CN113487314A

CN113487314A - Transaction processing method and device

Info

Publication number: CN113487314A
Application number: CN202110709214.6A
Authority: CN
Inventors: 徐智劼; 朱涛; 曾望年; 张琦; 戚文彬; 侯腾; 杨阳
Original assignee: China Unionpay Co Ltd
Current assignee: China Unionpay Co Ltd
Priority date: 2021-06-25
Filing date: 2021-06-25
Publication date: 2021-10-08

Abstract

The embodiment of the invention provides a transaction processing method and device. The method comprises the following steps: sending a payment receiving request to the payment equipment, and acquiring a first time point for sending the payment receiving request; receiving a payment password sent by the payment equipment, and acquiring a second time point for receiving the payment password; determining a target distance between the payment device and the payment device according to the first time point and the second time point; and if the target distance is smaller than the preset threshold value, sending the payment password to a payment background so that the payment background executes corresponding transaction according to the payment password. If the target distance is smaller than the preset threshold value, the payment device processing the payment receiving request is not another payment device which is far away from the payment receiving device and is likely to be attacked by the relay, the current transaction environment is safe, and then the payment password is sent to the payment background for transaction processing. In this way, the risk of the payment device being attacked by the relay is reduced.

Description

Transaction processing method and device

Technical Field

The embodiment of the invention relates to the technical field of secure payment, in particular to a transaction processing method, a transaction processing device, a computing device and a computer-readable storage medium.

Background

With the rapid development of internet technology, more and more people select electronic payment during shopping, and the existing electronic payment methods include two-dimensional code scanning payment, NFC (Near Field Communication) payment and the like, but these payment methods are easily attacked by relay attacks, thereby affecting the security of transactions.

For example, as shown in fig. 1, a payment device sends a payment request to a payment device a, the payment device a sends the payment request to a payment device B, since the payment device B is configured as a privacy-free payment, the payment device B directly responds to the payment device a, then the payment device a sends the response of the payment device B to the payment device, and the payment device directly deducts money from the payment device B, thereby causing property loss of a user at the side of the payment device B.

To sum up, embodiments of the present invention provide a transaction processing method for reducing the risk of being attacked by a relay and improving the security of a transaction.

Disclosure of Invention

The embodiment of the invention provides a transaction processing method, which is used for reducing the risk of relay attack on payment equipment and improving the security of transaction.

In a first aspect, an embodiment of the present invention provides a transaction processing method, including:

sending a payment receiving request to payment equipment, and acquiring a first time point for sending the payment receiving request;

receiving a payment password sent by the payment equipment, and acquiring a second time point for receiving the payment password;

determining a target distance between a payment device and the payment device according to the first time point and the second time point;

and if the target distance is smaller than a preset threshold value, sending the payment password to a payment background so that the payment background executes corresponding transaction according to the payment password.

In the embodiment of the application, the receiving device can determine the target distance between the receiving device and the payment device by acquiring the first time point of sending the receiving request and the second time point of receiving the payment password, and if the target distance is smaller than a preset threshold value, it indicates that the payment device processing the receiving request is close to the receiving device, that is, the payment device processing the receiving request is not another payment device which is far away from the receiving device and is likely to be attacked by a relay, the current transaction environment is safe, and then the payment password is sent to the payment background for transaction processing. Therefore, the danger that the payment equipment is attacked by the relay is reduced, and the safety of the transaction is improved.

Optionally, the method further comprises:

receiving the time-consuming duration for generating the payment password sent by the payment equipment;

the determining a target distance between the checkout device and the payment device based on the first point in time and the second point in time comprises:

and determining the target distance between the payment device and the collection device according to the first time point, the second time point and the time-consuming duration.

Optionally, determining a target distance between the payment apparatus and the payment apparatus according to the first time point, the second time point and the time-consuming duration includes:

determining the transmission time length of the payment password transmitted from the payment device to the collection device according to the first time point, the second time point and the time-consuming time length;

and determining the target distance between the payment equipment and the collection equipment according to the transmission duration and the transmission speed of the payment password.

Optionally, the payment receiving request carries an encryption factor, so that the payment device generates the payment password based on the encryption factor;

if the target distance is smaller than a preset threshold value, the payment password is sent to a payment background so that the payment background executes corresponding transaction according to the payment password, and the method comprises the following steps:

and if the target distance is smaller than a preset threshold value, sending the payment password, the encryption factor and a payment bill to the payment background so that the payment background verifies the payment password based on the encryption factor, and executing corresponding deduction operation according to the payment bill and the payment password after the verification is passed.

Optionally, the sending a payment receiving request to a payment device and obtaining a first time point of sending the payment receiving request includes:

sending a payment receiving request to payment equipment through a first ultra-wideband UWB message, and acquiring the first time point from an MAC layer data frame of the first UWB message;

the receiving the payment password sent by the payment device and acquiring a second time point for receiving the payment password comprises:

and receiving a payment password sent by the payment equipment through a second UWB message, and acquiring the second time point from an MAC layer data frame of the second UWB message.

In a second aspect, an embodiment of the present invention further provides a transaction processing method, including:

receiving a collection request sent by collection equipment;

generating a payment password according to the collection request;

and sending the payment password to the payment equipment so that the payment equipment determines a target distance between the payment equipment and the payment equipment according to a first time point of sending the payment request and a second time point of receiving the payment password, and sending the payment password to the payment background when the target distance is determined to be smaller than a preset threshold value, wherein the payment background is used for executing corresponding transaction according to the payment password.

Optionally, the method further comprises:

acquiring a third time point for receiving the collection request;

acquiring a fourth time point for sending the payment password;

and determining the time-consuming duration for generating the payment password according to the third time point and the fourth time point, and sending the time-consuming duration to the payment equipment, so that the payment equipment determines the target distance between the payment equipment and the payment equipment according to the first time point for sending the payment request, the second time point for receiving the payment password and the time-consuming duration.

