TW201835825A - Transaction verification method and system - Google Patents

Transaction verification method and system Download PDF

Info

Publication number
TW201835825A
TW201835825A TW107109421A TW107109421A TW201835825A TW 201835825 A TW201835825 A TW 201835825A TW 107109421 A TW107109421 A TW 107109421A TW 107109421 A TW107109421 A TW 107109421A TW 201835825 A TW201835825 A TW 201835825A
Authority
TW
Taiwan
Prior art keywords
digital
transaction
information
digital voucher
key
Prior art date
Application number
TW107109421A
Other languages
Chinese (zh)
Other versions
TWI678666B (en
Inventor
章明
陳芳
宋漢石
于曉濱
蔣慧科
黃麗娜
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201835825A publication Critical patent/TW201835825A/en
Application granted granted Critical
Publication of TWI678666B publication Critical patent/TWI678666B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a transaction verification method, comprising: generating transaction information of a first transaction; submitting a first request to a digital certificate applying party by a digital certificate using party; submitting a second request to a digital certificate providing party by the digital certificate applying party; querying a first secret key by the digital certificate providing party based on a first digital certificate, utilizing the first secret key to disperse identity information of the digital certificate using party to obtain a second secret key, and encrypting the transaction information of the first transaction based on the second secret key to form first dynamic information for delivery; and verifying second dynamic information sent from the digital certificate using party in a second transaction by the digital certificate providing party to indicate that the second transaction is continued or terminated, wherein the second dynamic information is corresponding to the first dynamic information. The method and the system provide the extremely convenient electronic payment mode for the user, avoid leakage of the user information, and perform dynamic information verification difficult to decrypt for each transaction.

Description

交易驗證方法及系統Transaction verification method and system

[0001] 本發明涉及電子支付技術領域,更具體地說,涉及一種交易驗證方法及系統。[0001] The present invention relates to the field of electronic payment technology, and more particularly, to a transaction verification method and system.

[0002] 隨著移動互聯網技術和互聯網金融的發展,電子支付技術呈現多元化的發展態勢,互聯網支付、移動支付等新興支付方式正在快速普及,而與此同時,該類支付的安全問題正受到越來越多的關注。   [0003] 在現有線上支付的場景中,支付交易的合法性主要依賴於持卡人提供的卡片相關的資訊。通常,首次支付時,持卡人在一個商戶網站或數字錢包網站上提交用於支付的完整的銀行卡資訊,包括姓名、卡號、有效期、CVN2等卡面資訊,後續交易時只需根據登記的卡片後四位元資訊即可發起交易,這種快捷支付依賴於商戶系統或數位錢包系統存儲卡號資訊,雖然持卡人體驗相對好,但交易安全性不佳。具體包括:1、商戶系統需要存儲大量的卡片資訊,這存在被攻擊或洩露的可能;2、交易授權主要基於卡片靜態資訊,存在偽造交易的可能。[0002] With the development of mobile Internet technology and Internet finance, electronic payment technology is showing a diversified development trend. Emerging payment methods such as Internet payment and mobile payment are rapidly spreading. At the same time, the security of this type of payment is being affected. Increasing attention. [0003] In the existing online payment scenario, the legality of payment transactions mainly depends on card-related information provided by cardholders. Generally, when making the first payment, the cardholder submits complete bank card information for payment on a merchant website or digital wallet website, including name, card number, validity period, CVN2 and other card surface information, and subsequent transactions need only be based on the registered The four-digit information behind the card can initiate a transaction. This fast payment relies on the merchant system or digital wallet system to store the card number information. Although the cardholder experience is relatively good, the transaction security is not good. Specifically include: 1. The merchant system needs to store a large amount of card information, which may be attacked or leaked; 2. The transaction authorization is mainly based on the card static information, and there is a possibility of forgery of transactions.

[0004] 本發明的一個目的在於提供一種交易驗證方法,其能夠對每筆交易進行難以破解的動態資訊驗證,以利於加強交易的安全性。   [0005] 為實現上述目的,本發明提供一種技術方案如下:   一種交易驗證方法,包括如下步驟:a)、持卡使用者與數位憑證使用方進行資訊交互,以生成第一交易的交易資訊;b)、數位憑證使用方向數位憑證申請方提交第一請求,第一請求包括第一數位憑證及第一交易的交易資訊;c)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求,第二請求至少包括數位憑證使用方的身份資訊;d)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰,以及,數位憑證提供方基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,數位憑證提供方還將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方;以及e)、數位憑證提供方對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止;其中,第二動態資訊對應於第一動態資訊。   [0006] 步驟e)具體包括:e1)、數位憑證使用方將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊以及第二交易的交易資訊傳送至收單機構;e2)、轉接機構基於收單機構的請求,請求數位憑證提供方驗證第二動態資訊;以及e3)、數位憑證提供方驗證第二動態資訊,並基於驗證結果來指示收單機構繼續進行第二交易或拒絕第二交易。   [0007] 優選地,數位憑證提供方驗證第二動態資訊具體包括:基於轉接機構轉送的第一數位憑證來索引,以獲得相應的第一金鑰;利用第一金鑰來分散數位憑證使用方的身份資訊,以獲得第二金鑰;基於第二金鑰對第二交易的交易資訊進行消息摘要演算法,以生成第三動態資訊;以及將第三動態資訊與第二動態資訊進行比對,以生成驗證結果。   [0008] 優選地,該方法還包括還包括註冊階段和數位憑證生成階段,註冊階段包括:r1)、數位憑證申請方向數位憑證提供方提交業務資質資訊;r2)、數位憑證提供方審核業務資質資訊,並在審核通過後為數位憑證申請方分配唯一的數位憑證申請方的身份資訊;r3)、數位憑證提供方利用第三金鑰來分散數位憑證申請方的身份資訊以獲得第四金鑰;其中,第三金鑰由數字憑證提供方持有並管理;數位憑證生成階段包括如下步驟:s1)、持卡使用者向數字憑證使用方提交第一帳號資訊;s2)、數位憑證使用方向數位憑證申請方提交第一申請;其中,第一申請包括第一帳號資訊;s3)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,並向數位憑證提供方提交第二申請;其中,第二申請請求基於第一申請而生成;s4)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並生成對應於第一帳號資訊的第一數位憑證,以及將第一數位憑證經由數位憑證申請方返回至數字憑證使用方。   [0009] 優選地,步驟s4)具體包括:數位憑證提供方判斷數位憑證申請方先前是否已提交過對應於第一帳號資訊的第二申請請求;若否,數字憑證提供方生成對應於第一帳號資訊的第一數字憑證,並利用第四金鑰來分散第一數字憑證以獲得第一金鑰;若是,數字憑證提供方查詢已生成的相應的第一數字憑證;以及數位憑證提供方將第一數位憑證經由數位憑證申請方返回至數字憑證使用方。   [0010] 優選地,數位憑證提供方配置成使用多個不同金鑰而僅維護和/或存儲其中一個金鑰。   [0011] 本發明還公開一種交易驗證系統,其包括:數位憑證使用方,與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請方提交第一請求;其中,第一請求包括第一數位憑證及第一交易的交易資訊;數位憑證申請方,其識別並驗證數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求;其中,第二請求至少包括數位憑證使用方的身份資訊;以及數位憑證提供方,其識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰,以及,其還基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,並將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方;其中,數位憑證提供方進一步配置成:對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止;其中,第二動態資訊對應於第一動態資訊。   [0012] 本發明各實施例提供的交易驗證方法及系統,利用數位憑證來加速交易的進程,為使用者提供極為便捷的電子支付方式;商戶僅使用數位憑證來實現交易,避免了使用者資訊洩露;此外,還對每筆交易進行難以破解的動態資訊驗證,從而進一步加強交易的安全性。在動態資訊驗證中,該方法及系統還使用多個不同金鑰,而僅維護其中一個金鑰,其中任一個金鑰的洩露或被竊取均不影響其他金鑰的安全性。[0004] An object of the present invention is to provide a transaction verification method, which can perform dynamic information verification that is difficult to crack for each transaction, so as to enhance the security of the transaction. [0005] In order to achieve the above objective, the present invention provides a technical solution as follows: (1) A transaction verification method includes the following steps: a), a card user and a digital voucher user exchange information to generate transaction information of a first transaction; b). The digital certificate application submits a first request to the digital certificate applicant. The first request includes the transaction information of the first digital certificate and the first transaction. c) The digital certificate applicant identifies and verifies the identity information of the digital certificate user. The second request is submitted to the digital voucher provider, and the second request includes at least the identity information of the digital voucher user; d) The digital voucher provider identifies and verifies the identity information of the digital voucher applicant, and queries based on the first digital voucher A first key, and using the first key to disperse the identity information of the digital certificate user to obtain a second key, and the digital certificate provider encrypts the transaction information of the first transaction based on the second key to form a first key A dynamic information, the digital certificate provider also sends the first dynamic information to the digital certificate via the digital certificate applicant The certificate user; and e) the digital certificate provider verifies the second dynamic information received by the digital certificate user in the second transaction to instruct the second transaction to proceed or terminate based on the verification result; wherein, The second dynamic information corresponds to the first dynamic information. [0006] Step e) specifically includes: e1), the digital certificate user sends the second dynamic information, the first digital certificate, the digital certificate user's identity information, and the transaction information of the second transaction to the acquirer; e2), Based on the request of the acquirer, the transfer agency requests the digital certificate provider to verify the second dynamic information; and e3), the digital certificate provider verifies the second dynamic information and instructs the acquirer to continue the second transaction or based on the verification result. Rejected second transaction. [0007] Preferably, the verification of the second dynamic information by the digital certificate provider specifically includes: indexing based on the first digital certificate forwarded by the transfer mechanism to obtain a corresponding first key; and using the first key to decentralize the use of the digital certificate The party ’s identity information to obtain a second key; perform a message digest algorithm on the transaction information of the second transaction based on the second key to generate third dynamic information; and compare the third dynamic information with the second dynamic information Yes, to generate verification results. [0008] Preferably, the method further includes a registration phase and a digital credential generation phase. The registration phase includes: r1), the digital credential application submits business qualification information to the digital credential provider; r2), the digital credential provider reviews the business qualification Information, and after the approval is passed, the digital certificate applicant is assigned the unique identity information of the digital certificate applicant; r3), the digital certificate provider uses the third key to disperse the digital certificate applicant's identity information to obtain the fourth key Among them, the third key is held and managed by the digital certificate provider; the digital certificate generation phase includes the following steps: s1), the card user submits the first account information to the digital certificate user; s2), the direction of use of the digital certificate The digital voucher applicant submits the first application; wherein the first application includes the first account information; s3), the digital voucher applicant identifies and verifies the identity information of the digital voucher user, and submits the second application to the digital voucher provider; of which , The second application request is generated based on the first application; s4), the digital voucher provider identifies and verifies the digital voucher The identity information of the applicant, and generate a first digital certificate corresponding to the first account information, and return the first digital certificate to the digital certificate user via the digital certificate applicant. [0009] Preferably, step s4) specifically includes: the digital voucher provider judges whether the digital voucher applicant has previously submitted a second application request corresponding to the first account information; if not, the digital voucher provider generates a response corresponding to the first A first digital certificate of account information, and a fourth key to disperse the first digital certificate to obtain the first key; if so, the digital certificate provider queries the corresponding first digital certificate that has been generated; and the digital certificate provider will The first digital voucher is returned to the digital voucher consumer via the digital voucher applicant. [0010] Preferably, the digital credential provider is configured to maintain and / or store only one of the keys using a plurality of different keys. [0011] The present invention also discloses a transaction verification system, which includes: a digital voucher user, interacts with a card user to generate transaction information of a first transaction, and submits a first request to the digital voucher applicant; A request includes the first digital voucher and transaction information of the first transaction; the digital voucher applicant identifies and verifies the identity information of the digital voucher user to submit a second request to the digital voucher provider; wherein the second request includes at least The identity information of the digital certificate user; and the digital certificate provider, which identifies and verifies the identity information of the digital certificate applicant, queries the first key based on the first digital certificate, and uses the first key to disperse the use of the digital certificate The party ’s identity information to obtain a second key, and based on the second key, the transaction information of the first transaction is encrypted to form the first dynamic information, and the first dynamic information is transmitted to the digital party via the digital certificate applicant The voucher consumer; wherein the digital voucher provider is further configured to: The second dynamic information sent in the second transaction is verified to instruct the second transaction to continue or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information. [0012] The transaction verification method and system provided by the embodiments of the present invention use digital vouchers to speed up the transaction process and provide users with a very convenient electronic payment method; merchants only use digital vouchers to implement transactions, avoiding user information Leakage; in addition, dynamic verification of hard-to-decipher every transaction is performed to further strengthen transaction security. In dynamic information verification, the method and system also use multiple different keys, and only maintain one of them, and the leakage or theft of any one of them does not affect the security of other keys.

[0015] 如圖1所示,本發明第一實施例提供一種交易驗證方法,其包括如下各步驟。   [0016] 步驟S10、持卡使用者與數位憑證使用方進行資訊交互,以生成第一交易的交易資訊。   [0017] 作為示例,持卡使用者可以在數位憑證使用方提供的網頁中輸入資訊,從而發起第一交易。第一交易可以是持卡使用者與數位憑證使用方之間的首次交易,也可以是持卡使用者與數位憑證使用方之間的第N次交易(N > 1)。   [0018] 步驟S12、數位憑證使用方向數位憑證申請方提交第一請求。   [0019] 其中,第一請求包括第一數位憑證及第一交易的交易資訊。交易資訊例如包括:交易時間、交易地點、交易金額、交易雙方的標識資訊等。   [0020] 具體地,第一數字憑證可經由一個獨立的數位憑證生成流程而得到:首先,由數字憑證使用方憑持卡使用者的帳號資訊向數字憑證申請方發出請求,再由數位憑證申請方向數位憑證提供方發出請求,數位憑證提供方驗證通過後,經數位憑證申請方而向數位憑證使用方下發第一數字憑證。數位憑證使用方可以持有該第一數位憑證、並適當時被動地更新該第一數字憑證。   [0021] 步驟S14、數位憑證申請方向數位憑證提供方提交第二請求。   [0022] 其中,第二請求可基於第一請求而生成,第二請求至少包括數位憑證使用方的身份資訊。第二請求也包括第一交易的交易資訊以及第一數位憑證。   [0023] 步驟S16、數位憑證提供方基於第一數字憑證來查詢第一金鑰、進而得到第二金鑰,以及,基於第二金鑰對交易資訊進行加密以形成第一動態資訊。   [0024] 具體地,數位憑證提供方首先識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,進而利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰;隨之,數位憑證提供方基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,再將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方。   [0025] 其中,第一金鑰可存儲於數位憑證提供方,也可經其他方式由數位憑證提供方生成或更新。第一數位憑證由數位憑證提供方生成,並經由數位憑證申請方下發至數位憑證使用方。   [0026] 數位憑證提供方通過演算法來使得第一金鑰與第一數位憑證之間形成一一對應關係,從而利用對應關係即可以基於第一數字憑證來查詢第一金鑰。在下文中,將介紹這種對應關係的形成方式的一個示例。   [0027] 數位憑證提供方還利用第一金鑰來分散從第二請求中解析出的、數位憑證使用方的身份資訊,進而得到第二金鑰。隨後,數位憑證提供方基於第二金鑰來對第一交易的交易資訊進行加密,生成第一動態資訊並予以下發。   [0028] 可以理解,第二金鑰不同於第一金鑰。第二金鑰為即時生成、一次性使用,使用之後即被丟棄,數位憑證提供方不留作備份。即使第一金鑰洩露或被竊取,第二金鑰不受影響。   [0029] 步驟S18、數位憑證提供方對第二動態資訊進行驗證,基於驗證結果來指示第二交易繼續進行或終止。   [0030] 具體地,數位憑證提供方對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止。其中,第二動態資訊對應於第一動態資訊。   [0031] 需要說明的是,第二交易是在第一交易之後進行的下一次交易。可以理解,在第二交易中,第二交易的交易資訊無需再流經數位憑證申請方。換言之,該步驟S18可以涵蓋:(1).持卡使用者與數位憑證使用方之間進行第二次資訊交互、進而生成第二交易的交易資訊,以及(2).數位憑證使用方直接或經由其他仲介而將第二交易的交易資訊連同第二動態資訊一起上送至數位憑證提供方。   [0032] 如上所述,數字憑證使用方在前述步驟S16中已獲得第一動態資訊,數位憑證使用方持有該第一動態資訊。在第二交易中,數位憑證使用方可直接將第一動態資訊作為第二動態資訊來上送,或者,數位憑證使用方處理第一動態資訊,生成與之一一對應的第二動態資訊來上送。即,第二動態資訊可能與第一動態資訊完全一致、或一一對應。   [0033] 在對上述第二動態資訊進行驗證之後,數位憑證提供方基於驗證結果指示第二交易繼續進行或終止。簡單來說,若第二動態資訊不能與之前交易中數位憑證提供方下發至同一數位憑證使用方的、包含經加密的第一交易交易資訊的、第一動態資訊相對應,第二交易將被拒絕,從而可以有效防止偽冒交易的發生。   [0034] 作為上述第一實施例的進一步改進,步驟S18可以包括如下一系列子步驟:1). 數位憑證使用方將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊以及第二交易的交易資訊傳送至收單機構;2). 轉接機構基於收單機構的請求,請求數位憑證提供方驗證第二動態資訊;以及 3). 數位憑證提供方驗證第二動態資訊,並基於驗證結果來指示收單機構繼續進行第二交易或拒絕第二交易。   [0035] 在該改進實施例中,在第二交易中,數位憑證使用方沒有直接與數位憑證提供方直接通信,而是經由收單機構、轉接機構來實現資料和/或資訊交互。   [0036] 優選情況下,數位憑證提供方驗證第二動態資訊可以具體實現為:Ⅰ.基於轉接機構轉送的第一數位憑證來索引,以獲得相應的第一金鑰;Ⅱ.利用第一金鑰來分散數位憑證使用方的身份資訊,以獲得第二金鑰;Ⅲ. 基於第二金鑰對第二交易的交易資訊進行消息摘要演算法,以生成第三動態資訊;以及將第三動態資訊與第二動態資訊進行比對,以生成驗證結果。   [0037] 其中,第三動態資訊是數位憑證提供方經計算而即時產生的,第二動態資訊是在第二交易中由數位憑證使用方上送以供驗證的,而如前所述,第二動態資訊可能與第一動態資訊完全一致或一一對應;若第三動態資訊與第二動態資訊完全一致或具有另外某種一一對應關係,則可視為第三動態資訊為第一動態資訊的某種還原或再現版本,從而再次體現第二動態資訊與第一動態資訊之間的對應關係。在此情況下,第二交易被准許繼續進行;否則,將被終止。   [0038] 作為上述第一實施例的進一步優化,交易驗證方法還包括還包括註冊階段和數位憑證生成階段。該兩個階段在第一交易之前發生,作為預備階段,使得數位憑證使用方、申請方及提供方相互認可,更重要的是,使得第一數字憑證能夠對應於持卡使用者的第一帳號資訊。   [0039] 其中,註冊階段包括:r1)、數位憑證申請方向數位憑證提供方提交業務資質資訊;r2)、數位憑證提供方審核業務資質資訊,並在審核通過後為數位憑證申請方分配唯一的數位憑證申請方的身份資訊;r3)、數位憑證提供方利用第三金鑰來分散數位憑證申請方的身份資訊以獲得第四金鑰。   [0040] 其中,第三金鑰由數字憑證提供方持有並管理,第四金鑰作為中間產物、供一次性使用,數位憑證提供方不留副本或予以備份。   [0041] 數位憑證生成階段包括如下步驟:s1)、持卡使用者向數字憑證使用方提交第一帳號資訊;s2)、數位憑證使用方向數位憑證申請方提交第一申請;其中,第一申請包括第一帳號資訊;s3)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,並向數位憑證提供方提交第二申請;其中,第二申請請求基於第一申請而生成;s4)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並生成對應於第一帳號資訊的第一數位憑證,以及將第一數位憑證經由數位憑證申請方返回至數字憑證使用方。   [0042] 優選情況下,上述步驟s4)具體包括:數位憑證提供方判斷數位憑證申請方先前是否已提交過對應於第一帳號資訊的第二申請請求;若否,數字憑證提供方生成對應於第一帳號資訊的第一數字憑證,並利用第四金鑰來分散第一數字憑證以獲得第一金鑰;若是,數字憑證提供方查詢已生成的相應的第一數字憑證;以及數位憑證提供方將第一數位憑證經由數位憑證申請方返回至數字憑證使用方。   [0043] 數字憑證提供方利用第四金鑰來分散第一數字憑證以獲得第一金鑰,這使得第一金鑰與第一數字憑證之間形成了一一對應關係,從而,在前述步驟S16中,數位憑證提供方可以基於第一數位憑證來查詢第一金鑰。然而,這僅作為形成第一金鑰與第一數字憑證之間對應關係的一個示例,可以預料的是,其他等同方式也同樣適用。   [0044] 上述第一實施例及改進方式,利用數位憑證來加速交易的進程,生成一次數位憑證後即可任意多次使用,使用者以後進行交易時,無需再提供卡片資訊,從而為使用者提供極為便捷的電子支付方式。另一方面,商戶(即數位憑證使用方)不會保存使用者的卡片資訊,而僅使用數位憑證來實現交易,從而避免了商戶洩露使用者資訊的可能;此外,上述實施例還對每筆交易進行難以破解的動態資訊驗證,從而進一步加強交易的安全性。   [0045] 可以理解,根據以上所述的改進實施例的優化實現方式,數位憑證提供方可以使用多個不同金鑰,例如、第一、第二、第三及第四金鑰,而僅維護第三金鑰。具體地,第一金鑰存儲於數位憑證提供方,但由數位憑證提供方生成或更新,例如,每次交易或每隔一段時間即對第一金鑰進行更新;第二、第四作為中間產物,僅即時生成,不留副本或備份;第三金鑰由數位憑證提供方持有並維護,系統管理人員可以對第三金鑰進行更換。   [0046] 如圖2所示,本發明第二實施例提供一種交易驗證系統,其包括數位憑證使用方201、數位憑證申請方203以及數位憑證提供方205。   [0047] 數位憑證使用方201與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請方202提交第一請求;其中,第一請求包括第一數位憑證及第一交易的交易資訊。   [0048] 數位憑證申請方202識別並驗證數位憑證使用方201的身份資訊,以向數位憑證提供方203提交第二請求;其中,第二請求至少包括數位憑證使用方的身份資訊。   [0049] 數位憑證提供方203識別並驗證數位憑證申請方202的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方201的身份資訊以得到第二金鑰,以及,其還基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,並將第一動態資訊經由數位憑證申請方202傳送至數位憑證使用方201。   [0050] 數位憑證提供方203進一步配置成:對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止。   [0051] 其中,第二交易為第一交易之後發生的下一次交易。第二動態資訊可能與第一動態資訊完全一致、或兩者具有一一對應關係。對第二動態資訊的驗證,可以採用上述第一實施例中詳述的方式來進行。   [0052] 作為進一步改進,該系統可選地包括收單機構212及轉接機構214,這種情況下,數位憑證使用方201配置成:在第二交易中,將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊以及第二交易的交易資訊傳送至收單機構212。收單機構212配置成:基於數字憑證使用方的指示,向轉接機構214發起驗證請求。轉接機構214配置成:基於收單機構212的驗證請求,請求數位憑證提供方205驗證第二動態資訊。以及,收單機構212進一步配置成:基於數位憑證提供方205對第二動態資訊的驗證結果,繼續進行第二交易或拒絕第二交易。   [0053] 上述說明僅針對於本發明的優選實施例,並不在於限制本發明的保護範圍。本領域技術人員可作出各種變形設計,而不脫離本發明的思想及附隨的申請專利範圍。[0015] As shown in FIG. 1, a first embodiment of the present invention provides a transaction verification method, which includes the following steps. [0016] Step S10. The card user and the digital certificate user interact with each other to generate transaction information for the first transaction. [0017] As an example, a card user may enter information in a web page provided by a digital voucher user to initiate a first transaction. The first transaction may be the first transaction between the card user and the digital certificate user, or the N-th transaction (N> 1) between the card user and the digital certificate user. [0018] Step S12. The digital voucher submits a first request to the digital voucher applicant. [0019] Wherein, the first request includes the first digital voucher and transaction information of the first transaction. The transaction information includes, for example, transaction time, transaction place, transaction amount, and identification information of the transaction parties. [0020] Specifically, the first digital voucher can be obtained through an independent digital voucher generation process: first, the digital voucher user sends a request to the digital voucher applicant with the account information of the card user, and then the digital voucher applies Send a request to the digital voucher provider. After the digital voucher provider passes the verification, the digital voucher applicant issues the first digital voucher to the digital voucher user. The digital voucher user may hold the first digital voucher and passively update the first digital voucher as appropriate. [0021] Step S14. The digital voucher application submits a second request to the digital voucher provider. [0022] Among them, the second request may be generated based on the first request, and the second request includes at least the identity information of the digital certificate user. The second request also includes the transaction information of the first transaction and the first digital voucher. [0023] Step S16. The digital certificate provider queries the first key based on the first digital certificate to obtain a second key, and encrypts the transaction information based on the second key to form the first dynamic information. [0024] Specifically, the digital certificate provider first identifies and verifies the identity information of the digital certificate applicant, and queries the first key based on the first digital certificate, and then uses the first key to disperse the identity information of the digital certificate user. In order to obtain the second key, the digital certificate provider encrypts the transaction information of the first transaction based on the second key to form the first dynamic information, and then transmits the first dynamic information to the digital certificate through the digital certificate applicant. Consumers. [0025] Among them, the first key may be stored in the digital certificate provider, or may be generated or updated by the digital certificate provider through other methods. The first digital voucher is generated by the digital voucher provider and issued to the digital voucher user via the digital voucher applicant. [0026] The digital voucher provider uses an algorithm to form a one-to-one correspondence between the first key and the first digital voucher, so that the corresponding relationship can be used to query the first key based on the first digital voucher. In the following, an example of how this correspondence is formed will be described. [0027] The digital certificate provider also uses the first key to disperse the identity information of the digital certificate user parsed from the second request to obtain the second key. Subsequently, the digital certificate provider encrypts the transaction information of the first transaction based on the second key, generates the first dynamic information and issues it. [0028] It can be understood that the second key is different from the first key. The second key is generated on the fly and used once, and is discarded after use. The digital certificate provider does not keep it for backup. Even if the first key is leaked or stolen, the second key is not affected. [0029] Step S18: The digital voucher verifies the second dynamic information, and instructs the second transaction to continue or terminate based on the verification result. [0030] Specifically, the digital voucher provider verifies the received second dynamic information sent by the digital voucher consumer in the second transaction to instruct the second transaction to proceed or terminate based on the verification result. The second dynamic information corresponds to the first dynamic information. [0031] It should be noted that the second transaction is the next transaction performed after the first transaction. Understandably, in the second transaction, the transaction information of the second transaction no longer needs to flow through the digital voucher applicant. In other words, step S18 may cover: (1). The cardholder and the digital voucher user conduct a second information interaction to generate transaction information for the second transaction, and (2). The digital voucher user directly or The transaction information of the second transaction is sent to the digital certificate provider together with the second dynamic information through other intermediaries. [0032] As described above, the digital voucher consumer has obtained the first dynamic information in the foregoing step S16, and the digital voucher consumer holds the first dynamic information. In the second transaction, the digital voucher user can directly send the first dynamic information as the second dynamic information, or the digital voucher user processes the first dynamic information and generates a second dynamic information corresponding to the one. Delivery. That is, the second dynamic information may be completely consistent with the first dynamic information, or correspond one-to-one. [0033] After the second dynamic information is verified, the digital voucher provider instructs the second transaction to proceed or terminate based on the verification result. In short, if the second dynamic information cannot correspond to the first dynamic information that was issued by the digital certificate provider to the same digital certificate user in the previous transaction and contains the encrypted first transaction transaction information, the second transaction will Rejected, which can effectively prevent counterfeit transactions. [0034] As a further improvement of the above-mentioned first embodiment, step S18 may include the following series of sub-steps: 1). The digital certificate user uses the second dynamic information, the first digital certificate, the identity information of the digital certificate user, and the first The transaction information of the second transaction is transmitted to the acquirer; 2). The transfer agency requests the digital certificate provider to verify the second dynamic information based on the request of the acquirer; and 3). The digital certificate provider verifies the second dynamic information, and Based on the verification result, the acquirer is instructed to continue the second transaction or reject the second transaction. [0035] In this improved embodiment, in the second transaction, the digital voucher user does not directly communicate with the digital voucher provider, but implements data and / or information interaction through the acquirer and the transfer agency. [0036] Preferably, the digital certificate provider verifies the second dynamic information as follows: I. Indexing based on the first digital certificate forwarded by the transfer mechanism to obtain the corresponding first key; II. Utilizing the first Key to disperse the identity information of the user of the digital certificate to obtain the second key; III. To perform a message digest algorithm on the transaction information of the second transaction based on the second key to generate the third dynamic information; and The dynamic information is compared with the second dynamic information to generate a verification result. [0037] Among them, the third dynamic information is generated by the digital voucher provider in real time after calculation, and the second dynamic information is uploaded by the digital voucher user for verification in the second transaction, and as described above, the third The second dynamic information may be completely consistent with or corresponding to the first dynamic information; if the third dynamic information is completely consistent with the second dynamic information or has another one-to-one correspondence relationship, the third dynamic information may be regarded as the first dynamic information A restored or reproduced version of, thereby again reflecting the correspondence between the second dynamic information and the first dynamic information. In this case, the second transaction is permitted to proceed; otherwise, it will be terminated. [0038] As a further optimization of the first embodiment, the transaction verification method further includes a registration phase and a digital credential generation phase. These two phases occur before the first transaction. As a preliminary phase, the digital voucher user, applicant, and provider mutually recognize each other. More importantly, the first digital voucher can correspond to the first account number of the card user. Information. [0039] Among them, the registration phase includes: r1), the digital certificate application submits business qualification information to the digital certificate provider; r2), the digital certificate provider reviews the business qualification information, and assigns a unique The identity information of the digital certificate applicant; r3), the digital certificate provider uses the third key to scatter the identity information of the digital certificate applicant to obtain the fourth key. [0040] Among them, the third key is held and managed by the digital certificate provider, and the fourth key is used as an intermediate product for one-time use. The digital certificate provider does not keep a copy or back it up. [0041] The digital voucher generation phase includes the following steps: s1), the card user submits the first account information to the digital voucher user; s2), the digital voucher is used to submit the first application to the digital voucher applicant; Including the first account information; s3), the digital voucher applicant identifies and verifies the identity information of the digital voucher user, and submits a second application to the digital voucher provider; wherein the second application request is generated based on the first application; s4) 2. The digital certificate provider identifies and verifies the identity information of the digital certificate applicant, generates a first digital certificate corresponding to the first account information, and returns the first digital certificate to the digital certificate user via the digital certificate applicant. [0042] Preferably, the above step s4) specifically includes: the digital voucher provider determines whether the digital voucher applicant has previously submitted a second application request corresponding to the first account information; if not, the digital voucher provider generates a response corresponding to The first digital certificate of the first account information, and the fourth key is used to disperse the first digital certificate to obtain the first key; if so, the digital certificate provider queries the corresponding first digital certificate that has been generated; and the digital certificate provides The party shall return the first digital voucher to the digital voucher user via the digital voucher applicant. [0043] The digital certificate provider uses the fourth key to disperse the first digital certificate to obtain the first key, which makes a one-to-one correspondence between the first key and the first digital certificate. Therefore, in the foregoing steps, In S16, the digital certificate provider can query the first key based on the first digital certificate. However, this is only an example of forming a correspondence relationship between the first key and the first digital certificate, and it is expected that other equivalent methods are also applicable. [0044] The above-mentioned first embodiment and improvement method uses digital vouchers to accelerate the process of transactions, and can be used any number of times after generating a digital voucher. Users do not need to provide card information when conducting future transactions, thereby providing users with Provide extremely convenient electronic payment methods. On the other hand, the merchant (that is, the user of the digital voucher) does not save the user's card information, and only uses the digital voucher to implement the transaction, thereby avoiding the possibility of the merchant leaking the user's information; in addition, the above embodiment also provides The transaction is verified with dynamic information that is difficult to crack, thereby further enhancing the security of the transaction. [0045] It can be understood that according to the optimized implementation of the improved embodiment described above, the digital certificate provider can use multiple different keys, such as the first, second, third, and fourth keys, and only maintain Third key. Specifically, the first key is stored in the digital certificate provider, but is generated or updated by the digital certificate provider, for example, the first key is updated every transaction or at regular intervals; the second and fourth are used as intermediate The product is generated on the fly, without copy or backup; the third key is held and maintained by the digital certificate provider, and the system administrator can replace the third key. [0046] As shown in FIG. 2, a second embodiment of the present invention provides a transaction verification system, which includes a digital voucher user 201, a digital voucher applicant 203, and a digital voucher provider 205. [0047] The digital certificate user 201 interacts with the card user to generate transaction information of the first transaction, and submits a first request to the digital certificate applicant 202; wherein the first request includes the first digital certificate and the first transaction Transaction information. [0048] The digital certificate applicant 202 identifies and verifies the identity information of the digital certificate user 201 to submit a second request to the digital certificate provider 203; wherein the second request includes at least the identity information of the digital certificate user. [0049] The digital certificate provider 203 identifies and verifies the identity information of the digital certificate applicant 202, queries the first key based on the first digital certificate, and uses the first key to disperse the identity information of the digital certificate user 201 to Obtain the second key, and also encrypt the transaction information of the first transaction based on the second key to form the first dynamic information, and transmit the first dynamic information to the digital certificate consumer 201 via the digital certificate applicant 202 . [0050] The digital voucher provider 203 is further configured to verify the received second dynamic information sent by the digital voucher user in the second transaction to instruct the second transaction to proceed or terminate based on the verification result. [0051] Among them, the second transaction is the next transaction that occurs after the first transaction. The second dynamic information may be completely consistent with the first dynamic information, or there may be a one-to-one correspondence between the two. The verification of the second dynamic information may be performed in a manner detailed in the first embodiment. [0052] As a further improvement, the system may optionally include an acquirer 212 and a transfer agency 214. In this case, the digital certificate user 201 is configured to: in the second transaction, the second dynamic information, the first The digital certificate, the identity information of the user of the digital certificate, and the transaction information of the second transaction are transmitted to the acquirer 212. The acquirer 212 is configured to initiate a verification request to the transfer agency 214 based on an instruction from the user of the digital voucher. The transfer mechanism 214 is configured to request the digital voucher provider 205 to verify the second dynamic information based on the verification request of the acquirer 212. And, the acquirer 212 is further configured to continue the second transaction or reject the second transaction based on the verification result of the second dynamic information by the digital voucher provider 205. [0053] The above description is only for the preferred embodiments of the present invention, and is not intended to limit the protection scope of the present invention. Those skilled in the art can make various modified designs without departing from the idea of the present invention and the scope of accompanying patent applications.

[0054][0054]

S10、S12、S14、S16、S18‧‧‧步驟S10, S12, S14, S16, S18‧‧‧ steps

201‧‧‧數位憑證使用方201‧‧‧ Digital Voucher User

203‧‧‧數位憑證申請方203‧‧‧ Digital Certificate Applicant

205‧‧‧數位憑證提供方205‧‧‧ Digital Voucher Provider

212‧‧‧收單機構212‧‧‧Acquirer

214‧‧‧轉接機構214‧‧‧Transfer agency

[0013] 圖1示出本發明第一實施例提供的交易驗證方法的流程示意圖。   [0014] 圖2示出本發明第二實施例提供的交易驗證系統的模組圖。[0013] FIG. 1 is a schematic flowchart of a transaction verification method according to a first embodiment of the present invention. [0014] FIG. 2 shows a module diagram of a transaction verification system provided by a second embodiment of the present invention.

Claims (10)

一種交易驗證方法,包括如下步驟:   a)、持卡使用者與數位憑證使用方進行資訊交互,以生成第一交易的交易資訊;   b)、所述數位憑證使用方向數位憑證申請方提交第一請求,所述第一請求包括第一數位憑證及所述第一交易的交易資訊;   c)、所述數位憑證申請方識別並驗證所述數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求,所述第二請求至少包括所述數位憑證使用方的身份資訊;   d)、所述數位憑證提供方識別並驗證所述數位憑證申請方的身份資訊,並基於所述第一數位憑證來查詢第一金鑰,並利用所述第一金鑰來分散所述數位憑證使用方的身份資訊以得到第二金鑰,以及,所述數位憑證提供方基於所述第二金鑰對所述第一交易的交易資訊進行加密以形成第一動態資訊,所述數位憑證提供方還將所述第一動態資訊經由所述數位憑證申請方傳送至所述數位憑證使用方;以及   e)、所述數位憑證提供方對接收到的、所述數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示所述第二交易繼續進行或終止;其中,所述第二動態資訊對應於所述第一動態資訊。A transaction verification method includes the following steps: a), the card user and the digital voucher interact with each other to generate the transaction information of the first transaction; b), the digital voucher is used by the digital voucher applicant to submit the first A request, the first request includes a first digital voucher and transaction information of the first transaction; c) the digital voucher applicant identifies and verifies the identity information of the digital voucher user to the digital voucher provider Submit a second request, the second request including at least the identity information of the digital certificate user; d), the digital certificate provider identifies and verifies the identity information of the digital certificate applicant, and is based on the first certificate A digital certificate to query a first key, and use the first key to disperse the identity information of the digital certificate user to obtain a second key, and the digital certificate provider is based on the second key Encrypting the transaction information of the first transaction to form the first dynamic information, and the digital voucher provider also converts the first dynamic information Transmitted by the digital voucher applicant to the digital voucher consumer; and e) the digital voucher provider verifies the second dynamic information received and sent by the digital voucher consumer in a second transaction To instruct the second transaction to proceed or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information. 根據請求項1所述的方法,其中,所述步驟e)具體包括:   e1)、所述數位憑證使用方將所述第二動態資訊、所述第一數位憑證、所述數位憑證使用方的身份資訊以及所述第二交易的交易資訊傳送至收單機構;   e2)、轉接機構基於所述收單機構的請求,請求所述數位憑證提供方驗證所述第二動態資訊;以及   e3)、所述數位憑證提供方驗證所述第二動態資訊,並基於所述驗證結果來指示所述收單機構繼續進行所述第二交易或拒絕所述第二交易。The method according to claim 1, wherein the step e) specifically includes: e1), the digital voucher consumer uses the second dynamic information, the first digital voucher, and the digital voucher consumer's The identity information and the transaction information of the second transaction are transmitted to the acquirer; e2), the transfer agency requests the digital voucher provider to verify the second dynamic information based on the request of the acquirer; and e3) 2. The digital voucher provider verifies the second dynamic information, and instructs the acquirer to continue the second transaction or reject the second transaction based on the verification result. 根據請求項2所述的方法,其中,所述數位憑證提供方驗證所述第二動態資訊具體包括:   基於所述轉接機構轉送的所述第一數位憑證來索引,以獲得相應的所述第一金鑰;   利用所述第一金鑰來分散所述數位憑證使用方的身份資訊,以獲得所述第二金鑰;   基於所述第二金鑰對所述第二交易的交易資訊進行消息摘要演算法,以生成第三動態資訊;以及   將所述第三動態資訊與所述第二動態資訊進行比對,以生成所述驗證結果。The method according to claim 2, wherein the verification of the second dynamic information by the digital voucher provider specifically includes: 索引 indexing based on the first digital voucher forwarded by the transfer mechanism to obtain the corresponding the A first key; 分散 using the first key to disperse the identity information of the user of the digital certificate to obtain the second key; 进行 performing transaction information of the second transaction based on the second key A message digest algorithm to generate third dynamic information; and comparing the third dynamic information with the second dynamic information to generate the verification result. 根據請求項1所述的方法,其中,還包括註冊階段和數位憑證生成階段,   所述註冊階段包括:   r1)、所述數位憑證申請方向所述數位憑證提供方提交業務資質資訊;   r2)、所述數位憑證提供方審核所述業務資質資訊,並在審核通過後為所述數位憑證申請方分配唯一的所述數位憑證申請方的身份資訊;   r3)、所述數位憑證提供方利用第三金鑰來分散所述數位憑證申請方的身份資訊以獲得第四金鑰;其中,所述第三金鑰由所述數字憑證提供方持有並管理;   所述數位憑證生成階段包括如下步驟:   s1)、持卡使用者向所述數字憑證使用方提交第一帳號資訊;   s2)、所述數字憑證使用方向所述數字憑證申請方提交第一申請;其中,所述第一申請包括所述第一帳號資訊;   s3)、所述數位憑證申請方識別並驗證所述數位憑證使用方的身份資訊,並向所述數位憑證提供方提交第二申請;其中,所述第二申請請求基於所述第一申請而生成;   s4)、所述數位憑證提供方識別並驗證所述數位憑證申請方的身份資訊,並生成對應於所述第一帳號資訊的所述第一數字憑證,以及將所述第一數位憑證經由所述數位憑證申請方返回至所述數位憑證使用方。The method according to claim 1, further comprising a registration phase and a digital credential generation phase. The registration phase includes: r1), the digital credential application submits business qualification information to the digital credential provider; r2), The digital voucher provider reviews the business qualification information, and assigns the unique identity information of the digital voucher applicant to the digital voucher applicant after the verification is passed; r3), the digital voucher provider uses a third Key to disperse the identity information of the digital certificate applicant to obtain a fourth key; wherein the third key is held and managed by the digital certificate provider; 阶段 the digital certificate generation phase includes the following steps: s1), the card user submits the first account information to the digital voucher user; s2), the digital voucher user submits a first application to the digital voucher applicant; wherein the first application includes the First account information; s3), the digital voucher applicant identifies and verifies the digital voucher user's identity Information, and submit a second application to the digital voucher provider; wherein the second application request is generated based on the first application; s4), the digital voucher provider identifies and verifies the digital voucher applicant Generating the first digital voucher corresponding to the first account information, and returning the first digital voucher to the digital voucher consumer via the digital voucher applicant. 根據請求項4所述的方法,其中,所述步驟s4)具體包括:   所述數位憑證提供方判斷所述數位憑證申請方先前是否已提交過對應於所述第一帳號資訊的所述第二申請請求;   若否,所述數字憑證提供方生成對應於所述第一帳號資訊的所述第一數字憑證,並利用所述第四金鑰來分散所述第一數字憑證以獲得所述第一金鑰;若是,所述數字憑證提供方查詢已生成的相應的所述第一數字憑證;以及   所述數位憑證提供方將所述第一數位憑證經由所述數位憑證申請方返回至所述數位憑證使用方。The method according to claim 4, wherein the step s4) specifically includes: the digital voucher provider judges whether the digital voucher applicant has previously submitted the second corresponding to the first account information An application request; if not, the digital voucher provider generates the first digital voucher corresponding to the first account information, and uses the fourth key to scatter the first digital voucher to obtain the first A key; if yes, the digital voucher provider queries the corresponding first digital voucher that has been generated; and the digital voucher provider returns the first digital voucher to the via the digital voucher applicant Digital voucher consumer. 根據請求項5所述的方法,其中,所述數位憑證提供方配置成使用多個不同金鑰而僅維護其中一個金鑰。The method of claim 5, wherein the digital certificate provider is configured to use a plurality of different keys while maintaining only one of the keys. 根據請求項6所述的方法,其中,所述多個金鑰至少包括所述第一金鑰、第二金鑰、第三金鑰以及第四金鑰,所述其中一個金鑰為所述第三金鑰。The method according to claim 6, wherein the plurality of keys include at least the first key, the second key, the third key, and the fourth key, and one of the keys is the Third key. 一種交易驗證系統,包括:   數位憑證使用方,與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請方提交第一請求;其中,所述第一請求包括第一數位憑證及所述第一交易的交易資訊;   所述數位憑證申請方,其識別並驗證所述數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求;其中,所述第二請求至少包括所述數位憑證使用方的身份資訊;以及   所述數位憑證提供方,其識別並驗證所述數位憑證申請方的身份資訊,並基於所述第一數位憑證來查詢第一金鑰,並利用所述第一金鑰來分散所述數位憑證使用方的身份資訊以得到第二金鑰,以及,其還基於所述第二金鑰對所述第一交易的交易資訊進行加密以形成第一動態資訊,並將所述第一動態資訊經由所述數位憑證申請方傳送至所述數位憑證使用方;   其中,所述數位憑證提供方進一步配置成:對接收到的、所述數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示所述第二交易繼續進行或終止;其中,所述第二動態資訊對應於所述第一動態資訊。A transaction verification system includes: a digital voucher user, interacting with a card user to generate transaction information of a first transaction, and submit a first request to the digital voucher applicant; wherein the first request includes the first digital Voucher and transaction information of the first transaction; the digital voucher applicant, which identifies and verifies the identity information of the digital voucher user to submit a second request to the digital voucher provider; wherein the second request Including at least the identity information of the digital certificate user; and the digital certificate provider that identifies and verifies the identity information of the digital certificate applicant, and queries the first key based on the first digital certificate, and Using the first key to disperse the identity information of the user of the digital certificate to obtain a second key, and further encrypting the transaction information of the first transaction based on the second key to form a first key A dynamic information, and transmitting the first dynamic information to the digital certificate user via the digital certificate applicant; The digital voucher provider is further configured to verify the received second dynamic information sent by the digital voucher consumer in a second transaction to instruct the second transaction to proceed or based on the verification result. Terminate; wherein the second dynamic information corresponds to the first dynamic information. 根據請求項8所述的系統,其中,其還包括收單機構及轉接機構,其中,所述數位憑證使用方配置成:   在所述第二交易中,將所述第二動態資訊、所述第一數位憑證、所述數位憑證使用方的身份資訊以及所述第二交易的交易資訊傳送至所述收單機構;   所述收單機構配置成:   基於所述數字憑證使用方的指示,向所述轉接機構發起驗證請求;   所述轉接機構配置成:   基於所述收單機構的驗證請求,請求所述數位憑證提供方驗證所述第二動態資訊;以及   所述收單機構進一步配置成:   基於所述數位憑證提供方對所述第二動態資訊的驗證結果,繼續進行所述第二交易或拒絕所述第二交易。The system according to claim 8, further comprising an acquirer and a transfer agency, wherein the digital voucher user is configured to: In the second transaction, the second dynamic information, the The first digital certificate, the identity information of the digital certificate user, and the transaction information of the second transaction are transmitted to the acquirer; the acquirer is configured to: based on an instruction of the digital certificate user, Initiate a verification request to the transfer agency; the transfer mechanism is configured to: request the digital voucher provider to verify the second dynamic information based on the verification request of the acquirer; and the acquirer further It is configured to: 继续 continue the second transaction or reject the second transaction based on the verification result of the second dynamic information by the digital voucher provider. 根據請求項9所述系統,其中,所述數位憑證提供方配置成執行下列項來驗證所述第二動態資訊:   基於所述轉接機構提供的所述第一數位憑證來索引,以獲得相應的所述第一金鑰;   利用所述第一金鑰來分散所述數位憑證使用方的身份資訊,以獲得所述第二金鑰;   基於所述第二金鑰對所述交易資訊進行消息摘要演算法,以生成第三動態資訊;以及   將所述第三動態資訊與所述第二動態資訊進行比對,以生成所述驗證結果。The system according to claim 9, wherein the digital voucher provider is configured to perform the following items to verify the second dynamic information: 索引 index based on the first digital voucher provided by the transfer mechanism to obtain a corresponding Using the first key; 分散 using the first key to disperse the identity information of the user of the digital certificate to obtain the second key; 消息 message the transaction information based on the second key A digest algorithm to generate third dynamic information; and comparing the third dynamic information with the second dynamic information to generate the verification result.
TW107109421A 2017-03-21 2018-03-20 Transaction verification method and system TWI678666B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201710168649.8 2017-03-21
CN201710168649.8A CN107274183B (en) 2017-03-21 2017-03-21 Transaction verification method and system
??201710168649.8 2017-03-21

Publications (2)

Publication Number Publication Date
TW201835825A true TW201835825A (en) 2018-10-01
TWI678666B TWI678666B (en) 2019-12-01

Family

ID=60073769

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107109421A TWI678666B (en) 2017-03-21 2018-03-20 Transaction verification method and system

Country Status (3)

Country Link
CN (1) CN107274183B (en)
TW (1) TWI678666B (en)
WO (1) WO2018171519A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107274183B (en) * 2017-03-21 2020-05-22 中国银联股份有限公司 Transaction verification method and system
CN111539713B (en) * 2020-03-19 2023-11-03 上海讯联数据服务有限公司 Mobile payment account end user certificate generation and conversion method, system and storage medium
CN114157414B (en) * 2020-09-07 2024-07-23 仁东控股股份有限公司 Identity certificate generation method, verification method and system for digital currency

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242271B (en) * 2008-01-24 2010-12-29 陕西海基业高科技实业有限公司 Trusted remote service method and system
US10706402B2 (en) * 2008-09-22 2020-07-07 Visa International Service Association Over the air update of payment transaction data stored in secure memory
US9959576B2 (en) * 2011-12-07 2018-05-01 Visa International Service Association Multi-purpose device having multiple certificates including member certificate
CN102982453A (en) * 2012-11-09 2013-03-20 江苏乐买到网络科技有限公司 Internet trading method utilizing dynamic key technology
CN103905388A (en) * 2012-12-26 2014-07-02 中国移动通信集团广东有限公司 Authentication method, authentication device, smart card, and server
CN103095456B (en) * 2013-01-10 2016-07-06 天地融科技股份有限公司 The processing method of transaction message and system
CN103067401B (en) * 2013-01-10 2015-07-01 天地融科技股份有限公司 Method and system for key protection
TW201439934A (en) * 2013-04-12 2014-10-16 Yankey Inc Authentication system using dynamic ciphertext and method thereof
JP6353537B2 (en) * 2013-12-02 2018-07-04 マスターカード インターナショナル インコーポレーテッド Method and system for performing secure authentication of users and mobile devices without using a secure element
US9264410B2 (en) * 2014-06-05 2016-02-16 Sony Corporation Dynamic configuration of trusted executed environment resources
US9780953B2 (en) * 2014-07-23 2017-10-03 Visa International Service Association Systems and methods for secure detokenization
US20160335627A1 (en) * 2015-05-11 2016-11-17 Gemalto Sa Method, device and a server for signing data
CN105939198B (en) * 2016-06-24 2019-04-23 西安电子科技大学 The location-based digital signature method under time-constrain
CN107274183B (en) * 2017-03-21 2020-05-22 中国银联股份有限公司 Transaction verification method and system

Also Published As

Publication number Publication date
CN107274183B (en) 2020-05-22
WO2018171519A1 (en) 2018-09-27
TWI678666B (en) 2019-12-01
CN107274183A (en) 2017-10-20

Similar Documents

Publication Publication Date Title
JP2020145733A (en) Method for managing a trusted identity
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US11182783B2 (en) Electronic payment method and electronic device using ID-based public key cryptography
JP2023502346A (en) Quantum secure networking
Gupta et al. Role of multiple encryption in secure electronic transaction
CA3045817A1 (en) Anytime validation for verification tokens
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
US20210374724A1 (en) Secure digital wallet processing system
TWI678666B (en) Transaction verification method and system
Hwang et al. Securing on-line credit card payments without disclosing privacy information
US20150052066A1 (en) Reconciling electronic transactions
WO2022221333A1 (en) Blockchain-based private reviews
CN114565382A (en) Transaction account anonymous payment method and system
CN108764904B (en) Double-key anti-theft method in distributed account system
CN108650214B (en) Dynamic page encryption anti-unauthorized method and device
US20220337423A1 (en) Blockchain ledger-based authentication techniques for reviews
Yuniati et al. Secure e-payment method based on visual cryptography
CN114548986A (en) Payment method, payment security code generation method, device, equipment and storage medium
Ashrafi et al. Enabling privacy-preserving e-payment processing
CN110505063B (en) Method and system for ensuring security of financial payment
US20210377039A1 (en) Checkout with mac
CN115170132B (en) Payment method suitable for high-speed post network member system
Tso et al. An off-line mobile payment protocol providing double-spending detection
AU2021101878A4 (en) Computerized design model for encryption in blockchain transaction systems
KR102320103B1 (en) Method for Authenticating Genuineness by Substituting the Autograph of the Work