TWI662492B - Payment token-based payment method and payment token-based payment system - Google Patents
Payment token-based payment method and payment token-based payment system Download PDFInfo
- Publication number
- TWI662492B TWI662492B TW106129174A TW106129174A TWI662492B TW I662492 B TWI662492 B TW I662492B TW 106129174 A TW106129174 A TW 106129174A TW 106129174 A TW106129174 A TW 106129174A TW I662492 B TWI662492 B TW I662492B
- Authority
- TW
- Taiwan
- Prior art keywords
- payment
- token
- mark
- mobile terminal
- dynamic
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3276—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
Abstract
本發明涉及基於支付標記的支付方法以及基於支付標記的支付系統。該方法包括下述步驟:綁定步驟,基於銀行卡資訊生成靜態支付標記,將所述靜態支付標記與終端標識資訊綁定,其中,所述銀行卡資訊至少包括銀行卡帳號;支付標識圖像生成步驟,在需要進行支付時,根據終端標識資訊和靜態支付標記生成動態支付標記以使得用該動態支付標記替換銀行卡帳號,根據該動態支付標記生成支付標識圖像;以及支付交易步驟,讀取該支付標識圖像,將該支付標識圖像中包含的動態支付標記替換回銀行卡帳號來完成後續的支付交易。根據本發明的能夠提高行動支付的安全性,能夠防止資訊洩露導致的欺詐交易。 The present invention relates to a payment method based on a payment mark and a payment system based on a payment mark. The method includes the following steps: a binding step of generating a static payment token based on bank card information, and binding the static payment token with terminal identification information, wherein the bank card information includes at least a bank card account number; and a payment identification image A generating step, when payment is required, generating a dynamic payment token according to the terminal identification information and a static payment token so that the bank card account number is replaced with the dynamic payment token, and generating a payment identification image based on the dynamic payment token; and a payment transaction step, reading Take the payment identification image and replace the dynamic payment token contained in the payment identification image back to the bank card account to complete subsequent payment transactions. According to the present invention, the security of mobile payment can be improved, and fraudulent transactions caused by information leakage can be prevented.
Description
本發明涉及電腦應用技術領域,特別地涉及一種基於支付標記的支付方法以及基於支付標記的支付系統。 The present invention relates to the field of computer application technology, and particularly to a payment method based on a payment mark and a payment system based on a payment mark.
隨著二維碼應用的興起,國內各個網際網路公司及商業銀行都在推動二維碼技術應用於支付,目前二維碼支付技術已廣泛應用。二維碼支付是消費者通過銀行或協力廠商支付提供的手機端通道掃描商品二維碼,進而完成支付。在該支付技術方案下,商家把帳號、商品價格等交易資訊彙編成一個二維碼,並在各種載體上發佈。這種方式有如下缺點: 越來越多的不法分子將銀行卡資訊視為攻擊目標,目前二維碼普遍以銀行卡主帳號明文生成,持卡人帳戶資訊的洩露導致商戶面臨巨大的經濟風險。 With the rise of two-dimensional code applications, various domestic Internet companies and commercial banks are promoting the application of two-dimensional code technology for payment. At present, two-dimensional code payment technology has been widely used. Two-dimensional code payment is a way for consumers to scan the two-dimensional code of a product through a mobile phone channel provided by a bank or third-party payment to complete the payment. Under this payment technology solution, merchants compile transaction information such as account numbers and product prices into a two-dimensional code and publish it on various carriers. This method has the following disadvantages: More and more criminals regard bank card information as the target of attack. At present, two-dimensional codes are generally generated in plain text of the bank card main account number. The leakage of cardholder account information causes merchants to face huge economic risks.
一旦在網際網路上攻擊手機用戶端和商戶二維碼設備,篡改支付資訊和支付結果,支付過程將不可控。 Once the mobile phone client and merchant QR code devices are attacked on the Internet, and the payment information and payment results are tampered with, the payment process will be uncontrollable.
鑒於上述問題,本發明的目的在於,提供一種能夠提高交易安全性的基於支付標記的支付方法以及基於支付標記的支付系統。 In view of the above problems, an object of the present invention is to provide a payment method based on a payment mark and a payment system based on a payment mark, which can improve transaction security.
本發明的基於支付標記的支付方法,其特徵在於,包括下述步驟:綁定步驟,基於銀行卡資訊生成靜態支付標記,將所述靜態支付標記與終端標識資訊綁定,其中,所述銀行卡資訊至少包括銀行卡帳號;支付標識圖像生成步驟,在需要進行支付時,根據終端標識資訊和靜態支付標記生成動態支付標記以使得用該動態支付標記替換銀行卡帳號,根據該動態支付標記生成支付標識圖像;以及支付交易步驟,讀取該支付標識圖像,將該支付標識圖像中包含的動態支付標記替換回銀行卡帳號來完成後續的支付交易。 The payment method based on the payment token of the present invention is characterized by comprising the following steps: a binding step of generating a static payment token based on bank card information, and binding the static payment token with terminal identification information, wherein the bank The card information includes at least a bank card account number; a payment identification image generating step, when payment is required, generates a dynamic payment token based on the terminal identification information and a static payment token so that the bank card account number is replaced with the dynamic payment token, and according to the dynamic payment token Generating a payment identification image; and a payment transaction step, reading the payment identification image, and replacing the dynamic payment token contained in the payment identification image back to a bank card account number to complete subsequent payment transactions.
優選地,在所述綁定步驟中,支付標記管理系統根據從行動終端發送來的銀行卡資訊生成靜態支付標記,將所述靜態支付標記與終端標識資訊綁定並將所述靜態支付標記儲存於支付標記管理系統和行動終端,在支付標識圖像生成步驟中,支付標記管理系統驗證從行動終端發送來的終端標識資訊和靜態支付標記,在驗證成功的情況下生成動態支付標記並發送給行動終端,行動 終端根據該動態支付標記生成支付標識圖像,在所述支付交易步驟中,商戶終端掃描所述支付標識圖像並發送到支付系統後轉發支付標記管理系統驗證動態支付標記,在驗證成功的情況下將動態支付標記替換成銀行卡資訊後返回支付系統,由支付系統完成後續支付交易。 Preferably, in the binding step, the payment mark management system generates a static payment mark according to the bank card information sent from the mobile terminal, binds the static payment mark to the terminal identification information and stores the static payment mark In the payment mark management system and mobile terminal, in the payment identification image generation step, the payment mark management system verifies the terminal identification information and the static payment mark sent from the mobile terminal, and if the verification is successful, generates a dynamic payment mark and sends it to Mobile terminal The terminal generates a payment identification image according to the dynamic payment mark. In the payment transaction step, the merchant terminal scans the payment identification image and sends it to the payment system, and then forwards the payment mark management system to verify the dynamic payment mark. The dynamic payment token is replaced with bank card information and returned to the payment system, and the payment system completes subsequent payment transactions.
優選地,所述綁定步驟包括下述子步驟:持卡人通過行動終端向支付標記管理系統提交銀行卡資訊;行動終端採集終端標識資訊發送到支付標記管理系統;支付標記管理系統驗證持卡人的身份資訊;在驗證成功的情況下,支付標記管理系統生成靜態支付標記;支付標記管理系統儲存該靜態支付標記並發送到行動終端;以及在行動終端用該靜態支付標記替換銀行卡帳號並儲存於行動終端。 Preferably, the binding step includes the following sub-steps: the cardholder submits bank card information to the payment mark management system through the mobile terminal; the mobile terminal collects terminal identification information and sends it to the payment mark management system; the payment mark management system verifies the card The identity information of the person; if the verification is successful, the payment token management system generates a static payment token; the payment token management system stores the static payment token and sends it to the mobile terminal; and replaces the bank card account number with the static payment token at the mobile terminal and Stored in a mobile terminal.
優選地,所述支付標識圖像生成步驟包括下述子步驟:行動終端根據支付請求將靜態支付標記和終端標識資訊發送到支付標記管理系統;支付標記管理系統驗證從行動終端發送來的終端標識資訊和靜態支付標記; 在驗證成功的情況下生成一次性使用的動態支付標記並發送給行動終端;行動終端根據該動態支付標記生成支付標識圖像。 Preferably, the payment identification image generating step includes the following sub-steps: the mobile terminal sends the static payment mark and the terminal identification information to the payment mark management system according to the payment request; the payment mark management system verifies the terminal identification sent from the mobile terminal Information and static payment tokens; When the verification is successful, a one-time dynamic payment token is generated and sent to the mobile terminal; the mobile terminal generates a payment identification image according to the dynamic payment token.
優選地,所述支付交易步驟包括:商戶終端掃描所述支付標識圖像並識別交易資訊;將交易資訊發送到支付系統並調用支付標記管理系統驗證所述交易資訊中包含的動態支付標記和終端標識資訊;在驗證成功的情況下將動態支付標記替換成銀行卡帳號後返回支付系統;由支付系統完成後續支付交易。 Preferably, the payment transaction step includes: a merchant terminal scans the payment identification image and identifies transaction information; sends the transaction information to a payment system and invokes a payment mark management system to verify the dynamic payment mark and terminal included in the transaction information Identification information; if the verification is successful, the dynamic payment token is replaced with a bank card account number and returned to the payment system; the payment system completes subsequent payment transactions.
優選地,所述支付標識圖像是二維碼或者條碼。 Preferably, the payment identification image is a two-dimensional code or a bar code.
優選地,所述銀行卡資訊還包括號姓名、手機號碼,所述終端標識資訊包括終端設備號、MAC位址。 Preferably, the bank card information further includes a number name and a mobile phone number, and the terminal identification information includes a terminal device number and a MAC address.
本發明的基於支付標記的支付系統,其特徵在於,具備:行動終端、支付標記管理系統、商戶終端以及支付系統,其中,所述行動終端與所述支付標記管理系統能夠通信連接,在綁定階段用於儲存下述的靜態支付標記,在支付階段用於根據下述的動態支付標記生成支付標識圖像,所述支付標記管理系統在綁定階段用於根據生成用於替代銀行卡帳號的靜態支付標記,在支付階段用於生成動 態支付標記,另一方面在受到所述支付系統調用的情況下,用於驗證從行動終端上傳的支付標識圖像中包含的動態支付標記並且在驗證成功的情況下將動態支付標記替換成銀行卡帳號後返回支付系統,所述商戶終端在支付階段用於讀取所述支付標識圖像並發送到支付系統,所述支付系統在收到所述支付標記圖像的情況下調用所述支付標記管理系統以獲得銀行卡帳號並完成後續支付交易。 The payment system based on the payment mark of the present invention is characterized by comprising: a mobile terminal, a payment mark management system, a merchant terminal, and a payment system, wherein the mobile terminal and the payment mark management system can be communicatively connected, and The stage is used to store the following static payment tokens, and the payment stage is used to generate a payment identification image based on the following dynamic payment tokens. The payment token management system is used in the binding stage to generate the payment card replacement account information. Static payment token, used to generate activity during the payment phase On the other hand, in the case of being called by the payment system, on the other hand, it is used to verify the dynamic payment token contained in the payment identification image uploaded from the mobile terminal and replace the dynamic payment token with a bank if the verification is successful After the card account number is returned to the payment system, the merchant terminal is used to read the payment identification image and send it to the payment system during the payment phase, and the payment system calls the payment when the payment mark image is received Tag management system to obtain bank card account number and complete subsequent payment transactions.
優選地,所述行動終端在綁定階段用於將銀行卡資訊和終端標識資訊發送到所述支付標記管理系統並且用於儲存從所述支付標記管理系統返回的下述的靜態支付標記,在支付階段用於根據從所述支付標記管理行動終端發送來的動態支付標記生成支付標識圖像,所述支付標記管理系統在綁定階段用於根據來自所述行動終端的銀行卡資訊生成用於替代銀行卡帳號的靜態支付標記並且將所述靜態支付標記與終端標識資訊綁定;在支付階段用於驗證從行動終端發送來的終端標識資訊和靜態支付標記,在驗證成功的情況下生成動態支付標記並發送給行動終端,另一方面在受到所述支付系統調用的情況下,用於驗證從行動終端上傳的支付標識圖像中包含的動態支付標記並且在驗證成功的情況下將動態支付標記替換成銀行卡帳號後返回支付系統。 Preferably, the mobile terminal is used to send bank card information and terminal identification information to the payment mark management system during the binding phase and to store the following static payment marks returned from the payment mark management system, in The payment phase is used to generate a payment identification image according to the dynamic payment mark sent from the payment mark management mobile terminal, and the payment mark management system is used in the binding phase to generate a payment identification image based on bank card information from the mobile terminal. Replace the static payment token of the bank card account and bind the static payment token with the terminal identification information; used to verify the terminal identification information and static payment token sent from the mobile terminal during the payment phase, and generate dynamics if the verification is successful The payment mark is sent to the mobile terminal. On the other hand, when it is called by the payment system, it is used to verify the dynamic payment mark contained in the payment identification image uploaded from the mobile terminal and the dynamic payment will be made if the verification is successful. The token is replaced with the bank card account number and returned to the payment system.
優選地,所述支付標記管理系統在交易階段 用於生成一次性使用的動態支付標記。 Preferably, the payment mark management system is in a transaction stage Used to generate single-use dynamic payment tokens.
優選地,所述行動終端在支付階段用於根據所述動態支付標記生成的支付標識圖像是二維碼或者條碼。 Preferably, the payment identification image generated by the mobile terminal during the payment phase based on the dynamic payment mark is a two-dimensional code or a bar code.
優選地,所述銀行卡資訊還包括號姓名、手機號碼,所述終端標識資訊包括終端設備號、MAC位址。 Preferably, the bank card information further includes a number name and a mobile phone number, and the terminal identification information includes a terminal device number and a MAC address.
本發明的基於支付標記的支付方法以及基於支付標記的支付系統中,由於使用動態支付標記資訊替換了原始的銀行卡帳號,能夠杜絕卡號資訊洩露的可能。另外,由於在支付標記產生時,對支付標記應用的範圍進行了限定,即,通過增加終端標識資訊使得該支付標記的應用範圍僅是限定在該行動終端,由此能夠進一步降低支付標記洩露後的影響範圍。而且,通過支付標記與行動終端的關聯資訊驗證,能夠防止資訊洩露導致的欺詐交易。 In the payment method based on the payment mark and the payment system based on the payment mark of the present invention, since the original bank card account number is replaced with the dynamic payment mark information, the possibility of leakage of card number information can be prevented. In addition, when the payment mark is generated, the scope of the application of the payment mark is limited, that is, by increasing the terminal identification information, the application range of the payment mark is limited to the mobile terminal, which can further reduce the leakage of the payment mark. Range of influence. Furthermore, by verifying the information associated with the payment token and the mobile terminal, fraudulent transactions caused by information leakage can be prevented.
100‧‧‧行動終端 100‧‧‧ mobile terminal
200‧‧‧支付標記管理系統 200‧‧‧ payment mark management system
300‧‧‧商戶終端 300‧‧‧ Merchant Terminal
400‧‧‧支付系統 400‧‧‧ payment system
S100‧‧‧步驟 S100‧‧‧step
S101‧‧‧步驟 S101‧‧‧step
S102‧‧‧步驟 S102‧‧‧step
S103‧‧‧步驟 S103‧‧‧step
S104‧‧‧步驟 S104‧‧‧step
S105‧‧‧步驟 S105‧‧‧step
S106‧‧‧步驟 S106‧‧‧step
S107‧‧‧步驟 S107‧‧‧step
S108‧‧‧步驟 S108‧‧‧step
S109‧‧‧步驟 S109‧‧‧step
S110‧‧‧步驟 S110‧‧‧step
S111‧‧‧步驟 S111‧‧‧step
圖1是表示本發明的基於支付標記的支付系統的構造圖。 FIG. 1 is a configuration diagram showing a payment system based on a payment mark of the present invention.
圖2是表示本發明的基於支付標記的支付方法的流程圖。 FIG. 2 is a flowchart showing a payment method based on a payment flag of the present invention.
下面介紹的是本發明的多個實施例中的一些,旨在提供對本發明的基本瞭解。並不旨在確認本發明的關鍵或決定性的要素或限定所要保護的範圍。 The following describes some of the various embodiments of the present invention and is intended to provide a basic understanding of the present invention. It is not intended to identify key or critical elements of the invention or to limit the scope of protection.
本發明提供了一種基於支付標記的支付方法和支付系統。本發明中通過支付標記化技術將銀行卡主帳號、姓名、手機號、有效期等資訊用一個唯一的靜態支付標記來替代,並建立靜態支付標記與終端標識資訊的綁定關係,同時,使用動態支付標記與終端標識資訊生成支付標記向(例如,二維碼等),在交易過程中,使用動態支付標記替換銀行卡主帳號,同時提交與靜態支付標記綁定的終端標識資訊。最終通過支付標記管理方的驗證與替換,將交易資訊從支付系統發送到發卡行,完成交易。通過支付標記化技術的替換與終端的綁定,保證了銀行卡主帳號等敏感資訊的安全,同時又提高支付的安全性。 The invention provides a payment method and a payment system based on a payment mark. In the present invention, through the payment tokenization technology, the bank card main account number, name, mobile phone number, expiration date and other information are replaced by a unique static payment token, and the binding relationship between the static payment token and the terminal identification information is established. The payment token and the terminal identification information generate a payment token direction (for example, a two-dimensional code, etc.). In the transaction process, a dynamic payment token is used to replace the bank card main account number, and at the same time, the terminal identification information bound to the static payment token is submitted. Finally, the transaction information is sent from the payment system to the card issuer through the verification and replacement of the payment token manager to complete the transaction. Through the replacement of payment tokenization technology and the binding of the terminal, the security of sensitive information such as the bank card main account number is guaranteed, and the security of payment is improved.
圖1是表示本發明的基於支付標記的支付系統的構造圖。 FIG. 1 is a configuration diagram showing a payment system based on a payment mark of the present invention.
如圖1所示,本發明的基於支付標記的支付系統包括:行動終端100、支付標記管理系統200、支付系統400以及商戶終端300。 As shown in FIG. 1, the payment tag-based payment system of the present invention includes a mobile terminal 100, a payment tag management system 200, a payment system 400, and a merchant terminal 300.
行動終端100例如是手機、行動平板電腦等的行動終端,其中安裝有實現支付的應用。行動終端100與支付標記管理系統200能夠通信連接,在綁定階段用於將終端標識資訊和銀行卡資訊發送到支付標記管理系統200並且儲存從支付標記管理系統200返回的終端標識資 訊和下述的靜態支付標記,在支付階段行動終端100用於將終端標識資訊和靜態支付標記發送到支付標記管理系統200並且根據從支付標記管理系統200返回的動態支付標記生成支付標識圖像以供商戶終端300獲取。 The mobile terminal 100 is, for example, a mobile terminal such as a mobile phone or a mobile tablet, and an application for implementing payment is installed therein. The mobile terminal 100 and the payment mark management system 200 can be communicatively connected, and are used to send terminal identification information and bank card information to the payment mark management system 200 and store the terminal identification information returned from the payment mark management system 200 during the binding phase. And the following static payment tokens, during the payment phase, the mobile terminal 100 is used to send terminal identification information and static payment tokens to the payment token management system 200 and generate a payment identification image based on the dynamic payment token returned from the payment token management system 200 For the merchant terminal 300 to obtain.
支付標記管理系統200用於實現支付標記的申請、生成、管理、去標記化等全生命週期管理的主體,同時負責支付標記與行動終端100的關聯,並向支付系統400提供支付標記相關服務。具體地,支付標記管理系統200在綁定階段用於根據來自行動終端100的銀行卡資訊生成用於替代銀行卡帳號的靜態支付標記並且將靜態支付標記與終端標識資訊綁定,在支付階段用於驗證從行動終端100發送來的終端標識資訊和靜態支付標記,在驗證成功的情況下生成動態支付標記並發送給行動終端100,另一方面在受到支付系統400調用的情況下,支付標記管理系統200用於驗證從行動終端100上傳的動態支付標記並且在驗證成功的情況下將動態支付標記替換成銀行卡帳號後返回支付系統400。 The payment mark management system 200 is used to realize the main body of the life cycle management of payment mark application, generation, management, de-marking, etc. At the same time, it is responsible for the association between the payment mark and the mobile terminal 100, and provides the payment system 400 with payment mark related services. Specifically, the payment mark management system 200 is used in the binding phase to generate a static payment mark for replacing the bank card account according to the bank card information from the mobile terminal 100 and bind the static payment mark with the terminal identification information. It is used to verify the terminal identification information and the static payment token sent from the mobile terminal 100. If the verification is successful, a dynamic payment token is generated and sent to the mobile terminal 100. On the other hand, when called by the payment system 400, the payment token management The system 200 is used to verify the dynamic payment token uploaded from the mobile terminal 100, and if the verification is successful, the dynamic payment token is replaced with a bank card account number and returned to the payment system 400.
商戶終端300在支付階段用於讀取由行動終端100生成的支付標識圖像並發送到支付系統400。 The merchant terminal 300 is used to read the payment identification image generated by the mobile terminal 100 and send it to the payment system 400 during the payment phase.
支付系統400用於實現支付交易的處理,能夠處理通過支付標記和終端標識資訊生成的支付標記圖像,並能夠通過調用支付標記管理系統200的服務驗證支付標記資訊與終端標識資訊。具體地,支付系統400在收到支付標識圖像的情況下調用支付標記管理系統以獲得銀 行卡帳號,由此完成後續支付交易。後續的支付將由支付系統400轉發到發卡行機構執行完成並原路返回結果,這些過程不屬於本發明的內容,在此不做詳細描述。 The payment system 400 is used to implement processing of payment transactions. It can process payment mark images generated by payment marks and terminal identification information, and can verify payment mark information and terminal identification information by calling the services of the payment mark management system 200. Specifically, the payment system 400 invokes the payment mark management system to obtain silver when receiving the payment identification image. Bank card account to complete subsequent payment transactions. Subsequent payments will be forwarded by the payment system 400 to the card issuer for execution and return the results. These processes are not part of the present invention and will not be described in detail here.
在本發明中,Token(即支付標記),是指銀行卡主帳戶的一個替代值,例如一般可以由13至19位元數位組成,在交易中可用來替換銀行卡帳號,不影響交易處理。 In the present invention, Token (that is, payment token) refers to a substitute value of the bank card main account, for example, it can generally be composed of 13 to 19 digits, and can be used to replace the bank card account number in transactions without affecting transaction processing.
圖2是表示本發明的基於支付標記的支付方法的流程圖。 FIG. 2 is a flowchart showing a payment method based on a payment flag of the present invention.
本發明的基於支付標記的支付方法大致可以分為以下三個階段:(1)綁定階段:基於銀行卡資訊生成靜態支付標記,將所述靜態支付標記與終端標識資訊綁定,其中,所述銀行卡資訊至少包括銀行卡帳號;(2)支付標識圖像生成階段,在需要進行支付時,根據終端標識資訊和靜態支付標記生成動態支付標記以使得用該動態支付標記替換銀行卡帳號,根據該動態支付標記生成支付標識圖像;以及(3)支付交易步驟,讀取將該支付標識圖像,將該支付標識圖像中包含的動態支付標記替換回銀行卡帳號來完成後續的支付交易。 The payment method based on the payment token of the present invention can be roughly divided into the following three stages: (1) binding stage: generating a static payment token based on bank card information, binding the static payment token with terminal identification information, wherein The bank card information includes at least the bank card account number; (2) in the payment identification image generation stage, when payment is required, a dynamic payment token is generated according to the terminal identification information and the static payment token so that the bank card account number is replaced by the dynamic payment token Generating a payment identification image according to the dynamic payment mark; and (3) a payment transaction step, reading the payment identification image, and replacing the dynamic payment mark included in the payment identification image back to a bank card account to complete subsequent payments transaction.
接著,參照圖2對於本發明的基於支付標記的支付方法進行具體說明。 Next, a payment method based on a payment mark of the present invention will be specifically described with reference to FIG. 2.
S100:持卡人通過行動終端100向支付標記管理系統200提交銀行卡、姓名、手機號、有效期等銀行卡資訊,持卡人初次提交綁定申請時,行動終端100採集終端設備號、MAC位址等的終端標識資訊,並向支付標記管理系統200提交資訊進行綁定申請。 S100: The cardholder submits bank card information such as bank card, name, mobile phone number, and expiration date to the payment mark management system 200 through the mobile terminal 100. When the cardholder first submits a binding application, the mobile terminal 100 collects the terminal device number and MAC bit Address identification information, and submit information to the payment mark management system 200 for binding application.
S101:持卡人提交申請後,支付標記管理系統200方驗證持卡人的身份相關資訊(包括帳戶驗證、手機號驗證等)。在驗證成功後,支付標記管理系統200方生成靜態支付標記,同時將靜態支付標記與終端標識資訊進行綁定,並儲存在支付標記管理系統200。 S101: After the cardholder submits the application, the payment mark management system 200 verifies the cardholder's identity-related information (including account verification, mobile phone number verification, etc.). After successful verification, the payment token management system 200 generates a static payment token, binds the static payment token to the terminal identification information, and stores the static payment token in the payment token management system 200.
S102:支付標記管理系統200將靜態支付標記下發行動終端。 S102: The payment mark management system 200 delivers the static payment mark to the mobile terminal.
S103:行動終端100使用靜態支付標記替換銀行卡帳號並保存在本地與服務端。另外,當持卡人更換行動終端時,需重新進行身份驗證與終端標識資訊綁定;僅當驗證成功時允許更新支付標記與終端綁定關係。 S103: The mobile terminal 100 replaces the bank card account number with a static payment token and stores the account number locally and at the server. In addition, when the cardholder changes the mobile terminal, it is necessary to re-bind the identity verification with the terminal identification information; it is allowed to update the binding relationship between the payment token and the terminal only when the verification is successful.
S104:持卡人在行動終端100提交支付申請,行動終端100將綁卡過程中產生的靜態支付標記發送支付標記管理系統200,同時上送終端設備號、MAC位址等標識終端標識資訊。 S104: The cardholder submits a payment application at the mobile terminal 100. The mobile terminal 100 sends the static payment mark generated during the card binding process to the payment mark management system 200, and simultaneously sends terminal identification information such as the terminal device number and MAC address.
S105:支付標記管理系統200驗證靜態支付標 記資訊與終端標識資訊。 S105: The payment mark management system 200 verifies the static payment mark Record information and terminal identification information.
S106:在支付標記管理系統200驗證成功後,生成動態支付標記,並將該動態支付標記返回給行動終端。這裡,動態支付標記優選地為僅一次使用有效。 S106: After the verification by the payment mark management system 200 is successful, a dynamic payment mark is generated, and the dynamic payment mark is returned to the mobile terminal. Here, the dynamic payment flag is preferably valid for only one use.
S107:行動終端100使用動態支付標記與終端標識資訊生成支付標記圖像。這裡,作為支付標記圖像,可以是二維碼、條碼、或者其他任意能夠隱藏地包含動態支付標記與終端標識資訊的圖像。 S107: The mobile terminal 100 generates a payment mark image using the dynamic payment mark and the terminal identification information. Here, the payment mark image may be a two-dimensional code, a bar code, or any other image that can hide the dynamic payment mark and terminal identification information.
S108:商戶終端300讀取持卡人的行動終端100上顯示的支付標記圖像。 S108: The merchant terminal 300 reads the payment mark image displayed on the card holder's mobile terminal 100.
S109:商戶終端300將識別的交易資訊發送支付系統400,交易資訊中的銀行卡帳號由動態支付標記資訊替代。 S109: The merchant terminal 300 sends the identified transaction information to the payment system 400, and the bank card account number in the transaction information is replaced by the dynamic payment tag information.
S110:支付系統400調用支付標記管理系統200方提供的服務。 S110: The payment system 400 invokes a service provided by the payment token management system 200.
S111:支付標記管理系統200驗證持卡人的動態支付標記資訊與終端標識資訊,同時將動態支付標記替換成銀行卡帳號,完成去標記化過程並返回到支付系統400。 S111: The payment token management system 200 verifies the cardholder's dynamic payment token information and terminal identification information, and replaces the dynamic payment token with a bank card account number, completes the de- tokenization process, and returns to the payment system 400.
接著,支付系統400將支付報文發送到發卡機構完成扣款並將交易結果源流返回到支付系統。這一部分不屬於本發明申請的內容,因此未在圖2中表示出該部 分內容。 Next, the payment system 400 sends a payment message to the card issuer to complete the debit and returns the source of the transaction result to the payment system. This part does not belong to the content of the application of the present invention, so the part is not shown in FIG. 2 Sub content.
使用動態支付標記替代傳統的使用銀行卡主帳號生成二維碼的過程,既限定了應用的使用場景和管道,有可以在支付的全環節使用,確保的通用性。 The use of dynamic payment tokens instead of the traditional process of generating two-dimensional codes using the bank card's main account number not only limits the application scenarios and channels of the application, but also can be used throughout the entire payment process to ensure versatility.
本發明的基於支付標記的支付方法以及基於支付標記的支付系統中,由於使用動態支付標記資訊替換了原始的銀行卡帳號,能夠杜絕卡號資訊洩露的可能。另外,由於在支付標記產生時,對支付標記應用的範圍進行了限定,即,通過增加終端標識資訊使得該支付標記的應用範圍僅是限定在該行動終端,由此能夠進一步降低支付標記洩露後的影響範圍。而且,通過支付標記與行動終端的關聯資訊驗證,能夠防止資訊洩露導致的欺詐交易。 In the payment method based on the payment mark and the payment system based on the payment mark of the present invention, since the original bank card account number is replaced with the dynamic payment mark information, the possibility of leakage of card number information can be prevented. In addition, when the payment mark is generated, the scope of the application of the payment mark is limited, that is, by increasing the terminal identification information, the application range of the payment mark is limited to the mobile terminal, which can further reduce the leakage of the payment mark. Range of influence. Furthermore, by verifying the information associated with the payment token and the mobile terminal, fraudulent transactions caused by information leakage can be prevented.
以上例子主要說明了本發明的基於支付標記的支付方法以及基於支付標記的支付系統。儘管只對其中一些本發明的具體實施方式進行了描述,但是本領域普通技術人員應當瞭解,本發明可以在不偏離其主旨與範圍內以許多其他的形式實施。因此,所展示的例子與實施方式被視為示意性的而非限制性的,在不脫離如所附各申請專利範圍所定義的本發明精神及範圍的情況下,本發明可能涵蓋各種的修改與替換。 The above examples mainly illustrate the payment method based on the payment mark and the payment system based on the payment mark of the present invention. Although only some of the specific embodiments of the present invention have been described, those of ordinary skill in the art should understand that the present invention can be implemented in many other forms without departing from the spirit and scope thereof. Therefore, the illustrated examples and implementations are to be regarded as illustrative rather than restrictive, and the present invention may cover various modifications without departing from the spirit and scope of the present invention as defined by the scope of the appended patent applications. With replacement.
Claims (12)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610756992.XA CN106339873A (en) | 2016-08-30 | 2016-08-30 | Token based payment method and system |
??201610756992.X | 2016-08-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201807634A TW201807634A (en) | 2018-03-01 |
TWI662492B true TWI662492B (en) | 2019-06-11 |
Family
ID=57823896
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW106129174A TWI662492B (en) | 2016-08-30 | 2017-08-28 | Payment token-based payment method and payment token-based payment system |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN106339873A (en) |
TW (1) | TWI662492B (en) |
WO (1) | WO2018040976A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI816390B (en) * | 2022-05-09 | 2023-09-21 | 兆豐國際商業銀行股份有限公司 | Server and method of performing financial transaction using virtual number |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106339873A (en) * | 2016-08-30 | 2017-01-18 | 中国银联股份有限公司 | Token based payment method and system |
CN107944867A (en) * | 2017-11-17 | 2018-04-20 | 阿里巴巴集团控股有限公司 | Evidence for payment information generating method and device, equipment |
CN108734248A (en) * | 2018-04-17 | 2018-11-02 | 新大陆(福建)公共服务有限公司 | A kind of barcode scanning method of the method for quickly generating safe Quick Response Code and Quick Response Code |
CN110880115A (en) * | 2018-09-05 | 2020-03-13 | 雅座在线(北京)科技发展有限公司 | Electronic card anti-theft brushing method |
CN110048998B (en) * | 2018-12-29 | 2021-09-14 | 中国银联股份有限公司 | Token-based identity authentication method and system and intelligent door lock |
CN112016918A (en) * | 2019-05-30 | 2020-12-01 | 小米数字科技有限公司 | Signature writing method, signature verification device and storage medium |
CN111553678B (en) * | 2020-01-23 | 2024-02-09 | 中国银联股份有限公司 | Two-dimensional code payment method and system based on mobile phone business card |
CN111951110A (en) * | 2020-08-10 | 2020-11-17 | 神话科技传媒(深圳)有限公司上海分公司 | Economic model based on excitation of block chain |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120209630A1 (en) * | 2011-02-11 | 2012-08-16 | Bytemark, Inc. | System and method for trusted mobile device payment |
CN104125064A (en) * | 2013-04-28 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Dynamic password authentication method, client and authentication system |
TW201504961A (en) * | 2013-07-16 | 2015-02-01 | Quick Retrieval Corp | System for trading using goods security identifier and method thereof |
US20150220905A1 (en) * | 2012-03-15 | 2015-08-06 | Qualcomm Incorporated | System and method for managing payment in transactions with a pcd |
CN104899741A (en) * | 2014-03-05 | 2015-09-09 | 中国银联股份有限公司 | Online payment method and online payment system based on IC bank card |
US20160239833A1 (en) * | 2015-02-17 | 2016-08-18 | Mastercard Asia/Pacific Pte. Ltd. | Methods and systems for processing an electronic payment |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2013315510B2 (en) * | 2012-09-11 | 2019-08-22 | Visa International Service Association | Cloud-based Virtual Wallet NFC Apparatuses, methods and systems |
CN103337023A (en) * | 2013-07-19 | 2013-10-02 | 上海讯联数据服务有限公司 | Mobile payment solution based on two-dimensional code technology |
CN105590198B (en) * | 2014-10-30 | 2020-12-15 | 中国银联股份有限公司 | Two-dimensional code payment method and payment system |
CN105590199B (en) * | 2014-11-14 | 2020-08-25 | 中国银联股份有限公司 | Payment method and payment system based on dynamic two-dimensional code |
CN106339873A (en) * | 2016-08-30 | 2017-01-18 | 中国银联股份有限公司 | Token based payment method and system |
-
2016
- 2016-08-30 CN CN201610756992.XA patent/CN106339873A/en active Pending
-
2017
- 2017-08-22 WO PCT/CN2017/098401 patent/WO2018040976A1/en active Application Filing
- 2017-08-28 TW TW106129174A patent/TWI662492B/en active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120209630A1 (en) * | 2011-02-11 | 2012-08-16 | Bytemark, Inc. | System and method for trusted mobile device payment |
US20150220905A1 (en) * | 2012-03-15 | 2015-08-06 | Qualcomm Incorporated | System and method for managing payment in transactions with a pcd |
CN104125064A (en) * | 2013-04-28 | 2014-10-29 | 阿里巴巴集团控股有限公司 | Dynamic password authentication method, client and authentication system |
TW201504961A (en) * | 2013-07-16 | 2015-02-01 | Quick Retrieval Corp | System for trading using goods security identifier and method thereof |
CN104899741A (en) * | 2014-03-05 | 2015-09-09 | 中国银联股份有限公司 | Online payment method and online payment system based on IC bank card |
US20160239833A1 (en) * | 2015-02-17 | 2016-08-18 | Mastercard Asia/Pacific Pte. Ltd. | Methods and systems for processing an electronic payment |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI816390B (en) * | 2022-05-09 | 2023-09-21 | 兆豐國際商業銀行股份有限公司 | Server and method of performing financial transaction using virtual number |
Also Published As
Publication number | Publication date |
---|---|
TW201807634A (en) | 2018-03-01 |
CN106339873A (en) | 2017-01-18 |
WO2018040976A1 (en) | 2018-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI662492B (en) | Payment token-based payment method and payment token-based payment system | |
US20230351833A1 (en) | Tap to copy data to clipboard via nfc | |
US10565580B2 (en) | Methods and systems for secure mobile device initiated payment using generated image data | |
US11777937B2 (en) | Systems and methods for third-party interoperability in secure network transactions using tokenized data | |
US20120185398A1 (en) | Mobile payment system with two-point authentication | |
US20140358777A1 (en) | Method for secure atm transactions using a portable device | |
US9213968B2 (en) | Systems and methods for conducting financial transactions using non-standard magstripe payment cards | |
US20150193765A1 (en) | Method and System for Mobile Payment and Access Control | |
US20190087823A1 (en) | Cashless transaction processing methods and apparatus | |
US20190325434A1 (en) | System and Method for Determining a Secured Resource Account Number | |
CN112514346B (en) | Real-time interactive processing system and method | |
US20220261774A1 (en) | Systems and Methods for Use in Transferring Funds Between Payment Accounts | |
US20170039557A1 (en) | Virtual point of sale | |
US20220207526A1 (en) | Secure contactless credential exchange | |
US20210390546A1 (en) | Systems and Methods for Secure Transaction Processing | |
US20170178138A1 (en) | System and method for adding a dynamic security code to remote purchases | |
WO2020123191A1 (en) | Methods, systems and computer program products for token based payment transactions | |
JP2007157030A (en) | Ic card management system | |
US11875319B2 (en) | Data processing utilizing a digital tag | |
EP3910554B1 (en) | Credential device security | |
US11722900B2 (en) | Mobile device data security using shared security values | |
US20200380501A1 (en) | Systems and methods for facilitating a payment using a payment code | |
JP2018514874A (en) | Payment method using mobile terminal and pseudo card | |
WO2023075593A1 (en) | System and method for identifying a customer | |
US20120144450A1 (en) | Authentication Method in Electronic Commerce |