為讓本發明的上述目的、特徵和優點能更明顯易懂,以下結合圖式對本發明的具體實施方式作詳細說明。
在下面的描述中闡述了很多具體細節以便於充分理解本發明,但是本發明還可以採用其它不同於在此描述的其它方式來實施,因此本發明不受下面公開的具體實施例的限制。
圖1示出了根據本發明的支付方法的訊息流圖。
本發明的支付系統包括用戶終端、伺服器、以及實體(實體店)設備。
用戶終端可以是行動終端(例如手機)。用戶終端可具有攝影機以用於掃描圖像碼。用戶終端可以發送文本資訊(例如,簡訊)和進行語音呼叫,還可以通過無線網路(例如,WiFi、3G、4G等)進行通信。
伺服器可以是支付後台,例如支付寶後台伺服器。伺服器可以接收來自用戶終端的支付請求,並執行終端向實體店的支付(例如,向實體店轉帳)。
實體店設備可以是實體店的圖形碼,該圖形碼包括實體店資訊,例如,實體店ID(標識符)。
以下描述根據本發明的在弱網環境下的支付方法的訊息流圖。
在101,伺服器接收來自用戶的註冊訊息。該註冊訊息中包括終端的手機號(行動電話SIM卡號碼)和用戶帳號。
一般而言,用戶在設備上安裝應用(APP)客戶端並且第一次啟用該客戶端之後,會向伺服器發送註冊訊息,該註冊訊息可包括手機終端的手機號和用戶申請的帳號。該帳號例如是用戶自己定義的帳號、郵箱、用戶手機號等等。
該註冊訊息可以來自用戶進行註冊的設備,可以是手機終端,也可以是其它計算設備。
伺服器接收到註冊訊息之後,可將手機號和用戶帳號相關聯地進行儲存。
在102,終端向伺服器發送終端硬體資訊和用戶帳號。
例如,終端在用戶初次登錄應用客戶端時,可通過無線網路向伺服器發送終端硬體資訊和用戶帳號。
該終端硬體資訊是終端固有的特性,例如,對於終端而言唯一性的資訊。終端硬體資訊可包括IMEI(
International Mobile Equipment Identity,國際行動設備識別碼)、IMSI(International Mobile Subscriber Identification Number,國際行動用戶識別碼)等等。
伺服器隨後將終端硬體資訊和用戶帳號相關聯地儲存起來。
在步驟101和102之後,伺服器可將終端硬體資訊與用戶帳號及手機號相關聯地儲存。
請注意,雖然圖1中將步驟101和102分為兩個步驟描述,但它們也可以合併成一個步驟。例如,在用戶在終端上打開應用客戶端註冊時,可以同時向伺服器發送終端的手機號、終端硬體資訊和用戶帳號。由此伺服器可以建立終端硬體資訊和手機號、用戶帳號的映射。
在103,伺服器根據接收到的終端硬體資訊和當前時間定時產生種子,並將種子與用戶帳號和/或手機號相關聯地進行儲存。
伺服器可以使用某種演算法來產生種子。該演算法例如是hash演算法。
當前時間值可以是伺服器在103產生種子的時間。
種子進一步可以定期更新。例如,種子可以按一定時間間隔產生,例如,每隔一分鐘根據終端硬體資訊和當前時間定時產生一次。
進一步,產生種子的演算法也可定期更新,以保護種子的安全性,防止外部攻擊。
伺服器需要將種子與手機號的映射關係進行儲存。例如,終端可通過終端硬體資訊和手機號的映射關係查找與產生種子所使用的終端硬體資訊相關聯的手機號,將所產生的種子與手機號進行關聯產生映射。
該映射關係可以儲存在安全儲存區中。該安全儲存區可以是伺服器中的某塊儲存單元,需保證該儲存單元中儲存的內容難以被該帳號和/或手機號對應的客戶端之外的其它裝置竊取。
在104,伺服器向終端發送所產生的種子。伺服器可通過無線網路向終端發送所產生的種子。
終端通過無線網路接收種子並儲存所接收到的種子。
以上步驟103-104描述了伺服器產生和分發種子的過程。
在用戶在商店中購物時,選購完商品進行結算時,可以掃描實體店的圖形碼來完成支付過程。
在105,終端檢測到掃碼指令之後,調用攝影裝置來掃描實體店的圖形碼,並對圖形碼進行解析,獲取與圖形碼對應的實體店ID。
實體店的圖形碼中編碼有唯一的實體店ID。終端通過掃描圖形碼來獲取實體店ID。
掃碼指令可以是用戶在客戶端應用上點擊“掃一掃”,當終端檢測到掃碼指令之際,即調用攝影應用來掃描圖形碼,以獲取對應的實體店ID。圖形碼可以是二維條碼,包括但不限於,QR(Quick Response,快速反應)碼、PDF417
(Portable Document Format 417,可攜式資料格式)二維條碼、Datamatrix(一種矩陣式二維條碼)二維條碼等等。本發明的圖形碼是按照預設的圖形編碼規則對實體店ID進行編碼處理後獲得的圖形編碼。例如,如果圖形碼是QR碼,則該圖形碼為採用QR編碼規則對實體店ID進行編碼處理獲得的圖形編碼。在另一示例中,如果圖形碼為PDF417碼,則圖形碼為採用PDF417編碼規則對實體店ID進行編碼處理獲得的圖形編碼。
該攝影應用可以是能夠對圖形碼進行掃描和解析的應用。本發明實施例中,該攝影應用可以為終端系統中的攝影應用,例如,手機系統自帶的攝影機。本步驟中,調用該攝影應用掃描到完整的該圖形碼後,該攝影應用可以採用預設的編碼規則該圖形碼進行解析,獲得實體店ID。例如,若該圖形碼為QR碼,該攝影應用可根據QR編碼規則對該圖形碼進行解析,獲得實體店ID;若該圖形碼為PDF417碼,該攝影應用可根據PDF417編碼規則對該圖形碼進行解析,獲得實體店ID。
在本說明書實施例中,為實體店設置圖形碼。當用戶需要向實體店支付時,可以操作支付客戶端掃描該實體店的圖形碼。
支付客戶端接收到購物掃描操作觸發之後,調用攝影裝置掃描實體店的圖形碼,這裡的購物掃描操作觸發,可以是來自用戶操作的觸發,如將用戶點擊應用程式中的“掃一掃”按鈕作為支付掃描操作觸發。
在106,終端響應於105的掃描操作而展示輸入框以供用戶輸入。
終端通過掃碼獲取實體店ID之後,可以進一步展示支付操作介面,以便用戶進行支付。在一方面,該支付介面可顯示實體店標識和輸入框,提示用戶輸入要向實體店支付的金額。在交易需要支付密碼的情況下,該支付介面還可提示用戶輸入密碼。
請注意,以上描述了終端掃碼實體店二維條碼獲得實體店ID,並且提示用戶輸入金額和密碼(若需要)的方案。在替換實現中,也可以是實體店在圖形碼產生設備上輸入用戶要支付的金額,從而所產生的圖形碼中既包括實體店ID、又包括用戶需要支付的進而。終端可掃描該圖形碼來獲得實體店ID和金額資訊。
如果實體店將支付金額嵌入在圖形碼中並且支付不需要密碼(即,免密碼支付),則步驟106可省略。
在107,終端根據儲存的種子、終端硬體資訊和時間定時來產生訊標(token)。
例如,終端可以使用合適的演算法(例如,hash演算法等)將種子、終端硬體資訊和當前時間定時計算得到訊標。
該當前時間定時可以是終端在107產生訊標的時間。
一般而言,僅僅終端和伺服器可獲得該訊標,其它設備難以獲取該訊標。
在108,終端使用實體店ID、輸入的交易金額、以及所產生的訊標來產生經加密字串。
具體而言,終端可以先將實體店ID和輸入的交易金額形成一字串,使用所產生的訊標對該字串加密以產生經加密字串。
在需要支付密碼的情況下,終端可將實體店ID、輸入的交易金額和支付密碼形成一字串,使用所產生的訊標對該字串加密以產生經加密字串。加密演算法可以是對稱加密演算法,例如,AES(Advanced Encryption Standard,先進加密標準)演算法。
在109,終端通過簡訊或手機呼叫將108處產生的經加密字串發送給伺服器。
終端可以通過簡訊將經加密的字串發送給伺服器。例如,用戶在簡訊編輯框中輸入字串並通過簡訊發送。例如,終端可以響應於檢測不到無線網路而自動調用簡訊介面,填入字串,讓用戶確認是否發送或者自動發送。
替換地,終端也可以響應於檢測不到無線網路而手機呼叫伺服器端,人工輸入字串;用戶還可以通過語音將字串讀出來,伺服器進行語音識別以獲得該字串。
在110,伺服器識別出終端的手機號,並且根據手機號獲取終端的種子。
例如,伺服器可以根據手機號識別出用戶的帳號,然後根據帳號得到所儲存的終端的種子。
在111,伺服器使用獲取的種子、終端硬體資訊和當前時間定時來產生訊標。
例如,伺服器可以使用與終端相同的演算法、利用獲取的種子、終端硬體資訊和當前時間定時來產生訊標。
該當前時間定時可以是伺服器在步驟111產生訊標的時間。
在112,伺服器使用所產生的訊標對接收到的經加密字串解密,得到實體店ID和交易金額。
伺服器可使用終端在步驟108使用的相同的演算法對經加密字串解密。該演算法可以是對稱加密演算法,例如,AES(Advanced Encryption Standard,先進加密標準)演算法。
在113,伺服器可使用實體店ID、用戶帳號(在110處通過簡訊或手機呼叫的手機號識別出的)以及交易金額進行支付操作。
圖2示出了根據本發明的一方面的由終端執行的支付方法的流程圖。
在步驟201,終端向伺服器發送終端硬體資訊和用戶帳號。
例如,終端在登錄應用客戶端時,可通過無線網路向伺服器發送終端硬體資訊和用戶帳號。
伺服器一般在先前的註冊訊息中會接收到用戶的終端手機號和用戶帳號並將終端手機號和用戶帳號相關聯地儲存。在接收到來自終端的終端硬體資訊和用戶帳號,伺服器可通過用戶帳號來建立終端手機號和終端硬體資訊的映射。
在步驟202,終端接收來自伺服器的種子。
該種子可以是伺服器使用終端硬體資訊和當前時間定時來產生的。
在203,終端檢測到掃碼指令之後,調用攝影裝置來掃描實體店的圖形碼。
終端可以對圖形碼進行解析,獲取與圖形碼對應的實體店ID。實體店的圖形碼中可編碼有唯一的實體店ID。終端通過掃描實體店的圖形碼來獲取實體店ID。
在金額資訊被編碼在圖形碼的情形中,終端還可以從圖形碼中解析出金額資訊。
在204,終端響應於掃描操作而展示支付介面以供用戶輸入。
終端獲取實體店ID之後,可以進一步展示支付操作介面,以便用戶進行支付。
例如,該支付介面可顯示實體店標識和輸入框,提示用戶輸入要向實體店支付的金額和支付密碼(若需要)。
在205,終端根據接收到的種子、終端硬體資訊和當前時間定時來產生訊標。
例如,終端可以使用合適的演算法(例如,hash演算法等)將種子、終端硬體資訊和當前時間定時計算得到訊標。終端可將實體店ID、交易金額和支付密碼(若需要)形成一字串,使用所產生的訊標對該字串加密以產生經加密字串
一般而言,僅僅終端和伺服器可獲得該訊標,其它設備難以獲取該訊標。
在206,終端使用實體店ID、輸入的交易金額、以及訊標來產生經加密字串。
具體而言,該經加密字串是使用訊標對實體店ID和交易金額進行加密來產生的。
加密演算法可以是對稱加密演算法,例如AES(
Advanced Encryption Standard,先進加密標準)演算法。
在207,終端將所產生的經加密字串發送給伺服器以進行支付。
終端可以通過簡訊將經加密的字串發送給伺服器。例如,用戶在簡訊編輯框中輸入字串並通過簡訊發送。
替換地,終端也可以手機呼叫伺服器端,人工輸入字串;用戶還可以通過語音將字串讀出來,伺服器進行語音識別獲得字串。
圖3示出了根據本發明的一方面的由伺服器執行的支付方法的流程圖。
在步驟301,伺服器接收終端手機號(行動電話SIM卡號碼)和用戶帳號。
終端手機號(行動電話SIM卡號碼)和用戶帳號例如可以在註冊訊息中接收。
一般而言,用戶在設備上安裝應用(APP)客戶端並第一次啟用該客戶端之後,會向伺服器發送註冊訊息,該註冊訊息可包括終端的手機號和用戶申請的帳號。該註冊訊息可以來自用戶進行註冊的設備,可以是手機終端,也可以是其它計算設備。
在302,伺服器接收來自終端的終端硬體資訊和用戶帳號。
例如,終端在登錄應用客戶端時,可通過無線網路向伺服器發送終端硬體資訊和用戶帳號。
在303,伺服器使用接收到的終端硬體資訊和當前時間定時產生種子,並將種子與帳號和/或手機號相關聯地進行儲存。
伺服器可以使用恰當的演算法來產生種子。該演算法例如是hash演算法。當前時間值可以是伺服器產生種子的時間。
種子可以定期更新。例如,種子可以按一定時間間隔更新,例如,每隔一分鐘根據終端硬體資訊和當前時間定時產生一次。
進一步,產生種子的演算法也可定期更新,以保護種子的安全性,防止外部攻擊。
伺服器需要將種子與帳號和/或手機號的映射關係進行儲存,例如儲存在安全儲存區,該安全儲存區可以是終端中的某塊儲存單元,需保證該儲存單元中儲存的內容難以被該帳號和/或手機號對應的客戶端之外的其它裝置竊取。
在304,伺服器通過無線網路將所產生的種子發送給終端。
在305,伺服器接收來自終端的經加密字串。
具體而言,伺服器通過簡訊或手機呼叫接收來自終端的經加密字串。
在306,伺服器獲取終端對應的種子。
具體而言,伺服器通過簡訊或手機呼叫提取出終端的手機號,根據手機號來查找終端對應的種子。
在307,伺服器使用種子、終端硬體資訊和當前時間定時來產生訊標。
例如,伺服器可以使用與終端相同的演算法,利用種子、終端硬體資訊和當前時間定時來產生訊標。
在308,伺服器使用所產生的訊標對接收到的經加密字串解密,得到實體店ID和交易金額。
在309,伺服器可使用實體店ID、用戶帳號以及交易金額進行支付操作。
圖4示出了根據本發明的各方面的由終端執行的支付方法的流程圖。
在步驟401,終端接收來自伺服器的種子。
步驟401可對應於如圖1所示的步驟104。
該種子可以是伺服器根據先前從終端接收到的終端硬體資訊和當前時間定時產生的。
在步驟402,終端產生訊標。
在一方面,終端可以使用接收到的種子、終端硬體資訊和當前時間定時來產生訊標。
在步驟403,終端使用該訊標對包括實體ID和交易金額的字串進行加密得到經加密字串。
終端可以檢測掃碼指令,響應於檢測到掃碼指令而使用攝影裝置掃碼實體店的圖形碼,以及對圖形碼進行解析以獲取實體ID和/或交易金額。
終端也可以在輸入框中接收用戶輸入的交易金額。進一步,終端可以在輸入框中接收用戶輸入的支付密碼。
終端可使用步驟402中產生的訊標對包括實體ID、交易金額和支付密碼(若需要)的字串進行加密得到經加密字串。
在步驟404,終端使用簡訊或語音呼叫來傳送經加密字串。
圖5示出了根據本發明的各方面的由伺服器執行的支付方法的流程圖。
在步驟501,伺服器通過簡訊或語音呼叫接收來自終端的經加密字串。
在步驟502,伺服器獲取與該終端相對應的種子。
伺服器可以通過步驟501中的簡訊或語音呼叫終端的手機號,並且根據手機號獲取與終端相對應的種子。
在步驟503,伺服器產生訊標。
伺服器可以使用種子、終端硬體資訊和當前時間定時來產生訊標。
在步驟504,伺服器使用訊標對經加密字串進行解密。
可任選地,在501之前,伺服器可以接收終端的手機號、用戶帳號和終端硬體資訊;使用終端硬體資訊和當前時間定時產生種子;以及將種子發送給該終端以供終端產生經加密字串。
本文結合圖式闡述的說明描述了示例配置而不代表可被實現或者落在申請專利範圍的範圍內的所有示例。本文所使用的術語“示例性”意指“用作示例、實例或解說”,而並不意指“優於”或“勝過其他示例”。本詳細描述包括具體細節以提供對所描述的技術的理解。然而,可以在沒有這些具體細節的情況下實踐這些技術。在一些實例中,眾所周知的結構和設備以方塊圖形式示出以避免模糊所描述的示例的概念。
在圖式中,類似組件或特徵可具有相同的圖式標記。此外,相同類型的各個組件可通過在圖式標記後跟隨短劃線以及在類似組件之間進行區分的第二標記來加以區分。如果在說明書中僅使用第一圖式標記,則該描述可應用於具有相同的第一圖式標記的類似組件中的任何一個組件而不論第二圖式標記如何。
結合本文中的公開描述的各種解說性方塊以及模組可以用設計成執行本文中描述的功能的通用處理器、DSP、ASIC、FPGA或其他可程式化邏輯器件、離散的閘或電晶體邏輯、離散的硬體組件、或其任何組合來實現或執行。通用處理器可以是微處理器,但在替換方案中,處理器可以是任何常規的處理器、控制器、微控制器、或狀態機。處理器還可被實現為計算設備的組合(例如,DSP與微處理器的組合、多個微處理器、與DSP核心協同的一個或多個微處理器,或者任何其他此類配置)。
本文中所描述的功能可以在硬體、由處理器執行的軟體、韌體、或其任何組合中實現。如果在由處理器執行的軟體中實現,則各功能可以作為一條或多條指令或代碼儲存在電腦可讀取媒體上或藉其進行傳送。其他示例和實現落在本發明及所附申請專利範圍的範圍內。例如,由於軟體的本質,以上描述的功能可使用由處理器執行的軟體、硬體、韌體、硬連線或其任何組合來實現。實現功能的特徵也可物理地位於各種位置,包括被分佈以使得功能的各部分在不同的物理位置處實現。另外,如本文(包括申請專利範圍中)所使用的,在項目列舉(例如,以附有諸如“中的至少一個”或“中的一個或多個”之類的措辭的項目列舉)中使用的“或”指示包含性列舉,以使得例如A、B或C中的至少一個的列舉意指A或B或C或AB或AC或BC或ABC(即,A和B和C)。同樣,如本文所使用的,短語“基於”不應被解讀為引述封閉條件集。例如,被描述為“基於條件A”的示例性步驟可基於條件A和條件B兩者而不脫離本發明的範圍。換言之,如本文所使用的,短語“基於”應當以與短語“至少部分地基於”相同的方式來解讀。
電腦可讀取媒體包括非暫態電腦儲存媒體和通信媒體兩者,其包括促成電腦程式從一地向另一地轉移的任何媒體。非暫態儲存媒體可以是能被通用或專用電腦存取的任何可用媒體。作為示例而非限定,非暫態電腦可讀取媒體可包括RAM、ROM、電可抹除可程式化唯讀記憶體(EEPROM)、壓縮盤(CD)ROM或其他光盤儲存、磁盤儲存或其他磁儲存設備、或能被用來攜帶或儲存指令或資料結構形式的期望程式代碼手段且能被通用或專用電腦、或者通用或專用處理器存取的任何其他非暫態媒體。任何連接也被正當地稱為電腦可讀取媒體。例如,如果軟體是使用同軸電纜、光纖電纜、雙絞線、數位訂戶線(DSL)、或諸如紅外線、無線電、以及微波之類的無線技術從web網站、伺服器、或其它遠程源傳送而來的,則該同軸電纜、光纖電纜、雙絞線、數位訂戶線(DSL)、或諸如紅外線、無線電、以及微波之類的無線技術就被包括在媒體的定義之中。如本文所使用的盤(disk)和碟(disc)包括CD、激光碟、光碟、數位通用碟(DVD)、軟盤和藍光碟,其中盤常常磁性地再現資料而碟用激光來光學地再現資料。以上媒體的組合也被包括在電腦可讀取媒體的範圍內。
提供本文的描述是為了使得本領域技術人員能夠製作或使用本發明。對本發明的各種修改對於本領域技術人員將是顯而易見的,並且本文中定義的普適原理可被應用於其他變形而不會脫離本發明的範圍。由此,本發明並非被限定於本文所描述的示例和設計,而是應被授予與本文所公開的原理和新穎特徵相一致的最廣範圍。In order to make the above objectives, features, and advantages of the present invention more obvious and understandable, the specific embodiments of the present invention will be described in detail below in conjunction with the drawings.
In the following description, many specific details are set forth in order to fully understand the present invention, but the present invention can also be implemented in other ways different from those described herein, so the present invention is not limited by the specific embodiments disclosed below.
Fig. 1 shows a message flow diagram of the payment method according to the present invention.
The payment system of the present invention includes a user terminal, a server, and physical (physical store) equipment.
The user terminal may be a mobile terminal (such as a mobile phone). The user terminal may have a camera for scanning the image code. The user terminal can send text messages (for example, short messages) and make voice calls, and it can also communicate via wireless networks (for example, WiFi, 3G, 4G, etc.).
The server may be a payment backend, such as an Alipay backend server. The server may receive a payment request from the user terminal, and execute the payment from the terminal to the physical store (for example, transfer money to the physical store).
The physical store device may be a graphic code of the physical store, and the graphic code includes physical store information, for example, a physical store ID (identifier).
The following describes the message flow diagram of the payment method in a weak network environment according to the present invention.
At 101, the server receives a registration message from the user. The registration message includes the terminal's mobile phone number (mobile phone SIM card number) and user account.
Generally speaking, after a user installs an application (APP) client on the device and activates the client for the first time, a registration message is sent to the server, and the registration message may include the mobile phone number of the mobile terminal and the account that the user applied for. The account is, for example, an account, an email address, and a user's mobile phone number defined by the user.
The registration message can come from the device where the user registers, it can be a mobile phone terminal, or other computing devices.
After the server receives the registration message, it can store the mobile phone number in association with the user account.
At 102, the terminal sends the terminal hardware information and the user account to the server.
For example, when the user logs in to the application client for the first time, the terminal can send the terminal hardware information and user account to the server via the wireless network.
The terminal hardware information is an inherent characteristic of the terminal, for example, information that is unique to the terminal. Terminal hardware information can include IMEI (
International Mobile Equipment Identity, International Mobile Subscriber Identification Number), IMSI (International Mobile Subscriber Identification Number, International Mobile Subscriber Identification Number) and so on.
The server then stores the terminal hardware information in association with the user account.
After steps 101 and 102, the server can store the terminal hardware information in association with the user account and mobile phone number.
Please note that although steps 101 and 102 are described in two steps in FIG. 1, they can also be combined into one step. For example, when the user opens the application client registration on the terminal, the terminal's mobile phone number, terminal hardware information, and user account can be sent to the server at the same time. From this, the server can create a mapping between terminal hardware information and mobile phone numbers and user accounts.
At 103, the server periodically generates seeds according to the received terminal hardware information and the current time, and stores the seeds in association with the user account and/or mobile phone number.
The server can use an algorithm to generate the seed. The algorithm is, for example, a hash algorithm.
The current time value may be the time when the server 103 generates the seed.
The seeds can further be updated regularly. For example, the seed can be generated at a certain time interval, for example, every one minute based on the terminal hardware information and the current time.
Furthermore, the algorithm for generating seeds can also be updated regularly to protect the security of seeds and prevent external attacks.
The server needs to store the mapping relationship between the seed and the mobile phone number. For example, the terminal can search for the mobile phone number associated with the terminal hardware information used to generate the seed through the mapping relationship between the terminal hardware information and the mobile phone number, and associate the generated seed with the mobile phone number to generate a mapping.
The mapping relationship can be stored in a secure storage area. The secure storage area may be a certain storage unit in the server, and it is necessary to ensure that the content stored in the storage unit is difficult to be stolen by other devices other than the client corresponding to the account and/or mobile phone number.
At 104, the server sends the generated seed to the terminal. The server can send the generated seeds to the terminal via the wireless network.
The terminal receives the seeds through the wireless network and stores the received seeds.
The above steps 103-104 describe the process of server generation and distribution of seeds.
When the user is shopping in the store, he can scan the graphic code of the physical store to complete the payment process after purchasing the goods for settlement.
At 105, after the terminal detects the code scanning instruction, it calls the camera device to scan the graphic code of the physical store, analyzes the graphic code, and obtains the physical store ID corresponding to the graphic code.
The unique physical store ID is encoded in the graphic code of the physical store. The terminal obtains the physical store ID by scanning the graphic code.
The scan code instruction can be that the user clicks "Scan" on the client application. When the terminal detects the scan code instruction, it calls the photography application to scan the graphic code to obtain the corresponding physical store ID. The graphic code can be a two-dimensional bar code, including but not limited to QR (Quick Response) code, PDF417
(Portable Document Format 417) two-dimensional bar code, Datamatrix (a matrix two-dimensional bar code) two-dimensional bar code, etc. The graphic code of the present invention is a graphic code obtained after the physical store ID is coded according to a preset graphic coding rule. For example, if the graphic code is a QR code, the graphic code is a graphic code obtained by encoding a physical store ID using QR coding rules. In another example, if the graphic code is a PDF417 code, the graphic code is a graphic code obtained by encoding the physical store ID using the PDF417 coding rule.
The photographic application may be an application capable of scanning and analyzing the graphic code. In the embodiment of the present invention, the photography application may be a photography application in a terminal system, for example, a camera built into a mobile phone system. In this step, after calling the photographing application to scan the complete graphic code, the photographing application may use a preset coding rule to parse the graphic code to obtain the physical store ID. For example, if the graphic code is a QR code, the photography application can parse the graphic code according to the QR code rules to obtain the physical store ID; if the graphic code is a PDF417 code, the photography application can follow the PDF417 coding rules for the graphic code Perform analysis to obtain the physical store ID.
In the embodiment of this specification, a graphic code is set for the physical store. When the user needs to pay to the physical store, he can operate the payment client to scan the graphic code of the physical store.
After the payment client receives the shopping scan operation trigger, it calls the camera device to scan the graphic code of the physical store. The shopping scan operation trigger here can be a trigger from a user operation, for example, the user clicks the "Scan" button in the application as The payment scan operation is triggered.
At 106, the terminal displays an input box for the user to input in response to the scanning operation of 105.
After the terminal obtains the physical store ID by scanning the code, it can further display the payment operation interface for the user to make payment. In one aspect, the payment interface can display a physical store identifier and an input box, prompting the user to input the amount to be paid to the physical store. In the case that the transaction requires a payment password, the payment interface may also prompt the user to enter the password.
Please note that the above describes the scheme in which the terminal scans the QR code of the physical store to obtain the physical store ID, and prompts the user to enter the amount and password (if required). In an alternative implementation, it is also possible that the physical store inputs the amount to be paid by the user on the graphic code generating device, so that the generated graphic code includes both the physical store ID and the payment that the user needs to pay. The terminal can scan the graphic code to obtain the physical store ID and amount information.
If the physical store embeds the payment amount in the graphic code and the payment does not require a password (ie, password-free payment), step 106 can be omitted.
At 107, the terminal generates a token based on the stored seed, terminal hardware information, and time timing.
For example, the terminal may use a suitable algorithm (for example, a hash algorithm, etc.) to calculate the seed, terminal hardware information, and current time to obtain the beacon.
The current time timing may be the time when the terminal generates the beacon at 107.
Generally speaking, only terminals and servers can obtain the beacon, and it is difficult for other devices to obtain the beacon.
At 108, the terminal uses the physical store ID, the entered transaction amount, and the generated beacon to generate an encrypted string.
Specifically, the terminal may first form a string of the physical store ID and the input transaction amount, and use the generated beacon to encrypt the string to generate an encrypted string.
In the case that a payment password is required, the terminal can form a string of the physical store ID, the entered transaction amount, and the payment password, and use the generated beacon to encrypt the string to generate an encrypted string. The encryption algorithm may be a symmetric encryption algorithm, for example, an AES (Advanced Encryption Standard) algorithm.
At 109, the terminal sends the encrypted string generated at 108 to the server through a text message or a mobile phone call.
The terminal can send the encrypted string to the server via SMS. For example, the user enters a string in the text message edit box and sends it through the text message. For example, the terminal can automatically call the SMS interface in response to the wireless network being undetected, fill in a string, and let the user confirm whether to send or send it automatically.
Alternatively, the terminal can also call the server in response to the failure of the wireless network to manually input the string; the user can also read the string through voice, and the server performs voice recognition to obtain the string.
At 110, the server recognizes the mobile phone number of the terminal, and obtains the seed of the terminal according to the mobile phone number.
For example, the server can identify the user's account based on the mobile phone number, and then obtain the stored terminal seed based on the account.
At 111, the server uses the obtained seed, terminal hardware information, and current time timing to generate a beacon.
For example, the server can use the same algorithm as the terminal to generate the beacon using the obtained seed, terminal hardware information, and current time and timing.
The current time timing can be the time when the server generates the beacon in step 111.
At 112, the server uses the generated beacon to decrypt the received encrypted string to obtain the physical store ID and transaction amount.
The server can use the same algorithm used by the terminal in step 108 to decrypt the encrypted string. The algorithm may be a symmetric encryption algorithm, for example, an AES (Advanced Encryption Standard) algorithm.
In 113, the server can use the physical store ID, user account number (identified by SMS or mobile phone number of the mobile phone call at 110) and the transaction amount for payment operations.
Fig. 2 shows a flowchart of a payment method executed by a terminal according to an aspect of the present invention.
In step 201, the terminal sends the terminal hardware information and the user account to the server.
For example, when a terminal logs in to an application client, it can send terminal hardware information and user accounts to the server via a wireless network.
The server generally receives the user's terminal phone number and user account in the previous registration message, and stores the terminal phone number and user account in association. After receiving the terminal hardware information and user account from the terminal, the server can use the user account to establish a mapping between the terminal phone number and the terminal hardware information.
In step 202, the terminal receives the seed from the server.
The seed can be generated by the server using terminal hardware information and current time timing.
In 203, after detecting the code scanning instruction, the terminal invokes the camera device to scan the graphic code of the physical store.
The terminal can parse the graphic code to obtain the physical store ID corresponding to the graphic code. A unique physical store ID can be encoded in the graphic code of the physical store. The terminal obtains the physical store ID by scanning the graphic code of the physical store.
In the case that the amount information is encoded in the graphic code, the terminal can also parse the amount information from the graphic code.
At 204, the terminal displays a payment interface for user input in response to the scanning operation.
After the terminal obtains the physical store ID, it can further display the payment operation interface for the user to make payment.
For example, the payment interface may display a physical store identifier and an input box, prompting the user to enter the amount to be paid to the physical store and the payment password (if required).
In 205, the terminal generates a beacon based on the received seed, terminal hardware information, and current time timing.
For example, the terminal may use a suitable algorithm (for example, a hash algorithm, etc.) to calculate the seed, terminal hardware information, and current time to obtain the beacon. The terminal can form a string of the physical store ID, transaction amount and payment password (if necessary), and use the generated beacon to encrypt the string to generate an encrypted string
Generally speaking, only terminals and servers can obtain the beacon, and it is difficult for other devices to obtain the beacon.
At 206, the terminal uses the physical store ID, the entered transaction amount, and the beacon to generate an encrypted string.
Specifically, the encrypted string is generated by encrypting the physical store ID and transaction amount using a beacon.
The encryption algorithm can be a symmetric encryption algorithm, such as AES(
Advanced Encryption Standard) algorithm.
At 207, the terminal sends the generated encrypted string to the server for payment.
The terminal can send the encrypted string to the server via SMS. For example, the user enters a string in the text message edit box and sends it through the text message.
Alternatively, the terminal can also call the server with a mobile phone to manually input the string; the user can also read the string through voice, and the server performs voice recognition to obtain the string.
Fig. 3 shows a flowchart of a payment method executed by a server according to an aspect of the present invention.
In step 301, the server receives the terminal mobile phone number (mobile phone SIM card number) and the user account.
The terminal phone number (mobile phone SIM card number) and user account can be received in the registration message, for example.
Generally speaking, after a user installs an application (APP) client on the device and activates the client for the first time, a registration message is sent to the server. The registration message may include the mobile phone number of the terminal and the account that the user applied for. The registration message can come from the device where the user registers, it can be a mobile phone terminal, or other computing devices.
In 302, the server receives the terminal hardware information and user account from the terminal.
For example, when a terminal logs in to an application client, it can send terminal hardware information and user accounts to the server via a wireless network.
In 303, the server uses the received terminal hardware information and the current time to generate a seed regularly, and stores the seed in association with the account number and/or mobile phone number.
The server can use appropriate algorithms to generate seeds. The algorithm is, for example, a hash algorithm. The current time value can be the time when the server generates the seed.
Seeds can be updated regularly. For example, the seed can be updated at a certain time interval, for example, it is periodically generated once every minute based on the terminal hardware information and the current time.
Furthermore, the algorithm for generating seeds can also be updated regularly to protect the security of seeds and prevent external attacks.
The server needs to store the mapping relationship between the seed and the account and/or mobile phone number, for example, in a secure storage area. The secure storage area may be a storage unit in the terminal. It is necessary to ensure that the content stored in the storage unit is difficult to be The account and/or mobile phone number corresponding to other devices other than the client are stolen.
At 304, the server sends the generated seed to the terminal via the wireless network.
At 305, the server receives the encrypted string from the terminal.
Specifically, the server receives the encrypted string from the terminal through a text message or a mobile phone call.
At 306, the server obtains the seed corresponding to the terminal.
Specifically, the server extracts the mobile phone number of the terminal through a text message or a mobile phone call, and searches for the seed corresponding to the terminal according to the mobile phone number.
At 307, the server uses the seed, terminal hardware information, and current time timing to generate the beacon.
For example, the server can use the same algorithm as the terminal, using seeds, terminal hardware information, and current time and timing to generate beacons.
At 308, the server uses the generated beacon to decrypt the received encrypted string to obtain the physical store ID and transaction amount.
At 309, the server can use the physical store ID, user account number, and transaction amount to perform a payment operation.
Fig. 4 shows a flowchart of a payment method executed by a terminal according to various aspects of the present invention.
In step 401, the terminal receives the seed from the server.
Step 401 may correspond to step 104 shown in FIG. 1.
The seed may be periodically generated by the server based on the terminal hardware information previously received from the terminal and the current time.
In step 402, the terminal generates a beacon.
In one aspect, the terminal can use the received seed, terminal hardware information, and current time timing to generate the beacon.
In step 403, the terminal uses the beacon to encrypt the string including the entity ID and the transaction amount to obtain the encrypted string.
The terminal can detect the code scanning instruction, use the photographing device to scan the graphic code of the physical store in response to detecting the code scanning instruction, and parse the graphic code to obtain the entity ID and/or transaction amount.
The terminal can also receive the transaction amount entered by the user in the input box. Further, the terminal may receive the payment password input by the user in the input box.
The terminal can use the beacon generated in step 402 to encrypt the string including the entity ID, the transaction amount, and the payment password (if necessary) to obtain an encrypted string.
In step 404, the terminal transmits the encrypted string using a short message or a voice call.
Fig. 5 shows a flowchart of a payment method executed by a server according to various aspects of the present invention.
In step 501, the server receives the encrypted string from the terminal through a text message or a voice call.
In step 502, the server obtains a seed corresponding to the terminal.
The server can call the mobile phone number of the terminal through the short message or voice in step 501, and obtain the seed corresponding to the terminal according to the mobile phone number.
In step 503, the server generates a beacon.
The server can use seeds, terminal hardware information, and current time timing to generate beacons.
In step 504, the server decrypts the encrypted string using the beacon.
Optionally, before 501, the server can receive the terminal's mobile phone number, user account, and terminal hardware information; use the terminal hardware information and the current time to generate seeds at regular intervals; and send the seeds to the terminal for the terminal to generate experience Encrypted string.
The description set forth herein in conjunction with the drawings describes example configurations and does not represent all examples that can be implemented or fall within the scope of the patent application. The term "exemplary" as used herein means "serving as an example, instance, or illustration", and does not mean "better" or "outperform other examples." This detailed description includes specific details to provide an understanding of the described technology. However, these techniques can be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form to avoid obscuring the concepts of the described examples.
In the drawings, similar components or features may have the same drawing marks. In addition, various components of the same type can be distinguished by a dash followed by a schematic mark and a second mark that distinguishes between similar components. If only the first drawing label is used in the specification, the description can be applied to any one of the similar components having the same first drawing label regardless of the second drawing label.
The various illustrative blocks and modules described in conjunction with the disclosure herein can be used as general-purpose processors, DSPs, ASICs, FPGAs or other programmable logic devices, discrete gates or transistor logic, designed to perform the functions described in this article. Discrete hardware components, or any combination thereof, to realize or execute. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. The processor may also be implemented as a combination of computing devices (for example, a combination of a DSP and a microprocessor, multiple microprocessors, one or more microprocessors in cooperation with a DSP core, or any other such configuration).
The functions described herein can be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software executed by a processor, each function can be stored as one or more instructions or codes on a computer readable medium or transmitted through it. Other examples and implementations fall within the scope of the present invention and the attached patent application. For example, due to the nature of software, the functions described above can be implemented using software, hardware, firmware, hard-wired, or any combination thereof executed by a processor. The features that implement the function may also be physically located in various locations, including being distributed so that various parts of the function are implemented at different physical locations. In addition, as used herein (including in the scope of the patent application), use in item enumeration (e.g., item enumeration accompanied by words such as "at least one of" or "one or more of") The "or" of indicates an inclusive enumeration, such that, for example, the enumeration of at least one of A, B, or C means A or B or C or AB or AC or BC or ABC (ie, A and B and C). Likewise, as used herein, the phrase "based on" should not be read as quoting a closed set of conditions. For example, an exemplary procedure described as "based on condition A" may be based on both condition A and condition B without departing from the scope of the present invention. In other words, as used herein, the phrase "based on" should be read in the same way as the phrase "based at least in part."
Computer-readable media includes both non-transitory computer storage media and communication media, including any media that facilitates the transfer of computer programs from one place to another. Non-transitory storage media can be any available media that can be accessed by general-purpose or dedicated computers. By way of example and not limitation, non-transitory computer-readable media may include RAM, ROM, electrically erasable programmable read-only memory (EEPROM), compact disk (CD) ROM or other optical disk storage, disk storage or other Magnetic storage device, or any other non-transitory medium that can be used to carry or store instructions or desired program code means in the form of data structure and that can be accessed by general-purpose or special-purpose computers, or general-purpose or special-purpose processors. Any connection is also legitimately referred to as computer readable media. For example, if the software is transmitted from a web site, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technology such as infrared, radio, and microwave Yes, the coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave are included in the definition of media. Disks and discs as used herein include CDs, laser discs, optical discs, digital versatile discs (DVD), floppy discs and Blu-ray discs, where discs often reproduce data magnetically and discs reproduce data optically with laser . The combination of the above media is also included in the scope of computer readable media.
The description herein is provided to enable those skilled in the art to make or use the present invention. Various modifications to the present invention will be obvious to those skilled in the art, and the general principles defined herein can be applied to other modifications without departing from the scope of the present invention. Therefore, the present invention is not limited to the examples and designs described herein, but should be granted the widest scope consistent with the principles and novel features disclosed herein.
