for receiving the safe transaction information sent by the transaction initiating terminal and the transaction safe information sent by the mobile equipment terminal;
the verification unit is used for verifying the validity of the transaction safety information;
the sending unit is used for sending transaction confirmation request information to the mobile equipment terminal; the external equipment participates in calculation according to the transaction confirmation request information to generate signature information;
the receiving unit is further configured to receive the signature information;
the verification unit is also used for verifying the validity of the signature information;
the payment unit is used for performing payment processing according to the payment account information, the order information and the collection account information when the signature information result is verified to be legal;
the sending unit is also used for sending a confirmation result to the transaction initiating terminal when the signature information result is verified to be legal; and when the signature information is verified to be illegal, sending error prompt information to the mobile equipment terminal.
Preferably, the server further comprises: and the processing unit is used for extracting the transaction confirmation request information of the external safety equipment participating in confirmation.
Preferably, the sending unit is further configured to send an error prompt message to the mobile device terminal by the server when the transaction security information is verified to be illegal.
The invention has the advantages that the transaction is carried out on the transaction initiating terminal by using the external safety equipment, thereby improving the security of the transaction, increasing the application range of the external safety equipment, simultaneously reducing the development of related accessories of the transaction initiating terminal and saving the cost; the use of the coded information increases the convenience of the transaction while improving the security of the transaction.
Drawings
Fig. 1 is a flowchart of a transaction method based on an external security device according to an embodiment of the present invention;
fig. 2 is a flowchart of a transaction method based on an external security device according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a transaction system based on an external security device according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of a transaction server based on an external security device according to a fourth embodiment of the present invention.
Detailed Description
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
The transaction method, the transaction system and the server are based on the transaction initiating terminal of the external safety equipment, the transaction information is scanned through the coded information of the mobile equipment end, and the information is transferred through the mobile equipment end, so that the traditional transaction initiating terminal carries out transaction through the external safety equipment.
Example one
Fig. 1 is a flowchart of a transaction method based on an external security device according to an embodiment of the present invention, as shown in the figure, the method includes the following steps:
step 101, a server receives secure transaction information sent by a mobile device terminal.
Specifically, the mobile device terminal scans the coded information generated by the transaction initiating terminal, acquires the safe transaction information, and sends the safe transaction information to the server, and the server receives the safe transaction information.
The transaction initiation terminal may include a desktop computer, a notebook computer, and a personal computer compatible with the IBM system, etc.; the mobile equipment end can comprise a mobile phone, a tablet computer and the like; the encoded information may include a two-dimensional code, a bar code, and the like.
Step 102, the server verifies the validity of the secure transaction information.
Specifically, the server receives the secure transaction information sent by the mobile device side and verifies the validity of the secure transaction information.
For example, the server compares the secure transaction information sent by the transaction initiating terminal with the secure transaction information sent by the mobile equipment terminal to determine whether the secure transaction information is consistent; if the result of the safety transaction information is consistent with the result of the safety transaction information, the server verifies that the result of the safety transaction information is legal, and if the result of the safety transaction information is inconsistent with the result of the safety transaction information, the server verifies that the result of the safety transaction information is illegal.
And 103, when the verification result is legal, the server extracts the transaction confirmation request information.
Specifically, when the server verifies that the result of the secure transaction information is legal, the server extracts transaction confirmation request information for the external security device to participate in confirmation.
The external security device may include a smart financial card, a certificate Key, etc.; the transaction confirmation request information includes payment account information, order information, collection account information, and the like.
And step 105, the server sends the transaction confirmation request information to the mobile equipment terminal.
And step 106, the server receives the signature information sent by the mobile equipment terminal.
Specifically, the server receives signature information sent by a mobile equipment terminal; and the signature information is generated by the external safety equipment through calculation according to the transaction confirmation request information.
Firstly, the mobile equipment terminal sends the transaction confirmation request information to the external safety equipment in a wireless transmission mode. The wireless transmission mode comprises a wireless Bluetooth communication mode or a wireless near field communication mode.
