CN114119024A - Data interaction method, device and related equipment - Google Patents
Data interaction method, device and related equipment Download PDFInfo
- Publication number
- CN114119024A CN114119024A CN202111487138.5A CN202111487138A CN114119024A CN 114119024 A CN114119024 A CN 114119024A CN 202111487138 A CN202111487138 A CN 202111487138A CN 114119024 A CN114119024 A CN 114119024A
- Authority
- CN
- China
- Prior art keywords
- transaction
- credential
- transaction authorization
- certificate
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The application discloses a data interaction method, which comprises the following steps: the user terminal initiates a transaction request to the supply terminal and receives an order voucher fed back by the supply terminal according to the transaction request; performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate; and sending the transaction authorization request credential to the transaction system so that the transaction system issues the transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back the verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal. By applying the technical scheme provided by the application, the user information can be effectively prevented from being collected by a third party in a large batch, so that the user privacy is protected and the user information safety is ensured. The application also discloses a data interaction device, equipment and a computer readable storage medium, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of network transaction technologies, and in particular, to a data interaction method, a data interaction device, a data interaction apparatus, and a computer-readable storage medium.
Background
The WEB payment is an electronic payment mode which depends on a network and has the characteristics of real time and zero distance as typical characteristics, and the payment network comprises a payment network, an issuer, an acquirer and a merchant. Wherein, the payment network takes on the functions of clearing and settling funds among merchants, acquirers and issuers; the card issuing bank and the acquiring bank are responsible for fund transfer; the merchant is a commodity transaction party with debt and can initiate a payment instruction related to the transaction according to the client. Generally speaking, a merchant provides a plurality of payment modes (integrating payment gateways of various banks) for a user for convenient and fast payment, a payment instruction is transmitted to the payment gateway of a corresponding bank during transaction, and then related payment services such as WeChat payment, Alipay, cloud flash payment and the like are completed through a bank background facility, so that the payment safety is ensured.
However, as a purchaser and a payer, it is often the case that a user does not want his or her own purchasing behavior or account information to be unknowingly collected and aggregated by an unrelated third party. Although the traditional APP E-commerce platform can provide good user purchase and smooth payment experience, the payment account information of the traditional APP E-commerce platform must be handed to a third party irrelevant to payment, the platform grasps a large amount of personal transaction tracks and the payment account information, and not only is high data concentration monopoly easily caused, but also huge potential safety risks are easily caused.
Therefore, how to effectively avoid the user information from being collected by a third party in a large batch, protect the privacy of the user and ensure the safety of the user information is a problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The data interaction method can effectively prevent user information from being collected by a third party in a large batch, so that the privacy of a user is protected and the safety of the user information is ensured; another object of the present application is to provide a data interaction device, a device and a computer-readable storage medium, all of which have the above advantages.
In a first aspect, the present application provides a data interaction method, including:
a user terminal initiates a transaction request to a supply terminal and receives an order voucher fed back by the supply terminal according to the transaction request;
performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate;
and sending the transaction authorization request credential to a transaction system so that the transaction system issues a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back a verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
Preferably, before the performing an encryption operation based on the order credential and the user identity account credential and constructing a transaction authorization request credential, the method further includes:
and verifying the order certificate by using the public key registered on the identity registry by the supply terminal, and after the order certificate passes the verification, executing the encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate.
Preferably, the deploying of the user terminal with a user identity wallet, the storing of the user identity account credential in the user identity wallet, and the performing of the encryption operation based on the order credential and the user identity account credential to construct the transaction authorization request credential include:
and carrying out encryption operation on the order certificate and the user identity account certificate through the user identity wallet to obtain the transaction authorization request certificate.
Preferably, the transaction system includes an account opening server, and the method further includes:
sending a KYC registration request carrying user registration information to the account opening server, so that the account opening server signs and issues the user identity account certificate according to the KYC registration request and stores the user registration information; the user registration information comprises a user ID and a user public key;
receiving the user identity account certificate fed back by the account opening server;
storing the user identity account credentials in the user identity wallet.
Preferably, the verifying the transaction authorization request credential by the transaction system includes:
and verifying the transaction authorization request credential by using the user registration information through the account opening server.
Preferably, the transaction system includes a credential center server, and after issuing a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential, the transaction system further includes:
and storing the transaction authorization voucher to the voucher center server side.
