CN107464120B - Security verification method for password-free payment, merchant background system and payment system - Google Patents

Security verification method for password-free payment, merchant background system and payment system Download PDF

Info

Publication number
CN107464120B
CN107464120B CN201710866936.6A CN201710866936A CN107464120B CN 107464120 B CN107464120 B CN 107464120B CN 201710866936 A CN201710866936 A CN 201710866936A CN 107464120 B CN107464120 B CN 107464120B
Authority
CN
China
Prior art keywords
payment
information
mobile phone
phone number
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710866936.6A
Other languages
Chinese (zh)
Other versions
CN107464120A (en
Inventor
李娜
赵锡成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201710866936.6A priority Critical patent/CN107464120B/en
Publication of CN107464120A publication Critical patent/CN107464120A/en
Application granted granted Critical
Publication of CN107464120B publication Critical patent/CN107464120B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3224Transactions dependent on location of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a security verification method for secret-free payment, a merchant background system and a payment system. Because the mobile phone number and the user identity information are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or the payment information is leaked, the embezzler does not know the user member card number, the merchant background system cannot acquire the correct mobile phone number and the user identity information, and the operator system cannot pass the verification; or when the store position information is inconsistent with the current position of the mobile phone number, the verification cannot pass, so that the illegal brushing is avoided, and the security of secret payment is improved.

