TWI786039B - Offline payment method, terminal equipment, backstage payment device and offline payment system - Google Patents

Offline payment method, terminal equipment, backstage payment device and offline payment system Download PDF

Info

Publication number
TWI786039B
TWI786039B TW105142353A TW105142353A TWI786039B TW I786039 B TWI786039 B TW I786039B TW 105142353 A TW105142353 A TW 105142353A TW 105142353 A TW105142353 A TW 105142353A TW I786039 B TWI786039 B TW I786039B
Authority
TW
Taiwan
Prior art keywords
transaction
challenge code
payment
account
bank card
Prior art date
Application number
TW105142353A
Other languages
Chinese (zh)
Other versions
TW201723948A (en
Inventor
孫權
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201723948A publication Critical patent/TW201723948A/en
Application granted granted Critical
Publication of TWI786039B publication Critical patent/TWI786039B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephone Function (AREA)
  • Push-Button Switches (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The present invention relates to an offline payment method, payment terminal equipment, backstage payment device and offline payment system, wherein the offline payment system includes: acquiring a challenge code, encrypting an account ID, and generating a token; utilizing the token and a transaction password to perform offline payment. In the present invention, the backstage payment device dynamically generates a series of challenge codes in each time transaction. The payment terminal equipment will encrypt the payment account information and the challenge codes into a token to replace the payment account information, and perform the front-stage and backstage transaction transmissions. The token is dynamically generates by the payment terminal equipment. Each time transaction will generate a different token, thus ensuring the safety of the account and transaction. The payment terminal equipment can be offline operated without a network, thus raising the probability of a successful transaction and improving the user experience.

Description

線下支付方法、終端設備、後臺支付裝置及線下支付系統Offline payment method, terminal equipment, background payment device and offline payment system

本發明涉及行動支付技術領域,尤其是涉及一種線下支付方法、終端設備、後臺支付裝置及線下支付系統。The present invention relates to the technical field of mobile payment, in particular to an offline payment method, a terminal device, a background payment device and an offline payment system.

隨著銀行卡的線上、線下的使用越來越頻繁,使用者透過POS完成支付操作時,不良廠商透過側錄等方式竊取使用者卡片資訊的情況時有發生,給使用者資金安全帶來了嚴重的風險問題。With the online and offline use of bank cards becoming more and more frequent, when users complete payment operations through POS, unscrupulous manufacturers steal user card information through skimming and other methods. serious risk issues.

使用交易標識(Token)技術,透過在交易中使用支付標識代替帳戶資訊,可以避免銀行卡被的側錄問題。對於行動支付線下交易,如果簡單的用Token代替卡號並不能妥善地解決所有問題:Using transaction identification (Token) technology, by using payment identification instead of account information in transactions, the problem of bank card being skimmed can be avoided. For mobile payment offline transactions, if simply replacing the card number with Token cannot properly solve all problems:

1、如果Token固定不變,安全性不高,那麼同樣面臨著Token被竊取的問題。1. If the Token is fixed and the security is not high, then the problem of Token being stolen is also faced.

2、如果即時產生Token,那麼移動終端必須聯網與後臺支付裝置通訊產生Token,這樣支付成功率就會受到網路環境影響較大,且使用者體驗不佳;並且,將銀行卡號、銀行卡驗證碼與動態二維碼一起傳輸,存在被竊取的問題,因此安全性不高。2. If the Token is generated immediately, the mobile terminal must be connected to the Internet to communicate with the background payment device to generate a Token, so that the payment success rate will be greatly affected by the network environment, and the user experience is not good; and the bank card number, bank card verification The code is transmitted together with the dynamic two-dimensional code, and there is a problem of being stolen, so the security is not high.

本發明實施例的主要目的在於提出一種線下支付方法、終端設備、後臺支付裝置及線下支付系統,本發明的技術方案每次交易時由後臺支付裝置動態產生一串挑戰碼(challenge),支付終端設備將支付帳戶資訊、挑戰碼加密形成交易標識(Token),用以代替支付帳戶資訊,進行前後臺交易傳輸。Token由支付終端設備動態產生,每次交易產生不同的Token,保障了帳戶和交易安全。支付終端設備離線操作,無需聯網,提升了交易成功率和使用者體驗。The main purpose of the embodiment of the present invention is to propose an offline payment method, terminal equipment, background payment device and offline payment system. In the technical solution of the present invention, the background payment device dynamically generates a string of challenge codes (challenge) every transaction, The payment terminal device encrypts the payment account information and challenge code to form a transaction token (Token), which is used to replace the payment account information for front-end and back-end transaction transmission. Token is dynamically generated by the payment terminal equipment, and each transaction generates a different Token, which ensures the security of accounts and transactions. The payment terminal equipment operates offline without networking, which improves the transaction success rate and user experience.