For example, the mobile device end is connected with the external security device through a bluetooth communication mode, when the mobile device end pages the external security device in a frequency hopping mode, the external security device scans external pages once every a period of time, and when the mobile device end is scanned, the mobile device end responds to the mobile device end and establishes connection with the mobile device end, so that payment account information, order information and collection account information of the mobile device end are transmitted to the external security device.
When the wireless transmission mode is a wireless near field communication mode, the mobile equipment end can be connected with the external safety equipment only in a touch mode, and then payment account information, order information and collection account information of the mobile equipment end are transmitted to the external safety equipment.
And then, the external safety equipment calculates according to the received transaction confirmation request information to generate signature information and sends the signature information to the mobile equipment terminal in a wireless transmission mode.
For example, the external security device connects to the mobile device side using a bluetooth communication method or a wireless near field communication method, generates signature information by performing a digital signature based on a Public Key Infrastructure (Public Key Infrastructure PKI) according to the received payment account information, order information, and collection account information, and transmits the generated signature information to the mobile device side.
Step 107, the server verifies the validity of the signature information.
Specifically, the server verifies the transaction information and the signature information received by the server through a corresponding digital certificate.
For example, the external security device performs dynamic password signature according to the payment account information, the order information and the collection account information to generate signature information, the signature information received by the mobile device is sent to the server, and the server compares the internally stored dynamic signature with the signature information.
And step 108, when the verification result is legal, the server performs payment processing and sends the confirmation result to the transaction initiating terminal.
Specifically, when the verification result is legal, the server performs payment processing according to the payment account information, the order information and the collection account information, and sends a confirmation result of successful transaction to the transaction initiating terminal.
And step 109, when the verification result is illegal, the server sends error prompt information to the mobile equipment terminal.
Specifically, when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
Further, before step 101, the transaction method further comprises:
the transaction initiating terminal generates safe transaction information and generates the coding information through coding information generating software.
After step 102, the transaction method further comprises:
and 104, when the verification result is illegal, sending error prompt information to the mobile equipment terminal.
Specifically, when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
Example two
Fig. 2 is a flowchart of a transaction method based on an external security device according to a second embodiment of the present invention, as shown in the figure, the method includes the following steps:
step 201, a mobile device terminal scans coding information generated by a transaction initiating terminal, acquires safe transaction information, and sends the safe transaction information to a server; the server receives the secure transaction information and verifies the validity of the secure transaction information.
Specifically, the transaction initiation terminal may include a desktop computer, a notebook computer, and a personal computer compatible with the IBM system, etc.; the mobile equipment end can comprise a mobile phone, a tablet computer and the like; the encoded information may include a two-dimensional code, a bar code, and the like.
The server compares the safe transaction information sent by the transaction initiating terminal with the safe transaction information sent by the mobile equipment terminal to determine whether the safe transaction information is consistent with the safe transaction information sent by the mobile equipment terminal; if the result of the safety transaction information is consistent with the result of the safety transaction information, the server verifies that the result of the safety transaction information is legal, and if the result of the safety transaction information is inconsistent with the result of the safety transaction information, the server verifies that the result of the safety transaction information is illegal.
Step 202, when the result of the safety transaction information is verified to be legal, the mobile equipment end receives the transaction confirmation request information.
Specifically, when the result of the safety transaction information is verified to be legal, the mobile equipment end receives the transaction confirmation request information; the mobile equipment terminal sends the transaction confirmation request information to external safety equipment in a wireless transmission mode; the transaction confirmation request information is specifically transaction confirmation request information extracted by the server so that the external security device can participate in confirmation.
The external security device may include a smart financial card, a certificate Key, etc.; the transaction confirmation request information includes payment account information, order information, collection account information, and the like.
The wireless transmission mode comprises a wireless Bluetooth communication mode or a wireless near field communication mode.
For example, the mobile device end is connected with the external security device through a bluetooth communication mode, when the mobile device end pages the external security device in a frequency hopping mode, the external security device scans external pages once every a period of time, and when the mobile device end is scanned, the mobile device end responds to the mobile device end and establishes connection with the mobile device end, so that payment account information, order information and collection account information of the mobile device end are transmitted to the external security device.