Preferably, the transaction system further includes a transaction processing server, and when receiving a transaction authorization credential verification result request sent by the provisioning terminal, the transaction processing server feeds back a verification result of the transaction authorization credential to the provisioning terminal, including:
receiving the transaction authorization certificate verification result request sent by the supply terminal through the transaction processing server terminal;
requesting to present a transaction authorization certificate corresponding to the transaction authorization certificate from the certificate center server according to the transaction authorization certificate verification result;
when the transaction authorization certificate presented by the certificate center server is obtained, the transaction authorization certificate is verified through the transaction processing server, and after the verification is passed, the verification result of the transaction authorization certificate is fed back to the supply terminal.
In a second aspect, the present application also discloses a data interaction device, including:
the order certificate acquisition module is used for initiating a transaction request to a supply terminal by a user terminal and receiving an order certificate fed back by the supply terminal according to the transaction request;
the transaction authorization request credential issuing module is used for carrying out encryption operation based on the order credential and the user identity account credential to construct a transaction authorization request credential;
and the transaction authorization module is used for sending the transaction authorization request credential to a transaction system so that the transaction system issues a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeds back a verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
In a third aspect, the present application also discloses a data interaction device, including:
a memory for storing a computer program;
a processor for implementing the steps of any of the data interaction methods described above when executing the computer program.
In a fourth aspect, the present application further discloses a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of any of the data interaction methods described above.
The data interaction method comprises the steps that a user terminal initiates a transaction request to a supply terminal, and receives an order certificate fed back by the supply terminal according to the transaction request; performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate; sending the transaction authorization request credential to a transaction system so that the transaction system issues a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back a verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal
By applying the technical scheme provided by the application, when the user terminal and the supply terminal carry out data transaction, the user terminal only needs to initiate a transaction request to the supply terminal to obtain an order certificate fed back by the supply terminal, then carries out encryption operation on the order certificate and a user identity account certificate to construct a transaction authorization request certificate, and then sends the transaction authorization request certificate to a transaction system, and for the transaction system, the transaction authorization certificate can be issued by using a transaction authorization processing result corresponding to the transaction authorization request certificate after the transaction authorization request certificate is verified to be passed, so that data transaction is completed; for the supply terminal, the final transaction result can be obtained by sending a transaction authorization voucher verification result request to the transaction system. Obviously, the user terminal does not need to perform account registration and information storage on the supply terminal, but directly completes verification of the user terminal identity and the transaction information by the transaction system, so that data transaction between the user terminal and the supply terminal is completed, the user information can be effectively prevented from being collected by a third-party platform, the user privacy is effectively protected, and the user information safety is ensured.
The data interaction device, the equipment and the computer readable storage medium provided by the application all have the beneficial effects, and are not described again.
Drawings
In order to more clearly illustrate the technical solutions in the prior art and the embodiments of the present application, the drawings that are needed to be used in the description of the prior art and the embodiments of the present application will be briefly described below. Of course, the following description of the drawings related to the embodiments of the present application is only a part of the embodiments of the present application, and it will be obvious to those skilled in the art that other drawings can be obtained from the provided drawings without any creative effort, and the obtained other drawings also belong to the protection scope of the present application.
Fig. 1 is a schematic flowchart of a data interaction method provided in the present application;
FIG. 2 is a schematic diagram illustrating the circulation of verifiable credentials in online payment according to the present application;
FIG. 3 is a schematic diagram of a transaction confirmation process provided herein;
FIG. 4 is a schematic diagram illustrating a process for issuing a credential for a user identity account according to the present application;
FIG. 5 is a schematic diagram illustrating a process for requesting payment authorization provided herein;
FIG. 6 is a schematic diagram illustrating a process for issuing a payment authorization credential according to the present application;
fig. 7 is a schematic flow chart of a merchant system for obtaining payment authorization credentials provided in the present application;
FIG. 8 is a schematic diagram illustrating a data interaction process in a data interaction system provided in the present application;
fig. 9 is a schematic structural diagram of a data interaction device provided in the present application;
fig. 10 is a schematic structural diagram of a data interaction device provided in the present application.
Detailed Description
The core of the application is to provide a data interaction method, which can effectively prevent user information from being collected by a third party in a large batch, thereby protecting the privacy of a user and ensuring the safety of the user information; another core of the present application is to provide a data interaction device, a device and a computer-readable storage medium, which also have the above-mentioned advantages.
In order to more clearly and completely describe the technical solutions in the embodiments of the present application, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a data interaction method.
Referring to fig. 1, fig. 1 is a schematic flow chart of a data interaction method provided in the present application, where the data interaction method may include:
s101: the user terminal initiates a transaction request to the supply terminal and receives an order voucher fed back by the supply terminal according to the transaction request;
the step aims to realize the acquisition of the order voucher through the interaction between the user terminal and the supply terminal. Specifically, after determining the transaction, the user terminal may initiate a transaction request to the provisioning terminal, where the transaction request may specifically be a payment request, for example, after determining an item to be purchased through the user terminal, the user may initiate a payment request to the provisioning terminal, where the provisioning terminal is a party for provisioning (selling) the item. For the provisioning terminal, after receiving the transaction request sent by the user terminal, an order voucher may be generated based on the transaction request, where the order voucher may include information such as an order number, a merchant collection account number, and a total order amount, and then the order voucher is fed back to the user terminal, so that the user terminal performs transaction operations such as payment based on the order voucher.
S102: performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate;
this step is intended to construct a transaction authorization request credential. Specifically, after receiving the order credential fed back by the provisioning terminal, the user terminal performs an encryption operation based on the order credential and the user identity account credential to construct a transaction authorization request credential, where the transaction authorization request credential includes user identity information and the order credential and is used to request a transaction authorization from the transaction system, so as to complete data interaction with the provisioning terminal. The encryption process may be implemented in any manner in the prior art, and is not described herein again.
It can be understood that the encryption operation processing is performed simultaneously based on the order certificate and the user identity account certificate, on one hand, the security of the data information in the transmission process can be effectively ensured, and on the other hand, the encryption operation processing can be used for indicating the transaction system to perform validity verification on the received data information before issuing the transaction authorization certificate, so that the validity of the user terminal and the security of the transaction data are further ensured.
S103: and sending the transaction authorization request credential to the transaction system so that the transaction system issues the transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back the verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
The step aims to send the transaction authorization request certificate to the transaction system so that the transaction system issues the transaction authorization certificate, and therefore data interaction between the user terminal and the transaction system is completed. Specifically, the user terminal may send the constructed transaction authorization request credential to the transaction system after completing the encryption operation processing based on the order credential and the user identity account credential. Further, the transaction system may verify the transaction authorization request credential after receiving it. After the verification is passed, the transaction authorization voucher can be issued according to the transaction authorization processing result corresponding to the transaction authorization request voucher, so that the data interaction between the user terminal and the transaction system is completed. Finally, for the supply terminal, the verification result of the transaction authorization voucher fed back by the transaction system, that is, the verified transaction result between the supply terminal and the user terminal, can be obtained by sending a transaction authorization voucher verification result request to the transaction system.
Therefore, according to the data interaction method provided by the application, when the user terminal and the supply terminal perform data transaction, the user terminal only needs to initiate a transaction request to the supply terminal to obtain an order certificate fed back by the supply terminal, then performs encryption operation on the order certificate and a user identity account certificate to construct a transaction authorization request certificate, and then sends the transaction authorization request certificate to a transaction system, and for the transaction system, the transaction authorization request certificate can be issued by using a transaction authorization processing result corresponding to the transaction authorization request certificate after the transaction authorization request certificate passes verification, so that data transaction is completed; for the supply terminal, the final transaction result can be obtained by sending a transaction authorization voucher verification result request to the transaction system. Obviously, the user terminal does not need to perform account registration and information storage on the supply terminal, but directly completes verification of the user terminal identity and the transaction information by the transaction system, so that data transaction between the user terminal and the supply terminal is completed, the user information can be effectively prevented from being collected by a third-party platform, the user privacy is effectively protected, and the user information safety is ensured.
In an embodiment of the application, before the performing the encryption operation based on the order credential and the user identity account credential and constructing the transaction authorization request credential, the method may further include: and verifying the order certificate by using the public key registered on the identity registry by the supply terminal, and after the verification is passed, performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate.
In the embodiment of the application, after the user terminal receives the order voucher fed back by the supply terminal, the order voucher can be verified before the encryption operation is performed based on the order voucher and the user identity account voucher, so that the authenticity of the source of the order voucher is effectively ensured. Specifically, before feeding back the order voucher to the user terminal, the supply terminal may first perform signature processing on the order voucher by using a private key, and then feed back the signed order voucher to the user terminal; after receiving the order certificate, the user terminal can verify the order certificate by using the public key corresponding to the private key, and sign the order certificate by using the user identity information after the order certificate passes the verification. The public key corresponding to the private key is registered on the identity registry by the provisioning terminal, and the user terminal can directly obtain the public key from the identity registry.
In an embodiment of the present application, the deploying, by the user terminal, a user identity wallet, where the user identity account credential is stored in the user identity wallet, and performing an encryption operation based on the order credential and the user identity account credential to construct the transaction authorization request credential may include: and carrying out encryption operation on the order certificate and the user identity account certificate through the user identity wallet to obtain a transaction authorization request certificate.
In the embodiment of the application, a user identity wallet may be deployed at a user terminal, data management of a corresponding user is implemented by the user identity wallet, and a user identity account credential is stored in the user wallet. Based on this, the operation of the user terminal performing the encryption operation based on the order credential and the user identity account credential may be specifically executed by the user identity wallet. In addition, based on the user identity wallet, the verification operation, the storage operation and the encryption operation on the order certificate can be realized.
In an embodiment of the application, the transaction system includes an account opening server, and the data interaction method may further include: sending a KYC (Key _ Your customer, a real-name authentication mechanism) registration request carrying user registration information to the account opening server, so that the account opening server signs a user identity account certificate according to the KYC registration request and stores the user registration information; the user registration information comprises a user ID and a user public key; receiving a user identity account certificate fed back by an account opening server; storing the user identity account credentials in a user identity wallet.
In the embodiment of the application, an implementation method is provided for a user terminal to register the identity of an account opening server of a transaction system and obtain a user identity account certificate. Specifically, an account opening server can be deployed in the transaction system and used for providing account opening card service for the user terminal, and based on the account opening service, the user terminal can send a KYC registration request to the account opening server, wherein the request contains corresponding user registration information; further, after receiving a KYC registration request, the account opening server can issue a user identity account certificate for the user terminal according to the request, and obtain user registration information in the user identity account certificate through request analysis, wherein the user registration information comprises a user ID and a user public key; and finally, after receiving the user identity account certificate issued by the account opening server, the user terminal can store the user identity account certificate in a user identity wallet of the user terminal so as to realize acquisition of the transaction authorization request certificate in the following process.
In one embodiment of the present application, the verifying the transaction authorization request credential by the transaction system may include: and verifying the transaction authorization request credential by using the user registration information through the account opening server.
As described above, the account opening server may store the user registration information in the KYC registration request for subsequent user identity account credential verification, so that when the transaction system verifies the transaction authorization request credential sent by the user terminal, the account opening server may specifically verify the transaction authorization request credential by using the user registration information stored by the account opening server, where the user registration information is the user information registered by the user terminal when the account opening server performs an account opening and card transaction service, that is, the user registration information under the KYC authentication mechanism.
In an embodiment of the present application, the transaction system includes a credential center server, and after issuing a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential, the transaction system may further include: and storing the transaction authorization certificate to a certificate center server side.
In the embodiment of the application, a certificate center server can be deployed in the transaction system, and the certificate center server stores the transaction authorization certificate so that the supply terminal requests to acquire the transaction authorization certificate.
In an embodiment of the application, the transaction system further includes a transaction processing server, and when receiving a transaction authorization credential verification result request sent by the provisioning terminal, the method may feed back a verification result of the transaction authorization credential to the provisioning terminal, and may include: receiving a transaction authorization certificate verification result request sent by a supply terminal through a transaction processing server; requesting to present a transaction authorization certificate corresponding to the transaction authorization certificate from a certificate center server according to the transaction authorization certificate verification result; when the transaction authorization certificate presented by the certificate center server is obtained, the transaction authorization certificate is verified through the transaction processing server, and after the verification is passed, the verification result of the transaction authorization certificate is fed back to the supply terminal.
In the embodiment of the application, a transaction processing server can be further deployed in the transaction system, and the transaction processing server is used for realizing data interaction between the transaction system and the supply terminal. Specifically, after feeding back the order certificate to the user terminal, the supply terminal can initiate a transaction authorization certificate verification result request to a transaction processing server of the transaction system to request to obtain a transaction result between the supply terminal and the user terminal; further, the transaction processing server can forward the transaction authorization certificate verification result request to the certificate center server to request the certificate center server to display the transaction authorization certificate corresponding to the transaction authorization certificate, verify the transaction authorization certificate, and feed back the verification result of the transaction authorization certificate to the supply terminal when the verification is passed, so that the supply terminal can obtain the transaction result between the supply terminal and the user terminal, and data interaction between the user terminal and the supply terminal is realized through the transaction system.
The verification process of the transaction processing server side for the transaction authorization certificate can be realized by adopting a VC-AuthN-OIDC (information verification method) verification mode. VC-AuthN-OIDC is a new method for identity verification by using a verifiable certificate, which is expanded on OIDC and provided for users by depending on standardization of OIDC (OpenId Connect, identity authentication), eliminates dependence on any single Open ID providing program, transfers greater control to users, enhances privacy and simplifies user experience, and a relying party acquires token information to decide subsequent authorization operation without collecting and storing user information irrelevant to service.
Based on the foregoing embodiments, another data interaction method is provided in the embodiments of the present application.
