WO2013000351A1 - Mobile payment method and system - Google Patents

Mobile payment method and system Download PDF

Info

Publication number
WO2013000351A1
WO2013000351A1 PCT/CN2012/076169 CN2012076169W WO2013000351A1 WO 2013000351 A1 WO2013000351 A1 WO 2013000351A1 CN 2012076169 W CN2012076169 W CN 2012076169W WO 2013000351 A1 WO2013000351 A1 WO 2013000351A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
transaction
information
information message
module
Prior art date
Application number
PCT/CN2012/076169
Other languages
French (fr)
Chinese (zh)
Inventor
尹旭程
张翌维
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2013000351A1 publication Critical patent/WO2013000351A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices

Definitions

  • the present invention relates to the field of communications, and in particular, to a mobile payment method and system.
  • Mobile payment is also known as mobile payment (Mobile Payment) is a service method that allows users to pay for goods or services consumed by mobile terminals (such as mobile phones, PDAs, mobile PCs, etc.). It is a new business that combines electronic money, authentication, mobile communications and mobile terminals to enable users to enjoy multiple services anytime, anywhere.
  • the contactless chip mobile wallet service is a mobile phone carrier that combines the contactless IC card application with the SIM/UIM card. It implements mobile payment, industry application and credit in three application modes: card, reader and peer-to-peer. Service products for various applications such as redemption and electronic ticketing.
  • mobile payment is roughly divided into five types: one is mobile charging service (such as SMS group sending system SMS, wireless application protocol WAP, interactive voice response IVR, etc.); second, mobile bank card bundle payment, payment; It is the mobile phone landing online banking or third-party payment; the fourth is mobile phone wallet online small payment; the fifth is based on RFID (radio frequency identification) or NFC (near field communication) mobile wallet on-site payment.
  • mobile charging service such as SMS group sending system SMS, wireless application protocol WAP, interactive voice response IVR, etc.
  • second mobile bank card bundle payment, payment
  • It is the mobile phone landing online banking or third-party payment
  • the fourth is mobile phone wallet online small payment
  • the fifth is based on RFID (radio frequency identification) or NFC (near field communication) mobile wallet on-site payment.
  • RFID radio frequency identification
  • NFC near field communication
  • the mobile payment process has certain security risks, and is usually not a payment device (for example, a mobile terminal), which also affects the user experience.
  • the technical problem to be solved by the present invention is to provide a mobile payment method and system, which uses a payment device as a transaction center to improve the security of mobile payment transactions, and at the same time enhance the friendliness of information interaction and enhance the user experience.
  • the present invention provides a mobile payment method, including:
  • the payment information message includes user identity information and commodity information of the transaction; the commodity information includes any one or more of quota information, transaction time, product name, product quantity, and merchant information; and the user identity information Including any one or more of bank account information, personal identification number, and verification code.
  • the payment information message of the generated transaction is specifically: the payment device generates a payment information message or the payment device generates a payment information message.
  • the payment information message for acquiring the transaction is specifically: the financial payment platform acquires the payment information message of the transaction from the payment device or the payment device.
  • Determining whether the transaction is legal according to the payment information message is: verifying the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, The transaction is legal, otherwise the transaction is illegal.
  • the determining whether to conduct the transaction according to the judgment result is specifically: if the judgment result is that the transaction is legal, the transaction is allowed, otherwise the transaction is prohibited.
  • the present invention also proposes a mobile payment system, including a payment device, a paid device, and a financial payment platform, wherein:
  • the payment device or the payment device is configured to generate a payment information message of the transaction, where the payment device is further configured to determine whether to conduct a transaction according to the judgment result of the financial payment platform; and the financial payment platform is configured to acquire a transaction The information message is paid, and the transaction information is judged according to the payment information message.
  • the payment information message includes user identity information and commodity information of the transaction;
  • the user identity information includes any one or more of bank account information, a personal identification number, and a verification code;
  • the commodity information includes quota information, Any one or more of transaction time, product name, item quantity, and business information.
  • the payment device or the payment device includes a message generation module, and the message generation module is configured to generate a payment information message of the transaction; the payment device includes a determination module, configured to be used according to the financial payment platform The result of the judgment determines whether or not to conduct the transaction.
  • the financial payment platform includes: an obtaining module, configured to obtain a payment information message of the transaction; and a detecting module, configured to determine, according to the payment information message, whether the transaction is legal.
  • the detecting module includes a first detecting unit, configured to check the integrity of the payment information message and the legality of the content of the payment information message, and if the payment information message is complete and the content is legal, the transaction is determined. Legal, otherwise the transaction is determined to be illegal.
  • the judging module includes a first judging unit, configured to allow the transaction to be performed when the judgment result is that the transaction is legal, otherwise the transaction is prohibited.
  • the mobile payment method and system of the invention uses the payment device as a transaction center, improves the security of the mobile payment transaction, enhances the friendliness of information interaction, is more humanized, and improves the user experience.
  • FIG. 1 is a flow chart of a mobile payment method according to an embodiment of the present invention.
  • FIG. 2 is a flow chart of a challenge/response authentication method based on a symmetric algorithm
  • FIG. 3 is another flowchart of a mobile payment method according to an embodiment of the present invention.
  • FIG. 4 is a structural diagram of a mobile payment system according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of a specific structure and a working process of a mobile payment system according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of another specific structure and a working process of a mobile payment system according to an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention.
  • FIG. 8 is a schematic diagram of another working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention.
  • the main idea of the present invention is to use a payment device (e.g., a mobile terminal) as the center of a mobile payment transaction so that the user can terminate or continue the payment process at any step of the mobile payment transaction through a payment device such as a mobile terminal.
  • a payment device e.g., a mobile terminal
  • the payment device is used as the transaction center to effectively reduce the insecure factors of the transaction, thereby improving the security of the payment transaction.
  • FIG. 1 is a flowchart of a mobile payment method according to an embodiment of the present invention. As shown in FIG. 1 , in this embodiment, the mobile payment method includes:
  • Step 101 The user communication terminal establishes a trusted communication link with the POS terminal.
  • the communication terminal is a specific payment device
  • the POS terminal is a specific paid device.
  • the mobile payment methods described in the various embodiments herein should be understood to be applicable to all mobile payment systems including payment devices, payment devices, and financial payment platforms.
  • the user communication terminal can be, but is not limited to, a cell phone, a personal digital assistant PDA, and the like.
  • a trusted communication link can be established when both the user communication terminal and the POS terminal are within a valid contactless transmission distance and the communication state is normal.
  • the communication terminal and the POS terminal must pass the security authentication before establishing a trusted communication link (also referred to as a secure link).
  • the security authentication can adopt all existing security authentication methods that may occur in the future, for example, a symmetric algorithm based Challenge/response authentication method or signature authentication method based on asymmetric cryptographic algorithm.
  • the challenge/response authentication process includes:
  • A sends a random number Rp to B
  • Both A and B generate a process key Key_proc, wherein the process key can be obtained by encrypting or obfuscating the first key Key1, the random number Rp, and the identification code ID;
  • B After receiving the authentication request, B generates a first random string Ra, encrypts the first random string Ra with the process key Key_proc, and transmits it to A;
  • the first random string Ra is obtained, and then the second random string Rb is generated by itself, and the first random string Ra and the second random string Rb are spliced and encrypted by the process key Key_proc to be transparently transmitted to B. ;
  • (6) B decrypts to obtain the first random string Ra and the second random string Rb, and then determines whether the first random string Ra is the same as the first random string Ra generated by itself, and if the same, the second random word
  • the string Rb is encrypted by the process key Key_proc and then transparently transmitted to A
  • A decrypts to obtain the second random string Rb, and then determines whether the second random string Rb is the same as the second random string Rb generated by itself, and if the same, the authentication is performed. by.
  • Step 102 The user communication terminal sends the user identity information to the POS terminal.
  • both the communication terminal and the POS terminal enter a non-contact information interaction mode, and the two can exchange data through the radio frequency channel.
  • the communication terminal and the POS terminal can also communicate through other non-contact communication channels.
  • the communication terminal generates user identity information and its verification code and sends them to the POS terminal.
  • the user identity information may include, but is not limited to, bank account information, a personal identification number, a verification code, and the like.
  • Step 103 The POS terminal binds the user identity information and the product information to generate a payment information message, and then sends the message to the user communication terminal.
  • Product information is generated by the POS terminal.
  • Product information may include, but is not limited to, credit information, transaction time, product name, number of products, merchant information, and the like.
  • the payment information message includes product information and user identity information.
  • Step 104 The user communication terminal sends the payment information message to the financial payment platform.
  • the financial payment platform may also actively obtain the payment information message.
  • Step 105 The financial payment platform determines whether the transaction is legal according to the payment information message, and notifies the user of the communication terminal and the POS terminal of the determination result.
  • the user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform, and if the user allows the transaction, the financial payment platform further completes the transaction;
  • the financial payment platform can verify the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is legal, otherwise the transaction is illegal.
  • the judgment result is as follows: 1. If the payment information message is complete and legal, the transaction is legal; 2. If the payment information message receives timeout, the payment information message is incomplete, or the payment information message content is illegal, the transaction is illegal. .
  • the user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform: if the judgment result is legal for the transaction, the transaction is allowed, otherwise the transaction is prohibited.
  • the financial payment platform may not notify the user communication terminal and the POS terminal of the determination result, that is, the information terminal does not perform feedback on the communication terminal and/or the POS terminal, and the payment device such as the user communication terminal and the POS terminal are paid.
  • the device can also actively obtain the judgment result.
  • step 106 the user communication terminal returns to the initial state.
  • the mobile payment method of this embodiment has the following advantages:
  • the mobile payment method of the embodiment uses the payment device as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction through the mobile terminal, thereby improving the security and promotion of the mobile payment transaction.
  • the friendliness of information interaction is more user-friendly and enhances the user experience.
  • FIG. 3 is another flow chart of a mobile payment method according to an embodiment of the present invention. As shown in FIG. 3, in this embodiment, the mobile payment method includes:
  • Step 301 The user communication terminal establishes a trusted communication link with the POS terminal.
  • a trusted communication link can be established when both the user communication terminal and the POS terminal are within a valid contactless transmission distance and the communication state is normal.
  • the communication terminal and the POS terminal must pass the security authentication before establishing a trusted communication link (or a secure link).
  • security authentication refer to the description of step 101, and details are not described herein.
  • Step 302 The POS terminal sends the commodity information to the user communication terminal.
  • the POS terminal generates commodity information and its check code, and transmits them to the communication terminal.
  • Product information may include, but is not limited to, credit information, transaction time, product name, number of products, merchant information, and the like.
  • Step 303 The user communication terminal binds the user identity information and the product information to generate a payment information message.
  • User identity information is generated by the communication terminal.
  • User identity information may include, but is not limited to, bank account information, personal identification numbers, verification codes, and the like.
  • the payment information message includes product information and user identity information.
  • Step 304 The user communication terminal sends the payment information message to the financial payment platform.
  • Step 305 The financial payment platform determines whether the transaction is legal according to the payment information message, and notifies the user of the communication terminal and the POS terminal, and the user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform. If the user allows the transaction, the financial The payment platform will complete the transaction further;
  • the financial payment platform can verify the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is legal, otherwise the transaction is illegal.
  • the user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform: if the judgment result is legal for the transaction, the transaction is allowed, otherwise the transaction is prohibited.
  • the judgment result is as follows: 1. If the payment information message is complete and legal, the transaction is legal; 2. If the payment information message is timed out, the payment information message is incomplete, or the payment information message content is illegal, the transaction is illegal.
  • the financial payment platform may not notify the user of the communication terminal and the POS terminal of the determination result, that is, does not perform information feedback on the communication terminal and/or the POS terminal.
  • step 306 the user communication terminal returns to the initial state.
  • data integrity verification may be performed on data communicated between any of the communication terminal, the POS terminal, and the financial payment platform.
  • the information sent to the communication terminal can be visible and controllable to the user, and the user can choose to continue, interrupt or re-trade at any point.
  • the payment device is used as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of the information interaction. More user-friendly and improved user experience.
  • the invention also proposes a mobile payment system for implementing the above mobile payment method.
  • 4 is a structural diagram of a mobile payment system according to an embodiment of the present invention.
  • the mobile payment system of the present invention includes a payment device 42, a payment device 41, and a financial payment platform 43, wherein the payment device 41 is used to generate or acquire The payment information message of the transaction is sent to the financial payment platform 43, and the financial payment platform 43 is configured to determine whether the transaction is legal according to the payment information message, and the payment device 41 is further configured to determine according to the judgment result of the financial payment platform 43. Whether to trade.
  • FIG. 5 is a schematic diagram of a specific structure and a working process of a mobile payment system according to an embodiment of the present invention.
  • the payment device 41 includes a first communication module 510, a first message generation module 520, and a sending module 530.
  • the device to be paid 42 includes a second communication module 540, and the financial payment platform 43 includes receiving.
  • the first communication module 510 is configured to perform data exchange with the second communication module 540.
  • the first message generating module 520 is configured to generate a payment information message of the current transaction
  • the sending module 530 is configured to send the payment information message to the The financial payment platform 43
  • the second communication module 540 is configured to exchange data with the first communication module 510
  • the receiving module 550 is configured to receive the payment information message
  • the detecting module 560 is configured to determine whether the current transaction is legal according to the payment information message.
  • the detecting module 560 may further include a first detecting unit, where the first detecting unit is configured to check the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is determined to be legal. Otherwise, the transaction is determined to be illegal.
  • the payment device 41 may further include a determining module, and the determining module is configured to determine whether to perform the transaction according to the judgment result of the financial payment platform 43.
  • the judging module may further include a first judging unit, where the first judging unit is configured to allow the transaction to be performed when the judgment result is that the transaction is legal, otherwise the transaction is prohibited.
  • the working process of the mobile payment system shown in FIG. 5 is: the paid device 42 sends the commodity information to the payment device 41 through the second communication module 540, and the payment device 41 receives the commodity information through the first communication module 510, and the first packet generation module 520
  • the product information is bound to the user identity information of the payment device 41 to generate a payment information message
  • the sending module 530 sends the payment information message to the financial payment platform 43
  • the financial payment platform 43 receives the payment information message through the receiving module 550, and detects
  • the module 560 determines whether the transaction is legal according to the payment information message received by the receiving module 550.
  • the financial payment platform 43 may further notify the payment device 41 and the payee device 42 of the determination result of the detection module 560.
  • the payment device 41 determines whether or not to perform the transaction based on the determination result of the determination result of the detection module 560 of the financial payment platform 43.
  • the mobile payment system of this embodiment uses the payment device 41 as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of information interaction. It is more user-friendly and enhances the user experience.
  • FIG. 6 is still another schematic structural diagram of a mobile payment system according to an embodiment of the present invention and a working process thereof.
  • the payment device 41 includes a first communication module 610, a second message acquisition module 620, and a sending module 630.
  • the device to be charged 42 includes a second communication module 640 and a second message generation module 650.
  • the financial payment platform 43 includes a receiving module 550 and a detecting module 560.
  • the first communication module 610 is configured to exchange data with the second communication module 640
  • the second packet obtaining module 620 is configured to obtain a payment information report of the transaction.
  • the sending module 630 is configured to send the payment information message to the financial payment platform 43
  • the second communication module 640 is configured to exchange data with the first communication module 610
  • the second message generating module 650 is configured to generate the transaction.
  • the payment information message is used by the receiving module 550 to receive the payment information message
  • the detecting module 560 is configured to determine whether the current transaction is legal according to the payment information message.
  • the working process of the mobile payment system shown in FIG. 6 is that the payment device 41 transmits the user identity information to the device to be served 42 through the first communication module 610, and the device for receiving the device 42 receives the identity information of the user through the second communication module 640, and generates the second message.
  • the module 650 binds the user identity information to the product information generated by the device to be paid 42 to generate a payment information message; then the second message obtaining module 620 of the payment device 41 issues a command to obtain a payment information message, and the first communication module 610 receives the command.
  • the second communication module 640 sends a request to the second communication module 640 of the device to be paid, and the second communication module 640 transmits the payment message to the first communication module 610 after receiving the request, and the first communication module 610
  • the sending module 620 sends the payment information message to the financial payment platform 43.
  • the financial payment platform 43 receives the payment information message through the receiving module 550, and the detecting module 560 receives the payment information according to the receiving module 550.
  • the message determines whether the transaction is legal.
  • the financial payment platform 43 may further notify the payment device 41 and the payee device 42 of the determination result of the detection module 560.
  • the payment device 41 determines whether or not to perform the transaction based on the determination result of the determination result of the detection module 560 of the financial payment platform 43.
  • the financial payment platform 43 can also actively acquire the payment information message. Therefore, in other embodiments of the present invention, the financial payment platform 43 may include a first message obtaining module, where the first message acquiring module is configured to obtain a payment information message of the current transaction.
  • the mobile payment system of this embodiment uses the payment device 41 as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of information interaction. It is more user-friendly and enhances the user experience.
  • the financial payment platform may further include a notification module for notifying the payment device and the payment device of the determination result of the detection module, where the payment device may further include a first notification for receiving the notification module.
  • the notification receiving module may further include a second notification receiving module for receiving the notification of the notification module.
  • one functional module may be further split into multiple sub-modules, or multiple functional modules of the same device may be integrated into one module.
  • a plurality of program-implementable modules of the payment device are synthesized into transaction software, and a plurality of hardware modules of the payment device are integrated in an RFID module with a security chip.
  • the transaction software may also be stored in, but not limited to, a storage medium or an RFID module inside a payment device (eg, a communication terminal), which may be, but is not limited to, an RFID-SIM card, an RFID-USIM card, an RFID-TF card, an RFID- SD card or RFID-MMC card.
  • FIG. 7 is a schematic diagram of a working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention.
  • the mobile payment system includes a mobile phone (payment device), a POS terminal (paid device), and a financial payment platform, wherein the mobile phone has the above-mentioned transaction software and RFID module, and the working process of the mobile payment system shown in FIG. include:
  • the user sends the user identity information to the POS terminal by using the mobile phone;
  • the user After the merchant selects a good product, the user establishes a trusted contactless communication link by using the mobile phone and the POS terminal of the merchant through security authentication.
  • the user inputs account information, personal identification code, random verification code, etc. through the soft keyboard in the transaction software interface, and generates user identity information and its check code, and then sends them to the POS terminal.
  • the POS terminal binds the user identity information with the product information to generate a payment information message, and sends the message to the mobile phone;
  • the POS terminal first checks the integrity of the user identity information transmitted from the mobile phone. If the verification is successful, it will generate payment information message and its check code with the product information (POS terminal identity authentication information, product name, product quantity and transaction amount, etc.), and then send it to the user RF through the 2.4GHz contactless communication band. SIM card on the phone. If the verification fails, the POS terminal notifies the mobile phone, and the user decides whether to resend the user identity information and its check code to the POS terminal, or cancel the transaction.
  • product information POS terminal identity authentication information, product name, product quantity and transaction amount, etc.
  • the user sends the payment information message to the financial payment platform by using the mobile phone.
  • the user performs integrity verification on the payment information message through the mobile phone, and if the verification succeeds, the payment information message is sent to the financial payment platform (controlled by the banking institution) through the GPRS network. If the verification fails, it is up to the user to inform the POS terminal to resend the payment information message and its check code, or cancel the transaction.
  • the financial payment platform first checks the integrity of the payment information message sent by the user's mobile phone, and then determines whether the account information and the personal identification code in the message match. If it matches, the financial payment platform will judge the transaction to be legal, and issue a legal notice of the transaction to the POS terminal and the communication terminal through the GPRS network. If there is no match, the financial payment platform replies to the communication terminal, and the user decides whether to re-enter the user identity information or cancel the transaction.
  • FIG. 8 is a schematic diagram of another working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention.
  • the mobile payment system includes a mobile phone (payment device), a POS terminal (paid device), and a financial payment platform, wherein the mobile phone has the above-mentioned transaction software and RFID module, and the working process of the mobile payment system shown in FIG. include:
  • the POS terminal sends the product information to the user's mobile phone
  • the user After the merchant selects the commodity, the user establishes a trusted contactless communication link with the POS terminal of the merchant by using the mobile phone.
  • the POS terminal becomes commodity information (POS terminal identity authentication information, product name, number of products, transaction amount, etc.) and its check code, and transmits them to the user RF-SIM card mobile phone through the 2.4 GHz contactless communication band.
  • commodity information POS terminal identity authentication information, product name, number of products, transaction amount, etc.
  • the mobile phone binds the product information and the user identity information to generate a payment information message, and then sends the payment information message to the financial payment platform.
  • the user starts to check the integrity of the product information transmitted by the POS terminal through the mobile phone transaction software. If the verification is successful, the user inputs account information, personal identification code, random verification code, etc. through the soft keyboard in the transaction software interface, and generates user identity information. Then, together with the commodity information, a check code and a payment information message are generated, and then sent to the financial payment platform (controlled by the banking institution) through the GPRS network. If the verification fails, it is up to the user to inform the POS terminal to resend the check code and the message, or to cancel the transaction.
  • the financial payment platform first checks the integrity of the message sent by the user's mobile phone, and then determines whether the account information and the personal identification code in the message match. If it matches, the financial payment platform will judge the transaction to be legal, and issue a legal notice of the transaction to the POS terminal and the communication terminal through the GPRS network. If there is no match, the financial payment platform replies to the communication terminal, and the user decides whether to re-enter the user identity information or cancel the transaction.
  • the mobile payment system of the embodiment uses the payment device as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and enhancing the information interaction.
  • the friendliness is more user-friendly and enhances the user experience.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a mobile payment method and system. The method comprises: generating a payment information message of a transaction; determining whether the transaction is legal according to the payment information message; and if the transaction is legal, a payment device permitting the transaction. The system comprises a payment device, a payment recipient device and a financial payment platform. The payment device is used for generating a payment information message of a transaction, and permitting the transaction when the determination result of the financial payment platform is that the transaction is legal. The financial payment platform is used for determining whether the transaction is legal according to the payment information message. Alternatively, the payment recipient device is used for generating a payment information message of a transaction. The payment device is used for permitting the transaction when the determination result of the financial payment platform is that the transaction is legal. The financial payment platform is used for determining whether the transaction is legal according to the transaction information message. In the mobile payment method and system of the present invention, the payment device acts as a transaction center, thereby enhancing the safety of mobile payment transaction and the friendliness of information exchange, becoming more human friendly, and improving the user experience.

Description

一种移动支付方法及系统  Mobile payment method and system 技术领域Technical field
本发明涉及通信领域,尤其涉及一种移动支付方法及系统。 The present invention relates to the field of communications, and in particular, to a mobile payment method and system.
背景技术Background technique
移动支付也称为手机支付(Mobile Payment),是允许用户使用移动终端设备(例如手机、PDA、移动PC等)对所消费的商品或服务进行账务支付的一种服务方式。它是一种结合了电子化货币、身份验证、移动通信与移动终端的崭新业务,可以使用户随时随地享受多种服务。非接触芯片式手机钱包业务是一项以手机为载体,将非接触式IC卡应用结合于SIM/UIM卡中,以卡、阅读器、点对点三种应用模式,实现手机支付、行业应用、积分兑换、电子票务等多种应用的服务产品。 Mobile payment is also known as mobile payment (Mobile Payment) is a service method that allows users to pay for goods or services consumed by mobile terminals (such as mobile phones, PDAs, mobile PCs, etc.). It is a new business that combines electronic money, authentication, mobile communications and mobile terminals to enable users to enjoy multiple services anytime, anywhere. The contactless chip mobile wallet service is a mobile phone carrier that combines the contactless IC card application with the SIM/UIM card. It implements mobile payment, industry application and credit in three application modes: card, reader and peer-to-peer. Service products for various applications such as redemption and electronic ticketing.
目前移动支付具体的实现形式大致分为五种:一是移动代收费业务(例如短信群发系统SMS、无线应用协议WAP、互动式语音应答IVR等);二是手机银行卡捆绑缴费、支付;三是手机登陆网上银行或第三方支付;四是手机钱包在线小额支付;五是基于RFID(射频识别)或者NFC(近场通信)的手机钱包现场支付。At present, the specific implementation forms of mobile payment are roughly divided into five types: one is mobile charging service (such as SMS group sending system SMS, wireless application protocol WAP, interactive voice response IVR, etc.); second, mobile bank card bundle payment, payment; It is the mobile phone landing online banking or third-party payment; the fourth is mobile phone wallet online small payment; the fifth is based on RFID (radio frequency identification) or NFC (near field communication) mobile wallet on-site payment.
现有技术中,移动支付过程存在一定的安全隐患,且通常不是以支付设备(例如移动终端)为交易中心的,这种情况也影响了用户体验。In the prior art, the mobile payment process has certain security risks, and is usually not a payment device (for example, a mobile terminal), which also affects the user experience.
技术问题technical problem
本发明所要解决的技术问题是提供一种移动支付方法及系统,以支付设备为交易中心,提高移动支付交易的安全性,同时增进信息交互的友好程度,提升用户体验。 The technical problem to be solved by the present invention is to provide a mobile payment method and system, which uses a payment device as a transaction center to improve the security of mobile payment transactions, and at the same time enhance the friendliness of information interaction and enhance the user experience.
技术解决方案Technical solution
为解决上述技术问题,本发明提出了一种移动支付方法,包括:To solve the above technical problem, the present invention provides a mobile payment method, including:
生成交易的支付信息报文;Generating a payment information message for the transaction;
获取交易的支付信息报文;Obtaining a payment information message of the transaction;
根据所述支付信息报文判断交易是否合法; Determining whether the transaction is legal according to the payment information message;
根据判断结果决定是否进行交易。According to the judgment result, it is decided whether to conduct the transaction.
进一步地,上述方法还可具有以下特点, 所述支付信息报文中包含用户身份信息和交易的商品信息;所述商品信息包括额度信息、交易时间、商品名称、商品数量、商家信息中的任意一种或多种;所述用户身份信息包括银行账户信息、个人识别码、验证码中的任意一种或多种。Further, the above method may also have the following features. The payment information message includes user identity information and commodity information of the transaction; the commodity information includes any one or more of quota information, transaction time, product name, product quantity, and merchant information; and the user identity information Including any one or more of bank account information, personal identification number, and verification code.
进一步地,上述方法还可具有以下特点, 所述生成交易的支付信息报文具体为:支付设备生成支付信息报文或受付设备生成支付信息报文。Further, the above method may also have the following features. The payment information message of the generated transaction is specifically: the payment device generates a payment information message or the payment device generates a payment information message.
进一步地,上述方法还可具有以下特点, 所述获取本次交易的支付信息报文具体为:金融支付平台从所述支付设备或所述受付设备获取交易的支付信息报文。Further, the above method may also have the following features. The payment information message for acquiring the transaction is specifically: the financial payment platform acquires the payment information message of the transaction from the payment device or the payment device.
进一步地,上述方法还可具有以下特点, 所述根据所述支付信息报文判断交易是否合法具体为:检验所述支付信息报文的完整性和所述支付信息报文内容的合法性,若所述支付信息报文完整且内容合法,则交易合法,否则交易不合法。 Further, the above method may also have the following features. Determining whether the transaction is legal according to the payment information message is: verifying the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, The transaction is legal, otherwise the transaction is illegal.
进一步地,上述方法还可具有以下特点, 所述根据所述判断结果决定是否进行交易具体为:若所述判断结果为交易合法,则允许进行交易,否则禁止进行交易。Further, the above method may also have the following features. The determining whether to conduct the transaction according to the judgment result is specifically: if the judgment result is that the transaction is legal, the transaction is allowed, otherwise the transaction is prohibited.
为解决上述技术问题,本发明还提出了一种移动支付系统,包括支付设备、受付设备和金融支付平台,其中: To solve the above technical problem, the present invention also proposes a mobile payment system, including a payment device, a paid device, and a financial payment platform, wherein:
所述支付设备或所述受付设备用于生成交易的支付信息报文,所述支付设备还用于根据所述金融支付平台的判断结果决定是否进行交易;所述金融支付平台用于获取交易的支付信息报文,并根据所述支付信息报文判断交易是否合法。The payment device or the payment device is configured to generate a payment information message of the transaction, where the payment device is further configured to determine whether to conduct a transaction according to the judgment result of the financial payment platform; and the financial payment platform is configured to acquire a transaction The information message is paid, and the transaction information is judged according to the payment information message.
进一步地,上述系统还可具有以下特点, 所述支付信息报文中包含用户身份信息和交易的商品信息;所述用户身份信息包括银行账户信息、个人识别码、验证码中的任意一种或多种;所述商品信息包括额度信息、交易时间、商品名称、商品数量、商家信息中的任意一种或多种。Further, the above system may also have the following features. The payment information message includes user identity information and commodity information of the transaction; the user identity information includes any one or more of bank account information, a personal identification number, and a verification code; the commodity information includes quota information, Any one or more of transaction time, product name, item quantity, and business information.
进一步地,上述系统还可具有以下特点, 所述支付设备或所述受付设备中包括报文生成模块,所述报文生成模块用于生成交易的支付信息报文;所述支付设备中包括判断模块,用于根据所述金融支付平台的判断结果决定是否进行交易。Further, the above system may also have the following features. The payment device or the payment device includes a message generation module, and the message generation module is configured to generate a payment information message of the transaction; the payment device includes a determination module, configured to be used according to the financial payment platform The result of the judgment determines whether or not to conduct the transaction.
进一步地,上述系统还可具有以下特点, 所述金融支付平台中包括:获取模块,用于获取交易的支付信息报文;检测模块,用于根据所述支付信息报文判断交易是否合法。Further, the above system may also have the following features. The financial payment platform includes: an obtaining module, configured to obtain a payment information message of the transaction; and a detecting module, configured to determine, according to the payment information message, whether the transaction is legal.
进一步地,上述系统还可具有以下特点, 所述检测模块中包括第一检测单元,用于检验所述支付信息报文的完整性和所述支付信息报文内容的合法性,若所述支付信息报文完整且内容合法,则判定交易合法,否则判定交易不合法。Further, the above system may also have the following features. The detecting module includes a first detecting unit, configured to check the integrity of the payment information message and the legality of the content of the payment information message, and if the payment information message is complete and the content is legal, the transaction is determined. Legal, otherwise the transaction is determined to be illegal.
进一步地,上述系统还可具有以下特点, 所述判断模块中包括第一判断单元,用于在所述判断结果为交易合法时允许进行交易,否则禁止进行交易。Further, the above system may also have the following features. The judging module includes a first judging unit, configured to allow the transaction to be performed when the judgment result is that the transaction is legal, otherwise the transaction is prohibited.
有益效果Beneficial effect
本发明的移动支付方法及系统,以支付设备为交易中心,提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。 The mobile payment method and system of the invention uses the payment device as a transaction center, improves the security of the mobile payment transaction, enhances the friendliness of information interaction, is more humanized, and improves the user experience.
附图说明DRAWINGS
图1为本发明实施例中移动支付方法的一种流程图;1 is a flow chart of a mobile payment method according to an embodiment of the present invention;
图2为基于对称算法的挑战/响应认证方式的一种流程图;2 is a flow chart of a challenge/response authentication method based on a symmetric algorithm;
图3为本发明实施例中移动支付方法的另一种流程图;FIG. 3 is another flowchart of a mobile payment method according to an embodiment of the present invention; FIG.
图4为本发明实施例中移动支付系统的结构图;4 is a structural diagram of a mobile payment system according to an embodiment of the present invention;
图5为本发明实施例中移动支付系统的一种具体结构及其工作过程示意图;FIG. 5 is a schematic diagram of a specific structure and a working process of a mobile payment system according to an embodiment of the present invention; FIG.
图6为本发明实施例中移动支付系统的又一种具体结构及其工作过程示意图;6 is a schematic diagram of another specific structure and a working process of a mobile payment system according to an embodiment of the present invention;
图7为本发明应用实施例中包含手机的移动支付系统的一种工作过程示意图;FIG. 7 is a schematic diagram of a working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention; FIG.
图8为本发明应用实施例中包含手机的移动支付系统的另一种工作过程示意图。FIG. 8 is a schematic diagram of another working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention.
本发明的最佳实施方式BEST MODE FOR CARRYING OUT THE INVENTION
本发明的实施方式Embodiments of the invention
本发明的主要构思是:以支付设备(例如移动终端)为移动支付交易的中心,使得用户可以通过移动终端等支付设备在移动支付交易的任一步骤终止或继续支付过程。在移动支付过程中以支付设备为交易中心可以有效地减少交易的不安全因素,从而能够提高支付交易的安全性。The main idea of the present invention is to use a payment device (e.g., a mobile terminal) as the center of a mobile payment transaction so that the user can terminate or continue the payment process at any step of the mobile payment transaction through a payment device such as a mobile terminal. In the mobile payment process, the payment device is used as the transaction center to effectively reduce the insecure factors of the transaction, thereby improving the security of the payment transaction.
以下结合附图和实施例对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。The principles and features of the present invention are described in the following with reference to the accompanying drawings and embodiments.
图1为本发明实施例中移动支付方法的一种流程图。如图1所示,本实施例中,移动支付方法包括:FIG. 1 is a flowchart of a mobile payment method according to an embodiment of the present invention. As shown in FIG. 1 , in this embodiment, the mobile payment method includes:
步骤101,用户通信终端与POS终端建立可信通信链路;Step 101: The user communication terminal establishes a trusted communication link with the POS terminal.
此处,通信终端是一个具体的支付设备,POS终端是一个具体的受付设备。对于本领域的技术人员来讲,本文中各实施例所述的移动支付方法应当理解为适用于所有的包含支付设备、受付设备和金融支付平台的移动支付系统。用户通信终端可以是但不限于手机、个人数字助理PDA等。Here, the communication terminal is a specific payment device, and the POS terminal is a specific paid device. For those skilled in the art, the mobile payment methods described in the various embodiments herein should be understood to be applicable to all mobile payment systems including payment devices, payment devices, and financial payment platforms. The user communication terminal can be, but is not limited to, a cell phone, a personal digital assistant PDA, and the like.
当用户通信终端和POS终端两者处于有效的非接触传输距离内且通信状态正常时才可建立可信通信链路。A trusted communication link can be established when both the user communication terminal and the POS terminal are within a valid contactless transmission distance and the communication state is normal.
通信终端和POS终端建立可信通信链路(或者称为安全链路)前要通过安全认证,该安全认证可以采用现有的以及以后可能出现的所有安全认证方式,例如可以采用基于对称算法的挑战/响应认证方式或者基于非对称密码算法的签名认证方式。The communication terminal and the POS terminal must pass the security authentication before establishing a trusted communication link (also referred to as a secure link). The security authentication can adopt all existing security authentication methods that may occur in the future, for example, a symmetric algorithm based Challenge/response authentication method or signature authentication method based on asymmetric cryptographic algorithm.
图2为基于对称算法的挑战/响应认证方式的一种流程图,如图2所示,该挑战/响应认证的流程包括:2 is a flow chart of a challenge/response authentication method based on a symmetric algorithm. As shown in FIG. 2, the challenge/response authentication process includes:
(1)A向B发送随机数Rp;(1) A sends a random number Rp to B;
(2)A、B双方生成过程密钥Key_proc,其中过程密钥可以由第一密钥Key1、随机数Rp和识别码ID进行加密或混淆处理得到;(2) Both A and B generate a process key Key_proc, wherein the process key can be obtained by encrypting or obfuscating the first key Key1, the random number Rp, and the identification code ID;
(3)启动认证,A向B发送认证请求;(3) initiate authentication, and A sends an authentication request to B;
(4)B收到认证请求后,生成第一随机字串Ra,用过程密钥Key_proc加密该第一随机字串Ra后传送给A;(4) After receiving the authentication request, B generates a first random string Ra, encrypts the first random string Ra with the process key Key_proc, and transmits it to A;
(5)A解密后获得第一随机字串Ra,然后自身生成第二随机字串Rb,将第一随机字串Ra和第二随机字串Rb拼接后用过程密钥Key_proc加密透传给B;(5) After decrypting A, the first random string Ra is obtained, and then the second random string Rb is generated by itself, and the first random string Ra and the second random string Rb are spliced and encrypted by the process key Key_proc to be transparently transmitted to B. ;
(6)B解密获得第一随机字串Ra和第二随机字串Rb,然后判断所第一随机字串Ra是否同自身生成的第一随机字串Ra相同,若相同则将第二随机字串Rb用过程密钥Key_proc加密后透传给A,A解密获得第二随机字串Rb,然后判断该第二随机字串Rb是否同自身生成的第二随机字串Rb相同,若相同则认证通过。(6) B decrypts to obtain the first random string Ra and the second random string Rb, and then determines whether the first random string Ra is the same as the first random string Ra generated by itself, and if the same, the second random word The string Rb is encrypted by the process key Key_proc and then transparently transmitted to A, A decrypts to obtain the second random string Rb, and then determines whether the second random string Rb is the same as the second random string Rb generated by itself, and if the same, the authentication is performed. by.
步骤102,用户通信终端将用户身份信息发送给POS终端;Step 102: The user communication terminal sends the user identity information to the POS terminal.
可信通信链路建立之后,通信终端和POS终端都进入非接触信息交互模式,两者可以通过射频通道进行数据交换。当然,除了射频通道,通信终端和POS终端之间也可以通过其它的非接触通信通道进行通信。After the trusted communication link is established, both the communication terminal and the POS terminal enter a non-contact information interaction mode, and the two can exchange data through the radio frequency channel. Of course, in addition to the radio frequency channel, the communication terminal and the POS terminal can also communicate through other non-contact communication channels.
通信终端生成用户身份信息及其验证码,并将它们发送给POS终端。其中,用户身份信息可以包括但不限于银行账户信息、个人识别码、验证码等。The communication terminal generates user identity information and its verification code and sends them to the POS terminal. The user identity information may include, but is not limited to, bank account information, a personal identification number, a verification code, and the like.
步骤103,POS终端将用户身份信息和商品信息绑定生成支付信息报文,再将报文发送给用户通信终端;Step 103: The POS terminal binds the user identity information and the product information to generate a payment information message, and then sends the message to the user communication terminal.
商品信息由POS终端生成。商品信息可以包括但不限于额度信息、交易时间、商品名称、商品数量、商家信息等。支付信息报文包含商品信息和用户身份信息。Product information is generated by the POS terminal. Product information may include, but is not limited to, credit information, transaction time, product name, number of products, merchant information, and the like. The payment information message includes product information and user identity information.
步骤104,用户通信终端将支付信息报文发送给金融支付平台;Step 104: The user communication terminal sends the payment information message to the financial payment platform.
在本发明的其他实施例中,金融支付平台也可以主动获取支付信息报文。In other embodiments of the present invention, the financial payment platform may also actively obtain the payment information message.
步骤105,金融支付平台根据支付信息报文判断交易是否合法,并将判断结果通知用户通信终端和POS终端。用户通信终端根据金融支付平台的判断结果决定是否进行交易,如果用户允许交易,则金融支付平台会进一步完成交易;Step 105: The financial payment platform determines whether the transaction is legal according to the payment information message, and notifies the user of the communication terminal and the POS terminal of the determination result. The user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform, and if the user allows the transaction, the financial payment platform further completes the transaction;
具体地,金融支付平台可以检验支付信息报文的完整性和支付信息报文内容的合法性,若支付信息报文完整且内容合法,则本次交易合法,否则本次交易不合法。Specifically, the financial payment platform can verify the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is legal, otherwise the transaction is illegal.
判断结果有:1、支付信息报文完整且合法,则本次交易合法;2、支付信息报文接收超时、支付信息报文不完整或支付信息报文内容不合法,则本次交易不合法。用户通信终端根据金融支付平台的判断结果决定是否进行交易具体为:若判断结果为本次交易合法,则允许进行交易,否则禁止进行交易。The judgment result is as follows: 1. If the payment information message is complete and legal, the transaction is legal; 2. If the payment information message receives timeout, the payment information message is incomplete, or the payment information message content is illegal, the transaction is illegal. . The user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform: if the judgment result is legal for the transaction, the transaction is allowed, otherwise the transaction is prohibited.
通过金融支付平台对通信终端的信息反馈,实现了以通信终端等支付设备为交易中心的移动支付方式,增进了信息交互的友好程度,使用户体验更加人性化。在本发明的其他实施例中,金融支付平台也可以不将判断结果通知用户通信终端和POS终端,即不对通信终端和/或POS终端进行信息反馈,用户通信终端等支付设备和POS终端等受付设备也可以主动获取判断结果。Through the information feedback of the communication terminal by the financial payment platform, the mobile payment method with the payment device such as the communication terminal as the transaction center is realized, the friend-friendliness of the information interaction is enhanced, and the user experience is more humanized. In other embodiments of the present invention, the financial payment platform may not notify the user communication terminal and the POS terminal of the determination result, that is, the information terminal does not perform feedback on the communication terminal and/or the POS terminal, and the payment device such as the user communication terminal and the POS terminal are paid. The device can also actively obtain the judgment result.
步骤106,用户通信终端恢复到初始状态。In step 106, the user communication terminal returns to the initial state.
本实施例的移动支付方法与现有技术相比,具有以下优点:Compared with the prior art, the mobile payment method of this embodiment has the following advantages:
(1)对移动支付过程中的数据(包含在支付信息报文中)进行合法性判断和完整性校验,增加了交易的安全性;(1) Legality judgment and integrity check on the data in the mobile payment process (included in the payment information message), which increases the security of the transaction;
(2)采用一种新的数据处理流程进行移动支付(交易信息由POS终端到通信终端再到金融支付平台,交易完成后金融支付平台再反馈给POS终端和通信终端),增进了信息交互的友好程度;(2) Adopting a new data processing flow for mobile payment (transaction information from the POS terminal to the communication terminal to the financial payment platform, the financial payment platform is fed back to the POS terminal and the communication terminal after the transaction is completed), and the information interaction is enhanced. Degree of friendliness
(3)通过通信终端对POS终端传来信息的控制和金融支付平台对通信终端的信息反馈,实现了一种以通信终端为交易中心的移动支付方式,使用户体验更加人性化。(3) Through the communication terminal to control the information transmitted by the POS terminal and the information feedback of the financial payment platform to the communication terminal, a mobile payment method with the communication terminal as the transaction center is realized, and the user experience is more humanized.
综上所述,本实施例的移动支付方法以支付设备为交易中心,使得用户可以通过移动终端在移动支付交易的任一步骤终止或继续支付过程,从而提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。In summary, the mobile payment method of the embodiment uses the payment device as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction through the mobile terminal, thereby improving the security and promotion of the mobile payment transaction. The friendliness of information interaction is more user-friendly and enhances the user experience.
图3为本发明实施例中移动支付方法的另一种流程图。如图3所示,本实施例中,移动支付方法包括:FIG. 3 is another flow chart of a mobile payment method according to an embodiment of the present invention. As shown in FIG. 3, in this embodiment, the mobile payment method includes:
步骤301,用户通信终端与POS终端建立可信通信链路;Step 301: The user communication terminal establishes a trusted communication link with the POS terminal.
当用户通信终端和POS终端两者处于有效的非接触传输距离内且通信状态正常时才可以建立可信通信链路。通信终端和POS终端建立可信通信链路(或者称为安全链路)前要通过安全认证,关于安全认证的方式参见对步骤101的说明,此处不再赘述。A trusted communication link can be established when both the user communication terminal and the POS terminal are within a valid contactless transmission distance and the communication state is normal. The communication terminal and the POS terminal must pass the security authentication before establishing a trusted communication link (or a secure link). For the manner of the security authentication, refer to the description of step 101, and details are not described herein.
步骤302,POS终端将商品信息发送给用户通信终端;Step 302: The POS terminal sends the commodity information to the user communication terminal.
POS终端生成商品信息及其校验码,将它们发送给通信终端。商品信息可以包括但不限于额度信息、交易时间、商品名称、商品数量、商家信息等。The POS terminal generates commodity information and its check code, and transmits them to the communication terminal. Product information may include, but is not limited to, credit information, transaction time, product name, number of products, merchant information, and the like.
步骤303,用户通信终端将用户身份信息和商品信息绑定生成支付信息报文;Step 303: The user communication terminal binds the user identity information and the product information to generate a payment information message.
用户身份信息由通信终端生成。用户身份信息可以包括但不限于银行账户信息、个人识别码、验证码等。支付信息报文包含商品信息和用户身份信息。User identity information is generated by the communication terminal. User identity information may include, but is not limited to, bank account information, personal identification numbers, verification codes, and the like. The payment information message includes product information and user identity information.
步骤304,用户通信终端将支付信息报文发送给金融支付平台;Step 304: The user communication terminal sends the payment information message to the financial payment platform.
步骤305,金融支付平台根据支付信息报文判断交易是否合法,并将判断结果通知用户通信终端和POS终端,用户通信终端根据金融支付平台的判断结果决定是否进行交易,如果用户允许交易,则金融支付平台会进一步完成交易;Step 305: The financial payment platform determines whether the transaction is legal according to the payment information message, and notifies the user of the communication terminal and the POS terminal, and the user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform. If the user allows the transaction, the financial The payment platform will complete the transaction further;
具体地,金融支付平台可以检验支付信息报文的完整性和支付信息报文内容的合法性。若支付信息报文完整且内容合法,则本次交易合法,否则本次交易不合法。用户通信终端根据金融支付平台的判断结果决定是否进行交易具体为:若判断结果为本次交易合法,则允许进行交易,否则禁止进行交易。Specifically, the financial payment platform can verify the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is legal, otherwise the transaction is illegal. The user communication terminal determines whether to conduct the transaction according to the judgment result of the financial payment platform: if the judgment result is legal for the transaction, the transaction is allowed, otherwise the transaction is prohibited.
其中,判断结果有:1、支付信息报文完整且合法,则本次交易合法;2、支付信息报文接收超时、支付信息报文不完整或支付信息报文内容不合法,则本次交易不合法。The judgment result is as follows: 1. If the payment information message is complete and legal, the transaction is legal; 2. If the payment information message is timed out, the payment information message is incomplete, or the payment information message content is illegal, the transaction is illegal.
在本发明的其他实施例中,金融支付平台也可以不将判断结果通知用户通信终端和POS终端,即不对通信终端和/或POS终端进行信息反馈。In other embodiments of the present invention, the financial payment platform may not notify the user of the communication terminal and the POS terminal of the determination result, that is, does not perform information feedback on the communication terminal and/or the POS terminal.
步骤306,用户通信终端恢复到初始状态。In step 306, the user communication terminal returns to the initial state.
在本发明的各个实施例中,可以对通信终端、POS终端和金融支付平台的任意两者之间传递的数据进行数据完整性校验。并且,发送到通信终端的信息,对用户都可以是可见且可控的,用户可以在任何环节选择继续、中断或重新交易。In various embodiments of the invention, data integrity verification may be performed on data communicated between any of the communication terminal, the POS terminal, and the financial payment platform. Moreover, the information sent to the communication terminal can be visible and controllable to the user, and the user can choose to continue, interrupt or re-trade at any point.
本实施例的移动支付方法,以支付设备为交易中心,使得用户可以在移动支付交易的任一步骤终止或继续支付过程,从而提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。In the mobile payment method of the embodiment, the payment device is used as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of the information interaction. More user-friendly and improved user experience.
本发明还提出了一种移动支付系统,用以实施上述的移动支付方法。图4为本发明实施例中移动支付系统的结构图,如图4所示,本发明的移动支付系统包括受付设备42、支付设备41和金融支付平台43,其中,支付设备41用于生成或获取本次交易的支付信息报文,并发送给金融支付平台43,金融支付平台43用于根据支付信息报文判断本次交易是否合法,支付设备41还用于根据金融支付平台43的判断结果决定是否进行交易。The invention also proposes a mobile payment system for implementing the above mobile payment method. 4 is a structural diagram of a mobile payment system according to an embodiment of the present invention. As shown in FIG. 4, the mobile payment system of the present invention includes a payment device 42, a payment device 41, and a financial payment platform 43, wherein the payment device 41 is used to generate or acquire The payment information message of the transaction is sent to the financial payment platform 43, and the financial payment platform 43 is configured to determine whether the transaction is legal according to the payment information message, and the payment device 41 is further configured to determine according to the judgment result of the financial payment platform 43. Whether to trade.
图5为本发明实施例中移动支付系统的一种具体结构及其工作过程示意图。如图5所示,在本实施例中,支付设备41包括第一通信模块510、第一报文生成模块520、发送模块530,受付设备42包括第二通信模块540,金融支付平台43包括接收模块550、检测模块560。其中,第一通信模块510用于与第二通信模块540进行数据交换,第一报文生成模块520用于生成本次交易的支付信息报文,发送模块530用于将支付信息报文发送给金融支付平台43,第二通信模块540用于与第一通信模块510进行数据交换,接收模块550用于接收支付信息报文,检测模块560用于根据支付信息报文判断本次交易是否合法。FIG. 5 is a schematic diagram of a specific structure and a working process of a mobile payment system according to an embodiment of the present invention. As shown in FIG. 5, in the embodiment, the payment device 41 includes a first communication module 510, a first message generation module 520, and a sending module 530. The device to be paid 42 includes a second communication module 540, and the financial payment platform 43 includes receiving. Module 550, detection module 560. The first communication module 510 is configured to perform data exchange with the second communication module 540. The first message generating module 520 is configured to generate a payment information message of the current transaction, and the sending module 530 is configured to send the payment information message to the The financial payment platform 43, the second communication module 540 is configured to exchange data with the first communication module 510, the receiving module 550 is configured to receive the payment information message, and the detecting module 560 is configured to determine whether the current transaction is legal according to the payment information message.
检测模块560中还可以包括第一检测单元,第一检测单元用于检验支付信息报文的完整性和支付信息报文内容的合法性,若支付信息报文完整且内容合法,则判定交易合法,否则判定交易不合法。The detecting module 560 may further include a first detecting unit, where the first detecting unit is configured to check the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is determined to be legal. Otherwise, the transaction is determined to be illegal.
支付设备41中还可以包括判断模块,判断模块用于根据金融支付平台43的判断结果决定是否进行交易。该判断模块中还可以进一步包括第一判断单元,该第一判断单元用于在判断结果为交易合法时允许进行交易,否则禁止进行交易。The payment device 41 may further include a determining module, and the determining module is configured to determine whether to perform the transaction according to the judgment result of the financial payment platform 43. The judging module may further include a first judging unit, where the first judging unit is configured to allow the transaction to be performed when the judgment result is that the transaction is legal, otherwise the transaction is prohibited.
图5所示移动支付系统的工作过程是:受付设备42将商品信息通过第二通信模块540发送给支付设备41,支付设备41通过第一通信模块510接收商品信息,第一报文生成模块520将商品信息与支付设备41的用户身份信息绑定生成支付信息报文,然后发送模块530将支付信息报文发送给金融支付平台43,金融支付平台43通过接收模块550接收支付信息报文,检测模块560根据接收模块550接收的支付信息报文判断本次交易是否合法。金融支付平台43可以进一步将检测模块560的判断结果通知给支付设备41和受付设备42。支付设备41根据金融支付平台43的检测模块560的判断结果的判断结果决定是否进行交易。The working process of the mobile payment system shown in FIG. 5 is: the paid device 42 sends the commodity information to the payment device 41 through the second communication module 540, and the payment device 41 receives the commodity information through the first communication module 510, and the first packet generation module 520 The product information is bound to the user identity information of the payment device 41 to generate a payment information message, and then the sending module 530 sends the payment information message to the financial payment platform 43, and the financial payment platform 43 receives the payment information message through the receiving module 550, and detects The module 560 determines whether the transaction is legal according to the payment information message received by the receiving module 550. The financial payment platform 43 may further notify the payment device 41 and the payee device 42 of the determination result of the detection module 560. The payment device 41 determines whether or not to perform the transaction based on the determination result of the determination result of the detection module 560 of the financial payment platform 43.
本实施例的移动支付系统,以支付设备41为交易中心,使得用户可以在移动支付交易的任一步骤终止或继续支付过程,从而提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。The mobile payment system of this embodiment uses the payment device 41 as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of information interaction. It is more user-friendly and enhances the user experience.
图6为本发明实施例中移动支付系统的又一种具体结构及其工作过程示意图。如图7所示,本实施例中,支付设备41包括第一通信模块610、第二报文获取模块620、发送模块630,受付设备42包括第二通信模块640、第二报文生成模块650,金融支付平台43包括接收模块550、检测模块560,其中,第一通信模块610用于与第二通信模块640进行数据交换,第二报文获取模块620用于获取本次交易的支付信息报文,发送模块630用于将支付信息报文发送给金融支付平台43,第二通信模块640用于与第一通信模块610进行数据交换,第二报文生成模块650用于生成本次交易的支付信息报文,接收模块550用于接收支付信息报文,检测模块560用于根据支付信息报文判断本次交易是否合法。FIG. 6 is still another schematic structural diagram of a mobile payment system according to an embodiment of the present invention and a working process thereof. As shown in FIG. 7, in the embodiment, the payment device 41 includes a first communication module 610, a second message acquisition module 620, and a sending module 630. The device to be charged 42 includes a second communication module 640 and a second message generation module 650. The financial payment platform 43 includes a receiving module 550 and a detecting module 560. The first communication module 610 is configured to exchange data with the second communication module 640, and the second packet obtaining module 620 is configured to obtain a payment information report of the transaction. The sending module 630 is configured to send the payment information message to the financial payment platform 43, the second communication module 640 is configured to exchange data with the first communication module 610, and the second message generating module 650 is configured to generate the transaction. The payment information message is used by the receiving module 550 to receive the payment information message, and the detecting module 560 is configured to determine whether the current transaction is legal according to the payment information message.
图6所示移动支付系统的工作过程是:支付设备41将用户身份信息通过第一通信模块610发送给受付设备42,受付设备42通过第二通信模块640接收用户身份信息,第二报文生成模块650将用户身份信息与受付设备42生成的商品信息绑定生成支付信息报文;然后支付设备41的第二报文获取模块620发出获取支付信息报文的命令,第一通信模块610收到报文获取模块620的命令后,向受付设备42的第二通信模块640发送请求,第二通信模块640收到请求后将支付信息报文传给第一通信模块610,第一通信模块610再传给第二报文获取模块620,发送模块630将支付信息报文发送给金融支付平台43;金融支付平台43通过接收模块550接收支付信息报文,检测模块560根据接收模块550接收的支付信息报文判断本次交易是否合法。金融支付平台43可以进一步将检测模块560的判断结果通知给支付设备41和受付设备42。支付设备41根据金融支付平台43的检测模块560的判断结果的判断结果决定是否进行交易。The working process of the mobile payment system shown in FIG. 6 is that the payment device 41 transmits the user identity information to the device to be served 42 through the first communication module 610, and the device for receiving the device 42 receives the identity information of the user through the second communication module 640, and generates the second message. The module 650 binds the user identity information to the product information generated by the device to be paid 42 to generate a payment information message; then the second message obtaining module 620 of the payment device 41 issues a command to obtain a payment information message, and the first communication module 610 receives the command. After the command of the message obtaining module 620, the second communication module 640 sends a request to the second communication module 640 of the device to be paid, and the second communication module 640 transmits the payment message to the first communication module 610 after receiving the request, and the first communication module 610 The sending module 620 sends the payment information message to the financial payment platform 43. The financial payment platform 43 receives the payment information message through the receiving module 550, and the detecting module 560 receives the payment information according to the receiving module 550. The message determines whether the transaction is legal. The financial payment platform 43 may further notify the payment device 41 and the payee device 42 of the determination result of the detection module 560. The payment device 41 determines whether or not to perform the transaction based on the determination result of the determination result of the detection module 560 of the financial payment platform 43.
除了采用支付设备41发送支付信息报文、金融支付平台43接收支付信息报文的方式,还可以采用金融支付平台43主动获取支付信息报文的方式。因此,在本发明的其他实施例中,金融支付平台43中可以包括第一报文获取模块,第一报文获取模块用于获取本次交易的支付信息报文。In addition to the manner in which the payment device 41 sends the payment information message and the financial payment platform 43 receives the payment information message, the financial payment platform 43 can also actively acquire the payment information message. Therefore, in other embodiments of the present invention, the financial payment platform 43 may include a first message obtaining module, where the first message acquiring module is configured to obtain a payment information message of the current transaction.
本实施例的移动支付系统,以支付设备41为交易中心,使得用户可以在移动支付交易的任一步骤终止或继续支付过程,从而提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。The mobile payment system of this embodiment uses the payment device 41 as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and improving the friendliness of information interaction. It is more user-friendly and enhances the user experience.
在本发明的其他实施例中,金融支付平台中还可以包括用于将检测模块的判断结果通知支付设备和受付设备的通知模块,支付设备中还可以包括用于接收通知模块的通知的第一通知接收模块,受付设备中还可以包括用于接收通知模块的通知的第二通知接收模块。In other embodiments of the present invention, the financial payment platform may further include a notification module for notifying the payment device and the payment device of the determination result of the detection module, where the payment device may further include a first notification for receiving the notification module. The notification receiving module may further include a second notification receiving module for receiving the notification of the notification module.
在本发明的其他实施例中,一个功能模块可以进一步拆分成多个子模块,也可以将同一设备的多个功能模块集成为一个模块。例如,将支付设备的多个可以用程序实现的模块合成为交易软件,将支付设备的多个硬件模块集成在带有安全芯片的RFID模块中。交易软件也可以存放在但不仅限于支付设备(例如通信终端)内部的存储介质或RFID模块中,其中RFID模块可以为但不仅限于RFID-SIM卡、RFID-USIM卡、RFID-TF卡、RFID-SD卡或RFID-MMC卡。In other embodiments of the present invention, one functional module may be further split into multiple sub-modules, or multiple functional modules of the same device may be integrated into one module. For example, a plurality of program-implementable modules of the payment device are synthesized into transaction software, and a plurality of hardware modules of the payment device are integrated in an RFID module with a security chip. The transaction software may also be stored in, but not limited to, a storage medium or an RFID module inside a payment device (eg, a communication terminal), which may be, but is not limited to, an RFID-SIM card, an RFID-USIM card, an RFID-TF card, an RFID- SD card or RFID-MMC card.
图7为本发明应用实施例中包含手机的移动支付系统的一种工作过程示意图。如图7所示,该移动支付系统包括手机(支付设备)、POS终端(受付设备)和金融支付平台,其中手机中具有上述的交易软件和RFID模块,图7所示移动支付系统的工作过程包括:FIG. 7 is a schematic diagram of a working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention. As shown in FIG. 7, the mobile payment system includes a mobile phone (payment device), a POS terminal (paid device), and a financial payment platform, wherein the mobile phone has the above-mentioned transaction software and RFID module, and the working process of the mobile payment system shown in FIG. include:
第一步,用户用手机向POS终端发送用户身份信息;In the first step, the user sends the user identity information to the POS terminal by using the mobile phone;
用户在商户选择好商品以后,用手机与商户的POS终端通过安全认证建立可信非接触通信链路。用户在交易软件界面通过软键盘输入账户信息、个人识别码和随机验证码等,并生成用户身份信息及其校验码,然后将它们发送给POS终端。After the merchant selects a good product, the user establishes a trusted contactless communication link by using the mobile phone and the POS terminal of the merchant through security authentication. The user inputs account information, personal identification code, random verification code, etc. through the soft keyboard in the transaction software interface, and generates user identity information and its check code, and then sends them to the POS terminal.
第二步,POS终端将用户身份信息与商品信息绑定生成支付信息报文,并发送给手机;In the second step, the POS terminal binds the user identity information with the product information to generate a payment information message, and sends the message to the mobile phone;
POS终端先对手机传来的用户身份信息进行完整性校验。校验成功则将其和商品信息(POS终端身份认证信息、商品名称、商品数量和交易金额等)生成支付信息报文及其校验码,再通过2.4GHz非接触通信频段发送到用户RF-SIM卡手机上。如果校验失败,POS终端通知手机,由用户决定是否重新给POS终端发送用户身份信息及其校验码,还是取消本次交易。The POS terminal first checks the integrity of the user identity information transmitted from the mobile phone. If the verification is successful, it will generate payment information message and its check code with the product information (POS terminal identity authentication information, product name, product quantity and transaction amount, etc.), and then send it to the user RF through the 2.4GHz contactless communication band. SIM card on the phone. If the verification fails, the POS terminal notifies the mobile phone, and the user decides whether to resend the user identity information and its check code to the POS terminal, or cancel the transaction.
第三步,用户用手机将支付信息报文发送给金融支付平台。In the third step, the user sends the payment information message to the financial payment platform by using the mobile phone.
用户通过手机对支付信息报文进行完整性校验,校验成功则通过GPRS网络将支付信息报文发送给金融支付平台(由银行机构控制)。如果校验失败,由用户决定是通知POS终端重新发送支付信息报文及其校验码,还是取消本次交易。The user performs integrity verification on the payment information message through the mobile phone, and if the verification succeeds, the payment information message is sent to the financial payment platform (controlled by the banking institution) through the GPRS network. If the verification fails, it is up to the user to inform the POS terminal to resend the payment information message and its check code, or cancel the transaction.
金融支付平台对用户手机传来的支付信息报文,先进行完整性校验,再判断报文内账户信息和个人识别码是否匹配。如果匹配,金融支付平台将判断本次交易合法,并通过GPRS网络向POS终端和通信终端发出交易合法通知。如果不匹配,金融支付平台回复通信终端,由用户决定是重新输入用户身份信息,还是取消本次交易。The financial payment platform first checks the integrity of the payment information message sent by the user's mobile phone, and then determines whether the account information and the personal identification code in the message match. If it matches, the financial payment platform will judge the transaction to be legal, and issue a legal notice of the transaction to the POS terminal and the communication terminal through the GPRS network. If there is no match, the financial payment platform replies to the communication terminal, and the user decides whether to re-enter the user identity information or cancel the transaction.
图8为本发明应用实施例中包含手机的移动支付系统的另一种工作过程示意图。如图8所示,该移动支付系统包括手机(支付设备)、POS终端(受付设备)和金融支付平台,其中手机中具有上述的交易软件和RFID模块,图9所示移动支付系统的工作过程包括:FIG. 8 is a schematic diagram of another working process of a mobile payment system including a mobile phone according to an application embodiment of the present invention. As shown in FIG. 8, the mobile payment system includes a mobile phone (payment device), a POS terminal (paid device), and a financial payment platform, wherein the mobile phone has the above-mentioned transaction software and RFID module, and the working process of the mobile payment system shown in FIG. include:
第一步,POS终端将商品信息发送到用户手机;In the first step, the POS terminal sends the product information to the user's mobile phone;
用户在商户选择好商品以后,用手机与商户的POS终端建立可信非接触通信链路。After the merchant selects the commodity, the user establishes a trusted contactless communication link with the POS terminal of the merchant by using the mobile phone.
POS终端先生成商品信息(POS终端身份认证信息、商品名称、商品数量和交易金额等)及其校验码,并将它们通过2.4GHz非接触通信频段发送到用户RF-SIM卡手机上。The POS terminal becomes commodity information (POS terminal identity authentication information, product name, number of products, transaction amount, etc.) and its check code, and transmits them to the user RF-SIM card mobile phone through the 2.4 GHz contactless communication band.
第二步,手机将商品信息和用户身份信息绑定生成支付信息报文,然后将支付信息报文发送给金融支付平台。In the second step, the mobile phone binds the product information and the user identity information to generate a payment information message, and then sends the payment information message to the financial payment platform.
用户通过手机交易软件开始对POS终端传来的商品信息进行完整性校验。如果校验成功,用户在交易软件界面通过软键盘输入账户信息、个人识别码和随机验证码等,并生成用户身份信息。再将其和商品信息一起生成校验码和支付信息报文,再通过GPRS网络发送给金融支付平台(由银行机构控制)。如果校验失败,由用户决定是通知POS终端重新发送校验码和报文,还是取消本次交易。The user starts to check the integrity of the product information transmitted by the POS terminal through the mobile phone transaction software. If the verification is successful, the user inputs account information, personal identification code, random verification code, etc. through the soft keyboard in the transaction software interface, and generates user identity information. Then, together with the commodity information, a check code and a payment information message are generated, and then sent to the financial payment platform (controlled by the banking institution) through the GPRS network. If the verification fails, it is up to the user to inform the POS terminal to resend the check code and the message, or to cancel the transaction.
金融支付平台对用户手机传来的报文,先进行完整性校验,再判断报文内账户信息和个人识别码是否匹配。如果匹配,金融支付平台将判断本次交易合法,并通过GPRS网络向POS终端和通信终端发出交易合法通知。如果不匹配,金融支付平台回复通信终端,由用户决定是重新输入用户身份信息,还是取消本次交易。The financial payment platform first checks the integrity of the message sent by the user's mobile phone, and then determines whether the account information and the personal identification code in the message match. If it matches, the financial payment platform will judge the transaction to be legal, and issue a legal notice of the transaction to the POS terminal and the communication terminal through the GPRS network. If there is no match, the financial payment platform replies to the communication terminal, and the user decides whether to re-enter the user identity information or cancel the transaction.
由上可见,本实施例的移动支付系统,以支付设备为交易中心,使得用户可以在移动支付交易的任一步骤终止或继续支付过程,从而提高了移动支付交易的安全性,增进了信息交互的友好程度,更加人性化,提升了用户体验。It can be seen from the above that the mobile payment system of the embodiment uses the payment device as a transaction center, so that the user can terminate or continue the payment process at any step of the mobile payment transaction, thereby improving the security of the mobile payment transaction and enhancing the information interaction. The friendliness is more user-friendly and enhances the user experience.
以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above are only the preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalents, improvements, etc., which are within the spirit and scope of the present invention, should be included in the protection of the present invention. Within the scope.
工业实用性Industrial applicability
序列表自由内容Sequence table free content

Claims (30)

  1. 一种移动支付方法,其特征在于,包括:  A mobile payment method, comprising:
    生成交易的支付信息报文;Generating a payment information message for the transaction;
    根据所述支付信息报文判断交易是否合法; Determining whether the transaction is legal according to the payment information message;
    若判断结果为交易合法,则支付设备允许进行交易。If the result of the judgment is that the transaction is legal, the payment device allows the transaction to be made.
  2. 根据权利要求1所述的移动支付方法,其特征在于,由支付设备生成交易的支付信息报文。The mobile payment method according to claim 1, wherein the payment information message of the transaction is generated by the payment device.
  3. 根据权利要求2所述的移动支付方法,其特征在于,支付设备生成交易的支付信息报文的过程具体为:The mobile payment method according to claim 2, wherein the process of the payment device generating the payment information message of the transaction is:
    支付设备接收受付设备发送的交易的商品信息;The payment device receives the commodity information of the transaction sent by the paid device;
    支付设备根据用户身份信息和商品信息生成所述支付信息报文。The payment device generates the payment information message according to the user identity information and the product information.
  4. 根据权利要求3所述的移动支付方法,其特征在于,支付设备接收到受付设备发送的商品信息后,还包括:支付设备对接收的所述商品信息进行完整性验证,若验证通过,支付设备根据所述用户身份信息和商品信息生成所述支付信息报文。The mobile payment method according to claim 3, wherein after the payment device receives the product information sent by the device, the payment device further comprises: the payment device performing integrity verification on the received product information, and if the verification is passed, the payment device And generating the payment information message according to the user identity information and the product information.
  5. 根据权利要求1所述的移动支付方法,其特征在于,由受付设备生成交易的支付信息报文。The mobile payment method according to claim 1, wherein the payment information message of the transaction is generated by the device to be paid.
  6. 根据权利要求5所述的移动支付方法,其特征在于,受付设备生成交易的支付信息报文的过程具体为:The mobile payment method according to claim 5, wherein the process for the payment device to generate the payment information message of the transaction is:
    受付设备生成交易的商品信息,并接收支付设备发送的用户身份信息;The paid device generates the commodity information of the transaction, and receives the user identity information sent by the payment device;
    受付设备根据所述用户身份信息和商品信息生成所述支付信息报文。The payment device generates the payment information message according to the user identity information and the product information.
  7. 根据权利要求6所述的移动支付方法,其特征在于,受付设备接收到支付设备发送的用户身份信息后,还包括:受付设备对接收的所述用户身份信息进行完整性验证,若验证通过,受付设备根据所述用户身份信息和商品信息生成所述支付信息报文。The mobile payment method according to claim 6, wherein after the receiving device receives the user identity information sent by the payment device, the method further comprises: the receiving device performing integrity verification on the received user identity information, and if the verification is passed, The payment device generates the payment information message according to the user identity information and the product information.
  8. 根据权利要求1所述的移动支付方法,其特征在于,根据所述支付信息报文判断交易是否合法的过程具体为:The mobile payment method according to claim 1, wherein the process of determining whether the transaction is legal according to the payment information message is:
    金融支付平台检验所述支付信息报文的完整性和所述支付信息报文内容的合法性,若所述支付信息报文完整且内容合法,则交易合法,否则交易不合法。The financial payment platform checks the integrity of the payment information message and the legality of the content of the payment information message. If the payment information message is complete and the content is legal, the transaction is legal, otherwise the transaction is illegal.
  9. 根据权利要求1所述的移动支付方法,其特征在于,还包括:若判断结果为交易不合法,则支付设备禁止进行交易。The mobile payment method according to claim 1, further comprising: if the result of the determination is that the transaction is illegal, the payment device prohibits the transaction.
  10. 根据权利要求1至9任一项所述的移动支付方法,其特征在于,所述支付信息报文中包括用户身份信息和交易的商品信息;所述商品信息包括额度信息、交易时间、商品名称、商品数量、商家信息中的一种或多种;所述用户身份信息包括银行账户信息、个人识别码、验证码中的一种或多种。 The mobile payment method according to any one of claims 1 to 9, wherein the payment information message includes user identity information and transaction product information; the product information includes credit information, transaction time, and product name. One or more of the quantity of the goods and the information of the merchant; the user identity information includes one or more of bank account information, a personal identification number, and a verification code.
  11. 根据权利要求1至9任一项所述的移动支付方法,其特征在于,生成交易的支付信息报文之前,还包括:在支付设备与受付设备之间进行安全认证,认证通过后,进入交易阶段。The mobile payment method according to any one of claims 1 to 9, wherein before the generating the payment information message of the transaction, the method further comprises: performing security authentication between the payment device and the device to be paid, and entering the transaction after the authentication is passed. stage.
  12. 根据权利要求11所述的移动支付方法,其特征在于,所述在支付设备与受付设备之间进行的安全认证采用基于对称算法的挑战/响应认证方式,或者采用基于非对称密码算法的签名认证方式。The mobile payment method according to claim 11, wherein the security authentication performed between the payment device and the paid device adopts a challenge/response authentication method based on a symmetric algorithm or a signature authentication based on an asymmetric cryptographic algorithm. the way.
  13. 一种移动支付系统,其特征在于,包括支付设备、受付设备和金融支付平台,其中: A mobile payment system, comprising: a payment device, a paid device, and a financial payment platform, wherein:
    所述受付设备用于向所述支付设备提供交易;The paid device is for providing a transaction to the payment device;
    所述支付设备用于生成交易的支付信息报文,还用于在所述金融支付平台的判断结果为交易合法时,允许进行交易;The payment device is configured to generate a payment information message of the transaction, and is further configured to allow the transaction when the financial payment platform determines that the transaction is legal;
    所述金融支付平台用于根据所述支付信息报文判断交易是否合法。The financial payment platform is configured to determine whether the transaction is legal according to the payment information message.
  14. 根据权利要求13所述的移动支付系统,其特征在于,所述支付设备包括第一通信模块、第一报文生成模块和第一判断模块;所述受付设备包括第二通信模块;所述第一通信模块用于接收受付设备发送的交易的商品信息;所述第二通信模块用于向所述支付设备发送交易的商品信息;所述第一报文生成模块用于根据用户身份信息和商品信息生成所述支付信息报文;所述第一判断模块用于在所述金融支付平台的判断结果为交易合法时,允许进行交易。The mobile payment system according to claim 13, wherein the payment device comprises a first communication module, a first message generation module and a first determination module; the device to be paid comprises a second communication module; a communication module is configured to receive commodity information of a transaction sent by the payment device; the second communication module is configured to send commodity information of the transaction to the payment device; the first message generation module is configured to use the identity information and the product according to the user The information generates the payment information message; the first determining module is configured to allow the transaction to be performed when the financial payment platform determines that the transaction is legal.
  15. 根据权利要求14所述的移动支付系统,其特征在于,所述支付设备还包括商品信息验证模块,用于对接收的所述商品信息进行完整性验证,若验证通过,通知所述第一报文生成模块生成所述支付信息报文。The mobile payment system according to claim 14, wherein the payment device further comprises a commodity information verification module, configured to perform integrity verification on the received commodity information, and notify the first report if the verification is passed The text generation module generates the payment information message.
  16. 根据权利要求14所述的移动支付系统,其特征在于,所述第一判断单元还用于在所述金融支付平台的判断结果为交易不合法时,禁止进行交易。 The mobile payment system according to claim 14, wherein the first determining unit is further configured to prohibit the transaction when the judgment result of the financial payment platform is that the transaction is illegal.
  17. 根据权利要求14所述的移动支付系统,其特征在于,所述支付设备还包括发送模块,用于将所述支付信息报文发送给所述金融支付平台;所述金融支付平台包括接收模块和检测模块,所述接收模块用于接收所述支付信息报文;所述检测模块用于根据所述支付信息报文判断交易是否合法。The mobile payment system according to claim 14, wherein the payment device further comprises a sending module, configured to send the payment information message to the financial payment platform; the financial payment platform comprises a receiving module and a detecting module, the receiving module is configured to receive the payment information message, and the detecting module is configured to determine, according to the payment information message, whether the transaction is legal.
  18. 根据权利要求14所述的移动支付系统,其特征在于,所述金融支付平台包括第一报文获取模块和检测模块,所述第一报文获取模块用于从所述支付设备获取所述支付信息报文;所述检测模块用于根据所述支付信息报文判断交易是否合法。 The mobile payment system according to claim 14, wherein the financial payment platform comprises a first message acquisition module and a detection module, and the first message acquisition module is configured to acquire the payment from the payment device. The information packet is used by the detecting module to determine whether the transaction is legal according to the payment information message.
  19. 根据权利要求17或18所述的移动支付系统,其特征在于,所述检测模块包括第一检测单元,用于检验所述支付信息报文的完整性和所述支付信息报文内容的合法性,若所述支付信息报文完整且内容合法,则判定交易合法,否则判定交易不合法。 The mobile payment system according to claim 17 or 18, wherein the detecting module comprises a first detecting unit, configured to check the integrity of the payment information message and the legality of the content of the payment information message If the payment information message is complete and the content is legal, the transaction is determined to be legal, otherwise the transaction is determined to be illegal.
  20. 根据权利要求13至18任一项所述的移动支付系统,其特征在于,所述支付设备还包括第一安全认证单元、受付设备还包括第二安全认证单元,所述第一安全认证单元、第二安全认证单元用于进行安全认证,以判断支付设备和受付设备之间是否进行通信。The mobile payment system according to any one of claims 13 to 18, wherein the payment device further comprises a first security authentication unit, the device to be paid further comprises a second security authentication unit, the first security authentication unit, The second security authentication unit is configured to perform security authentication to determine whether communication is performed between the payment device and the device to be paid.
  21. 一种移动支付系统,其特征在于,包括支付设备、受付设备和金融支付平台,其中:A mobile payment system, comprising: a payment device, a paid device, and a financial payment platform, wherein:
    所述受付设备用于生成交易的支付信息报文;The paid device is configured to generate a payment information message of the transaction;
    所述金融支付平台用于根据所述支付信息报文判断交易是否合法;The financial payment platform is configured to determine whether the transaction is legal according to the payment information message;
    所述支付设备用于在所述金融支付平台的判断结果为交易合法时,允许进行交易。The payment device is configured to allow the transaction to be performed when the judgment result of the financial payment platform is that the transaction is legal.
  22. 根据权利要求21所述的移动支付系统,其特征在于,所述受付设备包括第二通信模块和第二报文生成模块,所述支付设备包括第一通信模块和第一判断模块;所述第二通信模块用于接收支付设备发送的用户身份信息;所述第二报文生成模块用于根据用户身份信息和交易的商品信息生成所述支付信息报文;所述第一通信模块用于向所述受付设备发送用户身份信息;所述第一判断模块用于在所述金融支付平台的判断结果为交易合法时,允许进行交易。 The mobile payment system according to claim 21, wherein the device to be paid comprises a second communication module and a second message generation module, the payment device comprising a first communication module and a first determination module; The second communication module is configured to receive the user identity information sent by the payment device; the second message generation module is configured to generate the payment information message according to the user identity information and the transaction product information; the first communication module is configured to The receiving device sends the user identity information; the first determining module is configured to allow the transaction to be performed when the financial payment platform determines that the transaction is legal.
  23. 根据权利要求22所述的移动支付系统,其特征在于,所述受付设备还包括用户身份信息验证模块,用于对接收的所述用户身份信息进行完整性验证,若验证通过,通知所述第二报文生成模块生成所述支付信息报文。The mobile payment system according to claim 22, wherein the device to be paid further comprises a user identity information verification module, configured to perform integrity verification on the received user identity information, and if the verification is passed, notify the The second message generating module generates the payment information message.
  24. 根据权利要求22所述的移动支付系统,其特征在于, 所述第一判断单元还用于在所述金融支付平台的判断结果为交易不合法时,禁止进行交易。 A mobile payment system according to claim 22, wherein The first determining unit is further configured to prohibit the transaction when the judgment result of the financial payment platform is that the transaction is illegal.
  25. 根据权利要求22所述的移动支付系统,其特征在于,所述第二通信模块还用于将所述支付信息报文发送给所述支付设备;所述第一通信模块用于接收所述支付信息报文。 The mobile payment system according to claim 22, wherein the second communication module is further configured to send the payment information message to the payment device; the first communication module is configured to receive the payment Information message.
  26. 根据权利要求25所述的移动支付系统,其特征在于,所述支付设备还包括第二报文获取模块,用于通过所述第一通信模块向所述受付设备发出报文获取请求。The mobile payment system according to claim 25, wherein the payment device further comprises a second message acquisition module, configured to send a message acquisition request to the device to be paid by the first communication module.
  27. 根据权利要求25所述的移动支付系统,其特征在于,所述支付设备还包括发送模块,用于将所述支付信息报文发送给所述金融支付平台;所述金融支付平台包括接收模块和检测模块,所述接收模块用于接收所述支付信息报文;所述检测模块用于根据所述支付信息报文判断交易是否合法。 The mobile payment system according to claim 25, wherein the payment device further comprises a sending module, configured to send the payment information message to the financial payment platform; the financial payment platform comprises a receiving module and a detecting module, the receiving module is configured to receive the payment information message, and the detecting module is configured to determine, according to the payment information message, whether the transaction is legal.
  28. 根据权利要求25所述的移动支付系统,其特征在于,所述金融支付平台包括第一报文获取模块和检测模块,所述第一报文获取模块用于从所述支付设备获取所述支付信息报文;所述检测模块用于根据所述支付信息报文判断交易是否合法。The mobile payment system according to claim 25, wherein the financial payment platform comprises a first message acquisition module and a detection module, and the first message acquisition module is configured to acquire the payment from the payment device. The information packet is used by the detecting module to determine whether the transaction is legal according to the payment information message.
  29. 根据权利要求27或28所述的移动支付系统,其特征在于,所述检测模块包括第一检测单元,用于检验所述支付信息报文的完整性和所述支付信息报文内容的合法性,若所述支付信息报文完整且内容合法,则判定交易合法,否则判定交易不合法。 The mobile payment system according to claim 27 or 28, wherein the detecting module comprises a first detecting unit, configured to check the integrity of the payment information message and the legality of the content of the payment information message If the payment information message is complete and the content is legal, the transaction is determined to be legal, otherwise the transaction is determined to be illegal.
  30. 根据权利要求21至28任一项所述的移动支付系统,其特征在于,所述支付设备还包括第三安全认证单元、受付设备还包括第四安全认证单元,所述第三安全认证单元、第四安全认证单元用于进行安全认证,以判断支付设备和受付设备之间是否进行通信。The mobile payment system according to any one of claims 21 to 28, wherein the payment device further comprises a third security authentication unit, the device to be paid further comprises a fourth security authentication unit, the third security authentication unit, The fourth security authentication unit is configured to perform security authentication to determine whether communication is performed between the payment device and the device to be paid.
PCT/CN2012/076169 2011-06-29 2012-05-28 Mobile payment method and system WO2013000351A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110178604.1A CN102855560B (en) 2011-06-29 2011-06-29 A kind of method of mobile payment and system
CN201110178604.1 2011-06-29

Publications (1)

Publication Number Publication Date
WO2013000351A1 true WO2013000351A1 (en) 2013-01-03

Family

ID=47402126

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/076169 WO2013000351A1 (en) 2011-06-29 2012-05-28 Mobile payment method and system

Country Status (2)

Country Link
CN (1) CN102855560B (en)
WO (1) WO2013000351A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110968584A (en) * 2019-12-03 2020-04-07 北京明略软件系统有限公司 Portrait generating system, method, electronic device and readable storage medium
CN117350725A (en) * 2023-12-05 2024-01-05 深圳桑达银络科技有限公司 Internet of things realization system and method based on artificial intelligent driving

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914770A (en) * 2013-01-04 2014-07-09 深圳市华营数字商业有限公司 Handset payment terminal, payment method and system based on NFC label
CN104284309B (en) * 2013-07-09 2017-11-14 中国电信股份有限公司 Realize the method and system of short message charging-replaced
CN106910063B (en) * 2015-12-22 2020-10-27 卓望数码技术(深圳)有限公司 Offline payment method and system
CN106940767A (en) 2016-01-05 2017-07-11 阿里巴巴集团控股有限公司 A kind of application of IC cards safe verification method and device
CN106204024A (en) * 2016-07-19 2016-12-07 上海易码信息科技有限公司 Method of mobile payment under a kind of line
CN106331752A (en) * 2016-08-31 2017-01-11 杭州当虹科技有限公司 Streaming media video file protection method
CN107784499B (en) * 2016-08-31 2021-05-18 北京银联金卡科技有限公司 Secure payment system and method of near field communication mobile terminal
CN107133512B (en) * 2017-03-14 2020-07-28 万达百汇科技(深圳)有限公司 POS terminal control method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581186A (en) * 2004-05-21 2005-02-16 叶海峰 Hand-set payment system and method
CN1838660A (en) * 2005-03-21 2006-09-27 邓斌涛 Electronic paying and accepting signal transmission processing method
US20070241180A1 (en) * 2006-04-14 2007-10-18 Harexinfotech Inc. Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
CN101853453A (en) * 2009-04-03 2010-10-06 中兴通讯股份有限公司 System and method for realizing mobile payment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1900963A (en) * 2005-07-18 2007-01-24 中国银联股份有限公司 Online safety payment system
BRPI0715284A2 (en) * 2006-09-29 2013-07-16 Dan Scammell system and method for verifying user identity in electronic transactions
CN101692673B (en) * 2009-10-16 2013-08-21 中国电信股份有限公司 Message processing method of payment platform, payment platform device and payment system
CN102073958A (en) * 2009-11-25 2011-05-25 天津中兴软件有限责任公司 System and method for implementing mobile payment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581186A (en) * 2004-05-21 2005-02-16 叶海峰 Hand-set payment system and method
CN1838660A (en) * 2005-03-21 2006-09-27 邓斌涛 Electronic paying and accepting signal transmission processing method
US20070241180A1 (en) * 2006-04-14 2007-10-18 Harexinfotech Inc. Method of settling signatureless payment of bank card sales slip in mobile terminal, and system therefor
CN101853453A (en) * 2009-04-03 2010-10-06 中兴通讯股份有限公司 System and method for realizing mobile payment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110968584A (en) * 2019-12-03 2020-04-07 北京明略软件系统有限公司 Portrait generating system, method, electronic device and readable storage medium
CN110968584B (en) * 2019-12-03 2023-03-14 北京明略软件系统有限公司 Portrait generation system, method, electronic device and readable storage medium
CN117350725A (en) * 2023-12-05 2024-01-05 深圳桑达银络科技有限公司 Internet of things realization system and method based on artificial intelligent driving

Also Published As

Publication number Publication date
CN102855560A (en) 2013-01-02
CN102855560B (en) 2018-07-17

Similar Documents

Publication Publication Date Title
WO2013000351A1 (en) Mobile payment method and system
US8145189B2 (en) Technique for securely communicating information
US7362869B2 (en) Method of distributing a public key
AU2010204732B2 (en) Secure remote authentication through an untrusted network
US20040030894A1 (en) Security framework and protocol for universal pervasive transactions
WO2014082387A1 (en) Nfc-based fingerprint authentication system and fingerprint authentication method
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
EP1277301A2 (en) Method for transmitting payment information between a terminal and a third equipement
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
CA2355928C (en) Method and system for implementing a digital signature
WO2016085062A1 (en) Authentication method using nfc authentication card
CN101790166A (en) Digital signing method based on mobile phone intelligent card
CN107679847A (en) A kind of move transaction method for secret protection based on near-field communication bidirectional identity authentication
AU2014222350A1 (en) Systems, methods and devices for performing passcode authentication
CN103401277B (en) A kind of intelligent power and utilize this intelligent power to realize the method for mobile payment
CN105682092B (en) Bidirectional authentication method based on short-distance wireless communication technology
CN102509217B (en) A kind of Mobile long-distance payment system
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
MXPA04010160A (en) Challenge-based authentication without requiring knowledge of secret authentication data.
WO2023160667A1 (en) Security authentication method, apparatus and system for digital currency transaction
CN106604241B (en) Method and system for transmitting information between devices and source terminal
US20090119214A1 (en) Method and device for exchanging values between personal protable electronic entities
NO336856B1 (en) Data transfer method and system
CN102487320A (en) Method and system used for automatic teller machine identity authentication
Khu-Smith et al. Using GSM to enhance e-commerce security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12805242

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12805242

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/08/2014)

122 Ep: pct application non-entry in european phase

Ref document number: 12805242

Country of ref document: EP

Kind code of ref document: A1