Description

Security verification method for password-free payment, merchant background system and payment system
Technical Field
The invention relates to the technical field of communication, in particular to a security verification method for secret-free payment, a merchant background system and a payment system.
Background
Along with the increasing popularization of mobile payment and the generation of secret-free payment, a user does not need to input an account password during payment, the payment efficiency is improved, and more convenience is provided for the user.
The existing secret-free payment method can be set by a user through a payment client of a mobile terminal, and after the user submits input and submits a payment password, a secret-free payment function is started. The specific payment process comprises the following steps: the cashier desk generates a payment bill and displays the bill to a user, after the user confirms that the bill is correct, the payment two-dimensional code is displayed to the cashier desk through the mobile terminal, the cashier desk reads the payment two-dimensional code on the mobile terminal through scanning equipment, a first payment request is initiated to a merchant background system, the merchant background system calls an Application Programming Interface (API) for card swiping payment after generating a signature according to the first payment request, a second payment request is initiated to the payment system, the payment system verifies the second payment request after receiving the second payment request, and the request data is processed after the verification is passed, and the merchant background system performs signature verification and processing on the received payment result and then returns the payment result to the cash register.
In the existing secret-free payment method, when a mobile terminal of a user is lost or an illegal user acquires a user payment code by means of stealing and the like, the potential safety hazard of payment executed by other people exists. The existing secret-free payment method has no technical safety means, and can only be prevented from being embezzled by timely closing the secret-free payment function or modifying a payment password and the like by a user, so that the secret-free payment function cannot be safely and conveniently used.
Disclosure of Invention
The invention provides a security verification method for secret-free payment, a merchant background system and a payment system, which are used for avoiding being embezzled and improving the security of secret-free payment.
One aspect of the present invention provides a secure authentication method for a secret-free payment, including:
the method comprises the steps that a merchant background system obtains a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and when the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention is to provide a method for secure authentication of a privacy-free payment, including:
the payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
and the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention provides a merchant background system, including:
the acquisition module is used for acquiring a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the query module is used for acquiring the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the communication module is used for sending a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and the user identity information is consistent with the real-name authentication information of the mobile phone number, and the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
Another aspect of the present invention is to provide a payment system, including:
the system comprises a receiving module, a data processing module and a data processing module, wherein the receiving module is used for receiving a first payment request sent by a merchant background system, and the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
a sending module, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
the receiving module is further configured to receive a verification result sent by the operator system,
and the payment module is used for finishing payment by the payment system according to the consumption amount and the user password-free payment authorization information if the verification result shows that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information.
According to the security verification method for the secret-free payment, the merchant background system and the payment system, the merchant background system obtains the mobile phone number, the user identity information and the store position information of the user from the database according to the member card number and the store information of the user, the mobile phone number, the user identity information and the store position information are sent to the operator system through the payment system for verification, and if the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the secret-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a security verification method for a privacy-exempt payment according to an embodiment of the present invention;
fig. 2 is a flowchart of a security verification method for a privacy-exempt payment according to a second embodiment of the present invention;
fig. 3 is a flowchart of a security verification method for a privacy-exempt payment according to a third embodiment of the present invention;
fig. 4 is a signaling diagram of a security verification method for a privacy-exempt payment according to a fourth embodiment of the present invention;
fig. 5 is a structural diagram of a merchant background system according to a fifth embodiment of the present invention;
fig. 6 is a block diagram of a payment system according to a sixth embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
Fig. 1 is a flowchart of a security verification method for a privacy-exempt payment according to an embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, the execution subject of which is a merchant background system, and the method comprises the following specific steps:
s101, a merchant background system acquires a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount.
In this embodiment, the consumption bill may be generated by the merchant front-end system according to the commodity purchased by the user and the information provided by the user, where the merchant front-end system may specifically be a cash register, and specifically may include a scanning instrument, a computer, and the like, the consumption amount is obtained by scanning a barcode of the commodity through the scanning instrument, and the user membership card number may scan a barcode or a magnetic stripe of the membership card provided by the user through the scanning instrument, or may be input through a keyboard; certainly, the merchant front-end system can also be a computer only, and the information provided by the user and the commodity purchased by the user is input through input equipment such as a keyboard and the like and then is generated by the computer; in addition, the merchant front-end system can also be only a scanning instrument, the scanning instrument scans the commodity bar code and the bar code or the magnetic stripe of the user membership card, and the merchant background system generates the consumption bill. The store information may be a store code, and may be carried in the message when the merchant front-end system sends the message to the merchant backend system, so that the merchant backend system identifies the store information. The user password-free payment authorization information can be a payment code of the user, such as a WeChat payment or Paibao payment two-dimensional code, and is displayed by the user during payment and can be obtained through scanning of a scanning instrument.
S102, the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information.
In this embodiment, the database of the merchant background system pre-stores store location information corresponding to the store information, and a mobile phone number and user identity information corresponding to the user member card number, where the mobile phone number and the user identity information corresponding to the user member card number may be reserved when the user registers for a member, and the user identity information may include a name, an age, an identification number, a birthday, and the like. In this embodiment, after the merchant background system obtains the consumption bill, the store location information is obtained from the database according to the store information, and the mobile phone number and the user identity information are obtained from the database according to the user member card number.
S103, the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, and if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
In this embodiment, the merchant background system generates a first payment request according to the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information, and the store location information, and sends the first payment request to the payment system, where the payment system may be a payment system corresponding to the user password-free payment authorization information, and if the user password-free payment authorization information is a payment two-dimensional code of a WeChat, the payment system is a WeChat payment system. After receiving the first payment request, the payment system generates a verification request according to the mobile phone number, the user identity information and the store position information, sends the verification request to the operator system, and verifies the mobile phone number, the user identity information and the store position information through the operator system. Specifically, the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number, where the current location of the mobile phone number may be obtained by a location method based on a base station of the mobile operating network, for example, the location is determined by using a distance measured by the base station from the mobile phone, and other location methods may be used, which are not described herein again. In addition, because the operator carries out real-name authentication on the mobile phone number, the identity information of the user can be verified according to the real-name authentication information of the mobile phone number prestored in the operator system. When the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the fact that the user holds the mobile phone of the user to carry out secret-free payment in the store at the moment is indicated, and then the payment system completes payment according to the consumption amount and the secret-free payment authorization information of the user.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Example two
Fig. 2 is a flowchart of a security verification method for a privacy-exempt payment according to a second embodiment of the present invention. As shown in fig. 2, based on the above embodiment, the acquiring, by the merchant background system in S101, the consumption bill and the user password-free payment authorization information specifically include:
s201, the merchant background system receives a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from a mobile terminal.
In this embodiment, the consumption bill generated by the merchant front-end system includes the user member card number, the store information and the consumption amount, the user displays the payment two-dimensional code on the mobile terminal after confirming the consumption bill, the merchant front-end system obtains the user password-free payment authorization information by scanning the payment two-dimensional code, and then the merchant front-end system generates a second payment request according to the consumption bill and the user password-free payment authorization information and sends the second payment request to the merchant background system.
It should be noted that the terms "first", "second", etc. in the present invention are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated.
Further, after the payment system completes payment according to the consumption amount and the user password-free payment authorization information in S103, the method further includes:
s202, the merchant background system receives the payment result sent by the payment system.
In this embodiment, after the payment system completes the payment process according to the consumption amount and the user privacy-free payment authorization information, the payment system sends the payment result to the merchant background system, so that the merchant background system knows the payment result. Certainly, the payment system may also send the payment result to the mobile terminal corresponding to the mobile phone number, or send the payment result to the merchant front-end system, or the merchant background system pushes the payment result to the merchant front-end system after receiving the payment result.
In addition, when the verification of the operator system fails, the information that the verification fails can be sent to the merchant background system and the mobile terminal corresponding to the mobile phone number to prompt that the verification fails, so that economic losses of both transaction parties are avoided.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE III
Fig. 3 is a flowchart of a security verification method for a privacy-exempt payment according to a third embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, the execution subject of the method is a payment system, and the method comprises the following specific steps:
s301, a payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill.
In this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information from the database according to the user member card number and the store information in the consumption bill, where the database of the merchant background system prestores the store location information corresponding to the store information, and the mobile phone number and the user identity information corresponding to the user member card number, where the mobile phone number and the user identity information corresponding to the user member card number may be reserved when the user registers for a member, and where the user identity information may include a name, an age, an identification number, a birthday, and so on. And the merchant background system generates a first payment request according to the consumption amount obtained from the consumption bill, the user password-free payment authorization information obtained from the user mobile terminal, the mobile phone number, the user identity information and the store position information, and sends the first payment request to the payment system.
S302, the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number.
In this embodiment, after receiving the first payment request, the payment system generates a verification request according to the mobile phone number, the user identity information, and the store location information in the first payment request, and sends the verification request to the operator system, and verifies the mobile phone number, the user identity information, and the store location information through the operator system. Specifically, the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number, where the current location of the mobile phone number may be obtained by a location method based on a base station of the mobile operating network, for example, the location is determined by using a distance measured by the base station from the mobile phone, and other location methods may be used, which are not described herein again. In addition, because the operator carries out real-name authentication on the mobile phone number, the identity information of the user can be verified according to the real-name authentication information of the mobile phone number prestored in the operator system. When the operator system verifies that the store position information is consistent with the current position of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the fact that the user holds the mobile phone of the user to carry out secret-free payment in the store at the moment is indicated, and then the payment system continues to complete the payment process.
