CN107464120B - Security verification method for password-free payment, merchant background system and payment system - Google Patents
Security verification method for password-free payment, merchant background system and payment system Download PDFInfo
- Publication number
- CN107464120B CN107464120B CN201710866936.6A CN201710866936A CN107464120B CN 107464120 B CN107464120 B CN 107464120B CN 201710866936 A CN201710866936 A CN 201710866936A CN 107464120 B CN107464120 B CN 107464120B
- Authority
- CN
- China
- Prior art keywords
- payment
- information
- mobile phone
- phone number
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 103
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000013475 authorization Methods 0.000 claims description 62
- 238000004891 communication Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000001680 brushing effect Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000011664 signaling Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3224—Transactions dependent on location of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a security verification method for secret-free payment, a merchant background system and a payment system. Because the mobile phone number and the user identity information are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or the payment information is leaked, the embezzler does not know the user member card number, the merchant background system cannot acquire the correct mobile phone number and the user identity information, and the operator system cannot pass the verification; or when the store position information is inconsistent with the current position of the mobile phone number, the verification cannot pass, so that the illegal brushing is avoided, and the security of secret payment is improved.
Description
Technical Field
The invention relates to the technical field of communication, in particular to a security verification method for secret-free payment, a merchant background system and a payment system.
Background
Along with the increasing popularization of mobile payment and the generation of secret-free payment, a user does not need to input an account password during payment, the payment efficiency is improved, and more convenience is provided for the user.
The existing secret-free payment method can be set by a user through a payment client of a mobile terminal, and after the user submits input and submits a payment password, a secret-free payment function is started. The specific payment process comprises the following steps: the cashier desk generates a payment bill and displays the bill to a user, after the user confirms that the bill is correct, the payment two-dimensional code is displayed to the cashier desk through the mobile terminal, the cashier desk reads the payment two-dimensional code on the mobile terminal through scanning equipment, a first payment request is initiated to a merchant background system, the merchant background system calls an Application Programming Interface (API) for card swiping payment after generating a signature according to the first payment request, a second payment request is initiated to the payment system, the payment system verifies the second payment request after receiving the second payment request, and the request data is processed after the verification is passed, and the merchant background system performs signature verification and processing on the received payment result and then returns the payment result to the cash register.
In the existing secret-free payment method, when a mobile terminal of a user is lost or an illegal user acquires a user payment code by means of stealing and the like, the potential safety hazard of payment executed by other people exists. The existing secret-free payment method has no technical safety means, and can only be prevented from being embezzled by timely closing the secret-free payment function or modifying a payment password and the like by a user, so that the secret-free payment function cannot be safely and conveniently used.
Disclosure of Invention
The invention provides a security verification method for secret-free payment, a merchant background system and a payment system, which are used for avoiding being embezzled and improving the security of secret-free payment.
One aspect of the present invention provides a secure authentication method for a secret-free payment, including:
the method comprises the steps that a merchant background system obtains a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and when the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention is to provide a method for secure authentication of a privacy-free payment, including:
the payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
and the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention provides a merchant background system, including:
the acquisition module is used for acquiring a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the query module is used for acquiring the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the communication module is used for sending a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and the user identity information is consistent with the real-name authentication information of the mobile phone number, and the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention is to provide a payment system, including:
the system comprises a receiving module, a data processing module and a data processing module, wherein the receiving module is used for receiving a first payment request sent by a merchant background system, and the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
a sending module, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
the receiving module is further configured to receive a verification result sent by the operator system,
and the payment module is used for finishing payment by the payment system according to the consumption amount and the user password-free payment authorization information if the verification result shows that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information.
According to the security verification method for the secret-free payment, the merchant background system and the payment system, the merchant background system obtains the mobile phone number, the user identity information and the store position information of the user from the database according to the member card number and the store information of the user, the mobile phone number, the user identity information and the store position information are sent to the operator system through the payment system for verification, and if the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the secret-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a security verification method for a privacy-exempt payment according to an embodiment of the present invention;
fig. 2 is a flowchart of a security verification method for a privacy-exempt payment according to a second embodiment of the present invention;
fig. 3 is a flowchart of a security verification method for a privacy-exempt payment according to a third embodiment of the present invention;
fig. 4 is a signaling diagram of a security verification method for a privacy-exempt payment according to a fourth embodiment of the present invention;
fig. 5 is a structural diagram of a merchant background system according to a fifth embodiment of the present invention;
fig. 6 is a block diagram of a payment system according to a sixth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Fig. 1 is a flowchart of a security verification method for a privacy-exempt payment according to an embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, the execution subject of which is a merchant background system, and the method comprises the following specific steps:
s101, a merchant background system acquires a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount.
In this embodiment, the consumption bill may be generated by the merchant front-end system according to the commodity purchased by the user and the information provided by the user, where the merchant front-end system may specifically be a cash register, and specifically may include a scanning instrument, a computer, and the like, the consumption amount is obtained by scanning a barcode of the commodity through the scanning instrument, and the user membership card number may scan a barcode or a magnetic stripe of the membership card provided by the user through the scanning instrument, or may be input through a keyboard; certainly, the merchant front-end system can also be a computer only, and the information provided by the user and the commodity purchased by the user is input through input equipment such as a keyboard and the like and then is generated by the computer; in addition, the merchant front-end system can also be only a scanning instrument, the scanning instrument scans the commodity bar code and the bar code or the magnetic stripe of the user membership card, and the merchant background system generates the consumption bill. The store information may be a store code, and may be carried in the message when the merchant front-end system sends the message to the merchant backend system, so that the merchant backend system identifies the store information. The user password-free payment authorization information can be a payment code of the user, such as a WeChat payment or Paibao payment two-dimensional code, and is displayed by the user during payment and can be obtained through scanning of a scanning instrument.
S102, the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information.
In this embodiment, the database of the merchant background system pre-stores store location information corresponding to the store information, and a mobile phone number and user identity information corresponding to the user member card number, where the mobile phone number and the user identity information corresponding to the user member card number may be reserved when the user registers for a member, and the user identity information may include a name, an age, an identification number, a birthday, and the like. In this embodiment, after the merchant background system obtains the consumption bill, the store location information is obtained from the database according to the store information, and the mobile phone number and the user identity information are obtained from the database according to the user member card number.
S103, the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, and if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
In this embodiment, the merchant background system generates a first payment request according to the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information, and the store location information, and sends the first payment request to the payment system, where the payment system may be a payment system corresponding to the user password-free payment authorization information, and if the user password-free payment authorization information is a payment two-dimensional code of a WeChat, the payment system is a WeChat payment system. After receiving the first payment request, the payment system generates a verification request according to the mobile phone number, the user identity information and the store position information, sends the verification request to the operator system, and verifies the mobile phone number, the user identity information and the store position information through the operator system. Specifically, the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number, where the current location of the mobile phone number may be obtained by a location method based on a base station of the mobile operating network, for example, the location is determined by using a distance measured by the base station from the mobile phone, and other location methods may be used, which are not described herein again. In addition, because the operator carries out real-name authentication on the mobile phone number, the identity information of the user can be verified according to the real-name authentication information of the mobile phone number prestored in the operator system. When the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the fact that the user holds the mobile phone of the user to carry out secret-free payment in the store at the moment is indicated, and then the payment system completes payment according to the consumption amount and the secret-free payment authorization information of the user.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Example two
Fig. 2 is a flowchart of a security verification method for a privacy-exempt payment according to a second embodiment of the present invention. As shown in fig. 2, based on the above embodiment, the acquiring, by the merchant background system in S101, the consumption bill and the user password-free payment authorization information specifically include:
s201, the merchant background system receives a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from a mobile terminal.
In this embodiment, the consumption bill generated by the merchant front-end system includes the user member card number, the store information and the consumption amount, the user displays the payment two-dimensional code on the mobile terminal after confirming the consumption bill, the merchant front-end system obtains the user password-free payment authorization information by scanning the payment two-dimensional code, and then the merchant front-end system generates a second payment request according to the consumption bill and the user password-free payment authorization information and sends the second payment request to the merchant background system.
It should be noted that the terms "first", "second", etc. in the present invention are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated.
Further, after the payment system completes payment according to the consumption amount and the user password-free payment authorization information in S103, the method further includes:
s202, the merchant background system receives the payment result sent by the payment system.
In this embodiment, after the payment system completes the payment process according to the consumption amount and the user privacy-free payment authorization information, the payment system sends the payment result to the merchant background system, so that the merchant background system knows the payment result. Certainly, the payment system may also send the payment result to the mobile terminal corresponding to the mobile phone number, or send the payment result to the merchant front-end system, or the merchant background system pushes the payment result to the merchant front-end system after receiving the payment result.
In addition, when the verification of the operator system fails, the information that the verification fails can be sent to the merchant background system and the mobile terminal corresponding to the mobile phone number to prompt that the verification fails, so that economic losses of both transaction parties are avoided.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE III
Fig. 3 is a flowchart of a security verification method for a privacy-exempt payment according to a third embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, the execution subject of the method is a payment system, and the method comprises the following specific steps:
s301, a payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill.
In this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information from the database according to the user member card number and the store information in the consumption bill, where the database of the merchant background system prestores the store location information corresponding to the store information, and the mobile phone number and the user identity information corresponding to the user member card number, where the mobile phone number and the user identity information corresponding to the user member card number may be reserved when the user registers for a member, and where the user identity information may include a name, an age, an identification number, a birthday, and so on. And the merchant background system generates a first payment request according to the consumption amount obtained from the consumption bill, the user password-free payment authorization information obtained from the user mobile terminal, the mobile phone number, the user identity information and the store position information, and sends the first payment request to the payment system.
S302, the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number.
In this embodiment, after receiving the first payment request, the payment system generates a verification request according to the mobile phone number, the user identity information, and the store location information in the first payment request, and sends the verification request to the operator system, and verifies the mobile phone number, the user identity information, and the store location information through the operator system. Specifically, the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number, where the current location of the mobile phone number may be obtained by a location method based on a base station of the mobile operating network, for example, the location is determined by using a distance measured by the base station from the mobile phone, and other location methods may be used, which are not described herein again. In addition, because the operator carries out real-name authentication on the mobile phone number, the identity information of the user can be verified according to the real-name authentication information of the mobile phone number prestored in the operator system. When the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the fact that the user holds the mobile phone of the user to carry out secret-free payment in the store at the moment is indicated, and then the payment system continues to complete the payment process.
And S303, the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
In this embodiment, when the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, it indicates that the user holds his mobile phone at the store for the password-free payment at this time, and further the payment system completes the payment according to the consumption amount and the password-free payment authorization information of the user, and the specific payment process is not described here again.
Further, after the payment system completes payment according to the consumption amount and the user password-free payment authorization information, the payment system may further include:
and the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number. Of course, the payment result may also be sent to the merchant front-end system at the same time, or pushed to the merchant front-end system after the merchant background system receives the payment result.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Example four
Fig. 4 is a signaling diagram of a security authentication method for a privacy-exempt payment according to a fourth embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, which comprises the following specific steps:
s401, generating a consumption bill by the merchant front-end system, wherein the consumption bill comprises a user member card number, store information and consumption amount;
s402, acquiring user password-free payment authorization information from the mobile terminal by the merchant front-end system;
s403, the merchant front-end system sends a second payment request to the merchant background system, wherein the second payment request comprises the consumption bill and the user password-free payment authorization information;
s404, the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
s405, the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information;
s406, the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information;
s407, the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
s408, the operator system sends a verification result to the payment system;
s409, the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information;
and S410, the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE five
Fig. 5 is a structural diagram of a merchant background system according to a fifth embodiment of the present invention. The embodiment of the present invention provides a merchant background system, which can execute the processing flows provided in the first and second embodiments of the security verification method for privacy-free payment, as shown in fig. 5, the merchant background system provided in this embodiment specifically includes:
an obtaining module 501, configured to obtain a consumption bill and user password-free payment authorization information, where the consumption bill includes a user membership card number, store information, and a consumption amount;
the query module 502 is configured to obtain a mobile phone number of a user, user identity information, and store location information from a database according to the user member card number and the store information;
Further, the obtaining module 501 may be specifically configured to:
and receiving a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
Further, the communication module 503 may also be configured to receive a payment result sent by the payment system.
The merchant background system provided by the embodiment of the present invention may be specifically configured to execute the method embodiments provided in fig. 1 and fig. 2, and specific functions are not described herein again.
The merchant background system provided in this embodiment obtains the mobile phone number of the user, the user identity information, and the store location information from the database through the merchant background system according to the user member card number and the store information, and sends the operator system through the payment system for verification, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user privacy-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE six
Fig. 6 is a block diagram of a payment system according to a sixth embodiment of the present invention. An embodiment of the present invention provides a payment system, which can execute a processing flow provided in a third embodiment of a security verification method for a secret-free payment, as shown in fig. 5, the payment system provided in the embodiment specifically includes:
the receiving module 601 is configured to receive a first payment request sent by a merchant background system, where the first payment request includes a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information, and store location information, and the mobile phone number, the user identity information, and the store location information are obtained by the merchant background system from a database according to a user member card number and store information in a consumption bill;
a sending module 602, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
the receiving module 601 is further configured to receive a verification result sent by the operator system,
and the payment module 603 is configured to, if the verification result is that the current location of the mobile phone number is consistent with the store location information and the real-name authentication information of the mobile phone number is consistent with the user identity information, complete payment by the payment system according to the consumption amount and the user password-free payment authorization information.
Further, the sending module 602 may be further configured to send a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
The payment system provided in the embodiment of the present invention may be specifically configured to execute the method embodiment provided in fig. 3, and specific functions are not described herein again.
In the payment system provided by this embodiment, the merchant background system obtains the mobile phone number of the user, the user identity information, and the store location information from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE seven
This embodiment provides a transaction system, which includes the merchant background system described in the fifth embodiment and the payment system described in the sixth embodiment. In addition, the transaction system of the embodiment may further include an operator system and a merchant front-end system.
The transaction system of this embodiment is specifically configured to execute the method embodiment provided in fig. 4, and specific functions are not described herein again.
In the transaction system provided by this embodiment, the merchant background system obtains the mobile phone number of the user, the user identity information, and the store location information from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A method for secure authentication of a privacy-free payment, comprising:
the method comprises the steps that a merchant background system obtains a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and when the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
2. The method according to claim 1, wherein the merchant background system obtains the consumption bill and the user password-free payment authorization information, and specifically includes:
the merchant background system receives a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
3. The method as claimed in claim 1 or 2, wherein the payment system further comprises, after completing payment according to the consumption amount and the user password-free payment authorization information:
and the merchant background system receives the payment result sent by the payment system.
4. A method for secure authentication of a privacy-free payment, comprising:
the payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number, the user identity information and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
and the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
5. The method of claim 4, wherein after the payment system completes payment according to the consumption amount and the user password-free payment authorization information, the method further comprises:
and the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
6. A merchant background system, comprising:
the acquisition module is used for acquiring a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the query module is used for acquiring the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the communication module is used for sending a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and the user identity information is consistent with the real-name authentication information of the mobile phone number, and the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
7. The merchant background system of claim 6, wherein the acquisition module is specifically configured to:
and receiving a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
8. Merchant backend system according to claim 6 or 7,
the communication module is also used for receiving the payment result sent by the payment system.
9. A payment system, comprising:
the system comprises a receiving module, a data processing module and a data processing module, wherein the receiving module is used for receiving a first payment request sent by a merchant background system, and the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
a sending module, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number, the user identity information, and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number, and whether the user identity information is consistent with real-name authentication information of the mobile phone number;
the receiving module is further configured to receive a verification result sent by the operator system;
and the payment module is used for finishing payment by the payment system according to the consumption amount and the user password-free payment authorization information if the verification result shows that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information.
10. The payment system of claim 9,
the sending module is further configured to send a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710866936.6A CN107464120B (en) | 2017-09-22 | 2017-09-22 | Security verification method for password-free payment, merchant background system and payment system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710866936.6A CN107464120B (en) | 2017-09-22 | 2017-09-22 | Security verification method for password-free payment, merchant background system and payment system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107464120A CN107464120A (en) | 2017-12-12 |
CN107464120B true CN107464120B (en) | 2020-07-28 |
Family
ID=60553646
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710866936.6A Active CN107464120B (en) | 2017-09-22 | 2017-09-22 | Security verification method for password-free payment, merchant background system and payment system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107464120B (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108335371B (en) * | 2018-02-11 | 2021-01-05 | 深圳市图灵奇点智能科技有限公司 | Parking charging method and device |
CN110264179A (en) * | 2018-03-12 | 2019-09-20 | 阿里巴巴集团控股有限公司 | Commodity settlement method, device, system and electronic equipment |
CN108765786B (en) * | 2018-04-03 | 2020-11-24 | 中电金融设备系统(深圳)有限公司 | Two-dimensional code withdrawal safety verification method and system and computer storage medium |
CN109559167A (en) * | 2018-11-22 | 2019-04-02 | 深圳前海微众银行股份有限公司 | On-line payment method, commodity retail platform and system, readable storage medium storing program for executing |
CN110046884A (en) * | 2018-12-28 | 2019-07-23 | 中国银联股份有限公司 | Transaction data data processing method and its system and user terminal |
CN109977180A (en) * | 2019-02-26 | 2019-07-05 | 四川数信联科技有限公司 | A kind of checking method of permanent residence data accuracy |
CN110399711A (en) * | 2019-07-26 | 2019-11-01 | 中国工商银行股份有限公司 | Member identity identification method and device |
CN110728514A (en) * | 2019-09-23 | 2020-01-24 | 苏宁云计算有限公司 | Payment system and method for quickly identifying member code |
CN110675160A (en) * | 2019-09-30 | 2020-01-10 | 重庆易极付电子商务有限公司 | Identity verification method for mobile payment |
CN111461725B (en) * | 2020-01-02 | 2023-11-14 | 中国银联股份有限公司 | Identity recognition method and identity recognition system based on two-dimensional code payment |
CN112446706A (en) * | 2020-11-09 | 2021-03-05 | 宿州职业技术学院 | Electronic commerce linkage payment method for old users |
CN113205642B (en) * | 2021-04-25 | 2023-04-14 | 多点(深圳)数字科技有限公司 | Anti-embezzlement method based on entity prepaid card |
CN114255042A (en) * | 2021-12-27 | 2022-03-29 | 中国农业银行股份有限公司 | Secret payment-free signing method and device, computer equipment and medium |
CN116681435A (en) * | 2023-01-03 | 2023-09-01 | 黑龙江圣轨科技有限公司 | Block chain-based network data security monitoring system and method |
CN117474554A (en) * | 2023-11-14 | 2024-01-30 | 中贵数据科技(深圳)有限公司 | Gold transaction data security management method and system |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051372A (en) * | 2006-04-06 | 2007-10-10 | 北京易富金川科技有限公司 | Method for safety verifying financial business information in electronic business |
CN101464981A (en) * | 2007-12-18 | 2009-06-24 | 黄金富 | Bank card account security system and method through mobile phone orientation authentication card owner identification |
US20100131375A1 (en) * | 2008-11-26 | 2010-05-27 | Recargax, Inc. | Money transfer payments for mobile wireless device prepaid services |
WO2013081421A1 (en) * | 2011-12-01 | 2013-06-06 | 에스케이씨앤씨 주식회사 | Method and system for safe mobile wallet transaction |
US20150120562A1 (en) * | 2013-10-30 | 2015-04-30 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus, and system for secure payment |
-
2017
- 2017-09-22 CN CN201710866936.6A patent/CN107464120B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN107464120A (en) | 2017-12-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107464120B (en) | Security verification method for password-free payment, merchant background system and payment system | |
US9864983B2 (en) | Payment method, payment server performing the same and payment system performing the same | |
CN108667789B (en) | Multidimensional bar code action identity authentication method, digital certificate device and authentication servo mechanism | |
US11410146B2 (en) | Order processing | |
SA114360005B1 (en) | Method, apparatus, and system for secure payment | |
US9189651B2 (en) | User information management apparatus and user information management method | |
CN103839157A (en) | Electronic payment method, device and system | |
CN105989485B (en) | Service management method and device | |
CN110210207A (en) | Authorization method and equipment | |
US20150081555A1 (en) | Method, Apparatus, and System for Processing Transactions | |
CN104268756B (en) | Method of mobile payment and system | |
CN109118215B (en) | Payment processing method and device and server | |
KR20120108599A (en) | Credit card payment service using online credit card payment device | |
CN111163467A (en) | Method for 5G user terminal to access 5G network, user terminal equipment and medium | |
CN108512660B (en) | Virtual card verification method | |
CN107146079B (en) | Transaction payment method and system | |
EP2584514A1 (en) | Cloud credit card transaction system and transaction method thereof | |
US11386427B2 (en) | System for secure authentication of a user's identity in an electronic system for banking transactions | |
CN104616147A (en) | Information configuration method, device, system, client and server | |
CN111709835B (en) | Service processing method and system | |
CN109981585B (en) | Business handling method and equipment | |
KR20110107311A (en) | A transaction system and mehod using mobile network, computer program therefor | |
CN110647737B (en) | Enterprise user security authentication method and device in warehouse receipt system and electronic equipment | |
CN110415074A (en) | A kind of price quoting method, device and the server of vehicle insurance continuation of insurance | |
KR102497521B1 (en) | Artificial intelligence-based gold trading platform server for recommending the optimal gold exchange to a user for selling gold and the operating method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |