TWI678666B - Transaction verification method and system - Google Patents

Transaction verification method and system Download PDF

Info

Publication number
TWI678666B
TWI678666B TW107109421A TW107109421A TWI678666B TW I678666 B TWI678666 B TW I678666B TW 107109421 A TW107109421 A TW 107109421A TW 107109421 A TW107109421 A TW 107109421A TW I678666 B TWI678666 B TW I678666B
Authority
TW
Taiwan
Prior art keywords
digital
component
transaction
digital voucher
information
Prior art date
Application number
TW107109421A
Other languages
Chinese (zh)
Other versions
TW201835825A (en
Inventor
章明
陳芳
宋漢石
于曉濱
蔣慧科
黃麗娜
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201835825A publication Critical patent/TW201835825A/en
Application granted granted Critical
Publication of TWI678666B publication Critical patent/TWI678666B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

本發明涉及一種交易驗證方法,包括:生成第一交易的交易資訊;數位憑證使用方向數位憑證申請方提交第一請求;數位憑證申請方向數位憑證提供方提交第二請求;數位憑證提供方基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰,以及,基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊予以下發;以及,數位憑證提供方對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以指示第二交易繼續進行或終止;其中,第二動態資訊對應於第一動態資訊。其為使用者提供極為便捷的電子支付方式,同時避免了使用者資訊洩露;還對每筆交易進行難以破解的動態資訊驗證。 The invention relates to a transaction verification method, which includes: generating transaction information of a first transaction; using a digital voucher to submit a first request to a digital voucher applicant; submitting a second request to a digital voucher provider; and a digital voucher provider A digital certificate is used to query the first key, and the first key is used to disperse the identity information of the digital certificate user to obtain the second key, and the transaction information of the first transaction is encrypted based on the second key to form The first dynamic information is issued; and the digital voucher verifies the second dynamic information received by the digital voucher user in the second transaction to instruct the second transaction to proceed or terminate; wherein, the first The second dynamic information corresponds to the first dynamic information. It provides users with a very convenient electronic payment method while avoiding leakage of user information; it also performs dynamic information verification that is difficult to crack for each transaction.

Description

交易驗證方法及系統 Transaction verification method and system

本發明涉及電子支付技術領域,更具體地說,涉及一種交易驗證方法及系統。 The present invention relates to the field of electronic payment technology, and more particularly, to a transaction verification method and system.

隨著移動互聯網技術和互聯網金融的發展,電子支付技術呈現多元化的發展態勢,互聯網支付、移動支付等新興支付方式正在快速普及,而與此同時,該類支付的安全問題正受到越來越多的關注。 With the development of mobile Internet technology and Internet finance, electronic payment technology has shown a diversified development trend. Emerging payment methods such as Internet payment and mobile payment are rapidly spreading. At the same time, the security of this type of payment is being increasingly affected. More attention.

在現有線上支付的場景中,支付交易的合法性主要依賴於持卡人提供的卡片相關的資訊。通常,首次支付時,持卡人在一個商戶網站或數位錢包網站上提交用於支付的完整的銀行卡資訊,包括姓名、卡號、有效期、CVN2等卡面資訊,後續交易時只需根據登記的卡片後四位元資訊即可發起交易,這種快捷支付依賴於商戶系統或數位錢包系統記憶卡號資訊,雖然持卡人體驗相對好,但交易安全性不佳。具體包括:1、商戶系統需要儲存大量的卡片資訊,這存在被攻擊或洩露的可能;2、交易授權主要基於卡片靜態資訊,存在偽造交易的可能。 In the existing online payment scenario, the legitimacy of payment transactions mainly depends on card-related information provided by cardholders. Usually, when making the first payment, the cardholder submits complete bank card information for payment on a merchant website or digital wallet website, including name, card number, expiration date, CVN2 and other card surface information, and subsequent transactions need only be based on the registered The four-digit information behind the card can initiate a transaction. This fast payment depends on the card number information of the merchant system or digital wallet system. Although the cardholder experience is relatively good, the transaction security is not good. Specifically include: 1. The merchant system needs to store a large amount of card information, which may be attacked or leaked; 2. The transaction authorization is mainly based on the card static information, and there is a possibility of forgery of transactions.

本發明的一個目的在於提供一種交易驗證方法,其能夠對每筆交易進行難以破解的動態資訊驗證,以利於加強交易的安全性。 An object of the present invention is to provide a transaction verification method, which can perform dynamic information verification that is difficult to crack for each transaction, so as to help strengthen the security of the transaction.

為實現上述目的,本發明提供一種技術方案如下: To achieve the above objective, the present invention provides a technical solution as follows:

一種交易驗證方法,包括如下步驟:a)、持卡使用者與數位憑證使用方進行資訊交互,以生成第一交易的交易資訊;b)、數位憑證使用方向數位憑證申請方提交第一請求,第一請求包括第一數位憑證及第一交易的交易資訊;c)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求,第二請求至少包括數位憑證使用方的身份資訊;d)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰,以及,數位憑證提供方基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,數位憑證提供方還將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方;以及e)、數位憑證提供方對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止;其中,第二動態資訊對應於第一動態資訊。 A transaction verification method includes the following steps: a), the card user performs information interaction with the digital voucher user to generate transaction information of the first transaction; b) the digital voucher use submits a first request to the digital voucher applicant, The first request includes the first digital voucher and the transaction information of the first transaction; c) The digital voucher applicant identifies and verifies the identity information of the digital voucher user to submit a second request to the digital voucher provider. The second request includes at least The identity information of the digital certificate user; d) The digital certificate provider identifies and verifies the identity information of the digital certificate applicant, queries the first key based on the first digital certificate, and uses the first key to decentralize the use of the digital certificate. The party ’s identity information to obtain a second key, and the digital certificate provider encrypts the transaction information of the first transaction based on the second key to form the first dynamic information, and the digital certificate provider also passes the first dynamic information via the digital The voucher requester transmits to the digital voucher consumer; and e) the digital voucher provider responds to the received digital voucher consumer. The second dynamic information sent in the second transaction is verified to instruct the second transaction to continue or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information.

步驟e)具體包括:e1)、數位憑證使用方將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊 以及第二交易的交易資訊傳送至收單機構;e2)、轉接機構基於收單機構的請求,請求數位憑證提供方驗證第二動態資訊;以及e3)、數位憑證提供方驗證第二動態資訊,並基於驗證結果來指示收單機構繼續進行第二交易或拒絕第二交易。 Step e) specifically includes: e1), the digital certificate user sends the second dynamic information, the first digital certificate, and the identity information of the digital certificate user And the transaction information of the second transaction is transmitted to the acquirer; e2), the transfer agency requests the digital certificate provider to verify the second dynamic information based on the request of the acquirer; and e3), the digital certificate provider verifies the second dynamic information And instruct the acquirer to continue the second transaction or reject the second transaction based on the verification result.

優選地,數位憑證提供方驗證第二動態資訊具體包括:基於轉接機構轉送的第一數位憑證來索引,以獲得相應的第一金鑰;利用第一金鑰來分散數位憑證使用方的身份資訊,以獲得第二金鑰;基於第二金鑰對第二交易的交易資訊進行訊息摘要演算法,以生成第三動態資訊;以及將第三動態資訊與第二動態資訊進行比對,以生成驗證結果。 Preferably, the verification of the second dynamic information by the digital certificate provider specifically includes: indexing based on the first digital certificate forwarded by the transfer mechanism to obtain a corresponding first key; and using the first key to disperse the identity of the digital certificate user Information to obtain a second key; perform a message digest algorithm on the transaction information of the second transaction based on the second key to generate third dynamic information; and compare the third dynamic information with the second dynamic information to Generate verification results.

優選地,該方法還包括還包括註冊階段和數位憑證生成階段,註冊階段包括:r1)、數位憑證申請方向數位憑證提供方提交業務資質資訊;r2)、數位憑證提供方審核業務資質資訊,並在審核通過後為數位憑證申請方分配唯一的數位憑證申請方的身份資訊;r3)、數位憑證提供方利用第三金鑰來分散數位憑證申請方的身份資訊以獲得第四金鑰;其中,第三金鑰由數位憑證提供方持有並管理;數位憑證生成階段包括如下步驟:s1)、持卡使用者向數位憑證使用方提交第一帳號資訊;s2)、數位憑證使用方向數位憑證申請方提交第一申請;其中,第一申請包括第一帳號資訊;s3)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,並向數位憑證提供方提交第 二申請;其中,第二申請請求基於第一申請而生成;s4)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並生成對應於第一帳號資訊的第一數位憑證,以及將第一數位憑證經由數位憑證申請方返回至數位憑證使用方。 Preferably, the method further includes a registration phase and a digital voucher generation phase. The registration phase includes: r1), the digital voucher application submits business qualification information to the digital voucher provider; r2), the digital voucher provider reviews the business qualification information, and After the verification is passed, the digital credential applicant is assigned the unique digital credential applicant's identity information; r3), the digital credential provider uses the third key to disperse the digital credential applicant's identity information to obtain the fourth key; of which, The third key is held and managed by the digital certificate provider; the digital certificate generation phase includes the following steps: s1), the card user submits the first account information to the digital certificate user; s2), the digital certificate application direction digital certificate application Party submits the first application; wherein the first application includes the first account information; s3), the digital voucher applicant identifies and verifies the identity information of the digital voucher user, and submits the first voucher to the digital voucher provider. Two applications; of which, the second application request is generated based on the first application; s4), the digital voucher provider identifies and verifies the identity information of the digital voucher applicant, and generates a first digital voucher corresponding to the first account information, and The first digital voucher is returned to the digital voucher consumer via the digital voucher applicant.

優選地,步驟s4)具體包括:數位憑證提供方判斷數位憑證申請方先前是否已提交過對應於第一帳號資訊的第二申請請求;若否,數位憑證提供方生成對應於第一帳號資訊的第一數位憑證,並利用第四金鑰來分散第一數位憑證以獲得第一金鑰;若是,數位憑證提供方查詢已生成的相應的第一數位憑證;以及數位憑證提供方將第一數位憑證經由數位憑證申請方返回至數位憑證使用方。 Preferably, step s4) specifically includes: the digital voucher provider determines whether the digital voucher applicant has previously submitted a second application request corresponding to the first account information; if not, the digital voucher provider generates a second application request corresponding to the first account information The first digital certificate, and the fourth key is used to scatter the first digital certificate to obtain the first key; if so, the digital certificate provider queries the corresponding first digital certificate that has been generated; and the digital certificate provider uses the first digital The voucher is returned to the digital voucher consumer via the digital voucher applicant.

優選地,數位憑證提供方配置成使用多個不同金鑰而僅維護和/或儲存其中一個金鑰。 Preferably, the digital certificate provider is configured to maintain and / or store only one of the keys using a plurality of different keys.

本發明還公開一種交易驗證系統,其包括:數位憑證使用方,與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請方提交第一請求;其中,第一請求包括第一數位憑證及第一交易的交易資訊;數位憑證申請方,其識別並驗證數位憑證使用方的身份資訊,以向數位憑證提供方提交第二請求;其中,第二請求至少包括數位憑證使用方的身份資訊;以及數位憑證提供方,其識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰,以及,其還基於第二 金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,並將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方;其中,數位憑證提供方進一步配置成:對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止;其中,第二動態資訊對應於第一動態資訊。 The invention also discloses a transaction verification system, which includes: a digital voucher user, interacts with a card holder to generate transaction information of a first transaction, and submits a first request to the digital voucher applicant; wherein the first request includes The first digital voucher and the transaction information of the first transaction; the digital voucher applicant identifies and verifies the identity information of the digital voucher user to submit a second request to the digital voucher provider; wherein the second request includes at least the use of the digital voucher Party ’s identity information; and digital certificate provider, which identifies and verifies the identity information of the digital certificate applicant, queries the first key based on the first digital certificate, and uses the first key to disperse the identity of the digital certificate user Information to obtain a second key, and it is also based on the second The key encrypts the transaction information of the first transaction to form the first dynamic information, and transmits the first dynamic information to the digital certificate user via the digital certificate applicant; wherein the digital certificate provider is further configured to: 2. The second dynamic information sent by the digital certificate user in the second transaction is verified to instruct the second transaction to proceed or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information.

本發明各實施例提供的交易驗證方法及系統,利用數位憑證來加速交易的進程,為使用者提供極為便捷的電子支付方式;商戶僅使用數位憑證來實現交易,避免了使用者資訊洩露;此外,還對每筆交易進行難以破解的動態資訊驗證,從而進一步加強交易的安全性。在動態資訊驗證中,該方法及系統還使用多個不同金鑰,而僅維護其中一個金鑰,其中任一個金鑰的洩露或被竊取均不影響其他金鑰的安全性。 The transaction verification method and system provided by the embodiments of the present invention use digital vouchers to speed up the transaction process and provide users with a very convenient electronic payment method; merchants only use digital vouchers to implement transactions, avoiding leakage of user information; , And also perform dynamic information verification that is difficult to crack for each transaction, thereby further enhancing transaction security. In dynamic information verification, the method and system also use multiple different keys, and only maintain one of them, and the leakage or theft of any one of them does not affect the security of other keys.

S10、S12、S14、S16、S18‧‧‧步驟 S10, S12, S14, S16, S18‧‧‧ steps

201‧‧‧數位憑證使用方 201‧‧‧ Digital Voucher User

203‧‧‧數位憑證申請方 203‧‧‧ Digital Certificate Applicant

205‧‧‧數位憑證提供方 205‧‧‧ Digital Voucher Provider

212‧‧‧收單機構 212‧‧‧Acquirer

214‧‧‧轉接機構 214‧‧‧Transfer agency

圖1示出本發明第一實施例提供的交易驗證方法的流程示意圖。 FIG. 1 is a schematic flowchart of a transaction verification method according to a first embodiment of the present invention.

圖2示出本發明第二實施例提供的交易驗證系統的模組圖。 FIG. 2 shows a module diagram of a transaction verification system provided by a second embodiment of the present invention.

如圖1所示,本發明第一實施例提供一種交易驗證方法,其包括如下各步驟。 As shown in FIG. 1, a first embodiment of the present invention provides a transaction verification method, which includes the following steps.

步驟S10、持卡使用者與數位憑證使用方進行資訊交互,以生成第一交易的交易資訊。 Step S10: The card user performs information interaction with the digital certificate user to generate transaction information of the first transaction.

作為示例,持卡使用者可以在數位憑證使用方提供的網頁中輸入資訊,從而發起第一交易。第一交易可以是持卡使用者與數位憑證使用方之間的首次交易,也可以是持卡使用者與數位憑證使用方之間的第N次交易(N>1)。 As an example, a card user may enter information in a web page provided by a digital voucher user to initiate a first transaction. The first transaction may be the first transaction between the card user and the digital certificate user, or the N-th transaction (N> 1) between the card user and the digital certificate user.

步驟S12、數位憑證使用方向數位憑證申請方提交第一請求。 Step S12: The digital certificate is used to submit a first request to the digital certificate applicant.

其中,第一請求包括第一數位憑證及第一交易的交易資訊。交易資訊例如包括:交易時間、交易地點、交易金額、交易雙方的標識資訊等。 The first request includes the first digital certificate and the transaction information of the first transaction. The transaction information includes, for example, transaction time, transaction place, transaction amount, and identification information of the transaction parties.

具體地,第一數位憑證可經由一個獨立的數位憑證生成流程而得到:首先,由數位憑證使用方憑持卡使用者的帳號資訊向數位憑證申請方發出請求,再由數位憑證申請方向數位憑證提供方發出請求,數位憑證提供方驗證通過後,經數位憑證申請方而向數位憑證使用方下發第一數位憑證。數位憑證使用方可以持有該第一數位憑證、並適當時被動地更新該第一數位憑證。 Specifically, the first digital certificate can be obtained through an independent digital certificate generation process: first, the digital certificate user sends a request to the digital certificate applicant with the card user's account information, and then the digital certificate applies for the digital certificate The provider sends a request. After the digital voucher provider passes the verification, the digital voucher applicant issues the first digital voucher to the digital voucher user. The digital certificate user may hold the first digital certificate and passively update the first digital certificate when appropriate.

步驟S14、數位憑證申請方向數位憑證提供方提交第二請求。 Step S14: The digital voucher application submits a second request to the digital voucher provider.

其中,第二請求可基於第一請求而生成,第二請求至少包括數位憑證使用方的身份資訊。第二請求也包括第一交易的交易資訊以及第一數位憑證。 The second request may be generated based on the first request, and the second request includes at least the identity information of the digital certificate user. The second request also includes the transaction information of the first transaction and the first digital voucher.

步驟S16、數位憑證提供方基於第一數位憑證來查詢第一金鑰、進而得到第二金鑰,以及,基於第二金鑰對交易資訊進行加密以形成第一動態資訊。 Step S16: The digital certificate provider queries the first key based on the first digital certificate to obtain a second key, and encrypts the transaction information based on the second key to form the first dynamic information.

具體地,數位憑證提供方首先識別並驗證數位憑證申請方的身份資訊,並基於第一數位憑證來查詢第一金鑰,進而利用第一金鑰來分散數位憑證使用方的身份資訊以得到第二金鑰;隨之,數位憑證提供方基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,再將第一動態資訊經由數位憑證申請方傳送至數位憑證使用方。 Specifically, the digital certificate provider first identifies and verifies the identity information of the digital certificate applicant, and queries the first key based on the first digital certificate, and then uses the first key to disperse the digital certificate user's identity information to obtain the first Then, the digital certificate provider encrypts the transaction information of the first transaction based on the second key to form the first dynamic information, and then transmits the first dynamic information to the digital certificate user through the digital certificate applicant.

其中,第一金鑰可儲存於數位憑證提供方,也可經其他方式由數位憑證提供方生成或更新。第一數位憑證由數位憑證提供方生成,並經由數位憑證申請方下發至數位憑證使用方。 The first key can be stored in the digital certificate provider, or it can be generated or updated by the digital certificate provider in other ways. The first digital voucher is generated by the digital voucher provider and issued to the digital voucher user via the digital voucher applicant.

數位憑證提供方通過演算法來使得第一金鑰與第一數位憑證之間形成一一對應關係,從而利用對應關係即可以基於第一數位憑證來查詢第一金鑰。在下文中,將介紹這種對應關係的形成方式的一個示例。 The digital voucher provider uses an algorithm to make a one-to-one correspondence between the first key and the first digital voucher, so that the corresponding relationship can be used to query the first key based on the first digital voucher. In the following, an example of how this correspondence is formed will be described.

數位憑證提供方還利用第一金鑰來分散從第二請求中解析出的、數位憑證使用方的身份資訊,進而得到第二金鑰。隨後,數位憑證提供方基於第二金鑰來對第一交易的交易資訊進行加密,生成第一動態資訊並予以下發。 The digital certificate provider also uses the first key to disperse the identity information of the digital certificate user parsed from the second request, and then obtains the second key. Subsequently, the digital certificate provider encrypts the transaction information of the first transaction based on the second key, generates the first dynamic information and issues it.

可以理解,第二金鑰不同於第一金鑰。第二 金鑰為即時生成、一次性使用,使用之後即被丟棄,數位憑證提供方不留作備份。即使第一金鑰洩露或被竊取,第二金鑰不受影響。 It can be understood that the second key is different from the first key. second The key is generated on the fly and used once, and is discarded after use. The digital certificate provider does not keep it for backup. Even if the first key is leaked or stolen, the second key is not affected.

步驟S18、數位憑證提供方對第二動態資訊進行驗證,基於驗證結果來指示第二交易繼續進行或終止。 Step S18: The digital certificate provider verifies the second dynamic information, and instructs the second transaction to proceed or terminate based on the verification result.

具體地,數位憑證提供方對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止。其中,第二動態資訊對應於第一動態資訊。 Specifically, the digital voucher provider verifies the received second dynamic information sent by the digital voucher consumer in the second transaction to instruct the second transaction to proceed or terminate based on the verification result. The second dynamic information corresponds to the first dynamic information.

需要說明的是,第二交易是在第一交易之後進行的下一次交易。可以理解,在第二交易中,第二交易的交易資訊無需再流經數位憑證申請方。換言之,該步驟S18可以涵蓋:(1).持卡使用者與數位憑證使用方之間進行第二次資訊交互、進而生成第二交易的交易資訊,以及(2).數位憑證使用方直接或經由其他仲介而將第二交易的交易資訊連同第二動態資訊一起上送至數位憑證提供方。 It should be noted that the second transaction is the next transaction performed after the first transaction. Understandably, in the second transaction, the transaction information of the second transaction no longer needs to flow through the digital voucher applicant. In other words, step S18 may cover: (1). The cardholder and the digital voucher user conduct a second information interaction to generate transaction information for the second transaction, and (2). The digital voucher user directly or The transaction information of the second transaction is sent to the digital certificate provider together with the second dynamic information through other intermediaries.

如上所述,數位憑證使用方在前述步驟S16中已獲得第一動態資訊,數位憑證使用方持有該第一動態資訊。在第二交易中,數位憑證使用方可直接將第一動態資訊作為第二動態資訊來上送,或者,數位憑證使用方處理第一動態資訊,生成與之一一對應的第二動態資訊來上送。即,第二動態資訊可能與第一動態資訊完全一致、或一一對應。 As described above, the digital certificate user has obtained the first dynamic information in the foregoing step S16, and the digital certificate user holds the first dynamic information. In the second transaction, the digital voucher user can directly send the first dynamic information as the second dynamic information, or the digital voucher user processes the first dynamic information and generates a second dynamic information corresponding to the one. Delivery. That is, the second dynamic information may be completely consistent with the first dynamic information, or correspond one-to-one.

在對上述第二動態資訊進行驗證之後,數位 憑證提供方基於驗證結果指示第二交易繼續進行或終止。簡單來說,若第二動態資訊不能與之前交易中數位憑證提供方下發至同一數位憑證使用方的、包含經加密的第一交易交易資訊的、第一動態資訊相對應,第二交易將被拒絕,從而可以有效防止偽冒交易的發生。 After verifying the second dynamic information, the digital The voucher provider instructs the second transaction to proceed or terminate based on the verification result. In short, if the second dynamic information cannot correspond to the first dynamic information that was issued by the digital certificate provider to the same digital certificate user in the previous transaction and contains the encrypted first transaction transaction information, the second transaction will Rejected, which can effectively prevent counterfeit transactions.

作為上述第一實施例的進一步改進,步驟S18可以包括如下一系列子步驟:1).數位憑證使用方將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊以及第二交易的交易資訊傳送至收單機構;2).轉接機構基於收單機構的請求,請求數位憑證提供方驗證第二動態資訊;以及3).數位憑證提供方驗證第二動態資訊,並基於驗證結果來指示收單機構繼續進行第二交易或拒絕第二交易。 As a further improvement of the above-mentioned first embodiment, step S18 may include the following series of sub-steps: 1). The digital certificate user uses the second dynamic information, the first digital certificate, the identity information of the digital certificate user, and the second transaction. The transaction information is transmitted to the acquirer; 2). The transfer agency requests the digital voucher provider to verify the second dynamic information based on the request of the acquirer; and 3). The digital voucher verifies the second dynamic information, and based on the verification result To instruct the acquirer to continue or reject the second transaction.

在該改進實施例中,在第二交易中,數位憑證使用方沒有直接與數位憑證提供方直接通信,而是經由收單機構、轉接機構來實現資料和/或資訊交互。 In this improved embodiment, in the second transaction, the digital voucher user does not directly communicate with the digital voucher provider, but implements data and / or information interaction through the acquirer and the transfer agency.

優選情況下,數位憑證提供方驗證第二動態資訊可以具體實現為:I.基於轉接機構轉送的第一數位憑證來索引,以獲得相應的第一金鑰;Ⅱ.利用第一金鑰來分散數位憑證使用方的身份資訊,以獲得第二金鑰;Ⅲ.基於第二金鑰對第二交易的交易資訊進行訊息摘要演算法(Message-Digest Algorithm),以生成第三動態資訊;以及將第三動態資訊與第二動態資訊進行比對,以生成驗證結果。 Preferably, the verification of the second dynamic information by the digital voucher provider may be specifically implemented as follows: I. Indexing based on the first digital voucher forwarded by the transfer agency to obtain the corresponding first key; II. Using the first key to Disperse the identity information of the user of the digital certificate to obtain the second key; III. Perform a Message-Digest Algorithm on the transaction information of the second transaction based on the second key to generate the third dynamic information; and The third dynamic information is compared with the second dynamic information to generate a verification result.

其中,第三動態資訊是數位憑證提供方經計算而即時產生的,第二動態資訊是在第二交易中由數位憑證使用方上送以供驗證的,而如前所述,第二動態資訊可能與第一動態資訊完全一致或一一對應;若第三動態資訊與第二動態資訊完全一致或具有另外某種一一對應關係,則可視為第三動態資訊為第一動態資訊的某種還原或再現版本,從而再次體現第二動態資訊與第一動態資訊之間的對應關係。在此情況下,第二交易被准許繼續進行;否則,將被終止。 Among them, the third dynamic information is generated by the digital voucher provider in real time after calculation. The second dynamic information is uploaded by the digital voucher user for verification in the second transaction. As mentioned above, the second dynamic information May be completely consistent or one-to-one correspondence with the first dynamic information; if the third dynamic information is completely consistent with the second dynamic information or has another one-to-one correspondence relationship, the third dynamic information may be regarded as a kind of the first dynamic information Restore or reproduce the version, so as to reflect the correspondence between the second dynamic information and the first dynamic information again. In this case, the second transaction is permitted to proceed; otherwise, it will be terminated.

作為上述第一實施例的進一步優化,交易驗證方法還包括還包括註冊階段和數位憑證生成階段。該兩個階段在第一交易之前發生,作為預備階段,使得數位憑證使用方、申請方及提供方相互認可,更重要的是,使得第一數位憑證能夠對應於持卡使用者的第一帳號資訊。 As a further optimization of the foregoing first embodiment, the transaction verification method further includes a registration phase and a digital credential generation phase. These two phases occur before the first transaction. As a preliminary phase, the digital voucher user, applicant, and provider mutually recognize each other. More importantly, the first digital voucher can correspond to the first account number of the card user. Information.

其中,註冊階段包括:r1)、數位憑證申請方向數位憑證提供方提交業務資質資訊;r2)、數位憑證提供方審核業務資質資訊,並在審核通過後為數位憑證申請方分配唯一的數位憑證申請方的身份資訊;r3)、數位憑證提供方利用第三金鑰來分散數位憑證申請方的身份資訊以獲得第四金鑰。 The registration phase includes: r1), the digital voucher application submits business qualification information to the digital voucher provider; r2), the digital voucher provider reviews the business qualification information, and assigns a unique digital voucher application to the digital voucher applicant after the approval is passed R3), the digital certificate provider uses the third key to disperse the digital certificate applicant's identity information to obtain the fourth key.

其中,第三金鑰由數位憑證提供方持有並管理,第四金鑰作為中間產物、供一次性使用,數位憑證提供方不留副本或予以備份。 Among them, the third key is held and managed by the digital certificate provider, and the fourth key is used as an intermediate product for one-time use. The digital certificate provider does not keep a copy or back it up.

數位憑證生成階段包括如下步驟:s1)、持卡 使用者向數位憑證使用方提交第一帳號資訊;s2)、數位憑證使用方向數位憑證申請方提交第一申請;其中,第一申請包括第一帳號資訊;s3)、數位憑證申請方識別並驗證數位憑證使用方的身份資訊,並向數位憑證提供方提交第二申請;其中,第二申請請求基於第一申請而生成;s4)、數位憑證提供方識別並驗證數位憑證申請方的身份資訊,並生成對應於第一帳號資訊的第一數位憑證,以及將第一數位憑證經由數位憑證申請方返回至數位憑證使用方。 The digital certificate generation phase includes the following steps: s1), card holding The user submits the first account information to the digital voucher user; s2), the digital voucher uses the digital voucher to submit the first application; the first application includes the first account information; s3), the digital voucher applicant identifies and verifies The digital voucher user ’s identity information and submits a second application to the digital voucher provider; wherein the second application request is generated based on the first application; s4), the digital voucher provider identifies and verifies the digital voucher applicant ’s identity information, A first digital certificate corresponding to the first account information is generated, and the first digital certificate is returned to the digital certificate user via the digital certificate applicant.

優選情況下,上述步驟s4)具體包括:數位憑證提供方判斷數位憑證申請方先前是否已提交過對應於第一帳號資訊的第二申請請求;若否,數位憑證提供方生成對應於第一帳號資訊的第一數位憑證,並利用第四金鑰來分散第一數位憑證以獲得第一金鑰;若是,數位憑證提供方查詢已生成的相應的第一數位憑證;以及數位憑證提供方將第一數位憑證經由數位憑證申請方返回至數位憑證使用方。 Preferably, the above-mentioned step s4) specifically includes: the digital voucher provider judges whether the digital voucher applicant has previously submitted a second application request corresponding to the first account information; if not, the digital voucher provider generates a corresponding first account The first digital certificate of the information and use the fourth key to scatter the first digital certificate to obtain the first key; if so, the digital certificate provider queries the corresponding first digital certificate that has been generated; and the digital certificate provider will A digital voucher is returned to the digital voucher consumer via the digital voucher applicant.

數位憑證提供方利用第四金鑰來分散第一數位憑證以獲得第一金鑰,這使得第一金鑰與第一數位憑證之間形成了一一對應關係,從而,在前述步驟S16中,數位憑證提供方可以基於第一數位憑證來查詢第一金鑰。然而,這僅作為形成第一金鑰與第一數位憑證之間對應關係的一個示例,可以預料的是,其他等同方式也同樣適用。 The digital certificate provider uses the fourth key to disperse the first digital certificate to obtain the first key, which makes a one-to-one correspondence between the first key and the first digital certificate. Therefore, in the foregoing step S16, The digital certificate provider may query the first key based on the first digital certificate. However, this is only an example of forming the correspondence between the first key and the first digital certificate, and it is expected that other equivalent methods are also applicable.

上述第一實施例及改進方式,利用數位憑證 來加速交易的進程,生成一次數位憑證後即可任意多次使用,使用者以後進行交易時,無需再提供卡片資訊,從而為使用者提供極為便捷的電子支付方式。另一方面,商戶(即數位憑證使用方)不會保存使用者的卡片資訊,而僅使用數位憑證來實現交易,從而避免了商戶洩露使用者資訊的可能;此外,上述實施例還對每筆交易進行難以破解的動態資訊驗證,從而進一步加強交易的安全性。 The above-mentioned first embodiment and improved method utilize digital certificates To speed up the transaction process, you can use it any number of times after generating a number of vouchers. Users do not need to provide card information when conducting future transactions, thereby providing users with a very convenient electronic payment method. On the other hand, the merchant (that is, the user of the digital voucher) does not save the user's card information, and only uses the digital voucher to implement the transaction, thereby avoiding the possibility of the merchant leaking the user's information; in addition, the above embodiment also provides The transaction is verified with dynamic information that is difficult to crack, thereby further enhancing the security of the transaction.

可以理解,根據以上所述的改進實施例的優化實現方式,數位憑證提供方可以使用多個不同金鑰,例如、第一、第二、第三及第四金鑰,而僅維護第三金鑰。具體地,第一金鑰儲存於數位憑證提供方,但由數位憑證提供方生成或更新,例如,每次交易或每隔一段時間即對第一金鑰進行更新;第二、第四作為中間產物,僅即時生成,不留副本或備份;第三金鑰由數位憑證提供方持有並維護,系統管理人員可以對第三金鑰進行更換。 It can be understood that according to the optimized implementation of the improved embodiment described above, the digital certificate provider can use multiple different keys, such as the first, second, third, and fourth keys, and only maintain the third key key. Specifically, the first key is stored in the digital certificate provider, but is generated or updated by the digital certificate provider, for example, the first key is updated every transaction or at regular intervals; the second and fourth are used as intermediates The product is generated on the fly, without copy or backup; the third key is held and maintained by the digital certificate provider, and the system administrator can replace the third key.

如圖2所示,本發明第二實施例提供一種交易驗證系統,其包括數位憑證使用方201、數位憑證申請方203以及數位憑證提供方205。 As shown in FIG. 2, a second embodiment of the present invention provides a transaction verification system, which includes a digital voucher user 201, a digital voucher applicant 203, and a digital voucher provider 205.

數位憑證使用方201與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請方202提交第一請求;其中,第一請求包括第一數位憑證及第一交易的交易資訊。 The digital certificate user 201 interacts with the card user to generate transaction information of the first transaction, and submits a first request to the digital certificate applicant 202; wherein the first request includes the first digital certificate and the transaction information of the first transaction .

數位憑證申請方202識別並驗證數位憑證使用方201的身份資訊,以向數位憑證提供方203提交第二請 求;其中,第二請求至少包括數位憑證使用方的身份資訊。 The digital certificate applicant 202 identifies and verifies the identity information of the digital certificate user 201 to submit a second request to the digital certificate provider 203 The second request includes at least the identity information of the digital certificate user.

數位憑證提供方203識別並驗證數位憑證申請方202的身份資訊,並基於第一數位憑證來查詢第一金鑰,並利用第一金鑰來分散數位憑證使用方201的身份資訊以得到第二金鑰,以及,其還基於第二金鑰對第一交易的交易資訊進行加密以形成第一動態資訊,並將第一動態資訊經由數位憑證申請方202傳送至數位憑證使用方201。 The digital certificate provider 203 identifies and verifies the identity information of the digital certificate applicant 202, and queries the first key based on the first digital certificate, and uses the first key to disperse the identity information of the digital certificate user 201 to obtain a second The key, and it also encrypts the transaction information of the first transaction based on the second key to form the first dynamic information, and transmits the first dynamic information to the digital certificate user 201 via the digital certificate applicant 202.

數位憑證提供方203進一步配置成:對接收到的、數位憑證使用方在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示第二交易繼續進行或終止。 The digital voucher provider 203 is further configured to verify the received second dynamic information sent by the digital voucher consumer in the second transaction to instruct the second transaction to proceed or terminate based on the verification result.

其中,第二交易為第一交易之後發生的下一次交易。第二動態資訊可能與第一動態資訊完全一致、或兩者具有一一對應關係。對第二動態資訊的驗證,可以採用上述第一實施例中詳述的方式來進行。 The second transaction is the next transaction that occurs after the first transaction. The second dynamic information may be completely consistent with the first dynamic information, or there may be a one-to-one correspondence between the two. The verification of the second dynamic information may be performed in a manner detailed in the first embodiment.

作為進一步改進,該系統可選地包括收單機構212及轉接機構214,這種情況下,數位憑證使用方201配置成:在第二交易中,將第二動態資訊、第一數位憑證、數位憑證使用方的身份資訊以及第二交易的交易資訊傳送至收單機構212。收單機構212配置成:基於數位憑證使用方的指示,向轉接機構214發起驗證請求。轉接機構214配置成:基於收單機構212的驗證請求,請求數位憑證提供方205驗證第二動態資訊。以及,收單機構212進一步配置成:基於數位憑證提供方205對第二動態資訊的驗證 結果,繼續進行第二交易或拒絕第二交易。 As a further improvement, the system may optionally include an acquirer 212 and a transfer agency 214. In this case, the digital certificate user 201 is configured to: in the second transaction, the second dynamic information, the first digital certificate, The identity information of the user of the digital certificate and the transaction information of the second transaction are transmitted to the acquirer 212. The acquirer 212 is configured to initiate a verification request to the transfer agency 214 based on an instruction from the digital voucher user. The transfer mechanism 214 is configured to request the digital voucher provider 205 to verify the second dynamic information based on the verification request of the acquirer 212. And, the acquirer 212 is further configured to verify the second dynamic information based on the digital certificate provider 205 As a result, the second transaction is continued or rejected.

上述說明僅針對於本發明的優選實施例,並不在於限制本發明的保護範圍。本領域技術人員可作出各種變形設計,而不脫離本發明的思想及附隨的申請專利範圍。 The above description is only directed to the preferred embodiments of the present invention, and is not intended to limit the protection scope of the present invention. Those skilled in the art can make various modified designs without departing from the idea of the present invention and the scope of accompanying patent applications.

Claims (10)

一種交易驗證方法,包括如下步驟:a)、持卡使用者與數位憑證使用構件進行資訊交互,以生成第一交易的交易資訊;b)、所述數位憑證使用構件向數位憑證申請構件提交第一請求,所述第一請求包括第一數位憑證及所述第一交易的交易資訊;c)、所述數位憑證申請構件識別並驗證所述數位憑證使用構件的身份資訊,以向數位憑證提供構件提交第二請求,所述第二請求至少包括所述數位憑證使用構件的身份資訊、所述第一交易的交易資訊以及所述第一數位憑證;d)、所述數位憑證提供構件識別並驗證所述數位憑證申請構件的身份資訊,並基於所述第一數位憑證來查詢第一金鑰,並利用所述第一金鑰來分散所述數位憑證使用構件的身份資訊以得到第二金鑰,以及,所述數位憑證提供構件基於所述第二金鑰對所述第一交易的交易資訊進行加密以形成第一動態資訊,所述數位憑證提供構件還將所述第一動態資訊經由所述數位憑證申請構件傳送至所述數位憑證使用構件;以及e)、所述數位憑證提供構件對接收到的、所述數位憑證使用構件在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示所述第二交易繼續進行或終止;其中,所述第二動態資訊對應於所述第一動態資訊。A transaction verification method includes the following steps: a), the card user performs information interaction with the digital voucher using component to generate transaction information of the first transaction; b), the digital voucher using component submits a first A request, the first request includes a first digital voucher and transaction information of the first transaction; c) the digital voucher application component identifies and verifies the identity information of the digital voucher use component to provide the digital voucher The component submits a second request, the second request includes at least the identity information of the digital voucher using the component, the transaction information of the first transaction, and the first digital voucher; d) the digital voucher provides a component identification and Verify the identity information of the digital certificate application component, and query a first key based on the first digital certificate, and use the first key to disperse the identity information of the digital certificate use component to obtain a second gold And the digital certificate providing component encrypts the transaction information of the first transaction based on the second key to form a first State information, the digital voucher providing component also transmits the first dynamic information to the digital voucher using component via the digital voucher application component; and e), the digital voucher providing component pair receives the The digital certificate is verified using the second dynamic information sent by the component in the second transaction to instruct the second transaction to continue or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information. 根據請求項1所述的方法,其中,所述步驟e)具體包括:e1)、所述數位憑證使用構件將所述第二動態資訊、所述第一數位憑證、所述數位憑證使用構件的身份資訊以及所述第二交易的交易資訊傳送至收單機構;e2)、轉接機構基於所述收單機構的請求,請求所述數位憑證提供構件驗證所述第二動態資訊;以及e3)、所述數位憑證提供構件驗證所述第二動態資訊,並基於所述驗證結果來指示所述收單機構繼續進行所述第二交易或拒絕所述第二交易。The method according to claim 1, wherein the step e) specifically includes: e1), the digital voucher using component includes the second dynamic information, the first digital voucher, and the digital voucher using component. The identity information and the transaction information of the second transaction are transmitted to the acquirer; e2), the transfer agency requests the digital certificate providing component to verify the second dynamic information based on the request of the acquirer; and e3) 2. The digital voucher providing component verifies the second dynamic information, and instructs the acquirer to continue the second transaction or reject the second transaction based on the verification result. 根據請求項2所述的方法,其中,所述數位憑證提供構件驗證所述第二動態資訊具體包括:基於所述轉接機構轉送的所述第一數位憑證來索引,以獲得相應的所述第一金鑰;利用所述第一金鑰來分散所述數位憑證使用構件的身份資訊,以獲得所述第二金鑰;基於所述第二金鑰對所述第二交易的交易資訊進行訊息摘要演算法(Message-Digest Algorithm),以生成第三動態資訊;以及將所述第三動態資訊與所述第二動態資訊進行比對,以生成所述驗證結果。The method according to claim 2, wherein the verification of the second dynamic information by the digital voucher providing component specifically includes: indexing based on the first digital voucher forwarded by the transfer mechanism to obtain a corresponding one of the A first key; using the first key to disperse the identity information of the digital certificate using component to obtain the second key; and performing transaction information of the second transaction based on the second key A Message-Digest Algorithm to generate third dynamic information; and comparing the third dynamic information with the second dynamic information to generate the verification result. 根據請求項1所述的方法,其中,還包括註冊階段和數位憑證生成階段,所述註冊階段包括:r1)、所述數位憑證申請構件向所述數位憑證提供構件提交業務資質資訊;r2)、所述數位憑證提供構件審核所述業務資質資訊,並在審核通過後為所述數位憑證申請構件分配唯一的所述數位憑證申請構件的身份資訊;r3)、所述數位憑證提供構件利用第三金鑰來分散所述數位憑證申請構件的身份資訊以獲得第四金鑰;其中,所述第三金鑰由所述數位憑證提供構件持有並管理;所述數位憑證生成階段包括如下步驟:s1)、持卡使用者向所述數位憑證使用構件提交第一帳號資訊;s2)、所述數位憑證使用構件向所述數位憑證申請構件提交第一申請;其中,所述第一申請包括所述第一帳號資訊;s3)、所述數位憑證申請構件識別並驗證所述數位憑證使用構件的身份資訊,並向所述數位憑證提供構件提交第二申請;其中,所述第二申請請求基於所述第一申請而生成;s4)、所述數位憑證提供構件識別並驗證所述數位憑證申請構件的身份資訊,並生成對應於所述第一帳號資訊的所述第一數位憑證,以及將所述第一數位憑證經由所述數位憑證申請構件返回至所述數位憑證使用構件。The method according to claim 1, further comprising a registration phase and a digital voucher generation phase, the registration phase includes: r1), the digital voucher application component submits business qualification information to the digital voucher providing component; r2) 2. The digital voucher providing component reviews the business qualification information, and assigns the unique identity information of the digital voucher applying component to the digital voucher applying component after the approval is passed; r3), the digital voucher providing component uses the first Three keys to disperse the identity information of the digital certificate application component to obtain a fourth key; wherein the third key is held and managed by the digital certificate providing component; the digital certificate generation phase includes the following steps : S1), the card user submits the first account information to the digital voucher using component; s2), the digital voucher using component submits a first application to the digital voucher application component; wherein the first application includes The first account information; s3), the digital certificate application component identifies and verifies the identity information of the digital certificate use component, and The digital voucher providing component submits a second application; wherein the second application request is generated based on the first application; s4), the digital voucher providing component identifies and verifies the identity information of the digital voucher applying component, And generating the first digital voucher corresponding to the first account information, and returning the first digital voucher to the digital voucher using component via the digital voucher application component. 根據請求項4所述的方法,其中,所述步驟s4)具體包括:所述數位憑證提供構件判斷所述數位憑證申請構件先前是否已提交過對應於所述第一帳號資訊的所述第二申請請求;若否,所述數位憑證提供構件生成對應於所述第一帳號資訊的所述第一數位憑證,並利用所述第四金鑰來分散所述第一數位憑證以獲得所述第一金鑰;若是,所述數位憑證提供構件查詢已生成的相應的所述第一數位憑證;以及所述數位憑證提供構件將所述第一數位憑證經由所述數位憑證申請構件返回至所述數位憑證使用構件。The method according to claim 4, wherein the step s4) specifically includes: the digital voucher providing component determines whether the digital voucher application component has previously submitted the second corresponding to the first account information An application request; if not, the digital voucher providing component generates the first digital voucher corresponding to the first account information, and uses the fourth key to scatter the first digital voucher to obtain the first A key; if so, the digital voucher providing component queries the corresponding first digital voucher that has been generated; and the digital voucher providing component returns the first digital voucher to the via the digital voucher application component Digital vouchers use widgets. 根據請求項5所述的方法,其中,所述數位憑證提供構件配置成使用多個不同金鑰而僅維護其中一個金鑰。The method of claim 5, wherein the digital credential providing component is configured to use a plurality of different keys while maintaining only one of the keys. 根據請求項6所述的方法,其中,所述多個金鑰至少包括所述第一金鑰、第二金鑰、第三金鑰以及第四金鑰,所述其中一個金鑰為所述第三金鑰。The method according to claim 6, wherein the plurality of keys include at least the first key, the second key, the third key, and the fourth key, and one of the keys is the Third key. 一種交易驗證系統,包括:數位憑證使用構件,與持卡使用者進行交互以生成第一交易的交易資訊,並向數位憑證申請構件提交第一請求;其中,所述第一請求包括第一數位憑證及所述第一交易的交易資訊;所述數位憑證申請構件,其識別並驗證所述數位憑證使用構件的身份資訊,以向數位憑證提供構件提交第二請求;其中,所述第二請求至少包括所述數位憑證使用構件的身份資訊、所述第一交易的交易資訊以及所述第一數位憑證;以及所述數位憑證提供構件,其識別並驗證所述數位憑證申請構件的身份資訊,並基於所述第一數位憑證來查詢第一金鑰,並利用所述第一金鑰來分散所述數位憑證使用構件的身份資訊以得到第二金鑰,以及,其還基於所述第二金鑰對所述第一交易的交易資訊進行加密以形成第一動態資訊,並將所述第一動態資訊經由所述數位憑證申請構件傳送至所述數位憑證使用構件;其中,所述數位憑證提供構件進一步配置成:對接收到的、所述數位憑證使用構件在第二交易中發送的第二動態資訊進行驗證,以基於驗證結果指示所述第二交易繼續進行或終止;其中,所述第二動態資訊對應於所述第一動態資訊。A transaction verification system includes: a digital voucher using component, which interacts with a card user to generate transaction information of a first transaction, and submits a first request to the digital voucher application component; wherein the first request includes a first digital The voucher and the transaction information of the first transaction; the digital voucher application component that identifies and verifies the identity information of the digital voucher using component to submit a second request to the digital voucher providing component; wherein the second request Including at least the identity information of the digital voucher using component, the transaction information of the first transaction, and the first digital voucher; and the digital voucher providing component that identifies and verifies the identity information of the digital voucher application component, Querying a first key based on the first digital certificate, and using the first key to disperse the identity information of the digital certificate using component to obtain a second key, and further based on the second digital certificate The key encrypts the transaction information of the first transaction to form first dynamic information, and passes the first dynamic information through the The digital voucher application component is transmitted to the digital voucher using component; wherein the digital voucher providing component is further configured to verify the second dynamic information received and sent by the digital voucher using component in a second transaction, The second transaction is instructed to continue or terminate based on the verification result; wherein the second dynamic information corresponds to the first dynamic information. 根據請求項8所述的系統,其中,其還包括收單機構及轉接機構,其中,所述數位憑證使用構件配置成:在所述第二交易中,將所述第二動態資訊、所述第一數位憑證、所述數位憑證使用構件的身份資訊以及所述第二交易的交易資訊傳送至所述收單機構;所述收單機構配置成:基於所述數位憑證使用構件的指示,向所述轉接機構發起驗證請求;所述轉接機構配置成:基於所述收單機構的驗證請求,請求所述數位憑證提供構件驗證所述第二動態資訊;以及所述收單機構進一步配置成:基於所述數位憑證提供構件對所述第二動態資訊的驗證結果,繼續進行所述第二交易或拒絕所述第二交易。The system according to claim 8, further comprising an acquirer and a transfer agency, wherein the digital voucher using component is configured to: in the second transaction, the second dynamic information, the The first digital voucher, the identity information of the digital voucher using component, and the transaction information of the second transaction are transmitted to the acquirer; the acquirer is configured to: based on the instruction of the digital voucher using the component, Initiating a verification request to the transfer agency; the transfer mechanism is configured to: based on the verification request of the acquirer, request the digital voucher providing component to verify the second dynamic information; and the acquirer further It is configured to continue the second transaction or reject the second transaction based on the verification result of the second dynamic information by the digital voucher providing component. 根據請求項9所述系統,其中,所述數位憑證提供構件配置成執行下列項來驗證所述第二動態資訊:基於所述轉接機構提供的所述第一數位憑證來索引,以獲得相應的所述第一金鑰;利用所述第一金鑰來分散所述數位憑證使用構件的身份資訊,以獲得所述第二金鑰;基於所述第二金鑰對所述交易資訊進行訊息摘要演算法,以生成第三動態資訊;以及將所述第三動態資訊與所述第二動態資訊進行比對,以生成所述驗證結果。The system according to claim 9, wherein the digital voucher providing component is configured to perform the following to verify the second dynamic information: index based on the first digital voucher provided by the switching mechanism to obtain a corresponding Using the first key; using the first key to disperse the identity information of the digital certificate using component to obtain the second key; and performing the message on the transaction information based on the second key A digest algorithm to generate third dynamic information; and comparing the third dynamic information with the second dynamic information to generate the verification result.
TW107109421A 2017-03-21 2018-03-20 Transaction verification method and system TWI678666B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
??201710168649.8 2017-03-21
CN201710168649.8 2017-03-21
CN201710168649.8A CN107274183B (en) 2017-03-21 2017-03-21 Transaction verification method and system

Publications (2)

Publication Number Publication Date
TW201835825A TW201835825A (en) 2018-10-01
TWI678666B true TWI678666B (en) 2019-12-01

Family

ID=60073769

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107109421A TWI678666B (en) 2017-03-21 2018-03-20 Transaction verification method and system

Country Status (3)

Country Link
CN (1) CN107274183B (en)
TW (1) TWI678666B (en)
WO (1) WO2018171519A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107274183B (en) * 2017-03-21 2020-05-22 中国银联股份有限公司 Transaction verification method and system
CN111539713B (en) * 2020-03-19 2023-11-03 上海讯联数据服务有限公司 Mobile payment account end user certificate generation and conversion method, system and storage medium
CN114157414A (en) * 2020-09-07 2022-03-08 仁东控股股份有限公司 Identity certificate generation method, identity certificate verification method and identity certificate verification system related to digital currency

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242271A (en) * 2008-01-24 2008-08-13 陕西海基业高科技实业有限公司 Trusted remote service method and system
US20100211507A1 (en) * 2008-09-22 2010-08-19 Christian Aabye Over the air update of payment transaction data stored in secure memory
CN102982453A (en) * 2012-11-09 2013-03-20 江苏乐买到网络科技有限公司 Internet trading method utilizing dynamic key technology
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
US20130197946A1 (en) * 2011-12-07 2013-08-01 Simon Hurry Multi purpose device
CN103905388A (en) * 2012-12-26 2014-07-02 中国移动通信集团广东有限公司 Authentication method, authentication device, smart card, and server
US20150363775A1 (en) * 2013-01-10 2015-12-17 Tendyron Corporation Key protection method and system
TWI514296B (en) * 2013-04-12 2015-12-21
US20160028550A1 (en) * 2014-07-23 2016-01-28 Ajit Gaddam Systems and methods for secure detokenization
CN105939198A (en) * 2016-06-24 2016-09-14 西安电子科技大学 Digital signature method based on location under time constraint
CN106062799A (en) * 2013-12-02 2016-10-26 万事达卡国际股份有限公司 Method and system for secure authentication of user and mobile device without secure elements
US20160335627A1 (en) * 2015-05-11 2016-11-17 Gemalto Sa Method, device and a server for signing data
CN106415564A (en) * 2014-06-05 2017-02-15 索尼公司 Dynamic configuration of trusted executed environment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107274183B (en) * 2017-03-21 2020-05-22 中国银联股份有限公司 Transaction verification method and system

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242271A (en) * 2008-01-24 2008-08-13 陕西海基业高科技实业有限公司 Trusted remote service method and system
US20100211507A1 (en) * 2008-09-22 2010-08-19 Christian Aabye Over the air update of payment transaction data stored in secure memory
US20130197946A1 (en) * 2011-12-07 2013-08-01 Simon Hurry Multi purpose device
CN102982453A (en) * 2012-11-09 2013-03-20 江苏乐买到网络科技有限公司 Internet trading method utilizing dynamic key technology
CN103905388A (en) * 2012-12-26 2014-07-02 中国移动通信集团广东有限公司 Authentication method, authentication device, smart card, and server
US20150363775A1 (en) * 2013-01-10 2015-12-17 Tendyron Corporation Key protection method and system
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
TWI514296B (en) * 2013-04-12 2015-12-21
CN106062799A (en) * 2013-12-02 2016-10-26 万事达卡国际股份有限公司 Method and system for secure authentication of user and mobile device without secure elements
CN106415564A (en) * 2014-06-05 2017-02-15 索尼公司 Dynamic configuration of trusted executed environment
US20160028550A1 (en) * 2014-07-23 2016-01-28 Ajit Gaddam Systems and methods for secure detokenization
US20160335627A1 (en) * 2015-05-11 2016-11-17 Gemalto Sa Method, device and a server for signing data
CN105939198A (en) * 2016-06-24 2016-09-14 西安电子科技大学 Digital signature method based on location under time constraint

Also Published As

Publication number Publication date
WO2018171519A1 (en) 2018-09-27
TW201835825A (en) 2018-10-01
CN107274183B (en) 2020-05-22
CN107274183A (en) 2017-10-20

Similar Documents

Publication Publication Date Title
US11218480B2 (en) Authenticator centralization and protection based on authenticator type and authentication policy
CA2786271C (en) Anytime validation for verification tokens
JP2020145733A (en) Method for managing a trusted identity
WO2021008453A1 (en) Method and system for offline blockchain transaction based on identifier authentication
TWI678666B (en) Transaction verification method and system
GB2549118A (en) Electronic payment system using identity-based public key cryptography
CN113015991A (en) Secure digital wallet processing system
US20150052066A1 (en) Reconciling electronic transactions
CN111901106A (en) Method and computer readable medium for hiding true public key of user in decentralized identity system
CN108764904B (en) Double-key anti-theft method in distributed account system
TWM606867U (en) System for enabling digital certificate with certificate mechanism of online fast authentication
US20050160298A1 (en) Nonredirected authentication
CN110505063B (en) Method and system for ensuring security of financial payment
US20210377039A1 (en) Checkout with mac
AU2015200701B2 (en) Anytime validation for verification tokens
KR102320103B1 (en) Method for Authenticating Genuineness by Substituting the Autograph of the Work
Tso et al. An off-line mobile payment protocol providing double-spending detection
KR20160111255A (en) Method for payment of card-not-present transactions
Kumar et al. MULTIPLE SERVICE AUTHENTICATIONS WITH CLOUD OTP AS A SERVICE
TW202213131A (en) System for using authentication mechanism of fast identity online to enable certificate and method thereof
KR20140119450A (en) System for safety electronic payment and method for using the system
GB2510793A (en) Method and apparatus for electronic payment authorization