為實現上述目的,本發明提供了一種線下支付方法,包含:獲取挑戰碼;對該挑戰碼、帳戶ID進行加密,產生交易標識;以及利用交易標識、交易密碼進行線下支付。To achieve the above object, the present invention provides an offline payment method, comprising: obtaining a challenge code; encrypting the challenge code and account ID to generate a transaction identifier; and using the transaction identifier and transaction password to perform offline payment.

在本發明的一實施例中,上述線下支付方法另包含:根據銀行卡帳戶資訊產生帳戶ID。In an embodiment of the present invention, the offline payment method further includes: generating an account ID according to bank card account information.

在本發明的另一實施例中,該挑戰碼係透過藍牙或NFC通訊方式來獲取。In another embodiment of the present invention, the challenge code is obtained through Bluetooth or NFC communication.

在本發明的另一實施例中,該交易標識係透過公開金鑰PK加密獲得。In another embodiment of the present invention, the transaction identifier is obtained through public key PK encryption.

為實現上述目的,本發明提供了另一種線下支付方法,包含:利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;以及利用挑戰碼、帳戶ID進行線下支付。In order to achieve the above object, the present invention provides another offline payment method, comprising: using transaction information to generate a challenge code, and transmitting the challenge code to the client; obtaining a transaction identifier from the client, decrypting the transaction identifier, and obtaining Challenge code, account ID; and offline payment using the challenge code and account ID.

在本發明的一實施例中,該利用挑戰碼、帳戶ID進行線下支付的步驟包含:驗證該挑戰碼;通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;以及從該客戶端獲得交易密碼,對該交易密碼進行驗證,通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。In an embodiment of the present invention, the step of using the challenge code and the account ID for offline payment includes: verifying the challenge code; after passing the verification, using the account ID to obtain transaction bank card account information; and obtaining from the client Transaction password, verify the transaction password, and use the transaction bank card account information for offline payment after verification.

在本發明的一實施例中,該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。In an embodiment of the present invention, the challenge code and account ID are obtained by decrypting the private key SK.

對應地,為實現上述目的,本發明還提供了一種終端設備,包含:初始化單元,用於獲取挑戰碼;加密單元,用於對該挑戰碼、帳戶ID進行加密,產生交易標識;支付單元,用於利用交易標識、交易密碼進行線下支付。Correspondingly, in order to achieve the above object, the present invention also provides a terminal device, including: an initialization unit, used to obtain a challenge code; an encryption unit, used to encrypt the challenge code and account ID to generate a transaction identifier; a payment unit, It is used for offline payment using transaction ID and transaction password.

在本發明的一實施例中,該初始化單元還用於根據銀行卡帳戶資訊產生帳戶ID。In an embodiment of the present invention, the initialization unit is also used to generate an account ID according to bank card account information.

在本發明的一實施例中,該初始化單元透過藍牙或NFC通訊方式獲取挑戰碼。In an embodiment of the present invention, the initialization unit obtains the challenge code through Bluetooth or NFC communication.

在本發明的一實施例中,該加密單元透過公開金鑰PK進行加密獲得交易標識。In an embodiment of the present invention, the encryption unit encrypts with the public key PK to obtain the transaction identifier.

對應地,為實現上述目的,本發明還提供了一種後臺支付裝置,包含:挑戰碼產生單元,用於利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;解密單元,用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;以及支付單元,用於利用挑戰碼、帳戶ID進行線下支付。Correspondingly, in order to achieve the above object, the present invention also provides a background payment device, including: a challenge code generation unit, used to generate a challenge code using transaction information, and transmit the challenge code to the client; a decryption unit, used to obtain the challenge code from the The client obtains the transaction identifier, decrypts the transaction identifier, and obtains the challenge code and the account ID; and a payment unit, which is used for offline payment using the challenge code and the account ID.

在本發明的一實施例中,該支付單元包含:第一驗證模組,用於驗證該挑戰碼;第一支付模組,用於通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;第二驗證模組,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及第二支付模組,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。In an embodiment of the present invention, the payment unit includes: a first verification module, used to verify the challenge code; a first payment module, used to use the account ID to obtain transaction bank card account information after passing the verification; The second verification module is used to obtain the transaction password from the client and verify the transaction password; and the second payment module is used to use the transaction bank card account information to perform offline payment after passing the verification.

在本發明的一實施例中,該解密單元透過私密金鑰SK進行解密獲得挑戰碼、帳戶ID。In an embodiment of the present invention, the decryption unit decrypts through the private key SK to obtain the challenge code and the account ID.

為實現上述目的,本發明還提供了一種線下支付系統,包含:上述終端設備以及上述後臺支付裝置。To achieve the above object, the present invention also provides an offline payment system, comprising: the above-mentioned terminal equipment and the above-mentioned background payment device.

以上技術方案能夠帶來以下有益效果:The above technical solutions can bring the following beneficial effects:

1、無需提供銀行卡進行支付,銀行卡帳戶資訊不存儲在客戶端,保障銀行卡安全;1. There is no need to provide a bank card for payment, and the bank card account information is not stored in the client to ensure the security of the bank card;

2、客戶無需登錄網路,離線進行支付交易,因而提昇使用者體驗;2. Customers do not need to log in to the Internet to conduct payment transactions offline, thus improving user experience;

3、每次交易使用不同的交易標識,保障交易安全;3. Each transaction uses a different transaction ID to ensure transaction security;

4、僅僅透過唯一的帳戶ID標識銀行卡帳戶,且透過密文中傳輸,即使密文被破解,也不能獲取銀行卡帳戶資訊,保障安全;以及4. The bank card account is only identified by the unique account ID, and is transmitted in the ciphertext. Even if the ciphertext is cracked, the bank card account information cannot be obtained to ensure safety; and

5、透過設置交易密碼,保障交易安全。5. By setting a transaction password to ensure transaction security.

以下將結合本發明實施例中的附圖,對本發明實施例中的技術方案進行清楚、完整地描述,值得注意的是,所描述的實施例僅僅是本發明一部分技術方案,而不是全部的技術方案。本領域通常知識者基於本發明中的實施例所作的修改/修飾皆屬於屬於本發明保護的範圍。The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. It should be noted that the described embodiments are only part of the technical solutions of the present invention, not all of them. plan. The modifications/modifications made by those skilled in the art based on the embodiments of the present invention all belong to the protection scope of the present invention.

本技術方案的工作原理為:本技術方案每次交易時由後臺支付裝置動態產生一串挑戰碼(challenge),由受理終端傳送給終端設備,終端設備將支付帳戶資訊、挑戰碼加密形成動態交易標識(Token)。每次交易動態產生支付標識,無需移動終端聯網,保障交易安全性的同時,提升使用者體驗。The working principle of this technical solution is: the background payment device dynamically generates a series of challenge codes (challenge) every time a transaction is made, and the acceptance terminal transmits it to the terminal device, and the terminal device encrypts the payment account information and challenge code to form a dynamic transaction Identification (Token). The payment logo is dynamically generated for each transaction, without the need for a mobile terminal to be connected to the Internet, which ensures transaction security and improves user experience.

基於上述工作原理,本發明實施例提出一種線下支付方法,如第1圖所示。包含:Based on the above working principle, an embodiment of the present invention proposes an offline payment method, as shown in FIG. 1 . Include:

步驟101:獲取挑戰碼,其中挑戰碼係透過藍牙或NFC通訊方式獲取。Step 101: Obtain a challenge code, wherein the challenge code is obtained through Bluetooth or NFC communication.

步驟102:對該挑戰碼、帳戶ID進行加密,產生交易標識,其中交易標識(Token)透過公開金鑰PK加密獲得,每次交易產生不同的交易標識(Token)。Step 102: Encrypt the challenge code and account ID to generate a transaction token, wherein the transaction token (Token) is obtained through public key PK encryption, and each transaction generates a different transaction token (Token).

步驟103:利用交易標識、交易密碼進行線下支付。Step 103: Use the transaction ID and transaction password to make offline payment.

基於上述工作原理,本發明實施例提出了另一種線下支付方法,如第2圖所示。包含:Based on the above working principle, the embodiment of the present invention proposes another offline payment method, as shown in FIG. 2 . Include:

步驟201:利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;Step 201: Generate a challenge code using transaction information, and transmit the challenge code to the client;

步驟202:從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;Step 202: Obtain the transaction ID from the client, decrypt the transaction ID, and obtain the challenge code and account ID;

對於步驟202來說,該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。For step 202, the challenge code and account ID are obtained by decrypting the private key SK.

步驟203:利用挑戰碼、帳戶ID進行線下支付。Step 203: Use the challenge code and account ID to make offline payment.

其中,對於步驟203來說,包含:驗證該挑戰碼;通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;以及從該客戶端獲得交易密碼,對該交易密碼進行驗證,通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。Wherein, for step 203, it includes: verifying the challenge code; after passing the verification, using the account ID to obtain the transaction bank card account information; and obtaining the transaction password from the client, verifying the transaction password, after passing the verification, Use the transaction bank card account information for offline payment.

對應地,本發明實施例提出了一種終端設備,如第3圖所示,終端設備30包含有初始化單元301、加密單元302以及支付單元303,其中:Correspondingly, the embodiment of the present invention proposes a terminal device. As shown in FIG. 3, the terminal device 30 includes an initialization unit 301, an encryption unit 302, and a payment unit 303, wherein:

初始化單元301係用於獲取挑戰碼,進一步來說,在註冊階段,初始化單元301還用於根據銀行卡帳戶資訊產生帳戶ID。另外,初始化單元301透過藍牙或NFC通訊方式獲取挑戰碼。The initialization unit 301 is used to obtain the challenge code. Further, in the registration phase, the initialization unit 301 is also used to generate an account ID according to the bank card account information. In addition, the initialization unit 301 acquires the challenge code through Bluetooth or NFC communication.

加密單元302係用於對該挑戰碼、帳戶ID進行加密,產生交易標識,其中加密單元302係透過公開金鑰PK進行加密獲得交易標識。The encryption unit 302 is used to encrypt the challenge code and the account ID to generate a transaction identifier, wherein the encryption unit 302 obtains the transaction identifier by encrypting with the public key PK.

支付單元303係用於利用交易標識、交易密碼進行線下支付。The payment unit 303 is used for offline payment using transaction identification and transaction password.

對應地,本發明實施例還提供了一種後臺支付裝置,如第4圖所示。後臺支付裝置40包含挑戰碼產生單元401、解密單元402以及支付單元403,其中:Correspondingly, the embodiment of the present invention also provides a background payment device, as shown in FIG. 4 . The background payment device 40 includes a challenge code generation unit 401, a decryption unit 402, and a payment unit 403, wherein:

挑戰碼產生單元401係用於利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;The challenge code generating unit 401 is used to generate a challenge code using transaction information, and transmit the challenge code to the client;

解密單元402係用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;其中,解密單元402透過私密金鑰SK進行解密獲得挑戰碼、帳戶ID。The decryption unit 402 is used to obtain the transaction ID from the client, and decrypt the transaction ID to obtain the challenge code and account ID; wherein, the decryption unit 402 decrypts through the private key SK to obtain the challenge code and account ID.

支付單元403係用於利用挑戰碼、帳戶ID進行線下支付。The payment unit 403 is used for offline payment using the challenge code and account ID.

第5圖係為根據本發明一實施例的後臺支付裝置中支付單元403的功能方塊圖。包含:第一驗證模組4031,用於驗證該挑戰碼;第一支付模組4032,用於通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;第二驗證模組4033,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及第二支付模組4034,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。FIG. 5 is a functional block diagram of the payment unit 403 in the background payment device according to an embodiment of the present invention. Including: the first verification module 4031, used to verify the challenge code; the first payment module 4032, used to obtain transaction bank card account information by using the account ID after passing the verification; the second verification module 4033, used to obtain the transaction bank card account information from The client terminal obtains the transaction password, and verifies the transaction password; and the second payment module 4034 is used to use the transaction bank card account information to perform offline payment after passing the verification.

如第6圖所示,為本發明實施例提供的一種線下支付系統框圖。包含:第3圖所示的終端設備30,以及第4圖所示的後臺支付裝置40。As shown in Figure 6, it is a block diagram of an offline payment system provided by an embodiment of the present invention. Including: the terminal device 30 shown in FIG. 3, and the background payment device 40 shown in FIG. 4.

以下將結合實施例來對上述第1圖~第6圖的技術方案進行詳細說明。The technical solutions in the above-mentioned Fig. 1 to Fig. 6 will be described in detail below in conjunction with embodiments.

對於本實施例來說,終端設備可為行動終端,比如手機、IPad等可移動的智慧終端裝置。For this embodiment, the terminal device may be a mobile terminal, such as a mobile smart terminal device such as a mobile phone or an IPad.

在本實施例中,整個支付流程分為兩部份:In this embodiment, the entire payment process is divided into two parts:

第7圖係為根據本發明一實施例的移動終端安裝及註冊流程圖,包含以下步驟:Fig. 7 is a flow chart of mobile terminal installation and registration according to an embodiment of the present invention, including the following steps:

1、下載並安裝客戶端程式。1. Download and install the client program.

2、進行使用者註冊:輸入手機號、身份證、使用者登錄密碼/手勢等資訊,提交後臺建立新使用者。2. User registration: Enter information such as mobile phone number, ID card, user login password/gesture, etc., and submit to the background to create a new user.

3、關聯交易銀行卡:使用者將銀行卡帳戶資訊關聯到使用者,且後臺支付裝置根據銀行卡帳戶資訊來產生唯一的帳戶ID,並且回傳給客戶端。為保障安全,客戶端保留帳戶ID,不保留銀行卡帳戶原始資訊。客戶可以根據需要關聯多張銀行卡。3. Related transaction bank card: the user associates the bank card account information with the user, and the background payment device generates a unique account ID according to the bank card account information, and sends it back to the client. To ensure security, the client retains the account ID and does not retain the original information of the bank card account. Customers can associate multiple bank cards as needed.

4、金鑰同步:透過非對稱演算法,伺服器端產生私密金鑰SK以及公開金鑰PK,保留私密金鑰SK,並將公開金鑰PK發送給客戶端,且客戶端保留公開金鑰PK。4. Key synchronization: Through an asymmetric algorithm, the server generates the private key SK and the public key PK, keeps the private key SK, and sends the public key PK to the client, and the client retains the public key PK.

5、設置交易密碼:客戶根據需求設置交易密碼P,交易密碼P可以與銀行卡交易密碼相同或者不同,而伺服器端保留交易密碼P,用於交易驗證。5. Set the transaction password: the customer sets the transaction password P according to the needs. The transaction password P can be the same as or different from the bank card transaction password, and the server side reserves the transaction password P for transaction verification.

第8圖係為根據本發明一實施例的交易流程圖,在支付過程中,移動終端和受理終端的通信可以透過多種方式,例如藍牙、NFC等。移動終端無需聯網也可通信,但是受理終端與後臺支付裝置之間需要聯網。流程包含:Fig. 8 is a transaction flow chart according to an embodiment of the present invention. During the payment process, the communication between the mobile terminal and the acceptance terminal can be through various methods, such as Bluetooth, NFC and so on. The mobile terminal can also communicate without being connected to the Internet, but the acceptance terminal and the background payment device need to be connected to the Internet. The process includes:

1、收銀員透過受理終端,選擇移動Token支付,輸入交易金額;1. The cashier selects mobile Token payment through the acceptance terminal, and enters the transaction amount;

2、受理終端將交易資訊提交至後臺支付裝置,後臺支付裝置針對本次交易,動態產生一串挑戰碼C,並且回傳給受理終端;2. The acceptance terminal submits the transaction information to the background payment device, and the background payment device dynamically generates a series of challenge code C for this transaction and sends it back to the acceptance terminal;

3、客戶打開並登錄移動終端,選擇交易銀行卡;3. The customer opens and logs in the mobile terminal, and selects the transaction bank card;

4、移動終端應用從受理終端獲取挑戰碼C,並將當前銀行卡的帳戶ID、挑戰碼C,透過公開金鑰PK進行加密,形成本次交易的交易標識Token,並提供給受理終端;4. The mobile terminal application obtains the challenge code C from the acceptance terminal, and encrypts the account ID and challenge code C of the current bank card through the public key PK to form a transaction identification token for this transaction, and provides it to the acceptance terminal;

5、客戶透過受理終端或移動終端的鍵盤輸入交易密碼P。受理終端將獲取交易標識Token、交易密碼P,提交給後臺支付裝置;5. The customer enters the transaction password P through the keyboard of the acceptance terminal or mobile terminal. The acceptance terminal will obtain the transaction identification Token and transaction password P, and submit them to the background payment device;

6、後臺支付裝置透過私密金鑰SK,對交易標識Token進行解密,獲得帳戶ID、挑戰碼C,並且驗證挑戰碼C是否正確;6. The background payment device decrypts the transaction identification Token through the private key SK, obtains the account ID, challenge code C, and verifies whether the challenge code C is correct;

7、後臺支付裝置根據帳戶ID,獲取銀行卡帳戶資訊,驗證交易密碼P是否正確;7. The background payment device obtains the bank card account information according to the account ID, and verifies whether the transaction password P is correct;

8、後臺支付裝置完成交易,將交易結果回傳給受理終端;8. The background payment device completes the transaction and sends the transaction result back to the acceptance terminal;

9、受理終端將交易結果回傳給移動終端。9. The acceptance terminal sends back the transaction result to the mobile terminal.

由上述實施例可知,本技術方案每次交易時由後臺系統動態產生一串挑戰碼(challenge),終端設備將支付帳戶資訊、挑戰碼加密形成動態交易標識(Token),用以代替支付帳戶資訊,進行前後臺交易傳輸。交易標識由手機端動態產生,每次交易產生不同的交易標識,保障了帳戶和交易安全。終端設備離線操作,無需聯網,提升了交易成功率和使用者體驗。   以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。It can be seen from the above embodiments that the background system dynamically generates a series of challenge codes (challenge) in each transaction of this technical solution, and the terminal device encrypts the payment account information and the challenge code to form a dynamic transaction token (Token), which is used to replace the payment account information , for front-end and back-end transaction transmission. The transaction ID is dynamically generated by the mobile phone, and each transaction generates a different transaction ID, which ensures the security of accounts and transactions. The terminal equipment operates offline without networking, which improves the transaction success rate and user experience. The above is only a preferred embodiment of the present invention, and all equivalent changes and modifications made according to the scope of the patent application of the present invention shall fall within the scope of the present invention.

101~103、201~203‧‧‧步驟30‧‧‧終端設備301‧‧‧初始化單元302‧‧‧加密單元303‧‧‧支付單元40‧‧‧後臺支付裝置401‧‧‧挑戰碼產生單元402‧‧‧解密單元403‧‧‧支付單元4031‧‧‧第一驗證模組4032‧‧‧第一支付模組4033‧‧‧第二驗證模組4034‧‧‧第二支付模組101~103, 201~203‧‧‧step 30‧‧‧terminal device 301‧‧‧initialization unit 302‧‧‧encryption unit 303‧‧‧payment unit 40‧‧‧background payment device 401‧‧‧challenge code generation unit 402‧‧‧decryption unit 403‧‧‧payment unit 4031‧‧‧first verification module 4032‧‧‧first payment module 4033‧‧‧second verification module 4034‧‧‧second payment module

第1圖係為根據本發明一實施例的一種線下支付方法流程圖。 第2圖係為根據本發明另一實施例的一種線下支付方法流程圖。 第3圖係為根據本發明一實施例的一種終端設備功能方塊圖。 第4圖係為根據本發明一實施例的一種後臺支付裝置功能方塊圖。 第5圖係為根據本發明一實施例的後臺支付裝置中支付單元功能方塊圖。 第6圖係為根據本發明一實施例的一種線下支付系統框圖。 第7圖係為根據本發明一實施例的移動終端安裝及註冊流程圖。 第8圖係為根據本發明一實施例的交易流程圖。Figure 1 is a flowchart of an offline payment method according to an embodiment of the present invention. Fig. 2 is a flowchart of an offline payment method according to another embodiment of the present invention. FIG. 3 is a functional block diagram of a terminal device according to an embodiment of the present invention. FIG. 4 is a functional block diagram of a background payment device according to an embodiment of the present invention. FIG. 5 is a functional block diagram of the payment unit in the background payment device according to an embodiment of the present invention. Fig. 6 is a block diagram of an offline payment system according to an embodiment of the present invention. FIG. 7 is a flowchart of installation and registration of a mobile terminal according to an embodiment of the present invention. FIG. 8 is a transaction flow chart according to an embodiment of the present invention.

101~103‧‧‧步驟 101~103‧‧‧Steps

Claims (9)

一種線下支付方法,其中包含:根據銀行卡帳戶資訊產生該帳戶ID,該帳戶ID關聯至少一張銀行卡;從受理終端透過藍牙或NFC通訊方式獲取挑戰碼;該挑戰碼的產生方式為即時產生,且每次產生之該挑戰碼不相同;對該挑戰碼、帳戶ID進行加密,產生交易標識,以及將該交易標識傳輸至受理終端;該交易標識的產生方式為即時產生,且每次產生之該交易標識不相同;以及利用該交易標識、交易密碼進行線下支付。 An offline payment method, which includes: generating the account ID according to bank card account information, and the account ID is associated with at least one bank card; obtaining a challenge code from an acceptance terminal through Bluetooth or NFC communication; the challenge code is generated in an instant Generated, and the challenge code is different each time; encrypt the challenge code and account ID, generate the transaction ID, and transmit the transaction ID to the acceptance terminal; the transaction ID is generated in real time, and each time The generated transaction identifiers are different; and the transaction identifier and transaction password are used for offline payment. 如請求項1所述的方法,其中該交易標識透過公開金鑰PK加密獲得。 The method as claimed in claim 1, wherein the transaction identifier is obtained through public key PK encryption. 一種線下支付方法,包含:利用交易資訊產生挑戰碼,將該挑戰碼透過藍牙或NFC通訊方式傳輸至受理終端;該挑戰碼的產生方式為即時產生,且每次產生之該挑戰碼不相同;從該受理終端獲取交易標識,對該交易標識進行解密,獲得該挑戰碼、帳戶ID;該交易標識的產生方式為即時產生,且每次產生之該交易標識不相同;該帳戶ID關聯至少一張銀行卡;利用該挑戰碼、該帳戶ID按照以下步驟進行線下支付:驗證該挑戰碼;通過驗證之後,利用該帳戶ID獲取,該至少一張銀行卡中對應的交易銀行 卡帳戶資訊;從該受理終端獲得交易密碼,對該交易密碼進行驗證;以及通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。 An offline payment method, comprising: using transaction information to generate a challenge code, and transmitting the challenge code to an acceptance terminal through Bluetooth or NFC communication; the challenge code is generated in real time, and the challenge code is different each time ; Obtain the transaction ID from the acceptance terminal, decrypt the transaction ID, and obtain the challenge code and account ID; the transaction ID is generated in real time, and the transaction ID is different each time; the account ID is associated with at least A bank card; use the challenge code and the account ID to make offline payment according to the following steps: verify the challenge code; after passing the verification, use the account ID to obtain the transaction bank corresponding to the at least one bank card card account information; obtain the transaction password from the acceptance terminal, verify the transaction password; and use the transaction bank card account information to make offline payment after passing the verification. 如請求項3所述的方法,其中該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。 The method according to claim 3, wherein the challenge code and account ID are obtained by decrypting the private key SK. 一種終端設備,其中包含:初始化單元,用於根據銀行卡帳戶資訊產生該帳戶ID,該帳戶ID關聯至少一張銀行卡;以及用於從受理終端透過藍牙或NFC通訊方式獲取挑戰碼;該挑戰碼的產生方式為即時產生,且每次產生之該挑戰碼不相同;加密單元,用於對該挑戰碼、帳戶ID進行加密,產生交易標識;該交易標識的產生方式為即時產生,且每次產生之該交易標識不相同;以及支付單元,用於利用該交易標識、交易密碼進行線下支付。 A terminal device, which includes: an initialization unit, which is used to generate the account ID according to bank card account information, and the account ID is associated with at least one bank card; and is used to obtain a challenge code from an acceptance terminal through Bluetooth or NFC communication; the challenge The generation method of the code is real-time generation, and the challenge code is different each time; the encryption unit is used to encrypt the challenge code and account ID to generate the transaction identification; the generation method of the transaction identification is instant generation, and each time The transaction identification generated for the second time is different; and the payment unit is used for offline payment using the transaction identification and transaction password. 如請求項5所述的設備,其中該加密單元透過公開金鑰PK進行加密獲得交易標識。 The device according to claim 5, wherein the encryption unit obtains the transaction identifier by encrypting with the public key PK. 一種後臺支付裝置,其中包含:挑戰碼產生單元,用於利用交易資訊產生挑戰碼,以及將該挑戰碼透過藍牙或NFC通訊方式傳輸至客戶端;該挑戰碼的產生方式為即時產生,且每次產生之該挑戰碼不相同;解密單元,用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得 該挑戰碼、帳戶ID;該交易標識的產生方式為即時產生,且每次產生之該交易標識不相同;該帳戶ID關聯至少一張銀行卡;第一驗證模組,用於驗證該挑戰碼;第一支付模組,用於通過驗證之後,利用該帳戶ID獲取,該至少一張銀行卡中對應的交易銀行卡帳戶資訊;第二驗證模組,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及第二支付模組,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。 A background payment device, which includes: a challenge code generation unit, which is used to generate a challenge code using transaction information, and transmit the challenge code to the client through Bluetooth or NFC communication; the challenge code is generated in real time, and every The challenge code generated for the second time is different; the decryption unit is used to obtain the transaction identifier from the client, decrypt the transaction identifier, and obtain The challenge code, account ID; the transaction identification is generated in real time, and the transaction identification is different each time; the account ID is associated with at least one bank card; the first verification module is used to verify the challenge code ; The first payment module is used to obtain the transaction bank card account information corresponding to the at least one bank card by using the account ID after passing the verification; the second verification module is used to obtain the transaction password from the client, The transaction password is verified; and the second payment module is used for offline payment using the transaction bank card account information after passing the verification. 如請求項7所述的後臺支付裝置,其中該解密單元透過私密金鑰SK進行解密獲得該挑戰碼、帳戶ID。 The background payment device according to claim 7, wherein the decryption unit obtains the challenge code and the account ID by decrypting through the private key SK. 一種線下支付系統,包含請求項5或6所述的終端設備,以及請求項7或8所述的後臺支付裝置。 An offline payment system, comprising the terminal device described in Claim 5 or 6, and the background payment device described in Claim 7 or 8.
TW105142353A 2015-12-25 2016-12-21 Offline payment method, terminal equipment, backstage payment device and offline payment system TWI786039B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510992050.7 2015-12-25
CN201510992050.7A CN105931047A (en) 2015-12-25 2015-12-25 Offline payment method, terminal device, backend payment apparatus and offline payment system

Publications (2)

Publication Number Publication Date
TW201723948A TW201723948A (en) 2017-07-01
TWI786039B true TWI786039B (en) 2022-12-11

Family

ID=56839957

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105142353A TWI786039B (en) 2015-12-25 2016-12-21 Offline payment method, terminal equipment, backstage payment device and offline payment system

Country Status (3)

Country Link
CN (2) CN112581125A (en)
TW (1) TWI786039B (en)
WO (1) WO2017107733A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112581125A (en) * 2015-12-25 2021-03-30 中国银联股份有限公司 Offline payment method and system
CN111340464B (en) * 2016-09-20 2023-12-12 徐蔚 Digital person payment method and device and mobile terminal
TWI661365B (en) * 2018-03-27 2019-06-01 財金資訊股份有限公司 System and method for dynamically checking code scanning payment, computer-readable recording medium and computer program product
CN108537536A (en) * 2018-06-21 2018-09-14 咪付(广西)网络技术有限公司 A kind of method for secure transactions and system based on strategy mark

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090288012A1 (en) * 2008-05-18 2009-11-19 Zetawire Inc. Secured Electronic Transaction System
TW201027448A (en) * 2009-01-09 2010-07-16 Flytech Technology Co Ltd Product selling management system and method thereof
CN104463575A (en) * 2014-11-26 2015-03-25 深圳市智惠付信息技术有限公司 NFC payment communication method based on payment command

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040051037A (en) * 2002-12-11 2004-06-18 엘지전자 주식회사 Method for paying e-money of mobile communication terminal
CN1941009A (en) * 2005-09-29 2007-04-04 普天信息技术研究院 Method for realizing fee payment by mobile telecommunication terminal
CN101841417A (en) * 2010-03-12 2010-09-22 李勇 Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same
CN101916346A (en) * 2010-08-16 2010-12-15 鸿富锦精密工业(深圳)有限公司 Electronic device capable of preventing piracy and anti-piracy method thereof
JP5935871B2 (en) * 2012-03-07 2016-06-15 ソニー株式会社 Payment processing system, payment terminal, communication device, payment server, and payment processing method
CN102819918A (en) * 2012-07-17 2012-12-12 苏州市米想网络信息技术有限公司 Payment system adopting multiple safety certificates
KR101517964B1 (en) * 2013-04-22 2015-05-07 주식회사 비즈모델라인 Method for Near Field Transaction by using Providing Dynamic Created Token Code
US8905303B1 (en) * 2013-09-01 2014-12-09 Mourad Ben Ayed Method for adaptive wireless payment
CN103903141B (en) * 2014-03-14 2018-05-08 福建联迪商用设备有限公司 A kind of O2O safe payment methods, system and a kind of POS terminal
CN103944730A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN104268746A (en) * 2014-09-17 2015-01-07 江苏爱心消费支付服务有限公司 Card-free payment method
CN112581125A (en) * 2015-12-25 2021-03-30 中国银联股份有限公司 Offline payment method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090288012A1 (en) * 2008-05-18 2009-11-19 Zetawire Inc. Secured Electronic Transaction System
TW201027448A (en) * 2009-01-09 2010-07-16 Flytech Technology Co Ltd Product selling management system and method thereof
CN104463575A (en) * 2014-11-26 2015-03-25 深圳市智惠付信息技术有限公司 NFC payment communication method based on payment command

Also Published As

Publication number Publication date
TW201723948A (en) 2017-07-01
WO2017107733A1 (en) 2017-06-29
CN105931047A (en) 2016-09-07
CN112581125A (en) 2021-03-30

Similar Documents

Publication Publication Date Title
US11588637B2 (en) Methods for secure cryptogram generation
CN109962784B (en) Data encryption, decryption and recovery method based on multiple digital envelope certificates
CN103067401B (en) Method and system for key protection
EP3487142B1 (en) Providing and obtaining graphic payment code information
CN105790938B (en) Safe unit key generation system and method based on credible performing environment
CN105528695B (en) Mobile payment method and mobile payment system based on marks
CN108092776A (en) A kind of authentication server and authentication token
CN105391734B (en) A kind of Security Login System and method, login service device and certificate server
TWI786039B (en) Offline payment method, terminal equipment, backstage payment device and offline payment system
CN101631305B (en) Encryption method and system
CN105184557B (en) Payment authentication method and system
CN103781064A (en) Short message verification system and verification method
TW201828205A (en) Transaction method, device and system used in virtual reality environment
CN106533677B (en) A kind of user login method, user terminal and server
CN107615797B (en) Device, method and system for hiding user identification data
WO2015110043A1 (en) Dual-channel identity authentication selection device, system and method
CN101425901A (en) Control method and device for customer identity verification in processing terminals
CN104506509A (en) Multifunctional security authentication terminal and authentication method based on terminal
CN104980276B (en) Identity identifying method for safety information interaction
CN109600354A (en) Network identity validation System and method for
CN106961417B (en) Identity verification method based on ciphertext
TWI638326B (en) Method of prelogin preview for online bank and system thereof
Kaur et al. A comparative analysis of various multistep login authentication mechanisms
CN105205667A (en) Safety payment verification method, device and system
WO2015110045A1 (en) Device, method and system for hiding user identification data