And S303, the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
In this embodiment, when the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, it indicates that the user holds his mobile phone at the store for the password-free payment at this time, and further the payment system completes the payment according to the consumption amount and the password-free payment authorization information of the user, and the specific payment process is not described here again.
Further, after the payment system completes payment according to the consumption amount and the user password-free payment authorization information, the payment system may further include:
and the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number. Of course, the payment result may also be sent to the merchant front-end system at the same time, or pushed to the merchant front-end system after the merchant background system receives the payment result.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
Example four
Fig. 4 is a signaling diagram of a security authentication method for a privacy-exempt payment according to a fourth embodiment of the present invention. The embodiment provides a security verification method for secret-free payment, which comprises the following specific steps:
s401, generating a consumption bill by the merchant front-end system, wherein the consumption bill comprises a user member card number, store information and consumption amount;
s402, acquiring user password-free payment authorization information from the mobile terminal by the merchant front-end system;
s403, the merchant front-end system sends a second payment request to the merchant background system, wherein the second payment request comprises the consumption bill and the user password-free payment authorization information;
s404, the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
s405, the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information;
s406, the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number and the store position information;
s407, the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
s408, the operator system sends a verification result to the payment system;
s409, the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information;
and S410, the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
In the security verification method for the password-free payment provided by this embodiment, the merchant background system obtains the mobile phone number, the user identity information, and the store location information of the user from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the password-free payment authorization information of the user. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE five
Fig. 5 is a structural diagram of a merchant background system according to a fifth embodiment of the present invention. The embodiment of the present invention provides a merchant background system, which can execute the processing flows provided in the first and second embodiments of the security verification method for privacy-free payment, as shown in fig. 5, the merchant background system provided in this embodiment specifically includes:
an obtaining module 501, configured to obtain a consumption bill and user password-free payment authorization information, where the consumption bill includes a user membership card number, store information, and a consumption amount;
the query module 502 is configured to obtain a mobile phone number of a user, user identity information, and store location information from a database according to the user member card number and the store information;
communication module 503, is used for sending first payment request to payment system, first payment request includes the consumption amount the user exempts from the secret payment authorization information the cell-phone number user identity information with store position information, so that payment system basis first payment request sends the verification request to the operator system, the verification request includes the cell-phone number user identity information with store position information, if the warp the operator system verifies store position information with the cell-phone number current position is unanimous, just user identity information with when the real name authentication information of cell-phone number is unanimous, payment system basis the consumption amount with the payment authorization information is accomplished to the user exempts from the secret payment.
Further, the obtaining module 501 may be specifically configured to:
and receiving a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
Further, the communication module 503 may also be configured to receive a payment result sent by the payment system.
The merchant background system provided by the embodiment of the present invention may be specifically configured to execute the method embodiments provided in fig. 1 and fig. 2, and specific functions are not described herein again.
The merchant background system provided in this embodiment obtains the mobile phone number of the user, the user identity information, and the store location information from the database through the merchant background system according to the user member card number and the store information, and sends the operator system through the payment system for verification, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user privacy-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE six
Fig. 6 is a block diagram of a payment system according to a sixth embodiment of the present invention. An embodiment of the present invention provides a payment system, which can execute a processing flow provided in a third embodiment of a security verification method for a secret-free payment, as shown in fig. 5, the payment system provided in the embodiment specifically includes:
the receiving module 601 is configured to receive a first payment request sent by a merchant background system, where the first payment request includes a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information, and store location information, and the mobile phone number, the user identity information, and the store location information are obtained by the merchant background system from a database according to a user member card number and store information in a consumption bill;
a sending module 602, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
the receiving module 601 is further configured to receive a verification result sent by the operator system,
and the payment module 603 is configured to, if the verification result is that the current location of the mobile phone number is consistent with the store location information and the real-name authentication information of the mobile phone number is consistent with the user identity information, complete payment by the payment system according to the consumption amount and the user password-free payment authorization information.
Further, the sending module 602 may be further configured to send a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
The payment system provided in the embodiment of the present invention may be specifically configured to execute the method embodiment provided in fig. 3, and specific functions are not described herein again.
In the payment system provided by this embodiment, the merchant background system obtains the mobile phone number of the user, the user identity information, and the store location information from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
EXAMPLE seven
This embodiment provides a transaction system, which includes the merchant background system described in the fifth embodiment and the payment system described in the sixth embodiment. In addition, the transaction system of the embodiment may further include an operator system and a merchant front-end system.
The transaction system of this embodiment is specifically configured to execute the method embodiment provided in fig. 4, and specific functions are not described herein again.
In the transaction system provided by this embodiment, the merchant background system obtains the mobile phone number of the user, the user identity information, and the store location information from the database according to the user member card number and the store information, and sends the operator system for verification through the payment system, and if the operator system verifies that the store location information is consistent with the current location of the mobile phone number and the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information. Because the mobile phone number and the user identity information of the user are acquired from the database by the merchant background system according to the user member card number, even if the mobile phone of the user is lost or payment information is leaked, a party who swipes embezzles the mobile phone number can not know the user member card number, and the merchant background system cannot acquire the correct mobile phone number and the user identity information, so that the verification of the operator system cannot pass; or when the store position information is inconsistent with the current position of the mobile phone number, the payment information is possibly leaked, the verification of the operator system cannot pass, the stealing is avoided, and the security of the secret-free payment is further improved.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A method for secure authentication of a privacy-free payment, comprising:
the method comprises the steps that a merchant background system obtains a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the merchant background system acquires the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the merchant background system sends a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and when the user identity information is consistent with the real-name authentication information of the mobile phone number, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
2. The method according to claim 1, wherein the merchant background system obtains the consumption bill and the user password-free payment authorization information, and specifically includes:
the merchant background system receives a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
3. The method as claimed in claim 1 or 2, wherein the payment system further comprises, after completing payment according to the consumption amount and the user password-free payment authorization information:
and the merchant background system receives the payment result sent by the payment system.
4. A method for secure authentication of a privacy-free payment, comprising:
the payment system receives a first payment request sent by a merchant background system, wherein the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
the payment system sends a verification request to an operator system according to the first payment request, wherein the verification request comprises the mobile phone number, the user identity information and the store position information, so that the operator system verifies whether the store position information is consistent with the current position of the mobile phone number and whether the user identity information is consistent with the real-name authentication information of the mobile phone number;
and the payment system receives a verification result sent by the operator system, and if the verification result is that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information, the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
5. The method of claim 4, wherein after the payment system completes payment according to the consumption amount and the user password-free payment authorization information, the method further comprises:
and the payment system sends a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
6. A merchant background system, comprising:
the acquisition module is used for acquiring a consumption bill and user password-free payment authorization information, wherein the consumption bill comprises a user member card number, store information and consumption amount;
the query module is used for acquiring the mobile phone number, the user identity information and the store position information of the user from a database according to the user member card number and the store information;
the communication module is used for sending a first payment request to a payment system, wherein the first payment request comprises the consumption amount, the user password-free payment authorization information, the mobile phone number, the user identity information and the store position information, so that the payment system sends a verification request to an operator system according to the first payment request, the verification request comprises the mobile phone number, the user identity information and the store position information, if the verification is carried out by the operator system, the store position information is consistent with the current position of the mobile phone number, and the user identity information is consistent with the real-name authentication information of the mobile phone number, and the payment system completes payment according to the consumption amount and the user password-free payment authorization information.
7. The merchant background system of claim 6, wherein the acquisition module is specifically configured to:
and receiving a second payment request sent by the merchant front-end system, wherein the second payment request comprises a consumption bill generated by the merchant front-end system and user password-free payment authorization information acquired by the merchant front-end system from the mobile terminal.
8. Merchant backend system according to claim 6 or 7,
the communication module is also used for receiving the payment result sent by the payment system.
9. A payment system, comprising:
the system comprises a receiving module, a data processing module and a data processing module, wherein the receiving module is used for receiving a first payment request sent by a merchant background system, and the first payment request comprises a consumption amount, user password-free payment authorization information, a mobile phone number, user identity information and store position information, and the mobile phone number, the user identity information and the store position information are acquired from a database by the merchant background system according to a user member card number and the store information in a consumption bill;
a sending module, configured to send a verification request to an operator system according to the first payment request, where the verification request includes the mobile phone number, the user identity information, and the store location information, so that the operator system verifies whether the store location information is consistent with the current location of the mobile phone number, and whether the user identity information is consistent with real-name authentication information of the mobile phone number;
the receiving module is further configured to receive a verification result sent by the operator system;
and the payment module is used for finishing payment by the payment system according to the consumption amount and the user password-free payment authorization information if the verification result shows that the current position of the mobile phone number is consistent with the store position information and the real-name authentication information of the mobile phone number is consistent with the user identity information.
10. The payment system of claim 9,
the sending module is further configured to send a payment result to the merchant background system and the mobile terminal corresponding to the mobile phone number.
CN201710866936.6A 2017-09-22 2017-09-22 Security verification method for password-free payment, merchant background system and payment system Active CN107464120B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710866936.6A CN107464120B (en) 2017-09-22 2017-09-22 Security verification method for password-free payment, merchant background system and payment system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710866936.6A CN107464120B (en) 2017-09-22 2017-09-22 Security verification method for password-free payment, merchant background system and payment system