The data interaction method provided by the embodiment of the application adopts a distributed identity technology, takes a user as a center, and realizes interaction between a merchant system and the user, between the user and an issuer (issuer), and between a payment processing system and the merchant system based on a verifiable certificate circulation model. The specific implementation process is as follows:
referring to fig. 2, fig. 2 is a schematic view illustrating a flow of verifiable credentials in network payment, which is provided by the present application, and the core of the scheme is DID (Decentralized identity Identifier) credential flow, and credential information interaction is realized through peer-to-peer DID communication. According to the roles and mutual relations in the payment ecology, the payment system can be disassembled into a plurality of point-to-point message units, and the description is given in the following manner according to the grouping of a merchant system (payee, i.e. the above-mentioned supply terminal) and a user (payer, i.e. the above-mentioned user terminal), the grouping of the user and an issuer (issuer, i.e. the above-mentioned account opening server), and the grouping of a payment processing system (payment processing server) and the merchant system.
1. Merchant system and user:
referring to fig. 3, fig. 3 is a schematic diagram illustrating a transaction confirmation process according to the present application. In a transaction scene taking a user as a center, user data is controlled by the user, and privacy data such as bank account information of the user and the like are controlled by the identity wallet of the user, so that the user does not need to register and store on a merchant system, and the aggregation of the user information by the merchant system is reduced. The user and the merchant system can transmit messages through a DID message channel based on an agent, and the merchant system can directly send signed order certificates to the user under the condition that the user confirms payment, wherein the certificates comprise information such as order numbers, merchant collection account numbers, order total amount (including freight charge) and the like. The user can verify the order certificate through the public key registered on the identity registry by the merchant system so as to ensure the authenticity of the order source, and meanwhile, the stored order certificate is used for initiating a subsequent transfer payment request and tracing the after-sale order service.
2. The user and the card issuing bank:
in order to initiate a payment request related to a purchase, a user needs to prove the legal identity of the user as a payer to an issuer, provide corresponding transaction confirmation, and consider submitting an order voucher meeting the requirements of a payment service in the case of matching with a purchase background survey.
Based on this, in order to realize the payment request related to transaction confirmation, the user can process the anonymous voucher of the received order form, obtain the payment authorization request voucher including the account of the payer, the account of the payee and the transfer amount and submit the payment authorization request voucher to the issuer. The KYC registration is realized between the user and the issuer in advance, and the payment account certificate is maintained in a public key mode, so that the order certificate can be signed by the user identity information to be verified by the issuer, and a schematic diagram of the issuing process of the user identity account certificate is shown in FIG. 4.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating a process of requesting payment authorization provided in the present application, where a user may construct a payment authorization request credential based on an identity wallet, send the payment authorization request credential to an issuer through DID communication, be authenticated by the issuer, and process the payment authorization request.
3. The payment processing system and the merchant system:
referring to fig. 6 and 7, fig. 6 is a schematic diagram of a process for issuing a payment authorization credential provided by the present application, and fig. 7 is a schematic diagram of a process for acquiring a payment authorization credential by a merchant system provided by the present application. After receiving the payment authorization request of the user, the issuer verifies the payment authorization request credential submitted by the user, confirms that the order payment request is indeed initiated by the user and that the user is a KYC user, and if the account fund status of the user meets the requirement, can issue the payment authorization credential (wherein, under the condition of PUSH payment (transaction actively pushed by bank), the payment authorization credential can also be issued as the deposit certificate of the completed payment behavior). Here, the merchant system needs to obtain the payment authorization result, but since the main body of the payment authorization credential is not the merchant system, the payment authorization credential is not sent to the merchant system, but the payment authorization credential is stored in a credential center of the payment system, and the merchant system can request the credential center for verification through the authentication service of the payment processing system and present the verification status information of the payment authorization credential to obtain the payment result of the user.
Based on the flow diagrams shown in fig. 3 to fig. 7, a data transaction flow diagram of the entire system can be obtained, as shown in fig. 8, fig. 8 is a data interaction flow diagram in a data interaction system provided by the present application.
Therefore, the data interaction method provided by the embodiment of the application has the following advantages:
(1) support for user-centric service modes:
by adopting the distributed identity technology, a user-centered service mode can be realized, namely direct interaction between a service provider and a service main body of the service provider, no matter electronic commerce or payment transfer, and indirect achievement through another system is not needed. For example, when the user confirms shopping cart information and initiates payment, the payment service will be conducted directly between the buyer (payer) and the payment facilitator, which can talk directly to the service principal, obtain further customer information, and provide a corresponding personalized payment scheme (e.g., discount).
(2) The simplified service flow is realized:
the distributed identity supports point-to-point decentralized secure communication, so that the service flow in the traditional network payment can be greatly simplified. In the scheme, the personal order is confirmed (signed) by a purchaser and then is directly submitted to a payment processor (an issuer or an issuer) in a payment authorization request mode for processing, the payment processor determines to perform payment authorization processing after verifying the source authenticity of the order and the account condition of a requester, and payment authorization does not need to be submitted to the issuer of the payer through an acquirer processing system of a merchant. Likewise, based on the verifiable certificate circulation model of distributed identity, the PULL (transaction of active PULL of bank) fund circulation step can be simplified: the merchant does not need to transmit the authorized payment of the customer issuer to trigger the fund transfer, and the merchant acquirer system can automatically inquire the authorized payment certificate registry, verify the certificate and complete the fund collection.
(3) Data regression owner was achieved:
the user can realize self data management through the identity wallet and decide whether to provide the data for the related transaction party in the transaction process, so that the separation of user data and service is realized, the data returns to an owner, and the identity privacy of the user is effectively protected. In particular, in the online purchasing and payment process, it may be embodied that the user provides the merchant with his age identification through the identity wallet instead of presenting the identity card information, and the user provides the payment service provider with his payment account credentials and order payment amount information instead of order details through the identity wallet.
(4) Support privacy protection and behavior may not be grouped:
the distributed identity is composed of an ID and a certificate, an ID layer supports machine trust and is responsible for establishing a secure channel for both message parties, the certificate layer realizes additional description of identity attributes, the ID and the certificate can be decoupled and recombined, and minimum disclosure of the identity can be conveniently realized according to requirements so as to support privacy protection. By adopting the distributed identity technology, the identity of the user entity is independently expressed in the roles of the user entity in different scenes, and service providers in different scenes cannot realize the collection of user behaviors through combination due to the adoption of different public key infrastructures.
(5) And (3) supporting data credible circulation:
besides the identity data of the user, if the behavior data generated by the user in the digital system is returned to the user and then the user signs and forwards the behavior data based on the switched identity, the transfer of trusted data can be realized, thereby supporting the requirement of distributed service cooperation. To ensure the authenticity of the data source and the authenticity of the data owner, the processing may be based on the dcomm Protocol (distributed identity Communication Protocol) of DPKI (distributed Public Key Infrastructure) and cryptographic operations based on verifiable credentials.
(6) Flexible extensibility is supported:
distributed is an organization method with large development space compared with centralized, and is powerful in that the distributed type can show rich diversity and construct groups, no matter life or intelligence. Numerous small cell systems can be readily accessed into existing distributed systems at any time. For the distributed identity system, as long as each entity communicates with the standardized protocol through the standardized agent software to transmit the standardized certificate data, the existing distributed system can be accessed at any time, and the service processed by the distributed system is realized by the self-defined message protocol.
Referring to fig. 9, fig. 9 is a schematic structural diagram of a data interaction device provided in the present application, where the data interaction device may include:
the order voucher acquisition module 1 is used for a user terminal to initiate a transaction request to a supply terminal and receive an order voucher fed back by the supply terminal according to the transaction request;
the transaction authorization request credential issuing module 2 is used for carrying out encryption operation based on the order credential and the user identity account credential to construct a transaction authorization request credential;
and the transaction authorization module 3 is used for sending the transaction authorization request credential to the transaction system, so that the transaction system issues the transaction authorization credential according to the transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeds back the verification result of the transaction authorization credential to the supply terminal when receiving the transaction authorization credential verification result request sent by the supply terminal.
Therefore, in the data interaction device provided in the embodiment of the present application, when the user terminal performs data transaction with the supply terminal, the user terminal only needs to initiate a transaction request to the supply terminal to obtain the order credential fed back by the supply terminal, then performs encryption operation on the order credential and the user identity account credential, and after constructing a transaction authorization request credential, sends the transaction authorization request credential to the transaction system, and for the transaction system, after the transaction authorization request credential passes verification, the transaction authorization credential is issued by using the transaction authorization processing result corresponding to the transaction authorization request credential to complete data transaction; for the supply terminal, the final transaction result can be obtained by sending a transaction authorization voucher verification result request to the transaction system. Obviously, the user terminal does not need to perform account registration and information storage on the supply terminal, but directly completes verification of the user terminal identity and the transaction information by the transaction system, so that data transaction between the user terminal and the supply terminal is completed, the user information can be effectively prevented from being collected by a third-party platform, the user privacy is effectively protected, and the user information safety is ensured.
As a preferred embodiment, the data interaction device may further include an order credential verification module, configured to verify the order credential by using a public key registered on the identity registry by the provisioning terminal before the encryption operation is performed based on the order credential and the user identity account credential to construct the transaction authorization request credential, and after the verification is passed, perform the encryption operation based on the order credential and the user identity account credential to construct the transaction authorization request credential.
As a preferred embodiment, the user terminal is disposed with a user identity wallet, and the user identity account credential is stored in the user identity wallet, the transaction authorization request credential issuing module 2 may be specifically configured to perform an encryption operation on the order credential and the user identity account credential through the user identity wallet to obtain the transaction authorization request credential.
As a preferred embodiment, the transaction system comprises an account opening server, the data interaction device further comprises a registration module, configured to send a KYC registration request carrying user registration information to the account opening server, so that the account opening server signs a user identity account credential according to the KYC registration request, and stores the user registration information; the user registration information comprises a user ID and a user public key; receiving a user identity account certificate fed back by an account opening server; storing the user identity account credentials in a user identity wallet.
For the introduction of the apparatus provided in the present application, please refer to the above method embodiments, which are not described herein again.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a data interaction device provided in the present application, where the data interaction device may include:
a memory for storing a computer program;
a processor, configured to execute a computer program, may implement the steps of any of the above-mentioned data interaction methods.
As shown in fig. 10, which is a schematic diagram of a structure of a data interaction device, the data interaction device may include: a processor 10, a memory 11, a communication interface 12 and a communication bus 13. The processor 10, the memory 11 and the communication interface 12 all communicate with each other through a communication bus 13.
In the embodiment of the present application, the processor 10 may be a Central Processing Unit (CPU), an application specific integrated circuit, a digital signal processor, a field programmable gate array or other programmable logic device, etc.
The processor 10 may call a program stored in the memory 11, and in particular, the processor 10 may perform operations in an embodiment of the data interaction method.
The memory 11 is used for storing one or more programs, the program may include program codes, the program codes include computer operation instructions, in this embodiment, the memory 11 stores at least the program for implementing the following functions:
the user terminal initiates a transaction request to the supply terminal and receives an order voucher fed back by the supply terminal according to the transaction request;
performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate;
and sending the transaction authorization request credential to the transaction system so that the transaction system issues the transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back the verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
In one possible implementation, the memory 11 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created during use.
Further, the memory 11 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device or other volatile solid state storage device.
The communication interface 12 may be an interface of a communication module for connecting with other devices or systems.
Of course, it should be noted that the structure shown in fig. 10 does not constitute a limitation to the data interaction device in the embodiment of the present application, and in practical applications, the data interaction device may include more or less components than those shown in fig. 10, or some components may be combined.
The present application also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, is capable of implementing the steps of any one of the data interaction methods as described above.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
For the introduction of the computer-readable storage medium provided in the present application, please refer to the above method embodiments, which are not described herein again.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The technical solutions provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, without departing from the principle of the present application, several improvements and modifications can be made to the present application, and these improvements and modifications also fall into the protection scope of the present application.
Claims (10)
1. A method for data interaction, comprising:
a user terminal initiates a transaction request to a supply terminal and receives an order voucher fed back by the supply terminal according to the transaction request;
performing encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate;
and sending the transaction authorization request credential to a transaction system so that the transaction system issues a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeding back a verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
2. The data interaction method of claim 1, wherein before performing the encryption operation based on the order credential and the user identity account credential to construct the transaction authorization request credential, the method further comprises:
and verifying the order certificate by using the public key registered on the identity registry by the supply terminal, and after the order certificate passes the verification, executing the encryption operation based on the order certificate and the user identity account certificate to construct a transaction authorization request certificate.
3. The data interaction method of claim 1, wherein the user terminal deploys a user identity wallet, and the user identity account credential is stored in the user identity wallet, and the performing an encryption operation based on the order credential and the user identity account credential to construct a transaction authorization request credential comprises:
and carrying out encryption operation on the order certificate and the user identity account certificate through the user identity wallet to obtain the transaction authorization request certificate.
4. The data interaction method of claim 3, wherein the transaction system comprises an account opening server, and the method further comprises:
sending a KYC registration request carrying user registration information to the account opening server, so that the account opening server signs and issues the user identity account certificate according to the KYC registration request and stores the user registration information; the user registration information comprises a user ID and a user public key;
receiving the user identity account certificate fed back by the account opening server;
storing the user identity account credentials in the user identity wallet.
5. The data interaction method of claim 4, wherein the transaction system verifies the transaction authorization request credential, comprising:
and verifying the transaction authorization request credential by using the user registration information through the account opening server.
6. The data interaction method of claim 1, wherein the transaction system comprises a credential center server, and after issuing a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential, the method further comprises:
and storing the transaction authorization voucher to the voucher center server side.
7. The data interaction method of claim 6, wherein the transaction system further comprises a transaction processing server, and the feeding back the verification result of the transaction authorization credential to the provisioning terminal when receiving the request of the verification result of the transaction authorization credential sent by the provisioning terminal comprises:
receiving the transaction authorization certificate verification result request sent by the supply terminal through the transaction processing server terminal;
requesting to present a transaction authorization certificate corresponding to the transaction authorization certificate from the certificate center server according to the transaction authorization certificate verification result;
when the transaction authorization certificate presented by the certificate center server is obtained, the transaction authorization certificate is verified through the transaction processing server, and after the verification is passed, the verification result of the transaction authorization certificate is fed back to the supply terminal.
8. A data interaction device, comprising:
the order certificate acquisition module is used for initiating a transaction request to a supply terminal by a user terminal and receiving an order certificate fed back by the supply terminal according to the transaction request;
the transaction authorization request credential issuing module is used for carrying out encryption operation based on the order credential and the user identity account credential to construct a transaction authorization request credential;
and the transaction authorization module is used for sending the transaction authorization request credential to a transaction system so that the transaction system issues a transaction authorization credential according to a transaction authorization processing result corresponding to the transaction authorization request credential after the transaction authorization request credential passes verification, and feeds back a verification result of the transaction authorization credential to the supply terminal when receiving a transaction authorization credential verification result request sent by the supply terminal.
9. A data interaction device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the data interaction method as claimed in any one of claims 1 to 7 when executing said computer program.
10. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the steps of the data interaction method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111487138.5A CN114119024A (en) | 2021-12-07 | 2021-12-07 | Data interaction method, device and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111487138.5A CN114119024A (en) | 2021-12-07 | 2021-12-07 | Data interaction method, device and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114119024A true CN114119024A (en) | 2022-03-01 |
Family
ID=80367904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111487138.5A Pending CN114119024A (en) | 2021-12-07 | 2021-12-07 | Data interaction method, device and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114119024A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115760082A (en) * | 2022-11-23 | 2023-03-07 | 中国银联股份有限公司 | Digital payment processing method, device, equipment, system and medium |
-
2021
- 2021-12-07 CN CN202111487138.5A patent/CN114119024A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115760082A (en) * | 2022-11-23 | 2023-03-07 | 中国银联股份有限公司 | Digital payment processing method, device, equipment, system and medium |
| CN115760082B (en) * | 2022-11-23 | 2024-05-17 | 中国银联股份有限公司 | Digital payment processing method, device, equipment, system and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10846663B2 (en) | Systems and methods for securing cryptocurrency purchases | |
| US10248952B2 (en) | Automated account provisioning | |
| RU2663476C2 (en) | Remote payment transactions protected processing, including authentication of consumers | |
| Kim et al. | E-commerce payment model using blockchain | |
| US9558493B2 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| US8725638B2 (en) | Method and system for payment authorization and card presentation using pre-issued identities | |
| US8856043B2 (en) | Method and system for managing data and enabling payment transactions between multiple entities | |
| US20150046340A1 (en) | Variable authentication process and system | |
| US10614457B2 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| CN105612543A (en) | Methods and systems for provisioning mobile devices with payment credentials | |
| CN104737189A (en) | Environment and methods for enabling eletronic transactions | |
| US10325260B2 (en) | System, method and computer program product for secure peer-to-peer transactions | |
| US11870903B2 (en) | Cloud token provisioning of multiple tokens | |
| CN107256484A (en) | Mobile payment sublicense method and the payment system realized using this method | |
| Layeghian Javan et al. | An anonymous mobile payment protocol based on SWPP | |
| TW201317911A (en) | Cloud credit card transaction system and transaction method thereof | |
| CN114119024A (en) | Data interaction method, device and related equipment | |
| EP4278316A1 (en) | Token-based off-chain interaction authorization | |
| CN112308546A (en) | Offline digital currency acquiring system and method | |
| WO2016195764A1 (en) | Secure authorizations using independent communications and different one-time-use encryption keys for each party to a transaction | |
| CN114270780A (en) | Gateway agnostic tokenization | |
| WO2019203982A2 (en) | Server and method for sending a transaction receipt via a push notification | |
| US11812260B2 (en) | Secure offline mobile interactions | |
| Carbonell et al. | Security analysis of a new multi-party payment protocol with intermediary service. | |
| WO2016175894A1 (en) | Secure authorizations using independent communicatons and different one-time-use encryption keys for each party to a transaction |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |