CN112418845A

CN112418845A - Resource transfer method, device and system

Info

Publication number: CN112418845A
Application number: CN201910774367.1A
Authority: CN
Inventors: 吴芳宇; 刘伯恒; 王观星; 陈亨斌; 郭学彬
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-08-21
Filing date: 2019-08-21
Publication date: 2021-02-26
Anticipated expiration: 2039-08-21
Also published as: CN112418845B

Abstract

The application provides a resource transfer method, a device and a system, wherein the method comprises the following steps: when the first terminal is disconnected with the transaction server, the first terminal and the second terminal establish close range wireless communication connection; the first terminal sends resource transfer record information to the second terminal; the second terminal sends first encrypted information obtained by performing first signature processing on the resource transfer record information to the first terminal; if the first terminal verifies that the signature of the first encrypted information is legal, second encrypted information obtained by performing second signature processing on the first encrypted information is sent to the second terminal; if the second terminal verifies that the signature of the second encryption information is legal, the second encryption information is determined as a resource transfer certificate; when the communication connection is established with the transaction server, the second terminal sends a resource transfer certificate to the transaction server; and the transaction server transfers the resource to be transferred from the first terminal to the second terminal. The payment transaction is completed under the condition that the first terminal and the second terminal are both offline.

Description

Resource transfer method, device and system

Technical Field

The application belongs to the technical field of internet, and particularly relates to a resource transfer method, device and system.

Background

With the development of the internet, emerging payment platforms such as internet banking, electronic commerce and internet fund which are supported by the internet are favored by more and more users. Payment depending on a payment platform can include mobile payment, and the mobile payment is more and more one of payment modes commonly used by people due to the fact that the mobile payment has the characteristics of convenience and rapidness.

In the prior art, most mobile payment schemes adopt an online mode, a payment terminal, a collection terminal and a payment platform are required to be online at the same time, identity authentication, account transfer or payment are completed through mutual instant communication, and then a transaction certificate is generated by a third party payment platform, and finally transaction is completed.

However, in some specific transaction environments, such as a local area network environment, under the condition that neither the payment terminal nor the collection terminal can be connected to the payment platform, the identity authentication and the payment process between the payment terminal and the collection terminal cannot be completed, so that the online transaction function cannot be realized, and the transaction requirements of the user in the specific transaction environments such as the local area network cannot be met.

Disclosure of Invention

In order to complete off-line payment transaction and make up for the deficiency of on-line transaction under the condition that neither the payment terminal nor the collection terminal can be connected to the payment platform, the application provides a resource transfer method, device and system.

In one aspect, the present application provides a resource transfer method, including:

when a first terminal and a second terminal are disconnected from a transaction server, the first terminal and the second terminal are in close range wireless communication connection; wherein the second terminal has the right to transfer resources in the first terminal;

the first terminal sends a resource transfer request to the second terminal through the short-distance wireless communication connection; wherein, the resource transfer request carries resource transfer record information;

the second terminal sends first encrypted information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-distance wireless communication connection;

the first terminal verifies the signature validity of the first encrypted information to obtain a first verification result;

when the first verification result is a legal verification result, the first terminal sends second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-distance wireless communication connection;

the second terminal verifies the signature validity of the second encrypted information to obtain a second verification result;

when the second verification result is a legal verification result, the second terminal determines the second encryption information as a resource transfer certificate;

when the second terminal establishes communication connection with the transaction server, the second terminal sends the resource transfer certificate to the transaction server;

and the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the first terminal to the second terminal.

In another aspect, the present application provides another resource transfer method, including:

when the communication connection with the transaction server is disconnected, the short-distance wireless communication connection is established with the second terminal; wherein the second terminal has the right to transfer resources in the local terminal;

sending a resource transfer request carrying resource transfer record information to the second terminal through the short-distance wireless communication connection;

receiving first encrypted information which is obtained by performing first signature processing on the resource transfer record information and is sent by the second terminal through the short-distance wireless communication connection;

verifying the signature validity of the first encrypted information to obtain a first verification result;

when the first verification result is a legal verification result, sending second encryption information obtained by carrying out second signature processing on the first encryption information to the second terminal through the short-distance wireless communication connection, so that the second terminal verifies the signature legality of the second encryption information to obtain a second verification result; when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate; and when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the local terminal to the second terminal.

when the communication connection with the transaction server is disconnected, the short-distance wireless communication connection is established with the first terminal; the first terminal grants the local terminal the authority to transfer the resources in the first terminal;

receiving a resource transfer request which is sent by the first terminal through the short-distance wireless communication connection and carries resource transfer record information;

sending first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-distance wireless communication connection, so that the first terminal verifies the signature validity of the first encryption information to obtain a first verification result;

when the first verification result is a legal verification result, receiving second encryption information which is obtained by performing second signature processing on the first encryption information and is sent by the first terminal through the short-distance wireless communication connection;

verifying the signature validity of the second encrypted information to obtain a second verification result;

when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate;

and when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the first terminal to the local terminal.

In another aspect, the present application provides a resource transfer apparatus, including:

the first establishing module is used for establishing short-distance wireless communication connection with the second terminal when the communication connection with the transaction server is disconnected; wherein the second terminal has the right to transfer resources in the local terminal;

a resource transfer request sending module, configured to send a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection;

the first encrypted information receiving module is used for receiving first encrypted information which is obtained by performing first signature processing on the resource transfer record information and is sent by the second terminal through the short-distance wireless communication connection;

the first encrypted information verification module is used for verifying the signature validity of the first encrypted information to obtain a first verification result;

a second encrypted information sending module, configured to send, to the second terminal through the short-range wireless communication connection, second encrypted information obtained by performing a second signature process on the first encrypted information when the first verification result is a legal verification result, so that the second terminal verifies the signature validity of the second encrypted information, and obtains a second verification result; when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate; and when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the local terminal to the second terminal.

On the other hand, the present application proposes another resource transfer apparatus, including:

the second establishing module is used for establishing short-distance wireless communication connection with the first terminal when the communication connection with the transaction server is disconnected; the first terminal grants the local terminal the authority to transfer the resources in the first terminal;

a resource transfer request receiving module, configured to receive a resource transfer request carrying resource transfer record information and sent by the first terminal through the short-range wireless communication connection;

a first encrypted information sending module, configured to send, to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing first signature processing on the resource transfer record information, so that the first terminal verifies the signature validity of the first encrypted information, and obtains a first verification result;

the second encrypted information receiving module is used for receiving second encrypted information which is obtained by performing second signature processing on the first encrypted information and is sent by the first terminal through the short-distance wireless communication connection when the first verification result is a legal verification result;

the second encrypted information verification module is used for verifying the signature validity of the second encrypted information to obtain a second verification result;

the resource transfer certificate determining module is used for determining the second encryption information as a resource transfer certificate when the second verification result is a legal verification result;

and the resource transfer certificate sending module is used for sending the resource transfer certificate to the transaction server when communication connection is established with the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the first terminal to the local terminal.

In another aspect, the present application provides a resource transfer system, which includes a first terminal, a second terminal, and a transaction server;

the first terminal is used for establishing close range wireless communication connection with the second terminal with the authority of transferring the resources in the first terminal when the first terminal is disconnected from the transaction server; and a resource transfer request carrying resource transfer record information is sent to the second terminal; the second terminal is used for sending the resource transfer record information to the first terminal, and the first terminal is used for sending a first signature to the resource transfer record information; and the second terminal is used for sending second encrypted information obtained by carrying out second signature processing on the first encrypted information to the second terminal when the first verification result is a legal verification result;

the second terminal is used for verifying the signature validity of the second encryption information when the second terminal is disconnected from the transaction server to obtain a second verification result; and the second encryption information is determined as a resource transfer certificate when the second verification result is a legal verification result; and for sending the resource transfer credential to the transaction server when a communication connection is established with the transaction server;

the transaction server is used for transferring the resource to be transferred corresponding to the resource transfer certificate from the first terminal to the second terminal.

In another aspect, the present application proposes a computer-readable storage medium having stored therein at least one instruction, at least one program, set of codes, or set of instructions, which is loaded and executed by a processor to implement the resource transfer method as described above.

According to the resource transfer method, the device and the system, when both the first terminal and the second terminal cannot be connected to the transaction server, the first terminal and the second terminal with the resource permission to transfer the first terminal establish close range wireless communication connection, send resource transfer record information to the second terminal, obtain a resource transfer certificate through double signature authentication between the first terminal and the second terminal, and complete the transaction to obtain an offline payment process. When the second terminal recovers to establish communication connection with the transaction server, the second terminal uses the resource transfer certificate to request the transaction server to complete resource transfer, and the transaction server transfers the corresponding resource to be transferred from the first terminal to the second terminal according to the resource transfer certificate, so that the first terminal and the second terminal can not be connected to the transaction server, offline transaction can still be carried out, and the defects of online transaction modes are overcome.

Drawings

In order to more clearly illustrate the technical solutions and advantages of the embodiments of the present application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.

Fig. 1 is a schematic diagram of an implementation environment of a resource transfer method according to an embodiment of the present application.

Fig. 2 is a schematic flowchart of a resource transfer method according to an embodiment of the present application.

Fig. 3 is a flowchart illustrating another resource transfer method according to an embodiment of the present application.

Fig. 4 is a flowchart illustrating another resource transfer method according to an embodiment of the present application.

Fig. 5 is a schematic flowchart of a resource transfer method applied in a scenario according to an embodiment of the present application.

Fig. 6 a is a schematic diagram of a user opening an authorized deduction function provided in the embodiment of the present application, B is a schematic diagram of a user inputting a password to perform authentication provided in the embodiment of the present application, and C is a schematic diagram of an authorized deduction function having been opened.

Fig. 7 is an interface display diagram of an on-board electronic service provided by an embodiment of the present application.

Fig. 8 a is a schematic diagram of an electronic order provided in the embodiment of the present application, B is a schematic diagram of a user inputting an offline confidential confirmation transaction, and C is a schematic diagram of transaction record information.

Fig. 9 is a flowchart illustrating another resource transfer method according to an embodiment of the present application.

Fig. 10 is a flowchart illustrating another resource transfer method according to an embodiment of the present application.

Fig. 11 is a schematic structural diagram of a resource transfer apparatus according to an embodiment of the present application.

Fig. 12 is a schematic structural diagram of another resource transfer apparatus according to an embodiment of the present application.

Fig. 13 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be appreciated that the resources so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be implemented in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or object.

Fig. 1 is a schematic diagram of an implementation environment of a resource transfer method provided in an embodiment of the present application, and as shown in fig. 1, the implementation environment may include at least a first terminal 01, a second terminal 02, and a transaction server 03.

Specifically, when neither the first terminal 01 nor the second terminal 02 can connect to the transaction server 03, the first terminal 01 and the second terminal 02 establish a short-range wireless communication connection, so that data transmission between the first terminal 01 and the second terminal 02 is realized through the short-range wireless communication connection. For example, the transmitted data may include transaction information that is mutually signed and authenticated by the first terminal 01 and the second terminal 02.

Specifically, when the first terminal 01 and the second terminal 02 recover the connection with the transaction server 03, the first terminal 01 and the second terminal 02 both establish a connection with the transaction server 03 in a wired or wireless manner to realize data transmission with the transaction server 03 through the network, for example, the data transmitted between the transaction server 03 and the first terminal 01 may include a resource transfer authorization request sent by the first terminal 01 to allow the second terminal 02 to transfer resource rights in the first terminal, and the data transmitted between the transaction server 03 and the second terminal 02 may include transaction information mutually signed and authenticated by the first terminal 01 and the second terminal 02.

Specifically, the first terminal 01 and the second terminal 02 may each include a smart phone, a desktop computer, a tablet computer, a notebook computer, a digital assistant, a smart wearable device, a vehicle, a sound box, a television, a robot, and the like.

Specifically, the transaction server 03 may include a server operating independently, or a distributed server, or a server cluster composed of a plurality of servers. The transaction server 03 may comprise a network communication unit, a processor, a memory, etc. The transaction server 03 can provide background services for the first terminal 01 and the second terminal 02.

In the embodiment of the application, when the first terminal 01 and the second terminal 02 are both disconnected from the transaction server 03, the first terminal 01 and the second terminal 02 perform double signature authentication through the established short-range wireless communication connection to obtain transaction information confirmed by both transaction parties, and when the second terminal 02 establishes communication connection with the transaction server 03 again, the second terminal 02 provides the transaction information confirmed by both transaction parties to the transaction server 03, so that a final resource transfer process is completed.

It should be noted that fig. 1 is only an example.

Fig. 2 is a flow chart of a resource transfer method provided in an embodiment of the present application, and the present specification provides the method operation steps as described in the embodiment or the flow chart, but more or less operation steps may be included based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. In practice, the system or server product may be implemented in a sequential or parallel manner (e.g., parallel processor or multi-threaded environment) according to the embodiments or methods shown in the figures. Specifically, as shown in fig. 2, the method may include:

s201, when a first terminal and a second terminal are disconnected from a transaction server in a communication mode, the first terminal and the second terminal are in close range wireless communication connection; wherein the second terminal has the right to transfer resources in the first terminal.

In the embodiment of the application, when the first terminal and the second terminal are both disconnected from the transaction server, that is, the first terminal and the second terminal are both in a specific offline environment which cannot be connected to the transaction server, mutual identity authentication and payment processes cannot be completed through the transaction server, and at this time, the first terminal and the second terminal can be enabled to establish close-range wireless communication connection, so that an offline payment transaction process in the specific offline environment is completed.

In one possible embodiment, the particular offline environment may be a local area network environment including, but not limited to, a passenger cabin after the departure of a passenger aircraft or a cruise ship while underway, etc.

In one possible embodiment, the close range wireless communication connection includes, but is not limited to, bluetooth, infrared, zigbee, near field communication, ultra wideband communication, and the like.

In the embodiment of the application, the second terminal establishing the short-distance wireless communication connection with the first terminal is a terminal having the resource permission to transfer the first terminal. The process of authorizing the resource transfer right may be completed in advance in a case where both the first terminal and the second terminal are capable of connecting to the transaction server, that is, before the first terminal establishes the short-range wireless communication connection with the second terminal, the method further includes:

s200, granting the second terminal the authority to transfer the resources in the first terminal.

Specifically, as shown in fig. 3, S200 may further include:

s2001, when the first terminal and the second terminal establish communication connection with the transaction server, the first terminal sends a resource transfer authorization request to the transaction server; and the resource transfer authorization request carries first terminal authentication information and second terminal identification information.

And S2003, the transaction server authenticates the identity of the first terminal according to the authentication information of the first terminal.

S2005, if the identity authentication of the first terminal passes, the transaction server sends the resource transfer authority of the first terminal to a second terminal corresponding to the second terminal identification information; wherein the resource transfer permission indicates that the second terminal has permission to transfer the resource in the first terminal.

In S2001, the first terminal initiates authorization to a designated second terminal through a transaction server, where the authorization allows the designated second terminal to request a payment transaction from the transaction server using a resource transfer credential signed by the first terminal, and transfers a resource to be transferred corresponding to the resource transfer credential from the first terminal to the designated second terminal. In S2003, after the transaction server receives the resource transfer authorization request sent by the first terminal, the pre-stored binding relationship with the first terminal is searched, and the identity of the first terminal is authenticated according to the binding relationship and the identification information, account information, and the like carried in the authentication information of the first terminal, so as to determine whether the first terminal is true or legal, and if the binding relationship is matched with the authentication information of the first terminal, the identity authentication of the first terminal passes. In S2003, after the identity authentication of the first terminal passes, the transaction server sends the resource transfer right of the first terminal to the second terminal corresponding to the identification information of the second terminal, and the second terminal stores the resource transfer right and other related information, thereby completing the authorization process of the resource transfer right.

S203, the first terminal sends a resource transfer request to the second terminal through the short-distance wireless communication connection; wherein, the resource transfer request carries resource transfer record information.

In the embodiment of the application, after the first terminal establishes the short-distance wireless communication connection with the second terminal having the authority of transferring the resource in the first terminal, the first terminal sends a resource transfer request to the second terminal, wherein the resource transfer request carries the resource transfer record information.

In a possible embodiment, the information carried by the resource transfer record information includes, but is not limited to, one or more of resource transfer identification information, resources to be transferred, account information of the first terminal, and account information of the second terminal.

In this embodiment of the application, in order to improve accuracy and security of resource transfer, as shown in fig. 3, before the first terminal and the second terminal perform double signature confirmation on the resource transfer record information, the method may further include:

and S204, the second terminal confirms whether the second terminal has the authority of transferring the resources in the first terminal and the second terminal exchange certificates with each other for identity verification.

In this embodiment of the present application, S204 may include:

s2041, the second terminal confirms whether the second terminal has the authority of transferring the resources in the first terminal.

And S2043, if the second terminal has the authority to transfer the resources in the first terminal, the second terminal sends a second identity certificate corresponding to the second terminal to the first terminal through the short-distance wireless communication connection.

S2045, if the first terminal can decrypt the signature of the second identity certificate by using the public key corresponding to the transaction server, the identity verification of the second terminal is passed.

And S2047, the first terminal sends a first identity certificate corresponding to the first terminal to the second terminal through the close-range wireless communication connection.

S2049, if the second terminal can decrypt the signature of the first identity certificate by using the public key corresponding to the transaction server, the identity verification of the first terminal is passed.

When the transaction server establishes communication connection with the first terminal, the first identity certificate is sent to the first terminal after being signed by using a private key corresponding to the transaction server, and when the transaction server establishes communication connection with the second terminal, the second identity certificate is sent to the second terminal after being signed by using the private key corresponding to the transaction server.

In the embodiment of the application, before the first terminal and the second terminal perform dual-signature authentication on the resource transfer information, the second terminal first determines whether the second terminal has the authority to transfer the resource in the first terminal in S2041, and if the second terminal has the authority to transfer, the second terminal performs the identity authentication process of the first terminal and the second terminal in S2043-S2049, so that the accuracy and the safety of resource transfer are improved, and the risk of resource transfer is reduced.

In the embodiment of the application, under the condition that the first terminal and the second terminal can both establish communication connection with the transaction server, the first terminal and the second terminal respectively allocate a unique account with an identity at the transaction server, the transaction server issues digitally signed identity certificates to the first terminal and the second terminal, that is, both the first terminal and the second terminal are encrypted by the private key of the transaction server, and the certificate issued by the transaction server can only be decrypted by using the public key of the transaction server. In S2043-S2049, it is determined whether the identity authentication between the first terminal and the second terminal is valid by determining whether the public key of the transaction server can decrypt the identity certificate.

S205, the second terminal sends first encrypted information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-distance wireless communication connection.

In this embodiment of the application, after the second terminal receives the resource transfer record request, the second terminal may use its own certificate for the resource transfer record information, that is, send the resource transfer record information to the first terminal after signing with the second identity certificate.

In a possible embodiment, as shown in fig. 4, the sending, by the second terminal to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing a first signature process on the resource transfer record information may include:

s2051, the second terminal uses a private key corresponding to the second terminal to perform first signature processing on the resource transfer information to obtain first encryption information; wherein the first encryption information includes the resource transfer record information and first signature information corresponding to the second terminal.

And S2053, the second terminal sends the first encryption information to the first terminal through the short-distance wireless communication connection.

And S207, the first terminal verifies the signature validity of the first encrypted information to obtain a first verification result.

In the embodiment of the application, after the first terminal receives the first encrypted information sent by the second terminal, the first signature information can be verified by using the public key corresponding to the second terminal. Specifically, as shown in fig. 4, the verifying, by the first terminal, the validity of the signature of the first encrypted information to obtain a first verification result may include:

s2071, the first terminal verifies the first signature information by using a public key corresponding to the second terminal.

And S2073, if the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result.

Accordingly, if the public key corresponding to the second terminal cannot decrypt the first signature information, the first verification result is an illegal verification result. And stopping the off-line payment process when the first verification result is an illegal verification result.

In practical application, the first terminal may not only perform legal verification on the first signature information, but also perform integrity verification on the first encrypted information, and the method for performing integrity verification on the first encrypted information may be as follows: since there is a relationship between the first signature information and the first encrypted information to be transmitted, any modification of the first encrypted information will cause a change in the first signature information, and after receiving the first encrypted information and the first signature information, the first terminal may compare the first encrypted information and the first signature information to determine whether the first encrypted information is modified during transmission, and if so, the first signature information is invalid.

And S209, when the first verification result is a legal verification result, the first terminal sends second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-distance wireless communication connection.

In this embodiment of the application, after the first terminal determines that the signature of the first signature information is legal, the first terminal may combine the resource transfer information and the first signature information, and then use a certificate of the first terminal, that is, the first identity certificate, to sign the resource transfer information and the first signature information and send the signed information to the second terminal. Specifically, as shown in fig. 4, when the first verification result is a valid verification result, the sending, by the first terminal, second encrypted information obtained by performing a second signature process on the first encrypted information to the second terminal through the short-range wireless communication connection may include:

s2091, the first terminal performs second signature processing on the resource transfer record information and the first signature information by using a private key corresponding to the first terminal to obtain second encrypted information; wherein the second encryption information includes the resource transfer record information, the first signature information, and second signature information corresponding to the first terminal.

S2093, the first terminal sends the second encryption information to the second terminal through the short-distance wireless communication connection.

And S2011, the second terminal verifies the signature validity of the second encryption information to obtain a second verification result.

In this embodiment, after the second terminal receives the second encrypted information sent by the first terminal, the second terminal may verify the second signature information by using the public key corresponding to the first terminal. Specifically, as shown in fig. 4, the verifying, by the second terminal, the validity of the signature of the second encrypted information, and obtaining the second verification result may include:

and S20111, the second terminal verifies the second signature information by using a public key corresponding to the first terminal.

And S20113, if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result.

Accordingly, if the public key corresponding to the first terminal cannot decrypt the second signature information, the second verification result is an illegal verification result. And stopping the off-line payment process when the second verification result is an illegal verification result.

In practical application, the second terminal can not only perform legal verification on the second signature information, but also perform integrity verification on the second encrypted information, and please refer to the new integrity verification process for the first encryption for the integrity verification process of the second encrypted information.

S2013, when the second verification result is a legal verification result, the second terminal determines the second encryption information as a resource transfer certificate.

In the embodiment of the application, when the second verification result is a legal verification result, the second encryption information is determined as the resource transfer certificate, so that the offline payment process is completed.

The resource transfer voucher in the embodiment of the application is obtained by performing double signature authentication on the resource transfer record information by the first terminal and the second terminal, and the double signature authentication further improves the accuracy and the safety of the offline transaction, ensures that the offline transaction can be smoothly performed, and reduces the transaction risk.

S2015, when the second terminal establishes communication connection with the transaction server, the second terminal sends the resource transfer voucher to the transaction server.

S2017, the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the first terminal to the second terminal.

In this embodiment of the application, when the second terminal resumes the connection with the transaction server, the second terminal may use the resource transfer credential to request the transaction server to transfer the resource corresponding to the resource transfer credential to the second terminal, and specifically, the transferring, by the transaction server, the resource to be transferred corresponding to the resource transfer credential from the first terminal to the second terminal may include:

s20171, the transaction server verifies the first signature information by using the public key corresponding to the second terminal.

S20173, the transaction server verifies the second signature information by using the public key corresponding to the first terminal.

S20175, if the public key corresponding to the second terminal can decrypt the first signature information and the public key corresponding to the first terminal can decrypt the second signature information, the server transfers the resource to be transferred corresponding to the resource transfer credential from the account of the first terminal to the account of the second terminal.

In the embodiment of the application, before the real resource transfer is executed, in order to further ensure the accuracy of the resource transfer, the transaction server may verify the first signature information and the second signature information again, and after the verification is passed, transfer the resource to be transferred corresponding to the resource transfer certificate from the account of the first terminal to the account of the second terminal, and send the resource transfer result to the first terminal. For example, if the resource to be transferred in the resource transfer credential is 60 yuan, the transaction server transfers the 60 yuan from the account of the first terminal to the account of the second terminal.

The resource transfer method provided by the embodiment of the application, in the case that the first terminal and the second terminal are both online, the first terminal sends the right granted to the second terminal to transfer the first terminal resource to the transaction server in advance, so as to lay a foundation for the smooth off-line transaction, and improve the feasibility of the off-line transaction, when the first terminal and the second terminal are both in an off-line environment, the resource transfer certificate confirmed by both parties is obtained by determining that the second terminal has the right to transfer the resource, the first terminal and the second terminal exchange certificates for identity verification and double signature authentication of resource transfer record information, so as to accurately complete the off-line transaction flow, when the second terminal is restored to establish communication connection with the transaction server, the second terminal sends the on-line transaction flow to the transaction server by using the resource transfer certificate, namely, the resource to be transferred corresponding to the resource transfer certificate is transferred from the first terminal to the second terminal, thereby completing the overall flow of the transaction. The technical scheme in the embodiment of the application can be used as an extension of the online payment transaction system in a specific environment which cannot be connected to the Internet, so that the defects of an online transaction mode and the defects that products needing online payment transaction cannot be covered in the scene are overcome, the offline transaction can still be carried out when the first terminal and the second terminal are both in an offline condition, and the problem that in some specific environments which cannot be connected to the Internet, if online payment transaction needs to be carried out, the traditional online mode-based payment system cannot meet the requirements and can only be completed through a cash transaction mode under the line is solved.

In the following, taking the first terminal and the second terminal both in the same local area network environment, and specifically taking the local area network environment as the cabin of the passenger plane after takeoff as an example, the application of the resource transfer method in the embodiment of the present application in the environment is described in detail, in the environment, the terminal used by the user is equivalent to the first terminal, the airline driver is equivalent to the second terminal, and the payment platform is equivalent to the transaction server:

the current cabin services are gradually popularized, and passengers access the on-board electronic services through wireless WiFi, and the on-board electronic services can comprise video on demand, games, reading, music, meal selection, shopping and the like. However, the current satellite communication system for the passenger cabin on the airplane has only a few parts to access the internet and the traffic cost is expensive. In order to meet the transaction function in the environment, as shown in fig. 5, the following processes can be implemented:

on-line delegation authorization

When the user is in an online state, namely, under the condition that the communication connection with the payment platform can be established, the entrusted deduction function is opened to the navigation department, namely, the authority of the navigation department for transferring the user side resource is granted, and the specific process is as follows:

s1, a user initiates an authorized navigation department payment deduction function to a payment platform, namely, a resource transfer authorization request allowing the navigation department to transfer user resources is sent to the payment platform.

And S3, authenticating the user identity by the payment platform to determine whether the user is a real and effective user.

And S5, if the user identity authentication is passed, the payment platform sends the resource transfer authority of the user to the navigation department, namely, the payment platform starts the entrustment deduction function to the navigation department. Fig. 6 shows a schematic diagram of a user opening an authorized deduction function, B a schematic diagram of a user inputting a password to perform authentication, and c a schematic diagram of an authorized deduction function being opened.

The interface presentation diagram of the on-board electronic service can be as shown in fig. 7, if a user in the passenger cabin needs to purchase a certain product, the following offline transaction flow can be performed:

(II) off-line transaction process

A user clicks the purchase flow on an electronic service display interface to purchase flow or clicks a shopping mall to purchase products to generate an electronic order, then clicks the settlement on the electronic order, confirms the transaction after inputting an offline payment password, and generates transaction record information, namely resource transfer record information; in fig. 8, a is a schematic diagram of an electronic order, B is a schematic diagram of a user inputting an offline password to confirm a transaction, and C is a schematic diagram of transaction record information.

And S7, the user sends a resource transfer request carrying transaction record information, namely a transaction request, to the navigation department through the wireless local area network.

S9, the navigation department checks whether the user provides an authorized money deduction function.

S11, if the user opens the entrusted deduction function to the navigation department, the navigation department and the user interact identity certificates to carry out identity verification.

And S13, obtaining a resource transfer certificate after the identity authentication is passed, namely an authorized deduction certificate.

After the driver recovers connection with the payment platform, the following payment deduction process is needed to complete the real transfer process of the payment amount:

(III) paying deduction

And S15, the navigation department sends a resource transfer certificate to the payment platform to request to transfer the payment amount corresponding to the authorized deduction certificate to the account of the navigation department.

S17, the payment platform verifies the signature validity of the resource transfer certificate by the user terminal and the navigation department;

and S19, after the signature validity is verified, the payment platform finishes deduction, namely the corresponding payment amount is transferred to the navigation account from the user terminal, and all steps of the transaction are finished.

The specific processes of S1-S5 may be referred to as S2001-S2005, the specific processes of S7-S13 may be referred to as S201-S2013, and the specific processes of S15-S19 may be referred to as S2015-S2017, which are not described herein again.

A resource transfer method in the embodiment of the present application is described below with a first terminal as an execution subject, and as shown in fig. 9, the method may include:

s301, when the communication connection with the transaction server is disconnected, the short-distance wireless communication connection is established with the second terminal; wherein the second terminal has the right to transfer resources in the local terminal.

And S303, sending a resource transfer request carrying resource transfer record information to the second terminal through the short-distance wireless communication connection.

S305, first encrypted information obtained by performing first signature processing on the resource transfer record information and sent by the second terminal through the short-distance wireless communication connection is received.

S307, verifying the signature validity of the first encrypted information to obtain a first verification result.

S309, when the first verification result is a legal verification result, sending second encryption information obtained by carrying out second signature processing on the first encryption information to the second terminal through the short-distance wireless communication connection, so that the second terminal verifies the signature legality of the second encryption information to obtain a second verification result; when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate; and when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the local terminal to the second terminal.

In a possible embodiment, before the establishing the short-range wireless communication connection with the second terminal, the method may further include:

when communication connection is established with the transaction server, a resource transfer authorization request carrying local terminal authentication information and second terminal identification information is sent to the transaction server, so that the transaction server performs identity authentication on the local terminal according to the local terminal authentication information; when the identity authentication of the local terminal passes, sending the resource transfer authority of the local terminal to a second terminal corresponding to the second terminal identification information; wherein the resource transfer authority characterizes that the second terminal has the authority to transfer the resource in the local terminal.

In a possible embodiment, the first encryption information includes the resource transfer record information and first signature information corresponding to the second terminal, and the verifying the signature validity of the first encryption information to obtain a first verification result may include:

and verifying the first signature information by using a public key corresponding to the second terminal.

And if the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result.

Accordingly, when the first verification result is a valid verification result, the sending, to the second terminal through the short-range wireless communication connection, second encryption information obtained by performing second signature processing on the first encryption information may include:

performing second signature processing on the resource transfer record information and the first signature information by using a private key corresponding to the local terminal to obtain second encrypted information; the second encryption information comprises the resource transfer record information, the first signature information and second signature information corresponding to the local terminal;

transmitting the second encryption information to the second terminal through the short-range wireless communication connection;

the resource transfer record information comprises resource transfer identification information, resources to be transferred, account information of the local terminal and account information of the second terminal.

A resource transfer method in the embodiment of the present application is described below with a second terminal as an execution subject, and as shown in fig. 10, the method may include:

s401, when the communication connection with a transaction server is disconnected, a short-distance wireless communication connection is established with a first terminal; and the first terminal grants the local terminal the authority to transfer the resources in the first terminal.

And S403, receiving a resource transfer request which is sent by the first terminal through the short-distance wireless communication connection and carries resource transfer record information.

S405, sending first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-distance wireless communication connection, so that the first terminal verifies the signature validity of the first encryption information to obtain a first verification result.

And S407, when the first verification result is a legal verification result, receiving second encryption information obtained by performing second signature processing on the first encryption information and sent by the first terminal through the short-distance wireless communication connection.

And S409, verifying the signature validity of the second encrypted information to obtain a second verification result.

S4011, when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential.

S4013, when communication connection is established with the transaction server, the resource transfer voucher is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer voucher from the first terminal to the local terminal.

In a possible embodiment, after the receiving the resource transfer request carrying the resource transfer record information sent by the first terminal through the short-range wireless communication connection, the method may further include:

determining whether there is a right to transfer resources in the first terminal;

if the first terminal has the authority of transferring the resources in the first terminal, sending a second identity certificate corresponding to the local terminal to the first terminal through the short-distance wireless communication connection, so that the identity verification of the local terminal is passed when the first terminal can decrypt the signature of the second identity certificate by using a public key corresponding to the transaction server;

receiving a first identity certificate which is sent by the first terminal through the short-distance wireless communication connection and corresponds to the first terminal;

if the signature of the first identity certificate can be decrypted by using a public key corresponding to the transaction server, the identity verification of the first terminal is passed;

when the transaction server establishes communication connection with the first terminal, the first identity certificate is sent to the first terminal after being signed by using a private key corresponding to the transaction server, and when the transaction server establishes communication connection with the local terminal, the second identity certificate is sent to the local terminal after being signed by using a private key corresponding to the transaction server.

In a possible embodiment, the sending, to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing a first signature process on the resource transfer record information may include:

performing first signature processing on the resource transfer information by using a private key corresponding to the local terminal to obtain first encryption information; the first encryption information comprises the resource transfer record information and first signature information corresponding to the local terminal.

And sending the first encryption information to the first terminal through the short-distance wireless communication connection.

Correspondingly, the second encrypted information includes the resource transfer record information, the first signature information, and second signature information corresponding to the first terminal, and the verifying the signature validity of the second encrypted information to obtain a second verification result includes:

and verifying the second signature information by using a public key corresponding to the first terminal.

And if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result.

In a possible embodiment, the sending the resource transfer credential to the transaction server may further include:

sending the resource transfer certificate to the transaction server so that the transaction server verifies the first signature information by using a public key corresponding to the local terminal; and verifying the second signature information by using the public key corresponding to the first terminal; and when the public key corresponding to the local terminal can decrypt the first signature information and the public key corresponding to the first terminal can decrypt the second signature information, transferring the resource to be transferred corresponding to the resource transfer certificate from the account of the first terminal to the account of the local terminal.

As shown in fig. 11, an embodiment of the present application provides a resource transfer apparatus, where the apparatus may include:

a first establishing module 501, configured to establish a short-range wireless communication connection with a second terminal when the communication connection with the transaction server is disconnected; wherein the second terminal has the right to transfer resources in the local terminal.

A resource transfer request sending module 503, configured to send a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection.

A first encrypted information receiving module 505, configured to receive first encrypted information obtained by performing a first signature process on the resource transfer record information, where the first encrypted information is sent by the second terminal through the short-range wireless communication connection.

The first encrypted information verifying module 507 is configured to verify the validity of the signature of the first encrypted information to obtain a first verification result.

A second encrypted information sending module 509, configured to send, to the second terminal through the short-range wireless communication connection, second encrypted information obtained by performing a second signature process on the first encrypted information when the first verification result is a legal verification result, so that the second terminal verifies the signature validity of the second encrypted information to obtain a second verification result; when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate; and when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer certificate from the local terminal to the second terminal.

As shown in fig. 12, an embodiment of the present application provides another resource transfer apparatus, where the apparatus may include:

a second establishing module 601, configured to establish a short-range wireless communication connection with the first terminal when the communication connection with the transaction server is disconnected; and the first terminal grants the local terminal the authority to transfer the resources in the first terminal.

A resource transfer request receiving module 603, configured to receive a resource transfer request carrying resource transfer record information and sent by the first terminal through the short-range wireless communication connection.

A first encrypted information sending module 605, configured to send, to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing a first signature process on the resource transfer record information, so that the first terminal verifies the signature validity of the first encrypted information, and obtains a first verification result.

A second encrypted information receiving module 607, configured to receive, when the first verification result is a valid verification result, second encrypted information obtained by performing a second signature process on the first encrypted information and sent by the first terminal through the short-range wireless communication connection.

The second encrypted information verifying module 609 is configured to verify the validity of the signature of the second encrypted information to obtain a second verification result.

The resource transfer credential determining module 6011 is configured to determine the second encryption information as the resource transfer credential when the second verification result is a valid verification result.

A resource transfer credential sending module 6013, configured to send the resource transfer credential to the transaction server when a communication connection is established with the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the first terminal to the local terminal.

The embodiment of the application provides a resource transfer system, which can comprise a first terminal, a second terminal and a transaction server:

It should be noted that the apparatus and the system in the apparatus embodiment are based on the same inventive concept as the method embodiment.

An embodiment of the present application further provides an electronic device, which includes a processor and a memory, where the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the resource transfer method provided in the foregoing method embodiment.

Embodiments of the present application further provide a storage medium, which may be disposed in a terminal to store at least one instruction, at least one program, a code set, or a set of instructions related to implementing a resource transfer method in the method embodiments, where the at least one instruction, the at least one program, the code set, or the set of instructions are loaded and executed by the processor to implement the resource transfer method provided in the method embodiments.

Alternatively, in the present specification embodiment, the storage medium may be located at least one network server among a plurality of network servers of a computer network. Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.

The memory according to the embodiments of the present disclosure may be used to store software programs and modules, and the processor may execute various functional applications and resource processing by operating the software programs and modules stored in the memory. The memory mainly comprises a storage program area and a storage resource area, wherein the storage program area can store an operating system, application programs needed by functions and the like; the storage resource area may store resources created according to the use of the object, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.

The resource transfer method provided by the embodiment of the application can be executed in a mobile terminal, a computer terminal, a server or a similar computing device. Taking the example of the method performed by the server, fig. 13 is a block diagram of a hardware structure of the server according to the resource transfer method provided in the embodiment of the present application. As shown in fig. 13, the server 700 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 710 (the processor 710 may include but is not limited to a Processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 730 for storing resources, and one or more storage media 720 (e.g., one or more mass storage objects) for storing applications 723 or resources 722. Memory 730 and storage medium 720 may be, among other things, transient storage or persistent storage. The program stored in the storage medium 720 may include one or more modules, each of which may include a series of instruction operations for the server. Still further, central processor 710 may be configured to communicate with storage medium 720 and execute a series of instruction operations in storage medium 720 on server 700. The server 700 may also include one or more power supplies 760, one or more wired or wireless network interfaces 750, one or more input-output interfaces 740, and/or one or more operating systems 721, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.

Input-output interface 740 may be used to receive or transmit resources via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the server 700. In one example, the input/output Interface 740 includes a Network adapter (NIC) that can be connected to other Network objects via a base station to communicate with the internet. In one example, the input/output interface 740 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

It will be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration and is not intended to limit the structure of the electronic device. For example, server 700 may also include more or fewer components than shown in FIG. 13, or have a different configuration than shown in FIG. 13.

It should be noted that: the sequence of the embodiments of the present application is only for description, and does not represent the advantages and disadvantages of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the device and server embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the partial description of the method embodiments.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. A method of resource transfer, the method comprising:

2. A method of resource transfer, the method comprising;

3. The method of claim 2, wherein prior to said establishing a short-range wireless communication connection with the second terminal, the method further comprises:

4. The method according to claim 3, wherein the first encrypted information includes the resource transfer record information and first signature information corresponding to the second terminal, and the verifying the signature validity of the first encrypted information to obtain a first verification result includes:

verifying the first signature information by using a public key corresponding to the second terminal;

if the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result;

correspondingly, when the first verification result is a legal verification result, sending second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-distance wireless communication connection, including:

5. A resource transfer method, characterized in that,

6. The method according to claim 5, wherein after said receiving a resource transfer request carrying resource transfer record information sent by the first terminal through the short-range wireless communication connection, the method further comprises:

7. The method of claim 5,

the sending, to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing first signature processing on the resource transfer record information, includes:

performing first signature processing on the resource transfer information by using a private key corresponding to the local terminal to obtain first encryption information; the first encryption information comprises the resource transfer record information and first signature information corresponding to the local terminal;

transmitting the first encrypted information to the first terminal through the short-range wireless communication connection;

verifying the second signature information by using a public key corresponding to the first terminal;

if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result;

accordingly, the sending the resource transfer credential to the transaction server further comprises:

8. An apparatus for resource transfer, the apparatus comprising:

9. An apparatus for resource transfer, the apparatus comprising:

10. A resource transfer system, comprising a first terminal, a second terminal and a transaction server;