Publications (2)

Publication Number Publication Date
CN107464120A CN107464120A (en) 2017-12-12
CN107464120B true CN107464120B (en) 2020-07-28

Family

ID=60553646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710866936.6A Active CN107464120B (en) 2017-09-22 2017-09-22 Security verification method for password-free payment, merchant background system and payment system

Country Status (1)

Country Link
CN (1) CN107464120B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108335371B (en) * 2018-02-11 2021-01-05 深圳市图灵奇点智能科技有限公司 Parking charging method and device
CN110264179A (en) * 2018-03-12 2019-09-20 阿里巴巴集团控股有限公司 Commodity settlement method, device, system and electronic equipment
CN108765786B (en) * 2018-04-03 2020-11-24 中电金融设备系统(深圳)有限公司 Two-dimensional code withdrawal safety verification method and system and computer storage medium
CN109559167A (en) * 2018-11-22 2019-04-02 深圳前海微众银行股份有限公司 On-line payment method, commodity retail platform and system, readable storage medium storing program for executing
CN110046884A (en) * 2018-12-28 2019-07-23 中国银联股份有限公司 Transaction data data processing method and its system and user terminal
CN109977180A (en) * 2019-02-26 2019-07-05 四川数信联科技有限公司 A kind of checking method of permanent residence data accuracy
CN110399711A (en) * 2019-07-26 2019-11-01 中国工商银行股份有限公司 Member identity identification method and device
CN110728514A (en) * 2019-09-23 2020-01-24 苏宁云计算有限公司 Payment system and method for quickly identifying member code
CN110675160A (en) * 2019-09-30 2020-01-10 重庆易极付电子商务有限公司 Identity verification method for mobile payment
CN111461725B (en) * 2020-01-02 2023-11-14 中国银联股份有限公司 Identity recognition method and identity recognition system based on two-dimensional code payment
CN112446706A (en) * 2020-11-09 2021-03-05 宿州职业技术学院 Electronic commerce linkage payment method for old users
CN113205642B (en) * 2021-04-25 2023-04-14 多点(深圳)数字科技有限公司 Anti-embezzlement method based on entity prepaid card
CN114255042A (en) * 2021-12-27 2022-03-29 中国农业银行股份有限公司 Secret payment-free signing method and device, computer equipment and medium
CN116681435A (en) * 2023-01-03 2023-09-01 黑龙江圣轨科技有限公司 Block chain-based network data security monitoring system and method
CN117474554A (en) * 2023-11-14 2024-01-30 中贵数据科技(深圳)有限公司 Gold transaction data security management method and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051372A (en) * 2006-04-06 2007-10-10 北京易富金川科技有限公司 Method for safety verifying financial business information in electronic business
CN101464981A (en) * 2007-12-18 2009-06-24 黄金富 Bank card account security system and method through mobile phone orientation authentication card owner identification
US20100131375A1 (en) * 2008-11-26 2010-05-27 Recargax, Inc. Money transfer payments for mobile wireless device prepaid services
WO2013081421A1 (en) * 2011-12-01 2013-06-06 에스케이씨앤씨 주식회사 Method and system for safe mobile wallet transaction
US20150120562A1 (en) * 2013-10-30 2015-04-30 Tencent Technology (Shenzhen) Company Limited Method, apparatus, and system for secure payment

Also Published As

Publication number Publication date
CN107464120A (en) 2017-12-12

Similar Documents

Publication Publication Date Title
CN107464120B (en) Security verification method for password-free payment, merchant background system and payment system
US9864983B2 (en) Payment method, payment server performing the same and payment system performing the same
CN108667789B (en) Multidimensional bar code action identity authentication method, digital certificate device and authentication servo mechanism
US11410146B2 (en) Order processing
SA114360005B1 (en) Method, apparatus, and system for secure payment
US9189651B2 (en) User information management apparatus and user information management method
CN103839157A (en) Electronic payment method, device and system
CN105989485B (en) Service management method and device
CN110210207A (en) Authorization method and equipment
US20150081555A1 (en) Method, Apparatus, and System for Processing Transactions
CN104268756B (en) Method of mobile payment and system
CN109118215B (en) Payment processing method and device and server
KR20120108599A (en) Credit card payment service using online credit card payment device
CN111163467A (en) Method for 5G user terminal to access 5G network, user terminal equipment and medium
CN108512660B (en) Virtual card verification method
CN107146079B (en) Transaction payment method and system
EP2584514A1 (en) Cloud credit card transaction system and transaction method thereof
US11386427B2 (en) System for secure authentication of a user's identity in an electronic system for banking transactions
CN104616147A (en) Information configuration method, device, system, client and server
CN111709835B (en) Service processing method and system
CN109981585B (en) Business handling method and equipment
KR20110107311A (en) A transaction system and mehod using mobile network, computer program therefor
CN110647737B (en) Enterprise user security authentication method and device in warehouse receipt system and electronic equipment
CN110415074A (en) A kind of price quoting method, device and the server of vehicle insurance continuation of insurance
KR102497521B1 (en) Artificial intelligence-based gold trading platform server for recommending the optimal gold exchange to a user for selling gold and the operating method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant