CN112418845B

CN112418845B - Resource transfer method, device and system

Info

Publication number: CN112418845B
Application number: CN201910774367.1A
Authority: CN
Inventors: 吴芳宇; 刘伯恒; 王观星; 陈亨斌; 郭学彬
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2019-08-21
Filing date: 2019-08-21
Publication date: 2023-06-09
Anticipated expiration: 2039-08-21
Also published as: CN112418845A

Abstract

The application provides a resource transfer method, a device and a system, wherein the method comprises the following steps: when the first terminal is disconnected with the transaction server, the first terminal and the second terminal are connected in a short-distance wireless communication mode; the first terminal sends resource transfer record information to the second terminal; the second terminal sends first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal; if the first terminal verifies that the signature of the first encrypted information is legal, sending second encrypted information obtained by performing second signature processing on the first encrypted information to a second terminal; if the second terminal verifies that the signature of the second encrypted information is legal, the second encrypted information is determined to be a resource transfer certificate; when communication connection is established with the transaction server, the second terminal sends a resource transfer certificate to the transaction server; the transaction server transfers the resource to be transferred from the first terminal to the second terminal. The method and the device achieve the purpose of completing payment transaction under the condition that both the first terminal and the second terminal are offline.

Description

Resource transfer method, device and system

Technical Field

The application belongs to the technical field of Internet, and particularly relates to a resource transfer method, device and system.

Background

With the development of the internet, internet-based online banking, electronic commerce, online funds and other emerging payment platforms are becoming popular with more and more users. The payment based on the payment platform can comprise mobile payment, and the mobile payment becomes one of the common payment modes for people due to the fact that the mobile payment is convenient and quick.

In the prior art, the mobile payment scheme mostly adopts an online mode, and a payment terminal, a collection terminal and a payment platform are required to be online at the same time, and after identity authentication, account transfer or payment are completed through mutual instant messaging, a transaction certificate is generated by a third party payment platform, and finally the transaction is completed.

However, in some specific transaction environments, such as a local area network environment, under the condition that the payment terminal and the collection terminal cannot be connected to the payment platform, identity authentication and payment flow between the payment terminal and the collection terminal cannot be completed, so that an online transaction function cannot be realized, and the transaction requirements of users in the specific transaction environments such as the local area network are not met.

Disclosure of Invention

In order to achieve the purpose of completing offline payment transaction under the condition that a payment terminal and a collection terminal cannot be connected to a payment platform, and make up for the defect of online transaction, the application provides a resource transfer method, a resource transfer device and a resource transfer system.

In one aspect, the present application proposes a resource transfer method, the method comprising:

when the first terminal and the second terminal are disconnected from communication connection with the transaction server, the first terminal and the second terminal are connected in a short-distance wireless communication manner; the second terminal has the authority to transfer the resources in the first terminal;

the first terminal sends a resource transfer request to the second terminal through the short-range wireless communication connection; wherein, the resource transfer request carries resource transfer record information;

the second terminal sends first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-range wireless communication connection;

the first terminal verifies the signature validity of the first encrypted information to obtain a first verification result;

when the first verification result is a legal verification result, the first terminal sends second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection;

the second terminal verifies the signature validity of the second encrypted information to obtain a second verification result;

When the second verification result is a legal verification result, the second terminal determines the second encryption information as a resource transfer certificate;

when the second terminal establishes communication connection with the transaction server, the second terminal sends the resource transfer certificate to the transaction server;

the transaction server transfers the resources to be transferred corresponding to the resource transfer credentials from the first terminal to the second terminal.

In another aspect, the present application proposes another resource transfer method, the method including:

when the communication connection with the transaction server is disconnected, establishing a short-range wireless communication connection with the second terminal; the second terminal has the authority to transfer the resources in the local terminal;

transmitting a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection;

receiving first encryption information which is sent by the second terminal through the short-range wireless communication connection and obtained by performing first signature processing on the resource transfer record information;

verifying the signature validity of the first encryption information to obtain a first verification result;

when the first verification result is a legal verification result, sending second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection, so that the second terminal verifies the signature validity of the second encryption information to obtain a second verification result; and when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential; and when a communication connection is established with the transaction server, sending the resource transfer credential to the transaction server so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the local terminal to the second terminal.

when the communication connection with the transaction server is disconnected, establishing a short-range wireless communication connection with the first terminal; the first terminal grants the authority of the local terminal to transfer the resources in the first terminal;

receiving a resource transfer request carrying resource transfer record information sent by the first terminal through the short-range wireless communication connection;

sending first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-range wireless communication connection, so that the first terminal verifies the signature validity of the first encryption information to obtain a first verification result;

when the first verification result is a legal verification result, receiving second encryption information obtained by performing second signature processing on the first encryption information, wherein the second encryption information is sent by the first terminal through the short-range wireless communication connection;

verifying the signature validity of the second encryption information to obtain a second verification result;

when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential;

And when the communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resources to be transferred corresponding to the resource transfer certificate from the first terminal to the local terminal.

In another aspect, the present application proposes a resource transfer device, the device comprising:

the first establishing module is used for establishing short-distance wireless communication connection with the second terminal when the communication connection with the transaction server is disconnected; the second terminal has the authority to transfer the resources in the local terminal;

a resource transfer request sending module, configured to send a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection;

the first encryption information receiving module is used for receiving first encryption information obtained by performing first signature processing on the resource transfer record information, wherein the first encryption information is sent by the second terminal through the short-range wireless communication connection;

the first encryption information verification module is used for verifying the signature validity of the first encryption information to obtain a first verification result;

the second encryption information sending module is used for sending second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection when the first verification result is a legal verification result, so that the second terminal verifies the signature validity of the second encryption information to obtain a second verification result; and when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential; and when a communication connection is established with the transaction server, sending the resource transfer credential to the transaction server so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the local terminal to the second terminal.

In another aspect, the present application proposes another resource transfer device, the device comprising:

the second establishing module is used for establishing short-distance wireless communication connection with the first terminal when the communication connection with the transaction server is disconnected; the first terminal grants the authority of the local terminal to transfer the resources in the first terminal;

the resource transfer request receiving module is used for receiving a resource transfer request carrying resource transfer record information sent by the first terminal through the short-range wireless communication connection;

the first encryption information sending module is used for sending first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-range wireless communication connection so that the first terminal verifies the signature validity of the first encryption information to obtain a first verification result;

the second encryption information receiving module is used for receiving second encryption information obtained by performing second signature processing on the first encryption information, which is sent by the first terminal through the short-range wireless communication connection, when the first verification result is a legal verification result;

the second encryption information verification module is used for verifying the signature validity of the second encryption information to obtain a second verification result;

The resource transfer credential determining module is used for determining the second encryption information as a resource transfer credential when the second verification result is a legal verification result;

and the resource transfer credential sending module is used for sending the resource transfer credential to the transaction server when communication connection is established with the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the first terminal to the local terminal.

In another aspect, the present application proposes a resource transfer system, the system comprising a first terminal, a second terminal, and a transaction server;

the first terminal is used for establishing short-distance wireless communication connection with the second terminal with the authority of transferring resources in the first terminal when the first terminal is disconnected with the transaction server; and a resource transfer request carrying resource transfer record information is sent to the second terminal; the second terminal is used for receiving the first encrypted information, and obtaining a second verification result; and the second terminal is used for sending second encryption information obtained by carrying out second signature processing on the first encryption information to the second terminal when the first verification result is a legal verification result;

The second terminal is used for verifying the signature validity of the second encryption information when the second terminal is disconnected with the transaction server, so as to obtain a second verification result; and determining the second encryption information as a resource transfer credential when the second authentication result is a legal authentication result; and means for sending the resource transfer credential to the transaction server when a communication connection is established with the transaction server;

the transaction server is used for transferring the resources to be transferred corresponding to the resource transfer credentials from the first terminal to the second terminal.

In another aspect, the present application proposes a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes or a set of instructions, the at least one instruction, the at least one program, the set of codes or the set of instructions being loaded and executed by a processor to implement a resource transfer method as described above.

According to the resource transfer method, device and system, when the first terminal and the second terminal cannot be connected to the transaction server, the first terminal and the second terminal with the resource authority for transferring the first terminal establish close range wireless communication connection, send resource transfer record information to the second terminal, and then obtain a resource transfer certificate through double signature authentication between the first terminal and the second terminal, and the transaction is completed to obtain an offline payment flow. When the second terminal is restored to establish communication connection with the transaction server, the second terminal uses the resource transfer certificate to request the transaction server to complete resource transfer, and the transaction server transfers corresponding resources to be transferred from the first terminal to the second terminal according to the resource transfer certificate, so that the first terminal and the second terminal can not be connected to the transaction server, offline transaction can still be performed, and the defect of an online transaction mode is overcome.

Drawings

In order to more clearly illustrate the technical solutions and advantages of embodiments of the present application or of the prior art, the following description will briefly introduce the drawings that are required to be used in the embodiments or the prior art descriptions, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic diagram of an implementation environment of a resource transfer method according to an embodiment of the present application.

Fig. 2 is a flow chart of a resource transfer method according to an embodiment of the present application.

Fig. 3 is a flow chart of another resource transfer method according to an embodiment of the present application.

Fig. 4 is a flow chart of another resource transfer method according to an embodiment of the present application.

Fig. 5 is a schematic flow chart of an application of a resource transfer method in a scenario according to an embodiment of the present application.

Fig. 6 a is a schematic diagram of a user opening authorization deduction function provided by an embodiment of the present application, B is a schematic diagram of user input password for authentication provided by an embodiment of the present application, and C is a schematic diagram of an authorized deduction function being opened.

Fig. 7 is an interface display diagram of an on-board electronic service provided in an embodiment of the present application.

Fig. 8 a is a schematic diagram of an electronic order provided in the embodiment of the present application, B is a schematic diagram of a user inputting offline secret-order confirmation transaction, and C is a schematic diagram of transaction record information.

Fig. 9 is a flow chart of another resource transfer method according to an embodiment of the present application.

Fig. 10 is a flowchart of another resource transfer method according to an embodiment of the present application.

Fig. 11 is a schematic structural diagram of a resource transferring device according to an embodiment of the present application.

Fig. 12 is a schematic structural diagram of another resource transferring device according to an embodiment of the present application.

Fig. 13 is a schematic diagram of a server structure provided in an embodiment of the present application.

Detailed Description

In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.

It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the resources so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or object.

Fig. 1 is a schematic diagram of an implementation environment of a resource transfer method according to an embodiment of the present application, and as shown in fig. 1, the implementation environment may at least include a first terminal 01, a second terminal 02, and a transaction server 03.

Specifically, when neither the first terminal 01 nor the second terminal 02 can connect to the transaction server 03, the first terminal 01 and the second terminal 02 establish a short-range wireless communication connection, so as to realize data transmission between the first terminal 01 and the second terminal 02 through the short-range wireless communication connection. For example, the transmitted data may include transaction information mutually signed and authenticated by the first terminal 01 and the second terminal 02.

Specifically, when the first terminal 01 and the second terminal 02 resume connection with the transaction server 03, the first terminal 01 and the second terminal 02 establish connection with the transaction server 03 in a wired or wireless manner, so as to implement data transmission with the transaction server 03 through the network, for example, the data transmitted between the transaction server 03 and the first terminal 01 may include the first terminal 01 sending a resource transfer authorization request allowing the second terminal 02 to transfer the resource authority in the first terminal, and the data transmitted between the transaction server 03 and the second terminal 02 may include transaction information mutually signed and authenticated by the first terminal 01 and the second terminal 02.

Specifically, the first terminal 01 and the second terminal 02 may each include a smart phone, a desktop computer, a tablet computer, a notebook computer, a digital assistant, an intelligent wearable device, an on-board, a speaker, a television, a robot, and the like.

In particular, the transaction server 03 may comprise a server that operates independently, or a distributed server, or a server cluster that is composed of a plurality of servers. The transaction server 03 may include a network communication unit, a processor, a memory, and the like. The transaction server 03 may provide background services for the first terminal 01 and the second terminal 02.

In this embodiment, when both the first terminal 01 and the second terminal 02 are disconnected from the transaction server 03, the first terminal 01 and the second terminal 02 perform dual signature authentication through the established close range wireless communication connection to obtain transaction information confirmed by both parties of the transaction, and when the second terminal 02 reestablishes communication connection with the transaction server 03, the second terminal 02 provides the transaction server 03 with the transaction information confirmed by both parties of the transaction, thereby completing the final resource transfer flow.

It should be noted that fig. 1 is only an example.

Fig. 2 is a schematic flow chart of a resource transfer method provided in an embodiment of the present application, where the method operations described in the examples or flowcharts are provided, but may include more or fewer operations based on conventional or non-inventive labor. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented in a real system or server product, the methods illustrated in the embodiments or figures may be performed sequentially or in parallel (e.g., in a parallel processor or multithreaded environment). As shown in fig. 2, the method may include:

S201, when a first terminal and a second terminal are disconnected from communication connection with a transaction server, the first terminal and the second terminal are connected in a short-distance wireless communication manner; the second terminal has the authority to transfer the resources in the first terminal.

In this embodiment, when the first terminal and the second terminal are both disconnected from the transaction server, that is, the first terminal and the second terminal are both in a specific offline environment that cannot be connected to the transaction server, the identity authentication and the payment flow cannot be completed through the transaction server, and at this time, the first terminal and the second terminal can be connected in a short-range wireless communication manner, so that an offline payment transaction process in the specific offline environment is completed.

In one possible embodiment, the particular offline environment may be a local area network environment including, but not limited to, a mail wheel within a passenger cabin or in flight after a passenger aircraft takes off, and the like.

In one possible embodiment, the short-range wireless communication connection includes, but is not limited to, bluetooth, infrared, zigbee, near field communication, ultra wideband communication, and the like.

In the embodiment of the application, the second terminal establishing the short-range wireless communication connection with the first terminal is a terminal with the resource permission in the first terminal. The process of authorizing the resource transfer rights may be completed in advance in a case where both the first terminal and the second terminal can be connected to the transaction server, that is, before the first terminal and the second terminal establish the close range wireless communication connection, the method further includes:

S200, granting the second terminal permission to transfer the resources in the first terminal.

Specifically, as shown in fig. 3, S200 may further include:

s2001, when the first terminal and the second terminal are in communication connection with the transaction server, the first terminal sends a resource transfer authorization request to the transaction server; the resource transfer authorization request carries first terminal authentication information and second terminal identification information.

And S2003, the transaction server carries out identity authentication on the first terminal according to the authentication information of the first terminal.

S2005, if the identity authentication of the first terminal passes, the transaction server sends the resource transfer authority of the first terminal to a second terminal corresponding to the second terminal identification information; the resource transfer authority characterizes that the second terminal has the authority to transfer the resources in the first terminal.

In S2001, first, the first terminal initiates authorization to the designated second terminal through the transaction server, where the authorization content is to allow the designated second terminal to request payment transaction from the transaction server by using the resource transfer credential signed by the first terminal, and transfer the resource to be transferred corresponding to the resource transfer credential from the first terminal to the designated second terminal. In S2003, after the transaction server receives the resource transfer authorization request sent by the first terminal, the transaction server searches a prestored binding relationship with the first terminal, and authenticates the identity of the first terminal according to the binding relationship and identification information, account information and the like carried in the authentication information of the first terminal, so as to determine whether the first terminal is truly legal, and if the binding relationship is matched with the authentication information of the first terminal, the identity authentication of the first terminal passes. In S2003, after the identity authentication of the first terminal passes, the transaction server sends the resource transfer rights of the first terminal to the second terminal corresponding to the second terminal identification information, and the second terminal stores related information such as the resource transfer rights, thereby completing the rights authorization process of resource transfer.

S203, the first terminal sends a resource transfer request to the second terminal through the short-range wireless communication connection; and the resource transfer request carries resource transfer record information.

In this embodiment of the present application, after a first terminal establishes a close range wireless communication connection with a second terminal having authority to transfer resources in the first terminal, the first terminal sends a resource transfer request to the second terminal, where the resource transfer request carries resource transfer record information.

In a possible embodiment, the information carried by the resource transfer record information includes, but is not limited to, one or more of resource transfer identification information, a resource to be transferred, account information of the first terminal, and account information of the second terminal.

In this embodiment of the present application, in order to improve accuracy and security of resource transfer, as shown in fig. 3, before the first terminal and the second terminal perform dual signature confirmation on the resource transfer record information, the method may further include:

s204, the second terminal confirms whether the second terminal has the authority to transfer the resources in the first terminal, and the first terminal and the second terminal exchange certificates for identity verification.

In this embodiment, S204 may include:

s2041, the second terminal confirms whether the second terminal has permission to transfer the resources in the first terminal.

S2043, if the second terminal has the authority to transfer the resources in the first terminal, the second terminal sends a second identity certificate corresponding to the second terminal to the first terminal through the short-range wireless communication connection.

And S2045, if the first terminal can decrypt the signature of the second identity certificate by using the public key corresponding to the transaction server, the identity verification of the second terminal is passed.

S2047, the first terminal sends a first identity certificate corresponding to the first terminal to the second terminal through the short-range wireless communication connection.

And S2049, if the second terminal can decrypt the signature of the first identity certificate by using the public key corresponding to the transaction server, the identity verification of the first terminal is passed.

When the transaction server establishes communication connection with the second terminal, the second identity certificate is sent to the second terminal after signature processing is carried out by using the private key corresponding to the transaction server.

In the embodiment of the present application, before the first terminal and the second terminal perform dual signature authentication on the resource transfer information, the second terminal first determines whether itself has the authority to transfer the resource in the first terminal in S2041, and if so, performs the identity authentication process of the first terminal and the second terminal in S2043-S2049, thereby improving the accuracy and security of resource transfer and reducing the risk of resource transfer.

In this embodiment, under the condition that both the first terminal and the second terminal can establish communication connection with the transaction server, the first terminal and the second terminal respectively allocate an account with a unique identity identifier at the transaction server, the transaction server issues digitally signed identity certificates to both the first terminal and the second terminal, that is, the digitally signed identity certificates are encrypted through private keys of the transaction server, and certificates issued by the transaction server can only be decrypted by using public keys of the transaction server. In S2043-S2049, it is only necessary to determine whether the public key of the transaction server can decrypt the identity certificate, so that it is possible to determine whether the identity authentication of the first terminal and the second terminal is legal.

S205, the second terminal sends first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-range wireless communication connection.

In this embodiment of the present application, after the second terminal receives the resource transfer recording request, the second terminal may use its own certificate for the resource transfer recording information, that is, use the second identity certificate to sign and then send the second identity certificate to the first terminal.

In a possible embodiment, as shown in fig. 4, the sending, by the second terminal, first encrypted information obtained by performing a first signature process on the resource transfer record information to the first terminal through the short-range wireless communication connection may include:

s2051, the second terminal uses a private key corresponding to the second terminal to perform first signature processing on the resource transfer information to obtain the first encryption information; the first encryption information comprises the resource transfer recording information and first signature information corresponding to the second terminal.

S2053, the second terminal sends the first encryption information to the first terminal through the short-distance wireless communication connection.

S207, the first terminal verifies the signature validity of the first encryption information to obtain a first verification result.

In this embodiment of the present application, after the first terminal receives the first encryption information sent by the second terminal, the first terminal may verify the first signature information by using the public key corresponding to the second terminal. Specifically, as shown in fig. 4, the first terminal verifies the signature validity of the first encrypted information, to obtain a first verification result, which may include:

s2071, the first terminal verifies the first signature information by using a public key corresponding to the second terminal.

S2073, if the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result.

Correspondingly, if the public key corresponding to the second terminal cannot decrypt the first signature information, the first verification result is an illegal verification result. And stopping the offline payment flow when the first verification result is an illegal verification result.

In practical application, the first terminal can perform legal verification on the first signature information, and also can perform verification on the integrity of the first encrypted information, and the method for verifying the integrity of the first encrypted information can be as follows: since there is a correlation between the first signature information and the first encryption information to be transferred, any modification of the first encryption information may cause a change in the first signature information, and after receiving the first encryption information and the first signature information, the first terminal may compare the first encryption information and the first signature information to determine whether the first encryption information is modified in the process of transmission, and if so, the first signature information is invalid.

S209, when the first verification result is a legal verification result, the first terminal sends second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection.

In this embodiment of the present application, after the first terminal determines that the signature of the first signature information is legal, the first terminal may combine the resource transfer information and the first signature information, and then use its own certificate, that is, the first identity certificate, to sign the resource transfer information and the first signature information and send the signature to the second terminal. Specifically, as shown in fig. 4, when the first verification result is a legal verification result, the sending, by the first terminal, second encrypted information obtained by performing second signature processing on the first encrypted information to the second terminal through the short-range wireless communication connection may include:

s2091, the first terminal uses a private key corresponding to the first terminal to carry out second signature processing on the resource transfer record information and the first signature information, so as to obtain second encryption information; the second encryption information comprises the resource transfer record information, the first signature information and second signature information corresponding to the first terminal.

And S2093, the first terminal sends the second encryption information to the second terminal through the short-distance wireless communication connection.

S2011, the second terminal verifies the signature validity of the second encryption information to obtain a second verification result.

In this embodiment of the present application, after the second terminal receives the second encrypted information sent by the first terminal, the second signature information may be verified using the public key corresponding to the first terminal. Specifically, as shown in fig. 4, the second terminal verifying the signature validity of the second encrypted information, and obtaining the second verification result may include:

s20111, the second terminal verifies the second signature information by using a public key corresponding to the first terminal.

S20113, if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result.

Correspondingly, if the public key corresponding to the first terminal cannot decrypt the second signature information, the second verification result is an illegal verification result. And stopping the offline payment flow when the second verification result is an illegal verification result.

In practical application, the second terminal can perform legal verification on the second signature information, and also can verify the integrity of the second encrypted information, and the integrity verification process of the second encrypted information refers to the new integrity verification process of the first encrypted information.

And S2013, when the second verification result is a legal verification result, the second terminal determines the second encryption information as a resource transfer certificate.

In the embodiment of the application, when the second verification result is a legal verification result, the second encryption information is determined to be the resource transfer certificate, so that the offline payment flow is completed.

The resource transfer certificate in the embodiment of the application is obtained after the first terminal and the second terminal perform double-signature authentication on the resource transfer record information, and the double-signature authentication further improves the accuracy and the safety of offline transaction, ensures that the offline transaction can be performed smoothly, and reduces the transaction risk.

S2015. when the second terminal establishes a communication connection with the transaction server, the second terminal sends the resource transfer credential to the transaction server.

And S2017, the transaction server transfers the resources to be transferred corresponding to the resource transfer credentials from the first terminal to the second terminal.

In this embodiment of the present application, when the second terminal resumes the connection with the transaction server, the second terminal may use the resource transfer credential to request to transfer the resource corresponding to the resource transfer credential to the second terminal, and specifically, transferring, by the transaction server, the resource to be transferred corresponding to the resource transfer credential from the first terminal to the second terminal may include:

and S20171, the transaction server verifies the first signature information by using the public key corresponding to the second terminal.

S20173. the transaction server uses the public key corresponding to the first terminal to verify the second signature information.

S20175. if the public key corresponding to the second terminal can decrypt the first signature information and the public key corresponding to the first terminal can decrypt the second signature information, the server transfers the resource to be transferred corresponding to the resource transfer credential from the account of the first terminal to the account of the second terminal.

In this embodiment of the present application, before executing the actual resource transfer, in order to further ensure the accuracy of the resource transfer, the transaction server may verify the first signature information and the second signature information again, and after the verification is passed, transfer the resource to be transferred corresponding to the resource transfer credential from the account of the first terminal to the account of the second terminal, and send the result of the resource transfer to the first terminal. For example, if the corresponding resource to be transferred in the resource transfer certificate is 60 yuan, the transaction server will transfer the 60 yuan from the account of the first terminal to the account of the second terminal.

According to the resource transfer method provided by the embodiment of the invention, under the condition that both the first terminal and the second terminal are online, the first terminal sends the authority for granting the second terminal to transfer the first terminal resource to the transaction server in advance, so that a foundation is laid for smooth offline transaction, the feasibility of offline transaction is improved, when both the first terminal and the second terminal are in an offline environment, the resource transfer certificate confirmed by both sides is obtained through determining that the second terminal has the authority for transferring the resource, the first terminal and the second terminal exchange certificates for carrying out identity verification and double signature authentication on the resource transfer record information, and thus the offline transaction flow is accurately completed, when the second terminal is restored to establish communication connection with the transaction server, the second terminal sends the online transaction flow to the transaction server by using the resource transfer certificate, namely, the resource to be transferred corresponding to the resource transfer certificate is transferred from the first terminal to the second terminal, and thus the whole transaction flow is completed. The technical scheme in the embodiment of the invention can be used as the extension of the online payment transaction system in a specific environment which cannot be connected to the Internet, makes up the shortages that the online transaction mode is insufficient and products requiring online payment transaction cannot be covered in the scene, realizes that the offline transaction can still be carried out under the condition that both the first terminal and the second terminal are offline, and solves the problem that the traditional online-mode-based payment system cannot meet the requirements and can only be completed by an offline cash transaction mode in some specific environments which cannot be connected to the Internet if online payment transaction is required.

The application of the resource transfer method in the embodiment of the present application in the environment is described in detail below by taking the first terminal and the second terminal both in the same local area network environment, and specifically taking the local area network environment as a cabin after the passenger plane takes off as an example, where in the environment, the terminal used by the user is equivalent to the first terminal, the airline is equivalent to the second terminal, and the payment platform is equivalent to the transaction server:

passengers have become increasingly popular in passenger cabin services to access on-board electronic services via wireless WiFi, which may include video on demand, gaming, reading, music, meal selection, shopping, and the like. However, the current satellite communication system for the passenger cabin on the aircraft has very few parts capable of accessing the internet, and the flow rate is expensive. The inability to provide online transaction functions, limiting the provision of service content, is difficult to meet the onboard service needs of passengers, and in order to meet the transaction functions in this environment, as shown in fig. 5, the following procedure may be implemented:

on-line delegated authorization

When the user is in an online state, namely communication connection can be established with the payment platform, the entrusting and deducting function is opened for the avionics, namely the avionics is granted with permission to transfer the user side resource, and the specific process is as follows:

S1, a user initiates an authorization airline hostess deduction function to a payment platform, namely a resource transfer authorization request for allowing the airline hostess to transfer user resources is sent to the payment platform.

S3, authenticating the user identity by the payment platform, and determining whether the user is a real and effective user.

S5, if the user identity authentication is passed, the payment platform sends the resource transfer permission of the user to the aviator, namely, the delegated deduction function is opened to the aviator. In fig. 6, a is a schematic diagram of a user opening an authorized deduction function, B is a schematic diagram of a user inputting a password for identity verification, and c is a schematic diagram of an authorized deduction function being opened.

The interface display diagram of the on-board electronic service may be as shown in fig. 7, and if a user in the passenger cabin needs to purchase a certain product, the following offline transaction flow may be performed:

(II) offline transaction flow

The user clicks the purchase flow on the electronic service display interface to perform flow purchase or clicks the shopping mall to perform product purchase, an electronic order is generated, then the settlement on the electronic order is clicked, the transaction is confirmed after the offline payment password is input, and transaction record information, namely resource transfer record information, is generated; in fig. 8, a is an electronic order diagram, B is a diagram of confirmation of a transaction by inputting an offline password, and C is a diagram of transaction record information.

S7, the user sends a resource transfer request carrying transaction record information to the avionics through the wireless local area network, namely a transaction request.

S9, the avionics checks whether the user provides an authorized deduction function.

S11, if the user opens the delegated payment function to the aviator, the aviator and the user interact with each other to perform identity verification on the identity certificate.

S13, obtaining a resource transfer certificate, namely an authorized deduction certificate after the identity verification is passed.

After the avionics resumes the connection with the payment platform, the following payment deduction process is required to be performed so as to complete the real transfer flow of the payment amount:

(III) Payment of deduction

S15, the avionics sends a resource transfer certificate to the payment platform, and requests to transfer the payment amount corresponding to the authorization deduction certificate to the avionics account.

S17, the payment platform verifies the signature validity of the resource transfer certificate by the user terminal and the avionics;

s19, after verifying the validity of the signature, the payment platform finishes deduction, namely, the corresponding payment amount is transferred from the user terminal to the avionics account, and all the steps of the transaction are finished.

The specific process of S1-S5 may be referred to as S2001-S2005, the specific process of S7-S13 may be referred to as S201-S2013, and the specific process of S15-S19 may be referred to as S2015-S2017, which will not be described herein.

In the following, a method for transferring resources in the embodiments of the present application is described with a first terminal as an execution body, as shown in fig. 9, where the method may include:

s301, when the communication connection with the transaction server is disconnected, establishing short-distance wireless communication connection with the second terminal; the second terminal has the authority to transfer the resources in the local terminal.

S303, sending a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection.

S305, receiving first encryption information obtained by carrying out first signature processing on the resource transfer record information, wherein the first encryption information is sent by the second terminal through the short-range wireless communication connection.

S307, verifying the signature validity of the first encryption information to obtain a first verification result.

S309, when the first verification result is a legal verification result, sending second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection, so that the second terminal verifies the signature validity of the second encryption information to obtain a second verification result; and when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential; and when a communication connection is established with the transaction server, sending the resource transfer credential to the transaction server so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the local terminal to the second terminal.

In a possible embodiment, before the establishing of the short-range wireless communication connection with the second terminal, the method may further include:

when communication connection is established with the transaction server, a resource transfer authorization request carrying local terminal authentication information and second terminal identification information is sent to the transaction server, so that the transaction server carries out identity authentication on the local terminal according to the local terminal authentication information; when the identity authentication of the local terminal passes, the resource transfer authority of the local terminal is sent to a second terminal corresponding to the second terminal identification information; the resource transfer authority characterizes that the second terminal has the authority to transfer the resources in the local terminal.

In a possible embodiment, the first encryption information includes the resource transfer record information and first signature information corresponding to the second terminal, and the verifying the signature validity of the first encryption information, to obtain a first verification result may include:

and verifying the first signature information by using a public key corresponding to the second terminal.

And if the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result.

Correspondingly, when the first verification result is a legal verification result, sending, to the second terminal through the short-range wireless communication connection, second encrypted information obtained by performing second signature processing on the first encrypted information may include:

performing second signature processing on the resource transfer record information and the first signature information by using a private key corresponding to the local terminal to obtain second encryption information; the second encryption information comprises the resource transfer record information, the first signature information and second signature information corresponding to the local terminal;

transmitting the second encryption information to the second terminal through the short-range wireless communication connection;

the resource transfer record information comprises resource transfer identification information, resources to be transferred, account information of the local terminal and account information of a second terminal.

In the following, a method for transferring resources in the embodiments of the present application is described with a second terminal as an execution body, as shown in fig. 10, where the method may include:

s401, when the communication connection with the transaction server is disconnected, a short-distance wireless communication connection is established with the first terminal; the first terminal grants the authority of the local terminal to transfer the resources in the first terminal.

S403, receiving a resource transfer request carrying resource transfer record information sent by the first terminal through the short-range wireless communication connection.

S405, sending first encryption information obtained by performing first signature processing on the resource transfer record information to the first terminal through the short-range wireless communication connection, so that the first terminal verifies the signature validity of the first encryption information, and a first verification result is obtained.

S407, when the first verification result is a legal verification result, receiving second encryption information obtained by performing second signature processing on the first encryption information and sent by the first terminal through the short-range wireless communication connection.

S409, verifying the signature validity of the second encryption information to obtain a second verification result.

S4011, when the second verification result is a legal verification result, determining the second encryption information as a resource transfer certificate.

S4013, when communication connection is established with the transaction server, the resource transfer certificate is sent to the transaction server, so that the transaction server transfers the resources to be transferred corresponding to the resource transfer certificate from the first terminal to the local terminal.

In a possible embodiment, after the receiving the resource transfer request carrying the resource transfer record information sent by the first terminal through the short-range wireless communication connection, the method may further include:

determining whether the first terminal has the authority to transfer the resources;

if the authority to transfer the resources in the first terminal is available, a second identity certificate corresponding to the local terminal is sent to the first terminal through the short-range wireless communication connection, so that the identity verification of the local terminal is passed when the first terminal can decrypt the signature of the second identity certificate by using a public key corresponding to the transaction server;

receiving a first identity certificate corresponding to the first terminal, which is sent by the first terminal through the short-range wireless communication connection;

if the signature of the first identity certificate can be decrypted by using a public key corresponding to the transaction server, the identity of the first terminal passes verification;

when the transaction server establishes communication connection with the local terminal, the second identity certificate is sent to the local terminal after signature processing is carried out by using a private key corresponding to the transaction server.

In a possible embodiment, the sending, to the first terminal, first encrypted information obtained by performing a first signature process on the resource transfer record information through the short-range wireless communication connection may include:

performing first signature processing on the resource transfer information by using a private key corresponding to the local terminal to obtain the first encryption information; the first encryption information comprises the resource transfer record information and first signature information corresponding to the local terminal.

And sending the first encryption information to the first terminal through the short-range wireless communication connection.

Correspondingly, the second encryption information includes the resource transfer record information, the first signature information and second signature information corresponding to the first terminal, and the verifying the signature validity of the second encryption information, to obtain a second verification result includes:

and verifying the second signature information by using a public key corresponding to the first terminal.

And if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result.

In a possible embodiment, the sending the resource transfer credential to the transaction server may further include:

transmitting the resource transfer credential to the transaction server to cause the transaction server to verify the first signature information using a public key corresponding to the local terminal; and verifying the second signature information by using the public key corresponding to the first terminal; and transferring the resources to be transferred corresponding to the resource transfer credentials from the account of the first terminal to the account of the local terminal when the public key corresponding to the local terminal is capable of decrypting the first signature information and the public key corresponding to the first terminal is capable of decrypting the second signature information.

As shown in fig. 11, an embodiment of the present application provides a resource transferring device, which may include:

a first establishing module 501, configured to establish a short-range wireless communication connection with the second terminal when the communication connection with the transaction server is disconnected; the second terminal has the authority to transfer the resources in the local terminal.

And a resource transfer request sending module 503, configured to send a resource transfer request carrying resource transfer record information to the second terminal through the short-range wireless communication connection.

And the first encryption information receiving module 505 is configured to receive first encryption information obtained by performing a first signature process on the resource transfer record information, where the first encryption information is sent by the second terminal through the short-range wireless communication connection.

The first encryption information verification module 507 is configured to verify the signature validity of the first encryption information, to obtain a first verification result.

A second encrypted information sending module 509, configured to send, when the first verification result is a legal verification result, second encrypted information obtained by performing a second signature process on the first encrypted information to the second terminal through the short-range wireless communication connection, so that the second terminal verifies signature validity of the second encrypted information, and obtains a second verification result; and when the second verification result is a legal verification result, determining the second encryption information as a resource transfer credential; and when a communication connection is established with the transaction server, sending the resource transfer credential to the transaction server so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the local terminal to the second terminal.

As shown in fig. 12, another resource transfer device is provided in an embodiment of the present application, where the device may include:

a second establishing module 601, configured to establish a short-range wireless communication connection with the first terminal when the communication connection with the transaction server is disconnected; the first terminal grants the authority of the local terminal to transfer the resources in the first terminal.

And a resource transfer request receiving module 603, configured to receive a resource transfer request carrying resource transfer record information, where the resource transfer request is sent by the first terminal through the short-range wireless communication connection.

And a first encrypted information sending module 605, configured to send, to the first terminal through the short-range wireless communication connection, first encrypted information obtained by performing a first signature process on the resource transfer record information, so that the first terminal verifies the signature validity of the first encrypted information, and obtains a first verification result.

And a second encrypted information receiving module 607, configured to receive, when the first verification result is a legal verification result, second encrypted information obtained by performing a second signature process on the first encrypted information, where the second encrypted information is sent by the first terminal through the short-range wireless communication connection.

The second encryption information verification module 609 is configured to verify the signature validity of the second encryption information, so as to obtain a second verification result.

And the resource transfer credential determining module 6011 is configured to determine the second encryption information as a resource transfer credential when the second verification result is a legal verification result.

And a resource transfer credential sending module 6013, configured to send the resource transfer credential to the transaction server when a communication connection is established with the transaction server, so that the transaction server transfers the resource to be transferred corresponding to the resource transfer credential from the first terminal to the local terminal.

The embodiment of the application provides a resource transfer system, which can comprise a first terminal, a second terminal and a transaction server:

It should be noted that the apparatus and the system in the apparatus embodiment are based on the same inventive concept as the method embodiment.

The embodiment of the application also provides an electronic device, which comprises a processor and a memory, wherein at least one instruction, at least one section of program, a code set or an instruction set is stored in the memory, and the at least one instruction, the at least one section of program, the code set or the instruction set is loaded and executed by the processor to realize the resource transfer method provided by the embodiment of the method.

Embodiments of the present application also provide a storage medium that may be provided in a terminal to store at least one instruction, at least one program, a code set, or an instruction set related to implementing a resource transfer method in a method embodiment, where the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by the processor to implement the resource transfer method provided in the method embodiment.

Alternatively, in the present description embodiment, the storage medium may be located in at least one network server among a plurality of network servers of the computer network. Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The memory according to the embodiments of the present disclosure may be used to store software programs and modules, and the processor executes various functional applications and resource processes by executing the software programs and modules stored in the memory. The memory may mainly include a storage program area and a storage resource area, wherein the storage program area may store an operating system, application programs required for functions, and the like; the storage resource region may store resources created according to the use of the object, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide access to the memory by the processor.

The resource transfer method embodiment provided by the embodiment of the application can be executed in a mobile terminal, a computer terminal, a server or similar computing devices. Taking the operation on the server as an example, fig. 13 is a block diagram of the hardware structure of the server of the resource transfer method provided in the embodiment of the present application. As shown in fig. 13, the server 700 may vary considerably in configuration or performance and may include one or more central processing units (Central Processing Units, CPU) 710 (the processor 710 may include, but is not limited to, a microprocessor MCU or a processing device such as a programmable logic device FPGA), memory 730 for storing resources, one or more storage mediums 720 (e.g., one or more mass storage objects) for storing applications 723 or resources 722. Wherein memory 730 and storage medium 720 may be transitory or persistent. The program stored in the storage medium 720 may include one or more modules, each of which may include a series of instruction operations on the server. Still further, the central processor 710 may be configured to communicate with the storage medium 720 and execute a series of instruction operations in the storage medium 720 on the server 700. The server 700 may also include one or more power supplies 760, one or more wired or wireless network interfaces 750, one or more input/output interfaces 740, and/or one or more operating systems 721, such as Windows ServerTM, mac OS XTM, unixTM, linuxTM, freeBSDTM, and the like.

Input-output interface 740 may be used to receive or transmit resources via a network. The specific example of the network described above may include a wireless network provided by a communication provider of the server 700. In one example, the input-output interface 740 includes a network adapter (Network Interface Controller, NIC) that can connect to other network objects through a base station to communicate with the internet. In one example, the input/output interface 740 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.

It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 13 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, server 700 may also include more or fewer components than shown in fig. 13, or have a different configuration than shown in fig. 13.

It should be noted that: the foregoing sequence of the embodiments of the present application is only for describing, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device and server embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and references to the parts of the description of the method embodiments are only required.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The foregoing description of the preferred embodiments of the present application is not intended to limit the invention to the particular embodiments of the present application, but to limit the scope of the invention to the particular embodiments of the present application.

Claims

1. A method of resource transfer, the method comprising:

2. A method of resource transfer, the method comprising;

3. The method of claim 2, wherein prior to the establishing a short-range wireless communication connection with the second terminal, the method further comprises:

4. The method according to claim 3, wherein the first encryption information includes the resource transfer record information and first signature information corresponding to the second terminal, and the verifying the signature validity of the first encryption information, to obtain a first verification result, includes:

verifying the first signature information by using a public key corresponding to the second terminal;

If the public key corresponding to the second terminal can decrypt the first signature information, the first verification result is a legal verification result;

correspondingly, when the first verification result is a legal verification result, sending second encryption information obtained by performing second signature processing on the first encryption information to the second terminal through the short-range wireless communication connection, wherein the second encryption information comprises:

the resource transfer record information comprises resource transfer identification information, resources to be transferred, account information of the local terminal and account information of the second terminal.

5. A resource transfer method is characterized in that,

6. The method of claim 5, wherein after receiving the resource transfer request carrying resource transfer record information sent by the first terminal over the short-range wireless communication connection, the method further comprises:

7. The method of claim 5, wherein the step of determining the position of the probe is performed,

the sending, by the short-range wireless communication connection, first encrypted information obtained by performing a first signature process on the resource transfer record information to the first terminal includes:

performing first signature processing on the resource transfer information by using a private key corresponding to the local terminal to obtain the first encryption information; the first encryption information comprises the resource transfer record information and first signature information corresponding to the local terminal;

transmitting the first encryption information to the first terminal through the short-range wireless communication connection;

verifying the second signature information by using a public key corresponding to the first terminal;

if the public key corresponding to the first terminal can decrypt the second signature information, the second verification result is a legal verification result;

Accordingly, the sending the resource transfer credential to the transaction server further includes:

8. A resource transfer device, the device comprising:

9. A resource transfer device, the device comprising:

10. A resource transfer system, comprising a first terminal, a second terminal and a transaction server;