When the wireless transmission mode is a wireless near field communication mode, the mobile equipment end can be connected with the external safety equipment only in a touch mode, and then payment account information, order information and collection account information of the mobile equipment end are transmitted to the external safety equipment.
And the external safety equipment participates in calculation according to the received transaction confirmation request information, generates signature information and sends the signature information to the mobile equipment terminal in a wireless transmission mode.
For example, the external security device connects to the mobile device side using a bluetooth communication method or a wireless near field communication method, generates signature information by performing a digital signature based on a Public Key Infrastructure (Public Key Infrastructure PKI) according to the received payment account information, order information, and collection account information, and transmits the generated signature information to the mobile device side.
Step 204, the mobile equipment terminal receives the signature information and sends the signature information to a server; the server verifies the validity of the signature information, and when the result of the signature information is verified to be legal, the server performs payment processing and sends the confirmation result to the transaction initiating terminal.
Specifically, the server verifies the transaction information and the signature information received by the server through a corresponding digital certificate.
For example, the external security device performs dynamic password signature according to the payment account information, the order information and the collection account information to generate signature information, the signature information received by the mobile device is sent to the server, and the server compares the internally stored dynamic signature with the signature information.
And when the verification result is legal, the server performs payment processing according to the payment account information, the order information and the collection account information, and sends a confirmation result of successful transaction to the transaction initiating terminal.
And step 205, when the verification result is illegal, the server sends error prompt information to the mobile equipment terminal.
Specifically, when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
Further, before step 201, the transaction method further comprises:
the transaction initiating terminal generates safe transaction information and generates the coding information through coding information generating software.
After step 201, the transaction method further comprises:
and step 203, when the verification result is illegal, sending error prompt information to the mobile equipment terminal.
Specifically, when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
The transaction method of the transaction initiating terminal based on the external safety equipment improves the security of the transaction and increases the convenience of the transaction by using the coded information; the mobile equipment is used as the transfer transmission of information, so that the external safety equipment is used on the transaction initiating terminal, and the problem that the external safety equipment cannot be compatible with the transaction initiating terminal is solved. The method improves the transaction security of the traditional transaction initiating terminal, increases the application range of external security equipment, reduces the development of related accessories of the transaction initiating terminal and saves the cost.
EXAMPLE III
Fig. 3 is a schematic diagram of a transaction system based on an external security device according to a third embodiment of the present invention, as shown in the figure, the transaction system includes: a transaction initiating terminal 301, a server 302, a mobile device terminal 303 and an external security device 304.
The transaction initiation terminal 301 generates secure transaction information and generates encoded information by encoded information generation software. At the same time, the generated secure transaction information is transmitted to the server 302.
The server 302 is configured to receive the secure transaction information sent by the mobile device 303, and verify the validity of the secure transaction information. The server 302 is further configured to, when the result of the security transaction information is verified to be legal, extract transaction confirmation request information that the external security device 304 participates in confirmation, and send the transaction confirmation request information to the mobile device terminal 303; when the result of the verification of the secure transaction information is illegal, the server 302 terminates the transaction and sends an error prompt to the mobile device 303. The server 302 is further configured to receive and verify validity of the signature information, and when the result of verifying the signature information is legal, the server 302 performs payment processing and sends a confirmation result to the transaction initiating terminal 301; the server 302 is further configured to terminate the transaction and send an error prompt message to the mobile device 303 when the signature information is not verified to be legitimate.
The mobile device terminal 303 is configured to scan the encoded information generated by the transaction initiating terminal 301, obtain the secure transaction information, and send the secure transaction information to the server 302. The mobile device 303 is further configured to receive the transaction confirmation request information sent by the server 302, and send the transaction confirmation request information to the external security device 304 through a wireless transmission manner. The mobile device side 303 is further configured to receive the signature information and send the signature information to the server 302.
And the external security device 304 is configured to participate in calculation according to the transaction confirmation request information, generate signature information, and send the signature information to the mobile device terminal 303.
Preferably, the wireless transmission mode includes a wireless bluetooth communication mode or a wireless near field communication mode.
Preferably, the transaction initiation terminal 301 may include a desktop computer, a notebook computer, and a personal computer compatible with the IBM system, etc.; the mobile device terminal 303 may include a mobile phone, a tablet computer, and the like; the encoded information may include two-dimensional codes, bar codes, and the like; the external security device 304 may include a smart financial card, a certificate Key, or the like; the transaction confirmation request information includes payment account information, order information, collection account information, and the like.
Further, the server 302 verifies the validity of the secure transaction information, specifically, by comparing the secure transaction information sent by the transaction initiating terminal 301 with the secure transaction information sent by the mobile device 303, whether the secure transaction information is consistent or not; if the result of the secure transaction information is consistent, the server 302 verifies that the result of the secure transaction information is legal, and if the result of the secure transaction information is inconsistent, the server 302 verifies that the result of the secure transaction information is illegal.
The working process of the transaction system of the third embodiment of the invention is as follows:
the transaction initiation terminal 301 generates secure transaction information and generates encoded information of the secure transaction information through the encoded information generator. The mobile device 303 scans the encoded information generated by the transaction initiation terminal 301, obtains the secure transaction information, and sends the secure transaction information to the server 302. The server 302 verifies whether the secure transaction information is legal by comparing the secure transaction information sent by the transaction initiating terminal with the secure transaction information sent by the mobile equipment terminal, and if so, the server 302 verifies that the result of the secure transaction information is legal; if not, the server 302 verifies that the secure transaction information result is illegal. When the result of the security transaction information is verified to be legal, the server 302 extracts the transaction confirmation request information that the external security device 304 participates in confirmation, specifically including payment account information, order information, collection account information, and the like, and sends the transaction confirmation request information to the mobile device terminal 303.
The mobile device terminal 303 transmits payment account information, order information, and collection account information to the external security device 304 through a wireless bluetooth communication method or a wireless near field communication method. The external security device 304 performs calculation according to the received payment account information, order information, and collection account information, generates signature information, and sends the signature information to the mobile device terminal 303 in a wireless bluetooth communication manner or a wireless near field communication manner. The mobile device 303 receives the signature information and sends it to the server 302.
The server 302 verifies the received transaction information and signature information against the server 302 via the corresponding digital certificate. When the verification result is legal, the server 302 performs payment processing according to the money account information, the order information, and the payment account information, and sends a confirmation result of successful transaction to the transaction initiating terminal 301. When the verification result is illegal, the server 302 terminates the transaction and sends an error prompt message to the mobile device 303.
The transaction system of the transaction initiating terminal uses the external safety equipment 304 to participate in the transaction of the transaction initiating terminal, thereby improving the security of the transaction of the traditional transaction initiating terminal; the mobile device 303 is used as the transfer transmission of information, so that the external security device 304 is used on the transaction initiating terminal 301, the application range of the external security device 304 is increased, and the problem that the external security device 304 cannot be compatible with the transaction initiating terminal 301 is solved; meanwhile, development of related accessories of the transaction initiating terminal is reduced, and cost is saved. By using the encoded information on the transaction initiation terminal 301, the security of the transaction is improved and the convenience of the transaction is increased.
Example four
Fig. 4 is a schematic diagram of a transaction server based on an external security device according to a fourth embodiment of the present invention, as shown in the figure, the transaction server includes: a receiving unit 401, a sending unit 402, a verification unit 403 and a payment unit 404.
A receiving unit 401, configured to receive secure transaction information sent by a transaction initiating terminal and transaction secure information sent by a mobile device; and is also used for receiving signature information generated by an external device.
A sending unit 402, configured to send transaction confirmation request information to the mobile device side, where the external device participates in calculation according to the transaction confirmation request information to generate signature information; the sending unit 402 is further configured to send the confirmation result to the transaction initiating terminal when the verification result is legal; when the verification result is illegal, sending error prompt information to the mobile equipment terminal; the sending unit 402 is further configured to send an error prompt message to the mobile device side when the transaction security information is verified to be illegal.
A verification unit 403, configured to verify validity of the transaction security information; and also for verifying the validity of the signature information.
And the payment unit 404 is configured to perform payment processing according to the payment account information, the order information, and the collection account information when the signature information result is verified to be legal.
Further, the processing unit 405 is configured to extract transaction confirmation request information for confirmation of participation of the external security device.
The working process of the transaction server of the fourth embodiment of the invention is as follows:
a receiving unit 401 of the server receives the secure transaction information sent by the transaction initiating terminal and the transaction secure information sent by the mobile device terminal; the verification unit 403 verifies the validity of the transaction security information by comparing whether the security transaction information sent by the transaction initiation terminal is consistent with the transaction security information sent by the mobile device; if the information is consistent, the result of the safe transaction information is verified to be legal; if not, the result of the safe transaction information is verified to be illegal. When the result of verifying the secure transaction information is illegal, the sending unit 402 sends an error prompt message to the mobile device.
When the result of the safety transaction information is verified to be legal, the processing unit 405 extracts transaction confirmation request information for the external safety device to participate in confirmation according to the safety transaction information, wherein the transaction confirmation request information specifically comprises payment account information, order information, collection account information and the like; a sending unit 402, sending transaction confirmation request information to the mobile device side; the external equipment participates in calculation according to the transaction confirmation request information, generates signature information and sends the signature information to the mobile equipment end in a wireless Bluetooth communication mode or a wireless near field communication mode; the mobile device receives the signature information and sends the signature information to the receiving unit 401; the verification unit 403 verifies the validity of the signature information.
When the signature information result is verified to be legal, the payment unit 404 of the server performs payment processing according to the payment account information, the order information and the collection account information, and the sending unit 402 sends a confirmation result of successful transaction to the transaction initiating terminal; when the verification result is illegal, the sending unit 402 sends an error prompt message to the mobile device.
The transaction server of the transaction initiating terminal receives the safe transaction information through the receiving unit, verifies the legality of the safe transaction information through the verifying unit, extracts the transaction confirmation request information after being processed by the processing unit when the legality is verified, improves the security of the transaction, and also increases the convenience of the transaction. The receiving unit receives the signature information generated by the external equipment, then the signature information is verified by the verification unit, and after the signature information is successfully verified, payment processing is carried out through the payment unit according to the payment account information, the order information and the collection account information, so that the accuracy and the safety of a payment account and a collection account are improved; the mobile equipment is used for transferring information, so that the external safety equipment is used on the transaction initiating terminal, the application range of the external safety equipment is expanded, and the problem that the external safety equipment cannot be compatible with the transaction initiating terminal is solved.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, a software module executed by a processor, or a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (17)

1. A transaction method based on an external security device, the transaction method comprising:
the server receives first safe transaction information sent by a mobile equipment terminal; the first safe transaction information is obtained by scanning the coding information of the transaction initiating terminal by the mobile equipment terminal; the second safety transaction information is obtained by the transaction initiating terminal through coding;
the server compares the first safety transaction information with second safety transaction information sent by the transaction initiating terminal to verify the validity of the first safety transaction information;
when the result of the safety transaction information is verified to be legal, the server extracts the transaction confirmation request information;
the server sends the transaction confirmation request information to the mobile equipment terminal;
the server receives the signature information sent by the mobile equipment terminal; the signature information is generated by external safety equipment through calculation according to the transaction confirmation request information; the external safety equipment is connected to the mobile equipment end in a wireless transmission mode;
the server verifies the validity of the signature information;
and when the signature information verification result is legal, the server performs payment processing and sends a confirmation result to the transaction initiating terminal.
2. The transaction method according to claim 1, wherein before the server receives the secure transaction information sent by the mobile device, the transaction method further comprises:
the transaction initiating terminal generates safe transaction information and generates the coded information through coded information generating software.
3. The transaction method according to claim 1, wherein the verifying the validity of the secure transaction information specifically comprises:
the server verifies whether the safe transaction information sent by the transaction initiating terminal is consistent with the safe transaction information sent by the mobile equipment terminal;
if so, verifying that the result of the safe transaction information is legal;
if not, the result of the safety transaction information is verified to be illegal.
4. The transaction method according to claim 1, further comprising:
and when the result of the safety transaction information is verified to be illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
5. The transaction method according to claim 1, wherein the transaction confirmation request information includes payment account information, order information, and collection account information.
6. The transaction method according to claim 1, wherein the wireless transmission means comprises: wireless bluetooth communication mode or wireless near field communication mode.
7. The transaction method according to claim 1, further comprising:
and when the signature information verification result is illegal, the server terminates the transaction and sends error prompt information to the mobile equipment terminal.
8. A transaction method based on an external security device, the transaction method comprising:
the method comprises the steps that a mobile equipment terminal scans coding information generated by a transaction initiating terminal, obtains first safety transaction information and sends the first safety transaction information to a server; the server receives the first safe transaction information and verifies the validity of the first safe transaction information; the second safety transaction information is obtained by the transaction initiating terminal through coding;
when the server verifies that the result of the safety transaction information is legal, the mobile equipment receives the transaction confirmation request information from the server and forwards the transaction confirmation request information to external safety equipment in a wireless transmission mode; the transaction confirmation request information is extracted by the server when the server verifies that the safe transaction information is legal; the server compares the first safety transaction information with second safety transaction information sent by the transaction initiating terminal to verify the validity of the first safety transaction information;
the mobile equipment terminal receives signature information in the wireless transmission mode and sends the signature information to the server; wherein the signature information is generated by the external security device through calculation according to the transaction confirmation request information; and the server verifies the validity of the signature information, and when the signature information is verified to be legal, the server performs payment processing and sends a confirmation result to the transaction initiating terminal.
9. An external security device based transaction system, the transaction system comprising: the system comprises a transaction initiating terminal, a mobile equipment terminal, a server and external safety equipment;
the transaction initiating terminal is used for receiving the second transaction information and generating coding information;
the mobile equipment terminal is used for scanning the coded information, acquiring first safe transaction information and sending the first safe transaction information to a server;
the server is used for receiving the first safe transaction information and verifying the legality of the first safe transaction information;
the server is also used for extracting the transaction confirmation request information and sending the transaction confirmation request information to the mobile equipment terminal when the first safety transaction information result is verified to be legal;
the mobile equipment terminal is also used for receiving the transaction confirmation request information and sending the transaction confirmation request information to the external safety equipment in a wireless transmission mode;
the external safety equipment is used for participating in calculation according to the transaction confirmation request information, generating signature information and sending the signature information to the mobile equipment end;
the mobile equipment terminal is also used for receiving the signature information and sending the signature information to the server;
the server is also used for verifying the validity of the signature information, and when the result of the signature information is verified to be legal, the server carries out payment processing and sends the confirmation result to the transaction initiating terminal.
10. The transaction system according to claim 9, wherein the server is further configured to terminate the transaction and send an error prompt message to the mobile device when the signature information is not verified to be legitimate.
11. The transaction system according to claim 9, wherein the server is further configured to terminate the transaction and send an error prompt message to the mobile device when the result of verifying the secure transaction information is illegal.
12. The transaction system of claim 9, wherein the wireless transmission means comprises: wireless bluetooth communication mode or wireless near field communication mode.
13. The transaction system of claim 9, wherein the transaction confirmation request information includes payment account information, order information, and collection account information.
14. The transaction system according to claim 9, wherein the verifying the validity of the secure transaction information is specifically: the server verifies whether the safe transaction information sent by the transaction initiating terminal is consistent with the safe transaction information sent by the mobile equipment terminal;
if so, verifying that the result of the safe transaction information is legal;
if not, the result of the safety transaction information is verified to be illegal.
15. An external security device based transaction server, the server comprising: the payment system comprises a receiving unit, a sending unit, a verification unit and a payment unit;
the receiving unit is used for receiving second safe transaction information sent by the transaction initiating terminal and first transaction safe information sent by the mobile equipment terminal; the first safety transaction information is obtained by scanning the coding information of the transaction initiating terminal by the mobile equipment terminal, and the coding information is obtained by coding the second safety transaction information by the transaction initiating terminal;
the verification unit is used for verifying the validity of the first transaction safety information;
the sending unit is used for sending transaction confirmation request information to the mobile equipment terminal; the external equipment participates in calculation according to the transaction confirmation request information to generate signature information; the external safety equipment is connected to the mobile equipment end in a wireless transmission mode;
the receiving unit is further configured to receive the signature information;
the verification unit is also used for verifying the validity of the signature information;
the payment unit is used for performing payment processing according to the payment account information, the order information and the collection account information when the signature information result is verified to be legal;
the sending unit is also used for sending a confirmation result to the transaction initiating terminal when the signature information result is verified to be legal; and when the signature information is verified to be illegal, sending error prompt information to the mobile equipment terminal.
16. The transaction server of claim 15, wherein the server further comprises: and the processing unit is used for extracting the transaction confirmation request information of the external safety equipment participating in confirmation.
17. The transaction server of claim 15, wherein the sending unit is further configured to send an error prompt message to the mobile device when the transaction security information is verified to be illegal.
CN201510220965.6A 2015-05-04 2015-05-04 Transaction method, system and server based on external security equipment Active CN104850996B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510220965.6A CN104850996B (en) 2015-05-04 2015-05-04 Transaction method, system and server based on external security equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510220965.6A CN104850996B (en) 2015-05-04 2015-05-04 Transaction method, system and server based on external security equipment

Publications (2)

Publication Number Publication Date
CN104850996A CN104850996A (en) 2015-08-19
CN104850996B true CN104850996B (en) 2021-12-10

Family

ID=53850626

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510220965.6A Active CN104850996B (en) 2015-05-04 2015-05-04 Transaction method, system and server based on external security equipment

Country Status (1)

Country Link
CN (1) CN104850996B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106056419A (en) * 2015-11-25 2016-10-26 天地融科技股份有限公司 Method, system and device for realizing independent transaction by using electronic signature equipment
CN112215683A (en) * 2016-03-25 2021-01-12 创新先进技术有限公司 Transaction processing method and device and server
CN106372942B (en) * 2016-08-31 2018-09-21 中城智慧科技有限公司 A kind of method of payment and payment system based on security authentication mechanism
CN109389392B (en) * 2018-09-25 2022-08-19 中国银行股份有限公司 Security authentication transaction method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509213A (en) * 2011-11-16 2012-06-20 上海翰鑫信息科技有限公司 System and method for remote payment and trade, mobile terminal and subscriber identity module (SIM) card
CN102789607A (en) * 2012-07-04 2012-11-21 北京天龙融和软件有限公司 Network transaction method and system
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102509213A (en) * 2011-11-16 2012-06-20 上海翰鑫信息科技有限公司 System and method for remote payment and trade, mobile terminal and subscriber identity module (SIM) card
CN102789607A (en) * 2012-07-04 2012-11-21 北京天龙融和软件有限公司 Network transaction method and system
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal

Also Published As

Publication number Publication date
CN104850996A (en) 2015-08-19

Similar Documents

Publication Publication Date Title
CN108292334B (en) Wireless biometric authentication system and method
KR102358546B1 (en) System and method for authenticating a client to a device
CN101038653B (en) Verification system
US20080305769A1 (en) Device Method & System For Facilitating Mobile Transactions
CN104618116B (en) A kind of cooperative digital signature system and its method
CN101334884B (en) Improve the method and system of account transfer safety
CN104850996B (en) Transaction method, system and server based on external security equipment
CN108055238B (en) Account verification method and system
CN104077689A (en) Information verification method, relevant device and system
CN103617531A (en) Safety payment method and device based on credible two-dimension code
CN105553926A (en) Authentication method, server, and terminal
CN103839157A (en) Electronic payment method, device and system
CN105577664A (en) Cipher reset method and system, client and server
CN103971239A (en) Verification method and device
CN105427105A (en) Mobile payment method, system and device
CN111161056A (en) Method, system and equipment for improving transaction security of digital assets
CN103839160B (en) A kind of network trading digital signature method and device
CN103973711A (en) Verification method and device
CN104767617A (en) Message processing method, system and related device
JP2015088080A (en) Authentication system, authentication method, and program
CN105187357A (en) Two-dimension code verification method and system
CN109005144B (en) Identity authentication method, equipment, medium and system
US20150016698A1 (en) Electronic device providing biometric authentication based upon multiple biometric template types and related methods
KR20070105072A (en) Voice one time password authentic system and its method on the internet banking service system
CN105025480A (en) User card digital signature verification method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant