CN105631669A - Method and device which verifies payment data - Google Patents

Method and device which verifies payment data Download PDF

Info

Publication number
CN105631669A
CN105631669A CN201510983377.8A CN201510983377A CN105631669A CN 105631669 A CN105631669 A CN 105631669A CN 201510983377 A CN201510983377 A CN 201510983377A CN 105631669 A CN105631669 A CN 105631669A
Authority
CN
China
Prior art keywords
payment
data
page
payment data
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510983377.8A
Other languages
Chinese (zh)
Inventor
杨妙
何睿
程浩
胡璇
肖群
谢艳文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN201510983377.8A priority Critical patent/CN105631669A/en
Publication of CN105631669A publication Critical patent/CN105631669A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The present invention provides a method and device which verifies payment data. The method comprises a step of receiving the payment data sent by a client, a step of reading the value of the verification data corresponding to the payment data, a step of verifying whether the value of the payment data is consistent with the value of the verification data or not, and a step of determining the passing of the verification of the payment data if so. By applying the method and the device of the invention, through verifying the payment data sent by the client and the verification data, the tampering of the payment data is prevented.

Description

The method and apparatus of verification payment data
Technical field
The present invention relates to the communications field, specifically, relate to the method and apparatus of verification payment data.
Background technology
Along with the promotion of ecommerce, the market scale of China's online payment quickly grows. Developing rapidly along with market, security threat is also presenting ascendant trend. " 2014 mobile security report " display, by December, 2014, there is user's accounting of payment risk and reach 21.8% in China, more than 58,000,000 families, on average just has 1 to be faced with safety of payment risk in every 5 users using mobile payment. Wherein most commonly seen payment risk is for distort payment data: when lacking necessary safe precaution measure, assailant can be modified the payment data in the Internet transmission, such as amendment paying bank card number, amendment payment, amendment payee account etc., to reach purpose of seeking profit.
Summary of the invention
For solving above-mentioned technical problem, the present invention provides a kind of method and apparatus verifying payment data.
On the one hand, embodiments of the present invention provide a kind of method verifying payment data, and described method includes:
Receive the payment data that client sends;
Read the value of the checking data corresponding with described payment data;
Whether the value verifying described payment data is consistent with the value of described checking data;
If it is consistent, it is determined that the verification of described payment data is passed through.
Correspondingly, embodiment of the present invention provides a kind of server, and described server includes:
Receiver module, for receiving the payment data that client sends;
Read module, for reading the value of the testing data corresponding with the payment data that described receiver module receives;
Correction verification module, is used for performing following process: whether the value verifying the payment data that described receiver module receives is consistent with the value of the checking data that described read module reads, when being identified as consistent, it is determined that the verification of described payment data is passed through.
Implement the method and apparatus of verification payment data provided by the invention, it is possible to carry out verification by payment data and checking data client sent and prevent payment data to be tampered.
Accompanying drawing explanation
Fig. 1 is the flow chart of a kind of method verifying payment data according to embodiment of the present invention;
Fig. 2 is the flow chart of the method for the another kind verification payment data according to embodiment of the present invention;
Fig. 3 is the structural representation of a kind of server according to embodiment of the present invention;
Fig. 4 is the structural representation of the another kind of server according to embodiment of the present invention;
Fig. 5 illustrates a kind of embodiment of the generation module 100 ' shown in Fig. 4;
Fig. 6 illustrates the another embodiment of the generation module 100 ' shown in Fig. 4.
Detailed description of the invention
For making the purpose of embodiments of the invention, technical scheme and advantage clearly, below in conjunction with accompanying drawing, the present invention is described in further detail.
Fig. 1 is the flow chart of a kind of method verifying payment data according to embodiment of the present invention. Referring to Fig. 1, described method includes:
S100: receive the payment data that client sends.
Wherein, the attribute of described payment data is such as payment, paying bank's card number, payee account or order number etc., and the crucial payment data participating in verification dynamically can be configured as required by payment system.
S200: read the value of the checking data corresponding with described payment data.
S300: whether the value verifying described payment data is consistent with the value of described checking data, if so, then performs S400, if it is not, then perform S500.
S400: determine that the verification to described payment data is passed through.
S500: determine that the verification to described payment data is not passed through.
Fig. 2 is the flow chart of the method for the another kind verification payment data according to embodiment of the present invention. As in figure 2 it is shown, described method includes:
S100 ': generate the payment data corresponding with the attribute of described payment data and gather the page.
S200 ': described payment data is gathered the page and is sent to described client so that described client gathers the payment data of page capture user input by this payment data.
S300 ' to S700 ': with above-mentioned S100 to S500, does not repeat them here.
In one embodiment of the invention, above-mentioned process S100 ' can be accomplished by: obtains and gathers, with described payment data, the initial page that the page is corresponding, the title of at least two input domains in the initial page got is modified generate described payment data and gathers the page.
In another embodiment of the invention, above-mentioned process S100 ' can also be accomplished by: obtains and gathers, with described payment data, the initial page that the page is corresponding; In the initial page got, insert one or more invalid input domain gather the page to generate described payment data.
In embodiments of the present invention, before execution processes S200 (or S400 '), obtain described checking data in advance, specifically can be accomplished by: receive the payment request that trade company's application sends, parse described checking data from described payment request. In order to improve safety, this checking data can store with the form of ciphertext.
For reducing payment risk, in one embodiment of the invention, before parsing described checking data from described payment request, described payment request can be carried out risk assessment to obtain risk assessment value, described risk assessment value and predetermined threshold are compared, described risk assessment value less than or equal to described predetermined threshold when perform processs: from described pay ask parse described checking data.
In another embodiment of the invention, before parsing described checking data from described payment request, can also identify whether described payment request is expired, perform process when described payment request is not out of date: asking from described payment, parse described checking data.
Wherein, identify described payment asks whether expired process such as can be accomplished by: parse timestamp information from described payment request, identify that whether the interval duration between the time point that current point in time and the timestamp information parsed identify is less than or equal to predetermined threshold, described interval duration less than or equal to described predetermined threshold when, identify described pay request not out of date.
Below in conjunction with object lesson, embodiments of the present invention are specifically described.
Step 1: trade company's application sends, to the server of payment system, the request of payment.
For improving safety, this payment request can being carried out population parameter encryption in one embodiment of the invention, encryption key is privately owned for the application of this trade company and can update at any time. The request of payment includes: domain name, IP (InternetProtocol, the agreement of interconnection between network), timestamp and one or more payment data (such as: order number, the amount of money or account etc.). Wherein, this timestamp is for controlling to pay the effect duration of request, and effect duration is such as 1 minute, and described effect duration can be carried out other and rationally arrange by certain those skilled in the art according to actual needs. In one embodiment of the invention, the application of described trade company such as first can obtain current timestamp from payment system before initiating payment request.
Step 2: by this timestamp, this server, after receiving the request of payment, identifies whether this payment request is expired, if being identified as out of date, then terminates, if being identified as not out of date, then perform step 3.
This step 2 can be accomplished by: the interval duration between the time point identify current point in time and timestamp and predetermined threshold (such as 1 minute) compare, if described interval duration is less than or equal to described predetermined threshold, then it is identified as not out of date, if described interval duration is more than described predetermined threshold, then it is identified as out of date.
Step 3: this payment request is carried out risk assessment to obtain risk assessment value by this server, the risk assessment value of acquisition and predetermined threshold are compared, if described risk assessment value is more than described predetermined threshold, then terminate, if described risk assessment value is less than or equal to described predetermined threshold, then perform step 4.
Step 4: this server parses the payment data of key and accordingly generates the checking data of the respective pay data that check strings sends as subsequent client asking from this payment.
The payment data parsed can be stored with the form of ciphertext in one embodiment of the invention.
Step 5: this server is according to the corresponding page of this payment acquisition request (first level pages).
Step 6: this server page to getting performs any or multiple combination in following process:
1) title of at least two input domains in this page got is modified;
2) in this page got, one or more invalid input domain is inserted.
By taking the title of at least two input domains in the amendment page or to the mode inserting invalid input domain in the page, it is possible to increase lawless person and steal user profile and distort the difficulty of payment data.
Step 7: the page through above-mentioned process is sent to the client of this payment system so that user inputs corresponding payment data by this server.
Step 8: the payment data that this client inputs according to user generates check request and this check request is sent to described server.
Step 9: this server receives the check request that described client sends, and whether the payment data identified in the check request received is critical data, if so, then performs step 10, if it is not, jump to step 12.
Step 10: this server reads the value of the checking data corresponding with the payment data received, and identifies that whether the value of the payment data received is consistent with the value of the checking data read out, if unanimously, then performs step 11, if inconsistent, then terminates.
Step 11: this server determines that the verification to the payment data that this receives is passed through.
Step 12: whether this above-mentioned first level pages of server identification exists the derivative page not sent, if so, then performs step 13, if it is not, then jump to step 14.
Step 13: this server obtains a derivative page, and returns execution step 6.
Step 14: this server carries out payment processes according to the absolute payment data received, and result feeds back to the application of described trade company.
By adopting above-mentioned embodiment that each link in payment flow can carry out the security hardening of chain-type, and multiple security risk is carried out multiple spot strick precaution in all directions, effectively reduce the security risk of payment.
Fig. 3 is the structural representation of a kind of server according to embodiment of the present invention. Referring to Fig. 3, described server 1000 includes: receiver module 100, read module 200 and correction verification module 300, specifically:
Receiver module 100 is for receiving the payment data that client sends.
Wherein, the attribute of described payment data is such as payment, paying bank's card number, payee account or order number etc., and the crucial payment data participating in verification dynamically can be configured as required by payment system.
Read module 200 is for reading the value of the testing data corresponding with the payment data that described receiver module 100 receives.
Correction verification module 300 is used for performing following process: whether the value verifying the checking data that the value of the payment data that described receiver module 100 receives reads with described read module 200 is consistent, when being identified as consistent, determine that the verification to described payment data is passed through, when being identified as inconsistent, it is determined that the verification of described payment data is not passed through.
Fig. 4 is the structural representation of the another kind of server according to embodiment of the present invention. Referring to Fig. 4, state server 1000 ' and including: generation module 100 ', sending module 200 ', receiver module 300 ', read module 400 ' and correction verification module 500 ', specifically:
Generation module 100 ' gathers the page for generating the payment data corresponding with the attribute of described payment data.
Sending module 200 ' gathers the page for the payment data generated by described generation module 100 ' and is sent to described client so that described client gathers the payment data of page capture user input by described payment data.
Receiver module 300 ', read module 400 ' and correction verification module 500 ': respectively with above-mentioned receiver module 100, read module 200 and correction verification module 300, do not repeat them here.
As it is shown in figure 5, in one embodiment of the invention, generation module 100 ' may include that acquiring unit 110 ' and generates unit 120 ', specifically:
Acquiring unit 110 ' gathers, with described payment data, the initial page that the page is corresponding for obtaining.
Generate unit 120 ' for modifying the title of at least two input domains in the initial page accessed by described acquiring unit 110 ' to generate the described payment data collection page.
As shown in Figure 6, in another embodiment of the invention, generation module 100 ' may include that acquiring unit 110 " and generate unit 120 ", specifically:
Acquiring unit 110 " gather, with described payment data, the initial page that the page is corresponding for obtaining.
Generate unit 120 " for described acquiring unit 110 " accessed by initial page in insert one or more invalid input domain and gather the page to generate described payment data.
In embodiments of the present invention, server 1000 (or server 1000 ') can also include acquisition module, and this acquisition module is used for obtaining described checking data. Wherein, this acquisition module such as may include that the reception unit paying request for receiving trade company's application transmission, and for parsing the resolution unit of described checking data from paying received by described reception unit asking.
In one embodiment of the invention, described acquisition module can also include: for asking to carry out risk assessment to obtain the risk assessment unit of risk assessment value to described payment, and the comparing unit that the risk assessment value for being obtained by described risk assessment unit compares with predetermined threshold, further, above-mentioned resolution unit described risk assessment value less than or equal to described predetermined threshold when perform process: from described pay request parse described checking data.
In another embodiment of the invention, described acquisition module can also include: the recognition unit whether expired for identifying described payment request, wherein, above-mentioned resolution unit performs process when described payment request is not out of date: parse described checking data from described payment request.
Wherein, this recognition unit such as may include that resolution component and recognizer component, specifically: resolution component is for parsing timestamp information from described payment request, recognizer component is used for performing following process: identify that whether the interval duration between the time point that the timestamp information that current point in time and described resolution component parse identifies is less than or equal to predetermined threshold, described interval duration less than or equal to described predetermined threshold when, identify described payment request not out of date, described interval duration more than described predetermined threshold when, identify described payment request out of date.
Implement the method and apparatus of verification payment data provided by the invention, it is possible to carry out verification by payment data and checking data client sent and prevent payment data to be tampered.
Through the above description of the embodiments, those skilled in the art is it can be understood that can realize by the mode of software combined with hardware platform to the present invention. Based on such understanding, what background technology was contributed by technical scheme can embody with the form of software product in whole or in part, this computer software product can be stored in storage medium, such as ROM/RAM, magnetic disc, CD etc., including some instructions with so that a computer equipment (can be personal computer, server, smart mobile phone or the network equipment etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
Terminology used herein of the present invention and wording, just to illustrating, are not intended to constitute restriction. It will be appreciated by those skilled in the art that under the premise of the ultimate principle without departing from disclosed embodiment, each details in above-mentioned embodiment can be carried out various change. Therefore, the scope of the present invention is only determined by claim, and in the claims, except as otherwise noted, all of term should be understood by the broadest rational meaning.

Claims (20)

1. the method verifying payment data, it is characterised in that described method includes:
Receive the payment data that client sends;
Read the value of the checking data corresponding with described payment data;
Whether the value verifying described payment data is consistent with the value of described checking data;
If it is consistent, it is determined that the verification of described payment data is passed through.
2. the method for claim 1, it is characterised in that
The attribute of described payment data includes: the amount of money, order number or account.
3. method as claimed in claim 2, it is characterised in that described method also includes:
Before the process performing the payment data that described reception client sends, generate the payment data corresponding with the attribute of described payment data and gather the page;
Described payment data is gathered the page and is sent to described client.
4. method as claimed in claim 3, it is characterised in that generate the payment data collection page corresponding with the attribute of described payment data and include:
Obtain and gather, with described payment data, the initial page that the page is corresponding;
The title of at least two input domains in the initial page got is modified generates described payment data and gathers the page.
5. method as claimed in claim 3, it is characterised in that generate the payment data collection page corresponding with the attribute of described payment data and include:
Obtain and gather, with described payment data, the initial page that the page is corresponding;
In the initial page got, insert one or more invalid input domain gather the page to generate described payment data.
6. the method as according to any one of claim 1 to 5, it is characterised in that described method also includes:
Before performing the process of value of the described reading checking data corresponding with described payment data, obtain described checking data.
7. method as claimed in claim 6, it is characterised in that obtain described checking data and include:
Receive the payment request that trade company's application sends;
Described checking data is parsed from described payment request.
8. method as claimed in claim 7, it is characterised in that obtain described checking data and also include:
Before performing the described process parsing described checking data from described payment request, described payment request is carried out risk assessment to obtain risk assessment value;
Described risk assessment value and predetermined threshold are compared;
If described risk assessment value is less than or equal to described predetermined threshold, then perform following process: parse described checking data from described payment request.
9. method as claimed in claim 7, it is characterised in that obtain described checking data and also include:
Before performing the described process parsing described checking data from described payment request, identify whether described payment request is expired;
If described payment request is not out of date, then perform following process: parse described checking data from described payment request.
10. method as claimed in claim 9, it is characterised in that identify that described payment asks whether expired including:
Timestamp information is parsed from described payment request;
Identify that whether the interval duration between the time point that current point in time and described timestamp information identify is less than or equal to predetermined threshold;
If described interval duration is less than or equal to described predetermined threshold, then identify described payment request not out of date.
11. a server, it is characterised in that described server includes:
Receiver module, for receiving the payment data that client sends;
Read module, for reading the value of the testing data corresponding with the payment data that described receiver module receives;
Correction verification module, is used for performing following process: whether the value verifying the payment data that described receiver module receives is consistent with the value of the checking data that described read module reads, when being identified as consistent, it is determined that the verification of described payment data is passed through.
12. server as claimed in claim 11, it is characterised in that
The attribute of described payment data includes: the amount of money, order number or account.
13. server as claimed in claim 12, it is characterised in that described server also includes:
Generation module, gathers the page for generating the payment data corresponding with the attribute of described payment data;
Sending module, the payment data for being generated by described generation module gathers the page and is sent to described client.
14. server as claimed in claim 13, it is characterised in that described generation module includes:
Acquiring unit, gathers, with described payment data, the initial page that the page is corresponding for obtaining;
Generate unit, for modifying the title of at least two input domains in the initial page accessed by described acquiring unit to generate the described payment data collection page.
15. server as claimed in claim 13, it is characterised in that described generation module includes:
Acquiring unit, gathers, with described payment data, the initial page that the page is corresponding for obtaining;
Generate unit, gather the page for inserting one or more invalid input domain in the initial page accessed by described acquiring unit to generate described payment data.
16. the server as according to any one of claim 11 to 15, it is characterised in that described server also includes:
Acquisition module, is used for obtaining described checking data.
17. server as claimed in claim 16, it is characterised in that described acquisition module includes:
Receive unit, for receiving the payment request that trade company's application sends;
Resolution unit, for parsing described checking data asking from the payment received by described reception unit.
18. server as claimed in claim 17, it is characterised in that described acquisition module also includes:
Risk assessment unit, for carrying out risk assessment to obtain risk assessment value to described payment request;
Comparing unit, risk assessment value and predetermined threshold for being obtained by described risk assessment unit compare;
Wherein, described resolution unit described risk assessment value less than or equal to described predetermined threshold when, perform following process: from described pay request parse described checking data.
19. server as claimed in claim 17, it is characterised in that described acquisition module also includes:
Recognition unit, is used for identifying whether described payment request is expired;
Wherein, described resolution unit, when described payment request is not out of date, performs following process: parse described checking data from described payment request.
20. server as claimed in claim 19, it is characterised in that described recognition unit includes:
Resolution component, for parsing timestamp information from described payment request;
Recognizer component, for performing following process: identify that whether the interval duration between the time point that the timestamp information that current point in time and described resolution component parse identifies is less than or equal to predetermined threshold, described interval duration less than or equal to described predetermined threshold when, identify described pay request not out of date.
CN201510983377.8A 2015-12-24 2015-12-24 Method and device which verifies payment data Pending CN105631669A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510983377.8A CN105631669A (en) 2015-12-24 2015-12-24 Method and device which verifies payment data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510983377.8A CN105631669A (en) 2015-12-24 2015-12-24 Method and device which verifies payment data

Publications (1)

Publication Number Publication Date
CN105631669A true CN105631669A (en) 2016-06-01

Family

ID=56046568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510983377.8A Pending CN105631669A (en) 2015-12-24 2015-12-24 Method and device which verifies payment data

Country Status (1)

Country Link
CN (1) CN105631669A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737442A (en) * 2018-06-12 2018-11-02 北京多采多宜网络科技有限公司 A kind of cryptographic check processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020826A (en) * 2012-12-05 2013-04-03 北京奇虎科技有限公司 Payment processing method and server
CN104268756A (en) * 2014-09-18 2015-01-07 深圳市中兴移动通信有限公司 Mobile payment method and system
CN105099688A (en) * 2014-05-15 2015-11-25 阿里巴巴集团控股有限公司 Operation method for electronic account, display method and apparatus for payment page

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103020826A (en) * 2012-12-05 2013-04-03 北京奇虎科技有限公司 Payment processing method and server
CN105099688A (en) * 2014-05-15 2015-11-25 阿里巴巴集团控股有限公司 Operation method for electronic account, display method and apparatus for payment page
CN104268756A (en) * 2014-09-18 2015-01-07 深圳市中兴移动通信有限公司 Mobile payment method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108737442A (en) * 2018-06-12 2018-11-02 北京多采多宜网络科技有限公司 A kind of cryptographic check processing method

Similar Documents

Publication Publication Date Title
CN106780012A (en) A kind of internet credit methods and system
EP3370384B1 (en) Two-dimensional code processing method and apparatus
US8880435B1 (en) Detection and tracking of unauthorized computer access attempts
AU2009311303B2 (en) Online challenge-response
KR101952498B1 (en) Loan service providing method using black chain and system performing the same
US20130117185A1 (en) Method for conducting a transaction between a merchant site and a customer's electronic device without exposing payment information to a server-side application of the merchant site
WO2014109881A1 (en) Methods and apparatus for increased security in issuing application tokens
CN103443813A (en) Authenticating transactions using a mobile device identifier
CN102300182A (en) Short-message-based authentication method, system and device
CN101916478A (en) Method for automatically acquiring, verifying and inputting dynamic password in normal short message by client
CN102158488A (en) Dynamic countersign generation method and device and authentication method and system
CN106789436A (en) A kind of reference report-generating method and system
EP2579198A1 (en) Secure payment system
CN104462934B (en) A kind of information processing method and electronic equipment
CN108846292B (en) Desensitization rule generation method and device
CN107798536A (en) Credit line treating method and apparatus
CN106355496A (en) Method, system and device for realizing batch electronic transactions as well as electronic signature tool
EP3474210A1 (en) User account controls for online transactions
CN105631669A (en) Method and device which verifies payment data
CN108881121B (en) P2P credit mutual-watching system and method based on mobile internet
CN108961034A (en) System and method, storage medium based on user behavior certification
CN110647737B (en) Enterprise user security authentication method and device in warehouse receipt system and electronic equipment
JP2018533131A (en) Authentication service customer data management method and system
CN104506930B (en) The method for down loading and television terminal of a kind of audio, video data
CN105427143B (en) Method and device for carrying out system security control

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160601

WD01 Invention patent application deemed withdrawn after publication