Optionally, the receipt request carries an encryption factor;

generating a payment password according to the collection request, comprising:

generating a session key according to the encryption factor and the identifier of the payment device;

encrypting the identifier of the payment equipment through the session key to obtain a payment ciphertext;

and generating the payment password based on the identification of the payment equipment and the payment ciphertext.

Optionally, the encrypting the identifier of the payment device through the session key to obtain a payment cryptograph includes:

and encrypting the identifier of the payment equipment and the payment account information corresponding to the payment equipment through the session key to obtain a payment ciphertext.

Optionally, the obtaining a third time point for receiving the payment receiving request includes:

receiving the collection request through a third UWB message, and acquiring a third time point from an MAC layer data frame of the third UWB message;

the obtaining of the fourth time point for sending the payment password comprises:

and sending the payment password through a fourth UWB message, and acquiring the fourth time point from an MAC layer data frame of the fourth UWB message.

In a third aspect, an embodiment of the present invention further provides a transaction processing method, including:

receiving a payment password sent by a payment receiving device, wherein the payment password is generated and sent to the payment receiving device by a payment device after receiving a payment receiving request sent by the payment receiving device, and is sent to the payment background by the payment receiving device when the target distance between the payment receiving device and the payment device is determined to be smaller than a preset threshold value, and the target distance is determined by the payment receiving device according to a first time point for sending the payment receiving request and a second time point for receiving the payment password;

and executing corresponding transaction according to the payment password.

Optionally, the target distance is determined by the payment apparatus according to a first time point of sending the payment request and a second time point of receiving the payment password, and includes:

the target distance is determined by the checkout device according to a first time point of sending the checkout request, a second time point of receiving the payment password, and a time-consuming duration of generating the payment password.

Optionally, executing a corresponding transaction according to the payment password, including:

receiving an encryption factor and a payment bill sent by the money receiving device;

and verifying the payment password based on the encryption factor, and executing corresponding deduction operation according to the payment bill and the payment password after the verification is passed.

Optionally, the payment password comprises a plaintext identifier and a payment ciphertext;

verifying the payment password based on the encryption factor, and after the verification is passed, performing corresponding deduction operation according to the payment bill and the payment password, wherein the deduction operation comprises the following steps:

generating a session key according to the encryption factor and the plaintext identifier;

decrypting the payment ciphertext through the session key to obtain the identifier of the payment equipment;

and if the plaintext identifier is matched with the identifier of the payment device, the payment background executes corresponding deduction operation based on the identifier of the payment device and the payment bill.

Optionally, the decrypting the payment cryptograph by the session key to obtain the identifier of the payment device includes:

decrypting the payment ciphertext through the session key to obtain the identification of the payment equipment and the payment account information;

and if the plaintext identification is matched with the identification of the payment equipment, the payment background executes corresponding deduction operation based on the identification of the payment equipment, the payment account information and the payment bill.

Optionally, the bill for payment comprises a scene domain and an identification of the checkout device;

before the corresponding deduction operation is executed according to the payment bill and the payment password, the method further comprises the following steps:

and determining that the incidence relation between the scene domain and the identifier of the money receiving equipment meets a preset condition.

Optionally, before executing the corresponding transaction according to the payment password, the method further includes:

receiving the first time point and the second time point sent by the money receiving device;

and determining a target distance between the collection device and the payment device according to the first time point and the second time point, and determining that the target distance is smaller than a preset threshold value.

Optionally, the method further comprises:

receiving the time-consuming duration sent by the money receiving equipment;

determining a target distance between the checkout device and the payment device based on the first point in time and the second point in time, comprising:

and determining a target distance between the payment device and the payment device according to the first time point, the second time point and the time-consuming duration.

In a fourth aspect, an embodiment of the present invention further provides a transaction processing apparatus, including:

the payment system comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for sending a payment receiving request to payment equipment and acquiring a first time point for sending the payment receiving request;

the first receiving unit is used for receiving the payment password sent by the payment equipment and acquiring a second time point for receiving the payment password;

the first processing unit is used for determining a target distance between the money receiving device and the payment device according to the first time point and the second time point; and if the target distance is smaller than a preset threshold value, sending the payment password to a payment background so that the payment background executes corresponding transaction according to the payment password.

In a fifth aspect, an embodiment of the present invention further provides a transaction processing apparatus, including:

the second receiving unit is used for receiving a money receiving request sent by the money receiving equipment;

the second processing unit is used for generating a payment password according to the collection request; and sending the payment password to the payment equipment so that the payment equipment determines a target distance between the payment equipment and the payment equipment according to a first time point of sending the payment request and a second time point of receiving the payment password, and sending the payment password to the payment background when the target distance is determined to be smaller than a preset threshold value, wherein the payment background is used for executing corresponding transaction according to the payment password.

In a sixth aspect, an embodiment of the present invention further provides a transaction processing apparatus, including:

the third receiving unit is used for receiving a payment password sent by a payment receiving device, the payment password is generated and sent to the payment receiving device after the payment receiving device receives a payment receiving request sent by the payment receiving device, the payment receiving device sends the payment password to the payment background when the target distance between the payment receiving device and the payment receiving device is determined to be smaller than a preset threshold value, and the target distance is determined by the payment receiving terminal according to a first time point of sending the payment receiving request and a second time point of receiving the payment password;

and the third processing unit is used for executing corresponding transaction according to the payment password.

In a seventh aspect, an embodiment of the present invention further provides a computer device, including:

a memory for storing a computer program;

and the processor is used for calling the computer program stored in the memory and executing the transaction processing method listed in any mode according to the obtained program.

In an eighth aspect, the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores a computer-executable program, where the computer-executable program is configured to enable a computer to execute a transaction processing method listed in any of the above manners.

In the embodiment of the application, the receiving device can determine the target distance between the receiving device and the payment device by acquiring the first time point of sending the receiving request and the second time point of receiving the payment password, and if the target distance is smaller than a preset threshold value, it indicates that the payment device processing the receiving request is close to the receiving device, that is, the payment device processing the receiving request is not another payment device which is far away from the receiving device and is likely to be attacked by a relay, the current transaction environment is safe, and then the payment password is sent to the payment background for transaction processing. Therefore, the danger that the payment equipment is attacked by the relay is reduced, and the safety of the transaction is improved. The payment background re-verifies the payment password, re-calculates the target distance between the collection device and the payment device, and determines whether the transaction is safe, so that the danger that the payment device is attacked by the relay is reduced, and the security of the transaction is improved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a schematic diagram of a payment device attacked by a relay according to an embodiment of the present invention;

FIG. 2 is a diagram illustrating a system architecture according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of an interface displayed by the payment device after a successful payment is made by a possible user according to an embodiment of the present invention;

fig. 4 is a flowchart illustrating a transaction processing method according to an embodiment of the present invention;

fig. 5 is a message structure of a UWB physical layer according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of a UWB tag and a payment receiving apparatus according to an embodiment of the present invention;

fig. 7 is a schematic structural diagram of a transaction processing apparatus according to an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a transaction processing apparatus according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a transaction processing device according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a computer device according to an embodiment of the present invention.

Detailed Description

To make the objects, embodiments and advantages of the present application clearer, the following description of exemplary embodiments of the present application will clearly and completely describe the exemplary embodiments of the present application with reference to the accompanying drawings in the exemplary embodiments of the present application, and it is to be understood that the described exemplary embodiments are only a part of the embodiments of the present application, and not all of the embodiments.

All other embodiments, which can be derived by a person skilled in the art from the exemplary embodiments described herein without inventive step, are intended to be within the scope of the claims appended hereto. In addition, while the disclosure herein has been presented in terms of one or more exemplary examples, it should be appreciated that aspects of the disclosure may be implemented solely as a complete embodiment.

It should be noted that the brief descriptions of the terms in the present application are only for the convenience of understanding the embodiments described below, and are not intended to limit the embodiments of the present application. These terms should be understood in their ordinary and customary meaning unless otherwise indicated.

The terms "first," "second," "third," and the like in the description and claims of this application and in the above-described drawings are used for distinguishing between similar or analogous objects or entities and are not necessarily intended to limit the order or sequence of any particular one, Unless otherwise indicated. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein.

Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a product or device that comprises a list of elements is not necessarily limited to those elements explicitly listed, but may include other elements not expressly listed or inherent to such product or device.

Fig. 2 shows a system architecture to which an embodiment of the present invention is applicable, which may include a payment device 201, a checkout device 202, and a payment backend 203.

The payment device 201 may have a payment application pre-installed, wherein the payment application may be a client application, a web application, an applet, or the like. The payment device 201 may be a mobile phone, a tablet computer, a notebook computer, a wearable device, or the like. For sending the identification of the payment device 201 and the corresponding payment account information to the payment device 202 in response to a payment request sent by the payment device 202.

The payment device 202 is configured to initiate a payment request or automatically initiate a payment request according to an operation of a merchant, interact with the payment device 201, obtain a payment response message corresponding to the payment request, and send the payment response message to the payment background 203 for processing. The checkout device 202 may be a code scanning window, a code scanning gun, etc., as shown in fig. 2. The payment device 201 and the payment receiving device 202 may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

The payment background 203 is a background server providing a corresponding service for payment, and is configured to receive a payment receipt response message sent by the payment receiving device 202, and execute a corresponding transaction based on the payment receipt response message. The payment background 203 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), a big data and artificial intelligence platform, and the like. The checkout device 202 and the payment backend 203 may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

For example, when the user finishes shopping and settles the checkout, the merchant inputs the total amount, for example, 100 dollars, required to be paid by the user into the collection device 202, and the collection device 202 sends a collection request and obtains the first time point for sending the collection request. The user holds the payment device 201 close to the payment apparatus 202, and the payment device 201 receives the payment request and acquires a third time point for receiving the payment request. The payment device 201 generates a payment password according to the collection request, where the payment password includes an identifier of the payment device 201 and information of a payment account, such as a chinese bank savings card bound to the mobile phone C, and the account is 1234 xxx. The payment device 201 transmits the payment password to the transferee device 202 and acquires a fourth time point of transmitting the payment password. The payment apparatus 201 calculates a time-consuming period for generating the payment password by combining the third time point and the fourth time point, and transmits the time-consuming period to the payee apparatus 202. The transferee device 202 receives the payment password transmitted from the payment device 201 and acquires a second time point of receiving the payment password. The checkout device 202 may also receive the elapsed time period sent by the payment device 201. The payment receiving device 202 determines a target distance between the payment receiving device 202 and the payment device 201 according to the first time point, the second time point and the time-consuming duration, and if the target distance is determined to be smaller than a preset threshold, it indicates that the payment device 201 processing the payment receiving request of the payment receiving device 202 is closer to the payment receiving device 202, that is, the payment device 201 processing the payment receiving request is not another payment device which is farther from the payment receiving device 202 and may be attacked by a relay, and the current transaction environment is safe. The collection device 202 uploads the payment password to the payment background 203, after the payment background 203 passes the verification, the payment mode is determined according to the identification in the payment password and the payment account information, corresponding money is removed from a Chinese bank deposit card with an account number of 1234 xxx, and the corresponding money is added to a preset collection account number of a merchant, for example, a Chinese industrial and commercial bank deposit card with an account number of 4321 xxx. The payment background 203 sends a message of successful collection to the collection device 202, the collection device 202 sends a prompt message of "you have 100 yuan to be paid" to the merchant, the payment background 203 also sends a message of successful deduction to the payment device 201, the payment device 201 sends a prompt message of "100 yuan to be paid successfully" to the user, and fig. 3 shows a schematic diagram of an interface displayed by the payment device 201 after a possible payment success by the user.

The embodiment of the invention provides a transaction processing method. As shown in fig. 4, the method comprises the following steps:

step 401, the payment apparatus sends a payment request to the payment apparatus, and obtains a first time point of sending the payment request.

The payment receiving request can be sent in the form of an Ultra Wide Band (UWB) message, specifically, the payment receiving request is sent to the payment device through a first UWB message, and a first time point is obtained from a MAC layer data frame of the first UWB message. Fig. 5 shows a message structure of a UWB physical layer, and as shown in fig. 5, a first time point T1 when the money receiving device sends a money receiving request is extracted by a "timestamp" field in the message.

The receipt request can also carry an encryption factor, and the encryption factor comprises at least one of the following data: the encryption factor is used for identifying the message of the collection request, so that the uniqueness of the message is ensured, and meanwhile, the subsequent payment equipment can generate a payment password based on the encryption factor.

In step 402, the payment device receives a payment request sent by a payment device.

The payment device may receive a payment receipt request through the third UWB message, and obtain a third time point T3 from the MAC layer data frame of the third UWB message.

In step 403, the payment device generates a payment password according to the payment request.

The embodiment of the invention provides the following two methods for generating a payment password.

In a first mode

The payment receiving request carries an encryption factor, and the payment device generates a session key according to the encryption factor and the identifier of the payment device. And encrypting the identifier of the payment equipment through the session key to obtain a payment ciphertext, and then generating a payment password based on the identifier of the payment equipment and the payment ciphertext.

Mode two

The payment receiving request carries an encryption factor, and the payment device generates a session key according to the encryption factor and the identifier of the payment device. And encrypting the identifier of the payment equipment and the payment account information corresponding to the payment equipment through the session key to obtain a payment ciphertext. And then generating a payment password based on the identification of the payment device and the payment ciphertext.

The payment account information may be a payment account preset by the user, or may be a payment account with the highest use frequency when the user performs payment, or a payment account used by the user for the last time. The payment ciphertext may also include other information, and the content in the payment ciphertext is not limited in the embodiment of the present invention.

The payment device generates a payment password based on the identifier and the payment ciphertext of the payment device, wherein the format of the payment password is as follows: identification of payment device + payment cryptogram.

For example, the payment device receives a payment request sent by the payment device, extracts an encryption factor, such as a random number 5, from a message of the payment request, the payment device forms a session key by random number dispersion according to an identifier of the payment device and the encryption factor, encrypts an identifier of the payment device (such as the payment device C) and payment account information (such as "chinese bank deposit card, account number 1234 xxx") using the session key, and generates a payment cryptograph: the payment device C + chinese bank savings card account number is 1234 xxx. The payment device generates a payment password based on the identification of the payment device and the payment cryptograph: payment device C (identification of payment device) + (payment device C + chinese bank deposit card account number 1234 xxx) (payment cryptogram).

At step 404, the payment device sends the payment password to the checkout device.

And the payment equipment sends the payment password through the fourth UWB message, and acquires a fourth time point T4 from the MAC layer data frame of the fourth UWB message.

Optionally, the payment device determines a time-consuming duration for generating the payment password according to the third time point and the fourth time point, and sends the time-consuming duration to the payment apparatus.

The payment device needs a certain time from receiving the payment collection request to sending the payment password, the time required by the payment device from receiving the payment collection request to sending the payment password is called as the time-consuming time T for generating the payment password, and the time-consuming time T can be obtained by performing difference processing on the fourth time point and the third time point, namely T is T4-T3. The payment device sends the time-consuming duration t to the payment device.

Step 405, the payee device receives the payment password sent by the payment device and obtains a second time point for receiving the payment password.

The payment receiving device receives the payment password sent by the payment device through the second UWB message, and obtains a second time point T2 from the MAC layer data frame of the second UWB message.

Optionally, the payee device may further receive the time duration t sent by the payment device, where the payment password and the time duration are not sent by the payment device at the same time, and then the receipt of the payment password and the receipt of the time duration by the payee device are not performed at the same time.

Step 406, the receiving device determines a target distance between the receiving device and the payment device according to the first time point and the second time point.

The embodiment of the invention provides two modes for determining the target distance.

In a first mode

The difference value between the second time point and the first time point is the time difference between the receipt of the payment password by the receipt device and the sending of the receipt request by the receipt device, and the time difference comprises the first transmission time length for the receipt request to be transmitted from the receipt device to the payment device, the time for the payment device to respond and process according to the receipt request, and the second transmission time length for the payment password to be transmitted from the payment device to the receipt device. The sum of the first transmission duration of the payment request from the transferee device to the payment device and the second transmission duration of the payment passcode from the payment device to the transferee device may be obtained using the second time point minus the first time point and the elapsed time duration, i.e., T2-T1-T. The transmission distances corresponding to the first transmission time length and the second transmission time length are distances between the payment apparatus and the payment apparatus, and the transmission speeds are the same, so that the first transmission time length and the second transmission time length are the same, the second transmission time length for transmitting the payment password from the payment apparatus to the payment apparatus is T (T2-T1-T)/2, and the distance for transmitting the payment password from the payment apparatus to the payment apparatus, namely the target distance between the payment apparatus and the payment apparatus, can be determined by combining the transmission speeds of the payment password.

Taking an example of sending a message by adopting a UWB technology, a first time point T1 is extracted from a UWB message in which a payee request is sent by a payee device as 0ns, a second time point T2 is extracted from a UWB message in which a payee device receives a payment password as 374ns, a third time point T3 is extracted from a UWB message in which the payee request is received by a payment device as 128ns, a fourth time point T4 is extracted from a UWB message in which the payment password is sent by the payment device as 256ns, and a time-consuming duration T for generating the payment password is obtained by the payment device according to T3 and T4 as 256ns-128 ns. The payment device sends the time-consuming duration T to the payment receiving device, and the payment receiving device calculates the transmission duration T ═ T2-T1-T)/2 ═ 374ns-0ns-128ns)/2 ═ 123ns of the payment password sent from the payment device to the payment receiving device. Combining the transmission speed c (light speed) of the UWB message, the target distance s ═ T × c ═ 0.37m between the two is obtained.

Mode two

The time duration for the payment device to generate the payment password may be ignored, that is, the transmission duration T ═ T2-T1)/2 ═ 374ns-0ns)/2 ═ 187ns for the payment password sent from the payment device to the payment apparatus. Combining the transmission speed c (light speed) of the UWB message, the target distance s ═ T × c ═ 0.56m between the two is obtained.

It can be seen that the target distance calculated in the second mode is larger than that calculated in the first mode. The second method does not take time and duration into account, so that the error is large. Therefore, the preset threshold corresponding to the target distance determined by the second usage mode and the preset threshold corresponding to the target distance determined by the first usage mode can be distinguished, for example, the preset threshold corresponding to the target distance determined by the first usage mode is 0.3m, and the preset threshold corresponding to the target distance determined by the second usage mode is 0.5 m.

Step 407, if the receiving device determines that the target distance is smaller than the preset threshold, the receiving device sends the payment password to the payment background.

After the target distance determined in step 406 is 0.37m, the target distance is compared with the corresponding preset threshold value of 0.3 m. The preset threshold value may be set by a technician before the cash register leaves a factory, or may be set by a merchant who collects cash. The larger the preset threshold value is, the payment can be finished even if the user station is far away from the collection device, so that the payment process of the user is more convenient, and the risk of the relay attack on the payment device is increased; the smaller the preset threshold, the stronger the ability to reduce the risk of relay attack.

In this example, the target distance 0.37m is greater than the preset threshold value 0.3m, so that the payment device is considered to be a relay-attacked device with a high probability, and in order to ensure the safety of the transaction process, the payment receiving device marks the payment device as an "unsafe transaction" and terminates the transaction.

If the target distance between the payment device and the collection device calculated by the collection device is 0.2m and is smaller than the preset threshold value 0.3m, the transaction process is considered to be safe, and the collection device sends the generated encryption factor, the payment password and the payment bill received from the payment device to the payment background. The payment bill may include a scene field, an identifier of the payment receiving device, a payment amount, and the like.

Optionally, the payment device may further send an original message for sending a payment request, an original message for receiving a payment password, and an original message for receiving a time-consuming duration to the payment background, so that the payment background may calculate the target distance between the payment device and the payment device again to ensure the security of the transaction process.

In step 408, the payment background receives the payment password sent by the payment receiving device.

Besides the payment password, the payment background may also receive an encryption factor and a payment bill sent by the payment receiving device, which are only examples, and the embodiment of the present invention is not limited thereto.

And step 409, the payment background executes corresponding transaction according to the payment password.

Specifically, the following two steps are included.

Step one, a payment background verifies a payment password.

The format of the payment password received by the payment background is as follows: and the payment background adopts the plaintext identifier and the encryption factor to form a session key, and adopts the session key to decrypt the payment ciphertext in the payment password.

And in the process that the payment device sends the payment password to the collection device and then the collection device sends the payment password to the payment background, the plaintext identification in the payment password is easy to be maliciously tampered. For example, the payment device C in the clear text identification is tampered with as the payment device E. When the plaintext identification in the payment password is maliciously tampered, the payment background generates a session key by adopting the received plaintext identification and the encryption factor, at this time, the session key cannot unlock a payment ciphertext, and the payment background can also determine that the maliciousness attack occurs in the payment process, the payment fails and the payment process is ended. If the payment background adopts the session key formed by the plaintext identifier and the encryption factor to unlock the payment ciphertext, the identifier of the payment device carried in the payment ciphertext is obtained, and the plaintext identifier is not tampered, at this time, whether the identifier of the payment device carried in the plaintext identifier and the payment ciphertext is matched or not can be further verified, and if the identifier of the payment device carried in the plaintext identifier and the identifier of the payment ciphertext are matched, the plaintext identifier and the payment ciphertext in the payment password are not tampered.

Optionally, the payment bill includes identifiers of the scene domain and the collection device, and in order to further improve the security of the transaction, before the payment background executes the corresponding deduction operation, the payment background may determine that an association relationship between the scene domain and the identifier of the collection device meets a preset condition.

Specifically, the payment background prestores an association relationship between each scene domain and the corresponding identifier of the collection device, after obtaining the scene domain in the payment bill and the identifier of the collection device, the payment background judges whether the association relationship between the scene domain in the payment bill and the identifier of the collection device matches the stored association relationship, if so, executes a corresponding deduction operation, otherwise, ends the payment process.

For example, the scene domain is a fueling scene, the identification of the payment receiving device is D, and the payment amount is 100 dollars. And the payment background judges whether the incidence relation between the refueling scene and the D is matched with the stored incidence relation or not, namely whether the payment equipment with the D is applied to the refueling scene or not, if so, deducts 100 yuan from the payment account information of the payment equipment in the payment password according to the payment bill, and adds the deducted money to a payment account corresponding to the payment equipment.

Optionally, the payment background further stores a binding relationship between the identifier of each payment device and the payment account information, and the payment cryptograph may also carry the payment account information. Therefore, the payment background can also verify whether the binding relationship between the identification of the payment device and the payment account information in the payment ciphertext is correct. If the verification is passed, the possibility of malicious attack in the payment process is further reduced. Through multiple times of verification, the safety of the transaction is improved.

Optionally, the payee device may send the original message of the receipt request, the original message of the received payment password, and the original message of the received time-consuming duration to the payment backend, the payment backend extracts the first time point T1 from the original message of the receipt request sent by the payee device, extracts the second time point T2 from the original message of the payment password received by the payee device, and extracts the time-consuming duration T from the original message of the time-consuming duration received by the payee device.

The payment receiving device may also send the original message of the payment receiving request and the original message of the payment password to the payment background, where the payment background extracts the first time point T1 from the original message of the payment receiving request sent by the payment receiving device, and extracts the second time point T2 from the original message of the payment password received by the payment receiving device. The payment device sends the original message for receiving the collection request and the original message for sending the payment password to the collection device, the collection device sends the original message for receiving the collection request and the original message for sending the payment password to the payment background, the payment background extracts a third time point T3 from the original message for receiving the collection request by the payment device, and extracts a fourth time point T4 from the original message for sending the payment password by the payment device. The payment back office calculates the elapsed time T from T3 and T4.

The checkout device may also send the first time point T1, the second time point T2, and the elapsed time period T directly to the payment backend. Of course, the payment backend may also obtain the first time point T1, the second time point T2, and the time-consuming duration T in other manners, which is not described herein again.

The payment background calculates the target distance between the payment device and the payment receiving device through T1, T2 and T, and compares the target distance with a preset threshold. And if the target distance is smaller than the preset threshold value, the verification is passed. And recalculating the target distance between the payment device and the collection device through the payment background, and comparing the recalculated target distance with a preset threshold value, thereby verifying whether the transaction process is safe again. Thus, the security of the transaction can be improved.

And step two, the payment background executes corresponding deduction operation according to the payment bill and the payment password.

In one possible implementation, the payment cryptogram is decrypted by the session key to obtain the identifier of the payment device. And if the plaintext identifier is matched with the identifier of the payment device, the payment background executes corresponding deduction operation based on the identifier of the payment device and the payment bill.

Specifically, the payment background obtains payment account information bound with the payment device based on the identifier of the payment device, and then executes corresponding deduction operation according to the payment account information and the payment bill. The payment account information bound with the payment device may be default payment account information preset by a user, or may be payment account information of the last deduction of the payment device, or may be payment account information with the highest deduction frequency, and the like.

In one possible implementation, the payment ciphertext is decrypted by the session key to obtain the identifier of the payment device and the payment account information. And if the plaintext identifier is matched with the identifier of the payment device, the payment background executes corresponding deduction operation based on the identifier of the payment device, the payment account information and the payment bill.

Specifically, the payment password may directly carry the payment account information, the payment password is decrypted to obtain the payment account information, and then a corresponding deduction operation is performed based on the identifier of the payment device, the payment account information, and the payment bill. The payment account information carried in the payment password may be payment account information selected by the user in the deduction process, default payment account information preset by the user, payment account information of the latest deduction of the payment equipment, payment account information with the highest deduction frequency and the like.

It should be noted that, in the above two embodiments, before the payment background performs a corresponding deduction operation based on the identifier of the payment device, the payment account information, and the payment bill, it is only an example to verify whether the plaintext identifier and the identifier of the payment device are matched, and in this application, the present application is not limited to this one verification method, and any one or more of various verification methods described in the following steps may be adopted, and this application is not limited specifically.

Furthermore, the payment background acquires the identification of the collection device according to the payment bill, and adds the amount deducted from the deduction account number to the collection account number according to the collection account number information corresponding to the identification of the collection device. The corresponding relation between the identification of the collection device and the collection account information can be set by the merchant, the last collection account of the merchant can be automatically determined as the current collection account by the payment background, and the account with the highest use frequency of the merchant can be determined as the collection account information. The embodiments of the present invention are not limited in this regard.

For example, the payment background determines that the payment account information is: the China bank deposit card account number is 1234 xxx, and if the payment amount is determined to be 100 yuan according to the bill paid, the China bank server deducts 100 yuan for the deposit card with the account number of 1234 xxx.

The payment background determines that the collection device is a collection device D according to the payment bill, and the collection account information corresponding to the collection device D is as follows: if the chinese industrial and commercial bank deposit card account number is 4321 xxx, the amount of money is 100 yuan by the server of the chinese industrial and commercial bank on the deposit card with the account number of 4321 xxx.

After the transaction is completed, the payment background sends the information of successful payment to the collection device and the payment device, the collection device sends a prompt of successful payment to the merchant after receiving the information of successful payment, and the payment device displays the prompt of successful payment in the display interface after receiving the information of successful payment.

In the embodiment of the application, the payment device can determine the target distance between the payment device and the payment device by acquiring the first time point of sending the payment request, the second time point of receiving the payment password and the time-consuming duration of generating the payment password by the payment device, and if the target distance is less than a preset threshold value, the payment device processing the payment request is close to the payment device, namely the payment device processing the payment request is not another payment device which is far away from the payment device and is likely to be attacked by a relay, the current transaction environment is safe, and then the payment password is sent to the payment background for transaction processing. Therefore, the danger that the payment equipment is attacked by the relay is reduced, and the safety of the transaction is improved.

The payment background re-verifies the payment password, re-calculates the target distance between the collection device and the payment device, and determines whether the transaction is safe, so that the danger that the payment device is attacked by the relay is reduced, and the security of the transaction is improved.

In order to better explain the embodiment of the invention, a transaction processing method in the embodiment of the invention will be described below by taking payment through a UWB tag as an example, and the transaction processing method is interactively executed by a payment device provided with the UWB tag, a payment receiving device and a payment background.

First, the structure of the UWB tag is described, as shown in fig. 6:

the UWB tag 601 may be disposed on any device such as a mobile terminal, a vehicle-mounted terminal, and a wearable device, and the present invention does not limit the disposed position of the UWB tag 601, and the device provided with the UWB tag 601 may be used as a payment device.

UWB tag 601 includes a first MCU (micro controller Unit) module, a first UWB communication module, a storage Unit, and a magnetic induction coil.

Specifically, the first MCU module is a main control chip of the UWB tag and is responsible for regulating and controlling external components such as the first UWB communication module, the storage unit, and the magnetic induction coil.

The first UWB communication module is responsible for communicating with the checkout device 602.

The storage unit is responsible for storing encryption keys and payment account information, and the encryption keys can be common algorithms including SM2, SM3, SM4, AES, RSA and the like at home and abroad and are used for generating session keys. The payment account information and the encryption key are uniformly and safely written in the payment background and cannot be stolen and tampered.

Since the UWB tag 601 needs to be driven by a power source to perform the above function, it may be mounted on a mobile terminal capable of supplying power, or the UWB tag 601 may be brought into contact with the money receiving apparatus 602 to obtain power when payment is made using the UWB tag 601. The embodiment of the present invention further provides another method, in which a magnetic induction coil is installed on the UWB tag 601 to generate induction power, or a button battery is additionally installed to provide a power supply, so that the UWB tag 601 can be installed anywhere.

Next, the structure of the checkout apparatus 602 is described, as shown in FIG. 6:

the payment apparatus 602 mainly includes a second MCU module, a second UWB communication module, a payment module, a random number generator, and a 4G communication module.

The second MCU module is a main control chip of the cash register 602, and is responsible for controlling the second UWB communication module, the payment module random number generator, and the 4G communication module.

The second UWB communication module is responsible for communication with the UWB tag 601.

The random number generator is used for generating random numbers.

The payment module is used for forming a payment bill.

The 4G communication module is used for communicating with the payment background.

A transaction processing method in the embodiment of the present application is described below with reference to the structure of the UWB tag 601 and the structure of the cash register 602, where the method specifically includes:

the reception apparatus 602 generates a random number through the random number generator, generates a reception request through the second MCU module, and sends the reception request to the first UWB communication module of the UWB tag 601, and extracts the first time point T1 at which the reception request is sent from the message in which the reception request is sent through the second UWB communication module.

The UWB tag 601 receives the receipt request through the first UWB communication module, and extracts a third time point T3 of receiving the receipt request from the message of receiving the receipt request through the first UWB communication module. The UWB tag 601 generates a payment password according to the receipt request through the first MCU module, and transmits the payment password to the second UWB communication module of the receipt device 602 through the first UWB communication module. The UWB tag 601 extracts the fourth time point T4 of transmitting the payment password from the message of transmitting the payment password through the first UWB communication module. The first MCU module of the UWB tag 601 calculates a time-consuming duration T for generating a payment password according to the third time point T3 and the fourth time point T4, and transmits the time-consuming duration T to the second UWB communication module of the money receiving apparatus 602 through the first UWB communication module.

The second UWB communication module of the transferee device 602 receives the payment password and extracts a second time point T2 from a message of receiving the payment password. The second MCU module of the payment device 602 calculates the target distance between the UWB tag 601 and the payment device 602 according to T1, T2, and T, and compares with a preset threshold. If the target distance is determined to be larger than the preset threshold value, ending the payment process; and if the target distance is smaller than the preset threshold value, sending the random number and the payment password generated by the random number generator to the payment background 603 through the 4G communication module. The payee device 602 generates a bill for payment through the payment module, including the scene domain of the current payment, the amount to be paid, the identification of the payee device 602, and the like. The payment apparatus 602 sends the bill for payment to the payment background 603 through the 4G communication module.

The payment background 603 verifies the security of the payment password, and if the security passes the verification, corresponding deduction operation is executed according to the payment bill and the payment password.

In the embodiment of the application, the receiving device can determine the target distance between the receiving device and the payment device by obtaining the first time point of sending the receiving request, the second time point of receiving the payment password and the time-consuming duration of the payment password generated by the payment device, and if the target distance is smaller than a preset threshold value, the payment device processing the receiving request is close to the receiving device, namely the payment device processing the receiving request is not another payment device which is far away from the receiving device and is likely to be attacked by a relay, the current transaction environment is safe, and then the payment password is sent to the payment background for transaction processing. Therefore, the danger that the payment equipment is attacked by the relay is reduced, and the safety of the transaction is improved.

Based on the same technical concept, fig. 7 exemplarily shows a structure of a transaction processing apparatus according to an embodiment of the present invention, which can execute a flow of transaction processing performed by a cash register.

As shown in fig. 7, the apparatus specifically includes:

a sending unit 701, configured to send a payment receiving request to a payment device, and obtain a first time point of sending the payment receiving request;

a first receiving unit 702, configured to receive a payment password sent by the payment device, and acquire a second time point for receiving the payment password;

a first processing unit 703, configured to determine, according to the first time point and the second time point, a target distance between the payment apparatus and the payment apparatus; and if the target distance is smaller than a preset threshold value, sending the payment password to a payment background so that the payment background executes corresponding transaction according to the payment password.

Optionally, the first receiving unit 702 is specifically configured to:

the first processing unit 703 is specifically configured to:

Optionally, the first processing unit 703 is specifically configured to:

the first receiving unit 702 is specifically configured to:

Optionally, the sending unit 701 is specifically configured to:

the first receiving unit 702 is specifically configured to:

Based on the same technical concept, fig. 8 exemplarily shows a structure of a transaction processing apparatus provided by an embodiment of the present invention, which can execute a flow of transaction processing performed by a payment device.

As shown in fig. 8, the apparatus specifically includes:

a second receiving unit 801, configured to receive a payment request sent by a payment receiving device;

a second processing unit 802, configured to generate a payment password according to the collection request; and sending the payment password to the payment equipment so that the payment equipment determines a target distance between the payment equipment and the payment equipment according to a first time point of sending the payment request and a second time point of receiving the payment password, and sending the payment password to the payment background when the target distance is determined to be smaller than a preset threshold value, wherein the payment background is used for executing corresponding transaction according to the payment password.

Optionally, the second receiving unit 801 is specifically configured to:

acquiring a third time point for receiving the collection request;

acquiring a fourth time point for sending the payment password;

Optionally, the receipt request carries an encryption factor;

the second processing unit 802 is specifically configured to:

Optionally, the second processing unit 802 is specifically configured to:

Optionally, the second receiving unit 801 is specifically configured to:

Based on the same technical concept, fig. 9 exemplarily shows a structure of a transaction processing device provided by an embodiment of the present invention, and the structure can execute a flow of transaction processing by a payment background.

As shown in fig. 9, the apparatus specifically includes:

a third receiving unit 901, configured to receive a payment password sent by a payee device, where the payment password is generated and sent to the payee device by a payment device after receiving a payee request sent by the payee device, and is sent to the payment background by the payee device when it is determined that a target distance between the payee device and the payment device is smaller than a preset threshold, where the target distance is determined by the payee terminal according to a first time point of sending the payee request and a second time point of receiving the payment password;

and a third processing unit 902, configured to execute a corresponding transaction according to the payment password.

Optionally, the third receiving unit 901 is specifically configured to:

Optionally, the third processing unit 902 is specifically configured to:

the third processing unit 902 is specifically configured to:

Optionally, the third processing unit 902 is specifically configured to:

the third processing unit 902 is specifically configured to:

Optionally, the third processing unit 902 is specifically configured to:

receiving the time-consuming duration sent by the money receiving equipment;

Based on the same technical concept, the embodiment of the present application provides a computer device, as shown in fig. 10, including at least one processor 1001 and a memory 1002 connected to the at least one processor, where a specific connection medium between the processor 1001 and the memory 1002 is not limited in the embodiment of the present application, and the processor 1001 and the memory 1002 in fig. 10 are connected through a bus as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.

In the embodiment of the present application, the memory 1002 stores instructions executable by the at least one processor 1001, and the at least one processor 1001 may execute the steps of the transaction processing method by executing the instructions stored in the memory 1002.

The processor 1001 is a control center of the computer device, and may connect various parts of the computer device by using various interfaces and lines, and perform transaction processing by executing or executing instructions stored in the memory 1002 and calling data stored in the memory 1002. Alternatively, the processor 1001 may include one or more processing units, and the processor 1001 may integrate an application processor and a modem processor, wherein the application processor mainly processes an operating system, a user interface, an application program, and the like, and the modem processor mainly processes wireless communication. It will be appreciated that the modem processor described above may not be integrated into the processor 1001. In some embodiments, the processor 1001 and the memory 1002 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.

The processor 1001 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, and may implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present Application. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor.

Memory 1002, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 1002 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 1002 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 1002 in the embodiments of the present application may also be circuitry or any other device capable of performing a storage function for storing program instructions and/or data.

Based on the same technical concept, embodiments of the present invention further provide a computer-readable storage medium storing a computer-executable program, where the computer-executable program is used to enable a computer to execute the method for processing a transaction listed in any of the above manners.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims

1. A transaction processing method, comprising:

2. The method of claim 1, further comprising:

3. The method of claim 2, wherein determining the target distance between the checkout device and the payment device based on the first point in time, the second point in time, and the elapsed time period comprises:

4. The method of claim 1, wherein the payment receipt request carries an encryption factor to cause the payment device to generate the payment password based on the encryption factor;

5. The method of any of claims 1 to 4, wherein sending a payment request to a payment device and obtaining a first point in time to send the payment request comprises:

6. A transaction processing method, comprising:

receiving a collection request sent by collection equipment;

generating a payment password according to the collection request;

7. The method of claim 6, further comprising:

acquiring a third time point for receiving the collection request;

acquiring a fourth time point for sending the payment password;

8. The method of claim 6, wherein the receipt request carries an encryption factor;

generating a payment password according to the collection request, comprising:

9. The method of claim 8, wherein the encrypting the identity of the payment device with the session key to obtain a payment cryptogram comprises:

10. The method of any of claims 7 to 9, wherein obtaining a third point in time for receiving the payment request comprises:

11. A transaction processing method, comprising:

and executing corresponding transaction according to the payment password.

12. The method of claim 11, wherein the target distance is determined by the checkout device based on a first point in time at which the checkout request is sent and a second point in time at which the payment password is received, comprising:

13. The method of claim 11, wherein performing a corresponding transaction based on the payment password comprises:

14. The method of claim 13, wherein the payment password comprises a plaintext identification and a payment cryptogram;

15. The method of claim 14, wherein the decrypting the payment cryptogram with the session key to obtain the identification of the payment device comprises:

16. The method of claim 13 or 14, wherein the bill for payment includes an identification of a context domain and the checkout device;

17. The method of claim 11, wherein prior to performing the corresponding transaction based on the payment password, further comprising:

18. The method of claim 17, further comprising:

receiving the time-consuming duration sent by the money receiving equipment;

19. A transaction processing device, comprising:

20. A transaction processing device, comprising:

21. A transaction processing device, comprising:

22. A computer device, comprising:

a memory for storing a computer program;

a processor for invoking a computer program stored in said memory for performing the method of any of claims 1 to 18 in accordance with the obtained program.

23. A computer-readable storage medium storing a computer-executable program for causing a computer to perform the method of any one of claims 1 to 18.