CN108090764A - Data security control method and device in e-payment - Google Patents
Data security control method and device in e-payment Download PDFInfo
- Publication number
- CN108090764A CN108090764A CN201810024228.2A CN201810024228A CN108090764A CN 108090764 A CN108090764 A CN 108090764A CN 201810024228 A CN201810024228 A CN 201810024228A CN 108090764 A CN108090764 A CN 108090764A
- Authority
- CN
- China
- Prior art keywords
- payment
- mobile phone
- phone terminal
- information
- cell phone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Present invention is disclosed data security control method and device in a kind of e-payment, wherein method includes:Receive the payment request that mobile phone terminal is sent;Cell phone apparatus No. the first of mobile phone terminal is obtained, and judges whether the cell phone apparatus No. first has been put on record;If the cell phone apparatus No. first has been put on record, the payment accounts that payment request is sent on the mobile phone terminal are obtained, and judge whether the payment accounts match with the cell phone apparatus No. first;If the payment accounts are matched with cell phone apparatus No. the first, the information matches such as time, region, network connection are carried out, if successful match feeds back to the order of mobile phone terminal permission payment request;The payment information for receiving mobile phone terminal completes payment.Data security control method and device in the e-payment of the present invention, can improve the security that payment account uses.
Description
Technical field
The present invention relates to e-payment field, especially relate in a kind of e-payment data security control method and
Device.
Background technology
At present, carry out e-payment using the payment APP installed on mobile phone very to facilitate, convenience includes two sides
Face, payer need not carry cash, and payment is convenient;It is convenient that businessman collects money, without small change etc..
Payment APP generally requires carry out login account, then correspondent bank card.If account information and bank card information quilt
Other people maliciously steal, then easily stolen brush, causes damages to user.
The content of the invention
The main object of the present invention is to provide Data Security Control side in a kind of e-payment for improving user's safety of payment
Method and device.
In order to realize foregoing invention purpose, the present invention proposes data security control method in a kind of e-payment, including:
Receive the payment request that mobile phone terminal is sent;
Cell phone apparatus No. the first of mobile phone terminal is obtained, and judges whether the cell phone apparatus No. first has been put on record;
If the cell phone apparatus No. first has been put on record, the branch for obtaining transmission payment request on the mobile phone terminal is paid a bill
Number, and judge whether the payment accounts match with the cell phone apparatus No. first;
If the payment accounts are matched with cell phone apparatus No. the first, judge whether current time is the given transaction time
Section;
If the current time is in the time bracket, judge the mobile phone terminal whether in specified region;
If the mobile phone terminal is in the specified region, judge whether the mobile phone terminal connects the router connection specified
Network;
If the router connection network that the mobile phone terminal connection is specified, feeding back to mobile phone terminal allows the life of payment request
Order;
The payment information for receiving mobile phone terminal completes payment.
Further, the step of payment information for receiving mobile phone terminal completes payment, including:
Judge whether payment amount is more than the preset cost threshold value;
If more than then identifying current operator's information of the mobile phone terminal, judge whether the current operator has branch
Pay permission;
If having permission, complete to pay.
Further, it is described that the step of whether payment amount is more than the preset cost threshold value judged, including:
According to the current time, the amount of money with current time matches is searched when default in m- amount of money threshold list
Threshold value, wherein, be provided with when described in the m- amount of money threshold list different time sections and respectively at from it is different when the period one
To the amount of money threshold value of a mapping;
Judge whether the payment amount is more than the amount of money threshold value of current time matches.
Further, if described have permission, the step of completing to pay, including:
The payment cipher corresponding with the account information that mobile phone terminal uploads is obtained to be paid.
Further, after judging the step of whether payment accounts match with the cell phone apparatus No. first, also wrap
It includes:
If the payment accounts are mismatched with cell phone apparatus No. the first, the letter that mobile phone terminal terminates payment request is fed back to
Breath stops receiving the payment information of the mobile phone terminal.
Further, if the payment accounts are mismatched with cell phone apparatus number, feed back to mobile phone terminal and terminate payment request
Information, after the step of stopping receiving the payment information of the mobile phone terminal, including:
The information for cell phone apparatus No. the second that mobile phone terminal is manually entered is received, and whether to judge the cell phone apparatus No. second
Through putting on record;
If the cell phone apparatus No. second has been put on record, judge that the payment accounts are with the cell phone apparatus No. second
No matching;
If the payment accounts are matched with cell phone apparatus No. the second, judge whether current time is the given transaction time
Section.
Further, the step of payment information for receiving mobile phone terminal completes payment, including:
The encryption rule generated at random is sent to the mobile phone terminal, is encrypted to the payment information, and generates corresponding solution
Close rule preserves;
Encrypted payment information is received, is decrypted to obtain the payment information using the decryption rule, completes payment.
Further, the step of payment information for receiving mobile phone terminal completes payment, including:
The decomposition rule of the decomposition payment information generated at random is sent to the mobile phone terminal, decomposes the payment information, and
Corresponding splicing rule is generated to preserve;
The payment information decomposed is received, the payment information completed is spliced using the splicing rule, completes branch
It pays.
The present invention also provides Data Security Control device in a kind of e-payment, including:
First receiving unit, for receiving the payment request of mobile phone terminal transmission;
First matching unit for obtaining cell phone apparatus No. the first of mobile phone terminal, and judges that the cell phone apparatus No. first is
It is no to have put on record;
Second matching unit if having put on record for the cell phone apparatus No. first, is obtained and sent on the mobile phone terminal
The payment accounts of payment request, and judge whether the payment accounts match with the cell phone apparatus No. first;
First judging unit if being matched for the payment accounts with cell phone apparatus No. the first, judges that current time is
No is the given transaction period;
Second judgment unit if being in for the current time in the time bracket, judges the mobile phone terminal
Whether in specified region;
3rd judging unit if being in the specified region for the mobile phone terminal, judges whether the mobile phone terminal connects
Connect the router connection network specified;
First feedback unit if the router for mobile phone terminal connection to be specified connects network, feeds back to mobile phone terminal
Allow the order of payment request;
Payment unit completes payment for receiving the payment information of mobile phone terminal.
Further, the payment unit, including:
Judgment module, for judging whether payment amount is more than the preset cost threshold value;
Authority module if being more than the preset cost threshold value for payment amount, identifies the current behaviour of the mobile phone terminal
Author information, judges whether the current operator has obligation authority;
Payment module, for if it is determined that the current operator then completes to pay with permission.
Data security control method and device in the e-payment of the present invention, server-side are receiving mobile phone terminal payment request
When, the automatic cell phone apparatus No. the first for obtaining mobile phone terminal, first whether production looks for the cell phone apparatus No. first in default database
Put on record, if there is judging whether cell phone apparatus No. the first matches with payment accounts again, if matching somebody with somebody otherwise whether judge mobile phone terminal
In the region specified, if using network of agreement and exchange hour etc. of agreement, if all meet just paid it is follow-up
Process.Verify whether cell phone apparatus No. the first is put on record, it may be determined that whether the mobile phone can carry out operation payment action, confirm
Can after, judging whether mobile phone matches with payment accounts, if the two mismatches, there are operator using their own
Mobile phone logs in other people payment account and carries out e-payment, and payment account has stolen possibility, if current operator is
User with permission, then will appreciate that the payment requirement of its definition, for example, specify place, router and propped up in the period
Pay etc., if there is unmatched, then there is stolen possibility there are payment account in explanation, so, when it is any of the above-described it is a kind of not
It is matched to happen, it can not all complete to pay, the security of payment can be improved, and never had in above-mentioned matching process
Payment information is received, so payment information will not be stolen in transmission process or server-side, further improves data in payment
Safety.
Description of the drawings
Fig. 1 is data security control method flow diagram in the e-payment of one embodiment of the invention;
Fig. 2 be one embodiment of the invention e-payment in data security control method step S5 flow diagram;
Fig. 3 illustrates for the flow of the step S5 of data security control method in the e-payment of another embodiment of the present invention
Figure;
Fig. 4 be one embodiment of the invention e-payment in Data Security Control device structural schematic block diagram figure;
Fig. 5 is the structural schematic block diagram figure of the payment unit of one embodiment of the invention;
Fig. 6 is the structural schematic block diagram figure of the payment unit of another embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
With reference to Fig. 1, the embodiment of the present invention provides data security control method in a kind of e-payment, including:
S10, the payment request that mobile phone terminal is sent is received;
S20, the cell phone apparatus No. the first for obtaining mobile phone terminal, and judge whether the cell phone apparatus No. first has been put on record;
If S30, the cell phone apparatus No. first have been put on record, the payment that payment request is sent on the mobile phone terminal is obtained
Account, and judge whether the payment accounts match with the cell phone apparatus No. first;
If S401, the payment accounts are matched with cell phone apparatus No. the first, judge whether current time is given transaction
Period;
If S402, the current time are in the time bracket, judge the mobile phone terminal whether in specified
Region;
If S403, the mobile phone terminal are in the specified region, judge whether the mobile phone terminal connects the routing specified
Device connects network;
If the router connection network that the connection of S404, the mobile phone terminal is specified, feeding back to mobile phone terminal allows payment request
Order;
S50, the payment information completion payment for receiving mobile phone terminal.
As described in above-mentioned steps S10, above-mentioned mobile phone terminal refers to the mobile phone for being equipped with payment APP, and payment APP can be micro-
Letter, Alipay close sharp treasured etc., in electronic payment process is carried out, send payment request to the server of payment APP first.
As described in above-mentioned steps S20, above-mentioned cell phone apparatus No. first is setting for the mobile phone terminal that user sends payment request
Standby number (IMEI, International Mobile Equipment Identity, also known as mobile equipment world identification code, state
Device identification is moved on border, is the unique identification number of mobile phone), each mobile phone is just endowed an IMEI in production, has
There is global uniqueness.For user when registering payment accounts, payment APP servers can obtain the mobile phone terminal of current registration payment accounts
IMEI, store in database and put on record, be then associated with payment accounts.Whether to judge the cell phone apparatus No. first
The method put on record is to search whether there is the device number identical with cell phone apparatus No. the first into above-mentioned database, if there are phases
Same device number, then judge that cell phone apparatus No. the first has been put on record.
As described in above-mentioned steps S30, above-mentioned payment accounts are the account that user logs in payment APP, above-mentioned to get
Payment accounts do not include its corresponding payment cipher etc. generally, and payment cipher can generally be verified in the final step of payment,
Payment cipher is inputted before such as determining payment.Judge whether payment accounts match with cell phone apparatus No. the first, it may be determined that user
Whether log in payment APP using the mobile phone of login account and carry out e-payment, can prevent the account of user, password, bank card
After important informations is waited to be stolen, maliciously paid.
As described in above-mentioned steps S401, when judgement payment accounts are matched with cell phone apparatus No. the first, then set what is specified
Time bracket, can just be paid only in time bracket, otherwise cannot be introduced into subsequent payment link, improve branch
Pay safety.
As described in above-mentioned steps S402, whether the mobile phone terminal is judged in region is specified, for example, user's setting only exists
Family region or company region can just complete to pay, when the mobile phone loss of user, even if knowing the payment of account
The information such as password, because can not equally not complete to pay in specified region.
As described in above-mentioned steps S403, likewise, even at specified region, it also will be by connecting to the router specified
Network is connect, otherwise can not complete to pay, can so further improve safety of payment, for example, the area of same company is very
Greatly, covered with multiple and different routers, then only can just complete to pay in the routing connection that user specifies, further
Improve safety of payment.
As described in above-mentioned steps S404, when meeting above-mentioned whole qualifications, just mobile phone terminal is allowed to continue to pay
The step of.
As described in above-mentioned steps S50, above-mentioned payment information includes the necessary information of user's e-payment, as payment amount,
Payment cipher etc..
In the present embodiment, the payment information of above-mentioned reception mobile phone terminal completes the step S50 of payment, including:
S51, judge whether payment amount is more than the preset cost threshold value;
S52, if more than then identifying current operator's information of the mobile phone terminal, judge whether the current operator has
There is obligation authority;
If S53, having permission, complete to pay.
As described in above-mentioned steps S51, S52 and S53, when payment amount is more than amount of money threshold value, current operator is judged
Whether there is obligation authority, for example, mobile phone with payment function is father parent, current operator is the son of father parent, father parent
Father can set the threshold value of the payment amount of its son, when more than amount of money threshold value, can not complete to pay, prevent son from not having
Low-keyed consumption.And it is to carry out human body by fingerprint recognition, iris recognition or recognition of face etc. to obtain current operator's information
Information discriminating technology is completed rather than user, which inputs some instructions, can obtain information, effectively to control obligation authority.
In the present embodiment, the above-mentioned step S51 for judging payment amount and whether being more than the preset cost threshold value, including:
S511, according to the current time, searched and current time matches in m- amount of money threshold list when default
Amount of money threshold value, wherein, be provided with when described in the m- amount of money threshold list different time sections and respectively at from it is different when the time
The amount of money threshold value of section one-to-one mapping;
S512, judge whether the payment amount is more than the amount of money threshold value of current time matches.
As described in above-mentioned steps S511 and S512, section of different times of payment is corresponding with different amount of money threshold values, facilitates use
Family effectively manages account, can be set according to the purchase rule of user, when user was liked 22 points to 24 of night
Net purchase between point, and wants the cost to draw oneself up, then by 22 points to 24 points settings of night, one smaller amount of money threshold value, to have
The consumption of effect control user.
In the present embodiment, if above-mentioned have permission, the step S512 of payment is completed, including:
The payment cipher corresponding with the account information that S5121, acquisition mobile phone terminal upload is paid.
As described in above-mentioned steps S5121, when the payment for meeting above-mentioned whole qualifications and then acquisition account information is close
Code completes payment, improves safety of payment.
In the present embodiment, it is above-mentioned judge the step of whether payment accounts match with the cell phone apparatus No. first it
Afterwards, further include:
If S405, the payment accounts are mismatched with cell phone apparatus No. the first, feed back to mobile phone terminal and terminate payment request
Information, stop receiving the payment information of the mobile phone terminal;
S406, the information for receiving cell phone apparatus No. the second that mobile phone terminal is manually entered, and judge the cell phone apparatus No. second
Whether put on record;
If S407, the cell phone apparatus No. second have been put on record, judge that the payment accounts are set with second mobile phone
Whether standby number match;
If S408, the payment accounts are matched with cell phone apparatus No. the second, judge whether current time is given transaction
Period.
As described in above-mentioned steps S405, when payment accounts and cell phone apparatus No. the first mismatch, then illustrate that user currently makes
Mobile phone is different from the mobile phone for registering payment accounts originally, it may be possible to which other people steal payment accounts and are consumed, so stopping
The payment information of mobile phone terminal is only received, while sends prompt message and to mobile phone terminal user is reminded to terminate payment services or provide
The prompting how to handle.
As described in above-mentioned steps S406, because there are the mobile phones that user more renews, it is possible to it is manual to receive user
Cell phone apparatus No. second of mobile phone during input registration payment accounts has verified that, if be proved to be successful, can continue to prop up
It pays.Its verification method is equally to search whether there is the device number identical with cell phone apparatus No. the second into above-mentioned database, if
There are identical device numbers, then judge that cell phone apparatus No. the second has been put on record.
As described in above-mentioned steps S407, judge whether payment accounts match with cell phone apparatus No. the second, it may be determined that user
Whether cell phone apparatus No. the second of input is real, prevents user from inputting other cell phone apparatus No. second put on record and carrying out
Pretend to be, achieved the purpose that malice is paid.
As described in above-mentioned steps S408, when definite payment accounts are matched with cell phone apparatus No. the second, then can continue
Into subsequent payment step.
In the present embodiment, it is above-mentioned judge the step of whether cell phone apparatus No. first has been put on record after, can also wrap
It includes:The information that mobile phone terminal terminates payment request is fed back to, stops receiving the payment information of the mobile phone terminal;It is manual to receive mobile phone terminal
The information of cell phone apparatus No. second of input, and judge whether the cell phone apparatus No. second has been put on record;If having put on record after
Continue subsequent payment flow, if do not put on record, feed back to the information that mobile phone terminal terminates payment request, stop receiving the mobile phone
The payment information at end.
With reference to Fig. 2, in the present embodiment, the payment information of above-mentioned reception mobile phone terminal completes the step S50 of payment, including:
The encryption rule that S501, transmission generate at random is encrypted to the payment information to the mobile phone terminal, and generates correspondence
Decryption rule preserve;
S502, encrypted payment information is received, is decrypted to obtain the payment information using the decryption rule, complete
Payment.
As described in above-mentioned steps S501, S502, the corresponding server-sides of payment APP can generate one at random according to payment request
The encryption rule and its corresponding decryption rule that only their own is known, after the payment APP of mobile phone terminal receives encryption rule,
Payment information is encrypted, is then sent to server-side, server-side further according to generation decryption rule to encrypted disbursement letter
Breath is decrypted, and finally completes payment.In the present embodiment, the encryption rule of server-side generation only has their own to know, so plus
Payment information after close is stolen by others in transmission process to be also difficult to decrypt, and further improves the security of payment information.
With reference to Fig. 3, in another embodiment, the payment information of above-mentioned reception mobile phone terminal completes the step S50 of payment, bag
It includes:
The decomposition rule for the decomposition payment information that S521, transmission generate at random decomposes the disbursement letter to the mobile phone terminal
Breath, and generate corresponding splicing rule and preserve;
S522, the payment information decomposed is received, the payment information completed is spliced using the splicing rule, it is complete
Into payment.
As described in above-mentioned steps S521, S522, the corresponding server-sides of payment APP can generate one at random according to payment request
The decomposition rule and its corresponding splicing rule that only their own is known, after the payment APP of mobile phone terminal receives decomposition rule,
Payment information is decomposed, i.e., payment information is divided into a segment, a data flow is then reassembled into and is sent to clothes
Business end, server-side are spliced the payment information completed further according to the splicing rule of generation to the payment information of decomposition, most
Payment is completed afterwards.In the present embodiment, the decomposition rule of server-side generation only has their own to know, so the payment information after decomposing
It is stolen by others in transmission process and is also difficult to accurately splice, further improve the security of payment information.
In other embodiments, server-side can also generate encryption rule, decryption rule, decomposition rule and splicing rule simultaneously
Then, in mobile phone terminal, first payment information is decomposed according to decomposition rule, then using encryption rule to the information after decomposition into
Row encryption, is sent to server-side afterwards, and server-side is first decrypted according to decryption rule, then according to above-mentioned splicing by disbursement letter
Breath splicing is complete, finally completes payment.
Data security control method in the e-payment of the present invention, server-side is when receiving mobile phone terminal payment request, certainly
The dynamic cell phone apparatus No. the first for obtaining mobile phone terminal, first production looks for whether the cell phone apparatus No. first is put on record in default database,
If there is judging whether cell phone apparatus No. the first matches with payment accounts again, if referred to otherwise judging whether mobile phone terminal is in
Fixed region, if using the network arranged and exchange hour of agreement etc., if all meeting the subsequent process just paid.It tests
Demonstrate,prove whether cell phone apparatus No. the first is put on record, it may be determined that whether the mobile phone can carry out operation payment action, and confirmation can it
Afterwards, judging whether mobile phone matches with payment accounts, if the two mismatches, stepped on there are operator using the mobile phone of their own
It records other people payment account and carries out e-payment, payment account has stolen possibility, if current operator is that have power
The user of limit, then will appreciate that the payment requirement of its definition, for example, specify place, router and paid etc. in the period,
If there is unmatched, then there is stolen possibility there are payment account in explanation, so, when any of the above-described one kind is unmatched
It happens, can not all complete to pay, the security of payment can be improved, and branch is never received in above-mentioned matching process
Information is paid, so payment information will not be stolen in transmission process or server-side, further improves the safety of data in payment.
With reference to Fig. 4, the embodiment of the present invention also provides one kind, and the present invention also provides Data Security Controls in a kind of e-payment
Device, including:
First receiving unit 10, for receiving the payment request of mobile phone terminal transmission.
Above-mentioned mobile phone terminal refers to the mobile phone for being equipped with payment APP, and payment APP can be wechat payment, Alipay, close profit treasured
Deng, in electronic payment process is carried out, the server transmission payment request first to payment APP.
First matching unit 20 for obtaining cell phone apparatus No. the first of mobile phone terminal, and judges the cell phone apparatus No. first
Whether put on record.
Above-mentioned cell phone apparatus No. first be user send payment request mobile phone terminal device number (IMEI,
International Mobile Equipment Identity, also known as mobile equipment world identification code, international mobile device
Mark is the unique identification number of mobile phone), each mobile phone is just endowed an IMEI in production, has the whole world uniquely
Property.For user when registering payment accounts, payment APP servers can obtain the IMEI of the mobile phone terminal of current registration payment accounts, deposit
It stores up in database and puts on record, be then associated with payment accounts.Judge the side whether cell phone apparatus No. first has been put on record
Method is to search whether there is the device number identical with cell phone apparatus No. the first into above-mentioned database, if there are identical equipment
Number, then judge that cell phone apparatus No. the first has been put on record.
Second matching unit 30 if having put on record for the cell phone apparatus No. first, is obtained and sent out on the mobile phone terminal
The payment accounts of payment request are sent, and judge whether the payment accounts match with the cell phone apparatus No. first.
Above-mentioned payment accounts are the account that user logs in payment APP, and the above-mentioned payment accounts got do not include generally
Its corresponding payment cipher etc., payment cipher can generally be verified in the final step of payment, such as determine input branch before payment
Pay password etc..Judge whether payment accounts match with cell phone apparatus No. the first, it may be determined that whether user uses login account
Mobile phone logs in payment APP and carries out e-payment, after the important informations such as account, password, the bank card of user can be prevented to be stolen,
Maliciously paid.
First judging unit 401, if being matched for the payment accounts with cell phone apparatus No. the first, then when judging current
Between whether be the given transaction period.When judgement payment accounts are matched with cell phone apparatus No. the first, then set the transaction specified
It period, can just be paid only in time bracket, otherwise cannot be introduced into subsequent payment link, improve payment peace
Entirely.
Second judgment unit 402, if being in for being used for the current time in the time bracket, described in judgement
Whether mobile phone terminal is in specified region.Whether the mobile phone terminal is judged in region is specified, for example, user sets the institute that is only in
It can just complete to pay in region or company region, when the mobile phone loss of user, even if knowing the payment cipher of account
Etc. information because can not equally not complete to pay in specified region.
Whether 3rd judging unit 403 if being in the specified region for the mobile phone terminal, judges the mobile phone terminal
Connect the router connection network specified.Likewise, even at specified region, it also will be by being connected to the router specified
Otherwise network can not complete to pay, can so further improve safety of payment, for example, the area of same company is very big,
Covered with multiple and different routers, then only can just complete to pay in the routing connection that user specifies, further carry
High safety of payment.
First feedback unit 404 if the router for mobile phone terminal connection to be specified connects network, feeds back to mobile phone
End allows the order of payment request.When meeting above-mentioned whole qualifications, just allow mobile phone terminal continue payment the step of.
Payment unit 50 completes payment for receiving the payment information of mobile phone terminal.
Above-mentioned payment information includes the necessary information of user's e-payment, such as payment amount, payment cipher.
In the present embodiment, above-mentioned payment unit 50, including:
Judgment module, for judging whether payment amount is more than the preset cost threshold value;
Authority module if being more than the preset cost threshold value for payment amount, identifies the current behaviour of the mobile phone terminal
Author information, judges whether the current operator has obligation authority;
Payment module, for if it is determined that the current operator then completes to pay with permission.
When payment amount is more than amount of money threshold value, to judge whether current operator has obligation authority, for example, payment hand
Machine is father parent, and current operator is the son of father parent, and father parent can set the payment gold of its son
The threshold value of volume when more than amount of money threshold value, can not be completed to pay, prevent son from not having low-keyed consumption.And obtain current operation
Person's information is to carry out the completion of human body information identification technology by fingerprint recognition, iris recognition or recognition of face etc. rather than use
The i.e. obtainable information of some instructions of family input, effectively to control obligation authority.
In the present embodiment, above-mentioned judgment module, including:
Search submodule, for according to the current time, search in m- amount of money threshold list when default with it is current
The amount of money threshold value of time match, wherein, be provided with when described in the m- amount of money threshold list different time sections and respectively at
The amount of money threshold value of period one-to-one mapping when different;
Judging submodule, for judging whether the payment amount is more than the amount of money threshold value of current time matches.
Different time of payment sections, are corresponding with different amount of money threshold values, user are facilitated effectively to manage account, can be with
It is set according to the purchase rule of user, when user likes the net purchase between 22 points to 24 points of night, and wants to draw oneself up
Cost, then by 22 points to 24 points of night setting, one smaller amount of money threshold value, effectively to control the consumption of user.
In the present embodiment, above-mentioned payment module includes, obtains payment submodule, for obtain mobile phone terminal upload with it is described
The corresponding payment cipher of account information is paid.When the branch for meeting above-mentioned whole qualifications and then acquisition account information
It pays password and completes payment, improve safety of payment.
In the present embodiment, Data Security Control device, further includes in above-mentioned e-payment:
Unit 405 is terminated, if being mismatched for the payment accounts and cell phone apparatus No. the first, feeds back to mobile phone terminal end
The only information of payment request stops receiving the payment information of the mobile phone terminal.
When payment accounts and cell phone apparatus No. the first mismatch, then illustrate the currently used mobile phone of user and registration branch originally
The mobile phone for the number of paying a bill is different, it may be possible to which other people steal payment accounts and are consumed, and stop receiving mobile phone so terminating unit 42
The payment information at end, while send prompt message and user is reminded to terminate payment services or provides what is how handled to mobile phone terminal
Prompting.
3rd matching unit 406 for receiving the information for cell phone apparatus No. the second that mobile phone terminal is manually entered, and judges to be somebody's turn to do
Whether cell phone apparatus No. the second has been put on record.
Because there are the mobile phones that user more renews, it is possible to receive user and be manually entered when registering payment accounts
Cell phone apparatus No. second of mobile phone has verified that, if be proved to be successful, can continue to pay.Its verification method is equally
Search whether there is the device number identical with cell phone apparatus No. the second into above-mentioned database, if there are identical device number,
Judge that cell phone apparatus No. the second has been put on record.
4th matching unit 407, if having put on record for the cell phone apparatus No. second, judge the payment accounts with
Whether the cell phone apparatus No. second matches.
Judge whether payment accounts match with cell phone apparatus No. the second, it may be determined that cell phone apparatus No. the second input by user
Whether it is real, prevents user from inputting other cell phone apparatus No. second put on record and being pretended to be, has reached malice and paid
Purpose.
4th judging unit 408 if being matched for the payment accounts with cell phone apparatus No. the second, judges current time
Whether it is the given transaction period.
When definite payment accounts are matched with cell phone apparatus No. the second, then subsequent payment step can be continued to complete.
With reference to Fig. 5, in the present embodiment, above-mentioned payment unit 50, including:
First sending module 501, for sending the encryption rule generated at random to the mobile phone terminal, to the payment information
Encryption, and generate corresponding decryption rule and preserve;
Receiving and deciphering module 502 for receiving encrypted payment information, is decrypted to obtain institute using the decryption rule
Payment information is stated, completes payment.
First sending module 501 will can at random generate an encryption that only server-side oneself is known according to payment request and advise
Then and its corresponding decryption is regular, after the payment APP of mobile phone terminal receives encryption rule, payment information is encrypted, so
After be sent to receiving and deciphering module 502, receiving and deciphering module 502 further according to generation decryption rule to encrypted payment information into
Row decryption, finally completes payment.In the present embodiment, the encryption rule of generation only has server-side oneself to know, so encrypted
Payment information is stolen by others in transmission process to be also difficult to decrypt, and further improves the security of payment information.
Reference Fig. 6, in another embodiment, above-mentioned payment unit 50, including:
Second sending module 511, for sending the decomposition rule of the decomposition payment information generated at random to the mobile phone terminal,
The payment information is decomposed, and generates corresponding splicing rule and preserves;
Concatenation module 512 is received, for receiving the payment information decomposed, is spliced to have obtained using the splicing rule
Into payment information, complete payment.
Second sending module 511 will can at random generate a decomposition that only server-side oneself is known according to payment request and advise
Then and its corresponding splicing is regular, after the payment APP of mobile phone terminal receives decomposition rule, payment information is decomposed, i.e.,
Payment information is divided into a segment, a data flow is then reassembled into and is sent to server-side, receive concatenation module 512 again
The payment information completed is spliced to the payment information of decomposition according to splicing rule, finally completes payment.The present embodiment
In, the decomposition rule of generation only has server-side oneself to know, so the payment information after decomposing is stolen in transmission process by other people
It takes and is also difficult to accurately splice, further improve the security of payment information.
In other embodiments, server-side can also generate encryption rule, decryption rule, decomposition rule and splicing rule simultaneously
Then, in mobile phone terminal, first payment information is decomposed according to decomposition rule, then using encryption rule to the information after decomposition into
Row encryption, is sent to server-side afterwards, and server-side first according to decryption rule decryption, then spells payment information according to above-mentioned splicing
It connects completely, finally completes payment.
Data Security Control device in the e-payment of the present invention, it is automatic to obtain when receiving mobile phone terminal payment request
Cell phone apparatus No. first of mobile phone terminal, first production looks for whether the cell phone apparatus No. first is put on record in default database, if deposited
Judging whether cell phone apparatus No. the first matches with payment accounts again, if with otherwise judging mobile phone terminal whether in the area that specifies
Domain, if using the network arranged and exchange hour of agreement etc., if all meeting the subsequent process just paid.Verification first
Whether cell phone apparatus number is put on record, it may be determined that the mobile phone whether can carry out operation payment action, confirmation can after, sentencing
Whether machine of cutting off the hands matches with payment accounts, if the two mismatches, other people are logged in using the mobile phone of their own there are operator
Payment account carry out e-payment, there is stolen possibility in payment account, if current operator is the use for having permission
Family, then will appreciate that the payment requirement of its definition, for example, specify place, router and paid etc. in the period, if there is
Unmatched, then there is stolen possibility there are payment account in explanation, so, when a kind of any of the above-described unmatched situation hair
It is raw, it can not all complete to pay, the security of payment can be improved, and disbursement letter is never received in above-mentioned matching process
Breath so payment information will not be stolen in transmission process or server-side, further improves the safety of data in payment.
The foregoing is merely the preferred embodiment of the present invention, are not intended to limit the scope of the invention, every utilization
It is related to be directly or indirectly used in other for the equivalent structure or equivalent flow shift that description of the invention and accompanying drawing content are made
Technical field, be included within the scope of the present invention.
Claims (10)
1. a kind of data security control method in e-payment, which is characterized in that including:
Receive the payment request that mobile phone terminal is sent;
Cell phone apparatus No. the first of mobile phone terminal is obtained, and judges whether the cell phone apparatus No. first has been put on record;
If the cell phone apparatus No. first has been put on record, the payment accounts that payment request is sent on the mobile phone terminal are obtained, and
Judge whether the payment accounts match with the cell phone apparatus No. first;
If the payment accounts are matched with cell phone apparatus No. the first, judge whether current time is the given transaction period;
If the current time is in the time bracket, judge the mobile phone terminal whether in specified region;
If the mobile phone terminal is in the specified region, judge whether the mobile phone terminal connects the router connection net specified
Network;
If the router connection network that the mobile phone terminal connection is specified, feeding back to mobile phone terminal allows the order of payment request;
The payment information for receiving mobile phone terminal completes payment.
2. data security control method in e-payment according to claim 1, which is characterized in that the reception mobile phone terminal
Payment information complete payment the step of, including:
Judge whether payment amount is more than the preset cost threshold value;
If more than then identifying current operator's information of the mobile phone terminal, judge whether the current operator has Authority TO Pay
Limit;
If having permission, complete to pay.
3. data security control method in e-payment according to claim 2, which is characterized in that described to judge payment gold
The step of whether volume is more than the preset cost threshold value, including:
According to the current time, the amount of money threshold value with current time matches is searched when default in m- amount of money threshold list,
Wherein, be provided with when described in the m- amount of money threshold list different time sections and respectively at from it is different when the period one-to-one reflect
The amount of money threshold value penetrated;
Judge whether the payment amount is more than the amount of money threshold value of current time matches.
4. data security control method in e-payment according to claim 3, which is characterized in that if described have permission,
The step of then completing payment, including:
The payment cipher corresponding with the account information that mobile phone terminal uploads is obtained to be paid.
5. data security control method in e-payment according to claim 1, which is characterized in that described to judge the branch
After the step of whether number of paying a bill matches with the cell phone apparatus No. first, further include:
If the payment accounts are mismatched with cell phone apparatus No. the first, the information that mobile phone terminal terminates payment request is fed back to, is stopped
Only receive the payment information of the mobile phone terminal.
6. data security control method in e-payment according to claim 5, which is characterized in that if the payment accounts
It is mismatched with cell phone apparatus number, then feeds back to the information that mobile phone terminal terminates payment request, stop receiving the payment of the mobile phone terminal
After the step of information, including:
The information for cell phone apparatus No. the second that mobile phone terminal is manually entered is received, and judges whether the cell phone apparatus No. second is standby
Case;
If the cell phone apparatus No. second has been put on record, judge the payment accounts and the cell phone apparatus No. second whether
Match somebody with somebody;
If the payment accounts are matched with cell phone apparatus No. the second, judge whether current time is the given transaction period.
7. data security control method in e-payment according to claim 1, which is characterized in that the reception mobile phone terminal
Payment information complete payment the step of, including:
The encryption rule generated at random is sent to the mobile phone terminal, is encrypted to the payment information, and generates corresponding decryption rule
Then preserve;
Encrypted payment information is received, is decrypted to obtain the payment information using the decryption rule, completes payment.
8. data security control method in e-payment according to claim 1, which is characterized in that the reception mobile phone terminal
Payment information complete payment the step of, including:
The decomposition rule of the decomposition payment information generated at random is sent to the mobile phone terminal, the payment information is decomposed, and generates
Corresponding splicing rule preserves;
The payment information decomposed is received, the payment information completed is spliced using the splicing rule, completes payment.
9. a kind of Data Security Control device in e-payment, which is characterized in that including:
First receiving unit, for receiving the payment request of mobile phone terminal transmission;
Whether first matching unit for obtaining cell phone apparatus No. the first of mobile phone terminal, and judges the cell phone apparatus No. first
Through putting on record;
Second matching unit if having put on record for the cell phone apparatus No. first, obtains and payment is sent on the mobile phone terminal
The payment accounts of request, and judge whether the payment accounts match with the cell phone apparatus No. first;
First judging unit, if being matched for the payment accounts with cell phone apparatus No. the first, judge current time whether be
The given transaction period;
Whether second judgment unit if being in for the current time in the time bracket, judges the mobile phone terminal
In specified region;
3rd judging unit if being in the specified region for the mobile phone terminal, judges whether the mobile phone terminal connects and refers to
Fixed router connection network;
First feedback unit if the router for mobile phone terminal connection to be specified connects network, feeds back to mobile phone terminal permission
The order of payment request;
Payment unit completes payment for receiving the payment information of mobile phone terminal.
10. Data Security Control device in e-payment according to claim 9, which is characterized in that the payment unit,
Including:
Judgment module, for judging whether payment amount is more than the preset cost threshold value;
Authority module if being more than the preset cost threshold value for payment amount, identifies the current operator of the mobile phone terminal
Information, judges whether the current operator has obligation authority;
Payment module, for if it is determined that the current operator then completes to pay with permission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810024228.2A CN108090764A (en) | 2018-01-10 | 2018-01-10 | Data security control method and device in e-payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810024228.2A CN108090764A (en) | 2018-01-10 | 2018-01-10 | Data security control method and device in e-payment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108090764A true CN108090764A (en) | 2018-05-29 |
Family
ID=62182004
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810024228.2A Pending CN108090764A (en) | 2018-01-10 | 2018-01-10 | Data security control method and device in e-payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108090764A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109889673A (en) * | 2019-04-04 | 2019-06-14 | 宁波团团工业设计有限公司 | A kind of encryption method in limited time for mobile-phone payment |
| CN110599135A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Method and device for evaluating third-party payment account of user and electronic equipment |
| US11138586B1 (en) | 2020-03-23 | 2021-10-05 | Daxchain Limited | Digital asset exchange system and related methods |
| WO2022213409A1 (en) * | 2021-04-06 | 2022-10-13 | 中晟发展有限公司 | Data security control method and apparatus in electronic payment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103065240A (en) * | 2013-01-11 | 2013-04-24 | 中兴通讯股份有限公司 | Mobile payment processing method and system |
| CN103379431A (en) * | 2012-04-19 | 2013-10-30 | 阿里巴巴集团控股有限公司 | Account security protecting method and device |
| CN105450617A (en) * | 2014-09-24 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Payment validation method, device and system |
| CN106910057A (en) * | 2016-06-23 | 2017-06-30 | 阿里巴巴集团控股有限公司 | The safety certifying method and device of mobile terminal and mobile terminal side |
| CN106934615A (en) * | 2015-12-29 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Payment and method for processing business and device based on mobile terminal barcode |
-
2018
- 2018-01-10 CN CN201810024228.2A patent/CN108090764A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103379431A (en) * | 2012-04-19 | 2013-10-30 | 阿里巴巴集团控股有限公司 | Account security protecting method and device |
| CN103065240A (en) * | 2013-01-11 | 2013-04-24 | 中兴通讯股份有限公司 | Mobile payment processing method and system |
| CN105450617A (en) * | 2014-09-24 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Payment validation method, device and system |
| CN106934615A (en) * | 2015-12-29 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Payment and method for processing business and device based on mobile terminal barcode |
| CN106910057A (en) * | 2016-06-23 | 2017-06-30 | 阿里巴巴集团控股有限公司 | The safety certifying method and device of mobile terminal and mobile terminal side |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109889673A (en) * | 2019-04-04 | 2019-06-14 | 宁波团团工业设计有限公司 | A kind of encryption method in limited time for mobile-phone payment |
| CN110599135A (en) * | 2019-09-16 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Method and device for evaluating third-party payment account of user and electronic equipment |
| CN110599135B (en) * | 2019-09-16 | 2024-05-28 | 腾讯科技(深圳)有限公司 | Method and device for evaluating third party payment account of user and electronic equipment |
| US11138586B1 (en) | 2020-03-23 | 2021-10-05 | Daxchain Limited | Digital asset exchange system and related methods |
| US11810096B2 (en) | 2020-03-23 | 2023-11-07 | Daxchain Limited | Digital asset exchange system and related methods |
| WO2022213409A1 (en) * | 2021-04-06 | 2022-10-13 | 中晟发展有限公司 | Data security control method and apparatus in electronic payment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102790674B (en) | Auth method, equipment and system | |
| CN108090764A (en) | Data security control method and device in e-payment | |
| CN103186850B (en) | For obtaining the method for evidence for payment, equipment and system | |
| CN110766524B (en) | Online booking self-service check-in method and storage device | |
| CN105959287A (en) | Biological feature based safety certification method and device | |
| CN101448257A (en) | Control system for validating user terminal and control method thereof | |
| WO2019033840A1 (en) | Password authentication method for shared device, shared device, cloud server, and system | |
| CN101335619A (en) | Authorized using method of disposal dynamic cipher telephone or short message | |
| CN104125230B (en) | A kind of short message certification service system and authentication method | |
| CN105868975B (en) | Management method, management system and the mobile terminal of electronic banking account | |
| CN103400269A (en) | Smart community home gateway-based safety payment method | |
| CN113190724B (en) | User bank information query method, mobile terminal and server | |
| CN107113614A (en) | A kind of long-range method and system for handling SIM card | |
| CN106910063A (en) | A kind of offline payment method and system | |
| CN109087091A (en) | A kind of account trading security system and method | |
| CN105429928A (en) | Data communication method, data communication system, client and server | |
| US10867326B2 (en) | Reputation system and method | |
| CN109587683B (en) | Method and system for preventing short message from being monitored, application program and terminal information database | |
| WO2015008075A1 (en) | Providing a new user with access to an account | |
| CN111368313B (en) | Method for information body to participate in credit activities by using credit report on Internet platform | |
| CN101425901A (en) | Control method and device for customer identity verification in processing terminals | |
| CN105931047A (en) | Offline payment method, terminal device, backend payment apparatus and offline payment system | |
| KR20150135171A (en) | Login processing system based on inputting telephone number and control method thereof | |
| KR101701062B1 (en) | Mobile simple payment system using payment authentication call and bank identification number, and method thereof | |
| WO2022213409A1 (en) | Data security control method and apparatus in electronic payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180529 |
|
| RJ01 | Rejection of invention patent application after publication |