WO2015039568A1 - Method and system for providing authorization by using mobile terminal - Google Patents

Method and system for providing authorization by using mobile terminal Download PDF

Info

Publication number
WO2015039568A1
WO2015039568A1 PCT/CN2014/085992 CN2014085992W WO2015039568A1 WO 2015039568 A1 WO2015039568 A1 WO 2015039568A1 CN 2014085992 W CN2014085992 W CN 2014085992W WO 2015039568 A1 WO2015039568 A1 WO 2015039568A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
mobile terminal
authentication code
information
receiving
Prior art date
Application number
PCT/CN2014/085992
Other languages
French (fr)
Inventor
Wa YE
Runda CAI
Peng Liu
Kai Liu
Zhenyu Xu
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015039568A1 publication Critical patent/WO2015039568A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3272Short range or proximity payments by means of M-devices using an audio code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3274Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/384Payment protocols; Details thereof using social networks

Definitions

  • the present application relates to the field of mobile Internet technologies, and in particular, to a method and system for providing authorization by using a mobile terminal.
  • a user may first connect to the Internet through a data communication channel or wifi access, and then input a payment account user name, password, voiceprint or fingerprint on a mobile phone payment application (for example, an online bank application or a third-party payment application such as TenPay, PayPal, and Alipay) to obtain authorization of logging on to the mobile phone payment application, thereby completing payment, transfer or other operations.
  • a mobile phone payment application for example, an online bank application or a third-party payment application such as TenPay, PayPal, and Alipay
  • a user can be authorized only by inputting data corresponding to authorization information such as password, voiceprint or fingerprint in a network environment and uploading the data to a server, while when a user terminal of the user is in an offline state, as the mobile terminal cannot upload data and cannot perform an authorized operation, so that an authorization act of the user has network-dependent limitations.
  • authorization information such as password, voiceprint or fingerprint
  • the present application is implemented in a computer that has one or more processors, memory and one or more modules, programs or sets of instructions stored in the memory for performing multiple functions in conjunction with a remote computer server and one or more mobile terminals. Instructions for performing these functions may be included in a computer program product configured for execution by one or more processors.
  • the computer-implemented method includes: receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code; generating a payment request using the payment authorization information, a payment amount and an authorized payment receiving account; sending the payment request to a remote payment server; receiving a payment acknowledgment message from the remote payment server; and forwarding the payment acknowledgment message to the mobile terminal.
  • the computer-implemented method includes: receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal; determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
  • the computer system includes memory, one or more processors, and one or more programs stored in the memory and configured for execution by the one or more processors.
  • the one or more programs include instructions for: receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal; determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
  • the computing device includes memory, one or more processors, and one or more programs stored in the memory and configured for execution by the one or more processors.
  • the one or more programs include instructions for: receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code; generating a payment request using the payment authorization information, a payment amount and an authorized payment receiving account; sending the payment request to a remote payment server; receiving a payment acknowledgment message from the remote payment server; and forwarding the payment acknowledgment message to the mobile terminal.
  • FIG. 1 is a flowchart of a method for providing authorization by using a mobile terminal in an embodiment
  • FIG. 2 is a schematic structural diagram of an offline payment system in an embodiment
  • FIG. 3 is a schematic interaction diagram when a graphical code is used as an authentication code for reading in an embodiment
  • FIG. 4 is a schematic interaction diagram when a voiceprint is used as an authentication code for reading in an embodiment
  • FIG. 5 is a schematic interaction diagram when an NFC message is used as an authentication code for reading in an embodiment
  • FIG. 6 is a flowchart of a method for making payment by using a mobile terminal in an embodiment
  • FIG. 7 is a flowchart of an offline payment method in an embodiment
  • FIG. 8 is an interactive sequence diagram of an offline payment process in one embodiment
  • FIG. 9 is an interactive sequence diagram of an offline payment process in another embodiment.
  • FIG. 10 is a flowchart of a method for generating an authentication code including authorization information in an embodiment
  • FIG. 11 is a schematic structural diagram of an apparatus for generating an authentication code including authorization information in an embodiment
  • FIG. 12 is a flowchart of a method for reading authorization information stored in a mobile terminal in an embodiment.
  • FIG. 13 is a schematic structural diagram of an apparatus for reading authorization information stored in a mobile terminal in an embodiment.
  • the method relies on a computer program, and runs on a computer system based on a Von Neumann system.
  • the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30.
  • the mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices.
  • the scanning device 20 may be a Point of Sale (POS) machine with a camera, a microphone or a Near Field Communication (NFC) sensor chip.
  • the payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
  • the method includes the following steps.
  • Step S102 The mobile terminal acquires authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receives an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • the user payment account may be an account registered by a user on a third-party payment platform, or may be an online bank account of the user, or may be a social network account or a network game account of the user.
  • the user payment account includes financial instrument data in a corresponding application thereof, including physical currency data (physical currency data such as RMB, Hong Kong dollar or US dollar in online bank applications) and virtual currency data (virtual currency data such as forum points, network game currency or social network application recharge card data) .
  • the authorization information is an authorization code or an authorization number for acknowledging a user identity provided by a third-party payment platform, an online bank, a social network application or a network game.
  • authorization of its corresponding third-party payment platform, online bank, social network application or network game application may be acquired, so as to pay or transfer the financial data of the user payment account corresponding thereto to another user, and it is unnecessary to use the user payment account and its password to log on to the corresponding application.
  • the user may previously input the password, voiceprint or fingerprint when the mobile terminal is in the networking state, so as to download the corresponding authorization information and store the authoritarian information on the mobile terminal.
  • the authentication code that can be physically received is authentication information that can be received by the user in a physical manner by using a sensor, which may include at least one of a graphical code, an NFC message and a voiceprint.
  • the authentication code that can be physically received does not require the mobile terminal to establish a network connection with another device and then is sent to the device by the mobile terminal, and a sensor on the another device may automatically physically receive an authentication code displayed by the mobile terminal in multiple types of physical manners.
  • the mobile terminal may generate a time-to-live based on its current timestamp for the authentication code, which might be a few minutes or multiple hours from the current timestamp, and transmit the time-to-live to the scanning device along with the authentication code (e.g. , the time-to-live may be part of the authentication code) .
  • the time-to-live may be used to encode the corresponding authentication code before transmitting the authentication code to the scanning device. For example, while in an offline state, the mobile terminal receives a user instruction to generate the authentication code.
  • the mobile terminal determines a time-to-live based on the current timestamp of the mobile terminal and identifies payment authorization information for the authentication code.
  • the payment authorization information is generated by a remote payment server and downloaded into the mobile terminal while the mobile terminal is in an online state. For example, before the user of the mobile terminal makes a field trip to a remote area, the user may initiate a request for receiving the payment authorization information while the mobile terminal is in the online state. With this approach, the user can avoid carrying a large amount of cash with him/her when traveling to remote areas where the wireless connection is not reliable.
  • the payment authorization information may include a maximum authorized payment amount and a payment authorization time window and/or geographical region such that any attempt of using the authorization information outside the payment authorization time window and/or the geographical region may be prevented.
  • the mobile terminal generates different time-to-live parameters for different authentication codes when different authentication codes may have different authorized payment amounts. For example, a small time-to-live may be assigned to an authentication code associated with a large financial transaction and a large time-to-level to an authentication code associated with a small financial transaction.
  • the authorized payment amount associated with an authentication code may be specified by the user of the mobile terminal when initiating the authentication code generation instruction or before that (e.g. , upon receipt of the payment authorization information) .
  • the payment server may not have the authorized payment amount since the mobile terminal is in an offline state.
  • the payment server may have the authorized payment amount because the mobile terminal is in an online state.
  • Step S104 A scanning device reads the authentication code in a physical reception manner to obtain the certificate information, and extracts the authorization information according to the certificate information.
  • the manner that a scanning device reads the authentication code in a physical reception manner is that the scanning device physically receives the authentication code displayed by the mobile terminal by using multiple types of sensors, instead of that the mobile terminal sends the authentication code to the scanning device by using a network connection.
  • the scanning device generates a payment request using the payment authorization information extracted from the authentication code.
  • the approaches described in the present application may be used in a remote area where there is no reliable wireless connection for the user of the mobile terminal to receive a real-time authorization for completing a purchase transaction.
  • the mobile terminal generates the certificate information using the identified payment authorization information and encodes the certificate information into the authentication code using the time-to-live.
  • the scanning device extracts the time-to-live from the authentication code and compares the time-to-live with a current timestamp of the scanning device to determine whether the authentication code is valid or not. For example, the authentication code is deemed to be invalid when the current timestamp is outside the time window defined by the time-to-live. In this case, the scanning device does not need to generate the payment request.
  • the payment request may also include a payment amount and an authorized payment receiving account.
  • the payment amount may be entered by the user of the scanning device or come from the mobile terminal as, e.g. , part of the authentication code.
  • the scanning device sends the payment request to a remote payment server, which may have a wireless or wired connection with the scanning device as shown in FIG. 2.
  • the payment server then processes the payment request and determines whether it should be approved or not. Regardless of whether the payment request is approved or not, the payment server returns a payment acknowledgment message to the scanning device.
  • the payment server may return multiple messages for different purposes. For example, the first returned message indicates that the payment request has been received and is being processed. The second returned message indicates that the payment request has been approved or denied.
  • the scanning device may forward one or more of the payment acknowledgment messages to the mobile terminal, e.g. , using one of the physical information exchange manners described in the present application.
  • the authentication code has been encoded by the mobile terminal using the time-to-live.
  • the scanning device Upon receipt of the authentication code using the physical receipt manners described above, the scanning device extracts the time-to-live from the authentication code and decodes the authentication code using the time-to-live parameter when the authentication code is deemed to be valid and then extracts the payment authorization information from the decoded authentication code.
  • another computing device 40 may be involved in the completion of the purchase transaction.
  • the computing device 40 does not have to be a computer and it can be another mobile terminal such as a smartphone as long as it has network connection with the payment server 30.
  • the user of the computing device 40 may be a parent of the user (e.g. , a teenager child) of the mobile terminal 10 who is on a field trip to a remote area.
  • the child user has been allowed to use his/her mobile terminal 10 to purchase goods such as food, the parent may still want to have a final say on whether or not to approve the food chosen by the child if, e.g. , the child may be allergic to certain food.
  • the payment server may need to determine the validity of the payment request.
  • One reason of the validity checking is to determine whether the payment request includes the correct payment authorization information. If not, the payment server should return a message denying the payment request.
  • Another reason of the validity checking is to let the parent at the computing device 40 decide whether the transaction should be completed or not based on the merchandise information provided by the scanning device and included in the payment request.
  • the payment server extracts the merchandise information from the payment request and forwards it to a second mobile terminal used by the parent of the child purchaser.
  • the merchandise information may identify the type of merchandise or the specific item as well.
  • the parent is then alerted by the arrival of the merchandise information, e.g. , in the form of an instant message transmitted through a social networking platform that is associated with the payment server.
  • the parent can decide whether or not to approve the transaction based on, e.g. , the merchandise to be purchased and the payment amount to be spent, and return a payment authorization/denial message to the payment server.
  • the payment server Based on the response from the second mobile terminal, the payment server prepares its own payment acknowledgment message to the scanning device and returns it to the scanning device. The user of the scanning device then proceeds with the purchase transaction according to the payment acknowledgment message.
  • the authorized payment receiving account does not necessarily receive the payment after the scanning device forwards a payment acknowledgment message approving the purchase transaction.
  • the payment amount of financial instrument may be taken out of an account associated with the user of the mobile terminal 10 or the user of the computing device 40 and put into an escrow account associated with the authorized payment receiving account.
  • the user of the mobile terminal 10 is given a second chance of approving the transaction or ranking the service he/she receives in association with the transaction.
  • the user of the mobile terminal 10 may send a payment approval message including an identifier of the payment acknowledgment message it receives from the scanning device 20 within a predefined time window (e.g. , a day or a week) when the mobile terminal 10 is back online.
  • the payment server 30 Upon receipt of the payment approval message from the mobile terminal 10, the payment server 30 then completes the transfer of the financial instrument corresponding to the payment amount to the authorized payment receiving account.
  • the payment server may automatically complete the transfer of the financial instrument corresponding to the payment amount to the authorized payment receiving account without express authorization from the user of the mobile terminal 10, e.g. , when the user of the mobile terminal 10 fails to send the payment approval message within the predefined time window.
  • the authorized payment receiving account may not need to wait for the approval of the mobile terminal 10 when the user of the computing device 40 has approved the purchase before receiving the financial instrument.
  • a mobile terminal may generate through encoding, according to the certification information, an authentication code whose type is a graphical code.
  • a scanning device may scan and decode the graphical code to obtain the certification information.
  • the graphical code may be a bar code, a two-dimensional code or other authentication codes of an image type.
  • the mobile terminal may generate the graphical code after receiving a graphical code generation instruction input by a user, and display the graphical code in a picture form.
  • the scanning device may scan the graphical code displayed by the mobile terminal by using a camera, and then decode the read graphical code to obtain the certificate information.
  • a mobile terminal may generate through encoding, according to the certificate information, an authentication code whose type is a voiceprint.
  • a scanning device may capture and decode the voiceprint to obtain the certificate information.
  • the mobile terminal generates the corresponding voiceprint according to the certification information after receiving a voiceprint generation instruction input by a user, and plays the voiceprint by using a loudspeaker for display.
  • a nearby scanning device may capture the voiceprint by using a microphone or other devices and decode the voiceprint to obtain the corresponding certificate information.
  • a mobile terminal may generate through encoding, according to certificate information, an authentication code whose type is an NFC message.
  • a scanning device may sense and decode the NFC message to obtain the certificate information.
  • the NFC message is an authentication code obtained through encoding of an NFC chip.
  • a user may make the mobile terminal close to the scanning device, and then input an NFC message generation instruction.
  • the mobile terminal may encode the certificate information into an NFC message by using the NFC chip after receiving the NFC message generation instruction input by the user, and a nearby scanning device may sense the NFC message by using the NFC chip, and obtain the certification information through decoding.
  • the step that the mobile terminal generates certificate information according to the authorization information further includes: the mobile terminal acquiring system parameter information, and generating the certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
  • the scanning device may decode the certificate information according to the system parameter information to obtain the authorization information.
  • the mobile terminal may regularly acquire the system parameter information, and update the certificate information according to the system parameter information.
  • the certificate information on the mobile terminal may be data changing regularly, thereby preventing the certificate information from being repeatedly used by criminals after being stolen.
  • the method may be based on a social network application, the user may previously bind his social network account to his online bank account or to his third-party payment account, and after logging on to the social network application on the mobile terminal, obtain corresponding authorization information on the online bank or third-party payment platform, the mobile terminal may acquire a system time, system version information, an equipment identity (an equipment ex-factory number or an International Mobile Equipment Identity (IMEI) code) or a social network account corresponding to the mobile terminal every a preset update cycle of 30 seconds or 1 minute, and then generate the certificate information through encryption according to information such as the authorization information, the system time, the system version information, the equipment identity and the social network account.
  • IMEI International Mobile Equipment Identity
  • the scanning device may acquire its own system time, then performs a subtraction operation on the system time and the system time in the read certificate information, and can identify that the graphical code has expired, the read certificate information is an invalid certificate, so that the authorization information cannot be extracted, that is, the scanning device fails to acquire the authorization information.
  • the user may upload system version information and/or equipment identity and other information of the mobile terminal after replacement by using a social network application and replace related system parameters of the mobile terminal before replacement stored in the social network application.
  • the scanning device may download system version information and/or equipment identity and other information corresponding to the user by using the social network application, and then compare the information with the system parameter information included in the certificate information. As the mobile terminal of the user has been replaced, they do not match, and the authorization information cannot be extracted from the certificate information, that is, the scanning device fails to acquire the authorization information.
  • the certificate information may further include a payment threshold.
  • the scanning device may further extract the payment threshold from the certificate information, acquire payment amount, and judge whether the payment amount is greater than the payment threshold, where if yes, acquisition of the authorization information fails.
  • a user may set a payment threshold in a social network application corresponding to a user payment account.
  • the mobile terminal may acquire the payment threshold according to the social network application, and then add the payment threshold when generating the certificate information.
  • a service or commodity provider may input payment amount by using a scanning device and display the payment amount to a user for acknowledgment, and the user may input an authentication code generation instruction after acknowledgment, and display the mobile terminal to the service or commodity provider.
  • the service or commodity provider After the service or commodity provider reads it by using the scanning device in a physical reception manner, if the payment threshold included in the certificate information is less than the payment threshold, it indicates that financial data to be paid for the consumption of the user exceeds consumer expectations of the user, and thus authorization cannot be provided.
  • a system for providing authorization by using a mobile terminal includes a mobile terminal 10 and a scanning device 20.
  • the mobile terminal 10 is used for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • the scanning device 20 is used for reading the authentication code in a physical reception manner to obtain the certificate information, and extracting the authorization information according to the certificate information.
  • the mobile terminal 10 is further used for generating through encoding, according to the certification information, an authentication code whose type is a graphical code;
  • the scanning device 20 is further used for scanning and decoding the graphical code to obtain the certification information.
  • the mobile terminal 10 is further used for generating through encoding, according to certificate information, an authentication code whose type is an NFC message.
  • the scanning device 20 is further used for sensing and decoding the NFC message to obtain the certificate information.
  • the mobile terminal 10 is further used for generating through encoding, according to the certificate information, an authentication code whose type is a voiceprint.
  • the scanning device 20 is further used for capturing and decoding a voiceprint to obtain the certificate information.
  • the mobile terminal 10 is further used for acquiring system parameter information, and generating the certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity; and
  • the scanning device 20 is further used for decoding the certificate information according to the system parameter information to obtain the authorization information.
  • the certificate information further includes a payment threshold.
  • the scanning device 20 is further used for extracting the payment threshold from the certificate information, acquiring payment amount, and judging whether the payment amount is greater than the payment threshold, where if yes, acquisition of the authorization information fails.
  • the method relies on a computer program, and runs on a computer system based on a Von Neumann system.
  • the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30.
  • the mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices.
  • the scanning device 20 may be a POS machine with a camera, a microphone or an NFC sensor chip.
  • the payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
  • the method includes the following steps.
  • Step S202 A scanning device reads an authentication code generated by the mobile terminal in a physical reception manner and decodes the authentication code to obtain authorization information, acquires payment amount and an authorized payment receiving account, and sends the authorization information, the payment amount and the authorized payment receiving account to a payment server.
  • the scanning device may include a camera, a microphone or an NFC chip or other sensing devices, and the scanning device may scan a graphical code picture generated by the mobile terminal by using the camera, sense an NFC message generated by the mobile terminal by using the NFC chip or capture a voiceprint sent by a loudspeaker of the mobile terminal by using the microphone to obtain certificate information stored in the mobile terminal, and then obtain authorization information through extraction by decoding the certificate information.
  • the authorized payment receiving account includes an online bank account, a third-party payment account, a social network account or a network game account or the like of a service provider or a commodity provider.
  • the authorized payment receiving account further includes receiving authorization information previously acquired by the payment server, so as to acknowledge that the service provider or the commodity provider is a financial data receiver having legal identity.
  • the receiving authorization information may be obtained by using an application to the payment server when the service provider or the commodity provider registers the authorized payment receiving account.
  • the service provider or the commodity provider may submit data such as business information, identity information and security deposit in registration, and after the data passes auditing of the customer service personnel, the receiving authorization information may be distributed to the authorized payment receiving account by using the payment server.
  • the service or commodity provider may store the authorized payment receiving account including the receiving authorization information into the scanning device.
  • the payment amount may be obtained through manual input of the service provider or the commodity provider.
  • the scanning device may be a personal computer with a camera. If a consumer hopes to pay for one-time haircut consumption offline by using a smart phone, a cashier in a barber shop may manually input payment amount on the personal computer, and display the payment amount to the consumer for acknowledgment, after acknowledgment, the consumer may open an application corresponding to the method on the smart phone, and then display a generated graphical code picture to the cashier, and the cashier may scan the graphical code picture by using the camera on the personal computer so as to obtain authorization information corresponding to the consumer through extraction from the scanning device.
  • the payment amount may further be obtained by reading a configuration file.
  • the scanning device may be a drink vending machine with an NFC chip.
  • the consumer may first select the drink according to a price on the vending machine, and payment amount corresponding to the price may be stored in a configuration file of the vending machine.
  • the consumer may make the smart watch close to an NFC sensor corresponding to the drink, so as to send certificate information generated by an application corresponding to the method on the smart watch to the vending machine by using NFC.
  • the vending machine may obtain authorization information through extraction, and read the corresponding payment amount according to a drink logo corresponding to the NFC sensor. After subsequent payment succeeds, the vending machine may open a corresponding padlock according to the drink logo corresponding to the NFC sensor, and the consumer may take away the drink to complete the transaction.
  • the scanning device may return a prompt message to the mobile terminal by using NFC before sending the authorization information, the payment amount and the authorized payment receiving account to a payment server, where the prompt information may include information such as product name, product quantity and payment amount.
  • the mobile terminal displays the prompt message after receiving it by using NFC, and returns a payment acknowledge message to the scanning device by using NFC after the user inputs an acknowledgment instruction, and the scanning device sends the authorization information, the payment amount and the authorized payment receiving account to a payment server after receiving the payment acknowledge message.
  • Step S204 The payment server acquires authorization of a user payment account corresponding to the authorization information, and pays the payment amount from the user payment account to the authorized payment receiving account.
  • the payment server may acquire authorization of a corresponding online bank, a third-party payment platform, a social network application or a network game application according to the authorization information, and then pay the payment amount from the user payment account corresponding to the authorization information to the authorized payment receiving account.
  • the payment amount may correspond to physical currency financial data, or may correspond to virtual currency financial data.
  • the user payment amount and the authorized payment receiving account both may be a third-party payment account.
  • the step of paying the payment amount from the user payment account to the authorized payment receiving account may include:
  • the payment server paying, by the payment server, the payment amount from the user payment account to a third-party guarantee account, and generating a transaction record corresponding to the user payment account and the authorized payment receiving account.
  • the payment server receives an uploaded payment acknowledgment instruction, acquires a transaction record corresponding to the payment acknowledgment instruction, acquires an authorized payment receiving account and payment amount corresponding to the transaction record, and pays the payment amount from a third-party guarantee account to the authorized payment receiving account.
  • the user may access the payment server according to the user payment account to download the transaction record after the mobile terminal is in a networking state, and upload a payment acknowledgment instruction to the payment server according to the transaction record displayed by the mobile terminal.
  • the user may also access the payment server according to the user payment account on other networking devices such as a personal computer, a notebook and other devices, and upload a payment acknowledgment instruction.
  • the payment server does not directly pay financial data corresponding to the payment amount in the user payment account to the authorized payment receiving account, but first pays the financial data to a third-party guarantee account provided by the third-party payment platform.
  • the third-party guarantee account may play a role of guarantee, and only when the consumer is reconnected to the Internet, accesses the payment server by using the mobile terminal or other networking devices to browse the transaction record and acknowledges it, the payment server will pay the financial data corresponding to the payment amount to the authorized payment receiving account from the third-party guarantee account, thereby preventing the service provider or the commodity provider from selling fake and shoddy products.
  • the consumer finds that the commodity he buys is a fake product he may not acknowledge the transaction record, and submit an evidence document to the payment server to apply for arbitration.
  • the customer service personnel may obtain the evidence document by using the payment server and audit it, and if it passes auditing, may return the payment amount to the user payment account of the consumer after negotiation with a seller corresponding to the authorized payment receiving account.
  • the payment amount may be automatically paid to the authorized payment receiving account after a generation time of the transaction record times out.
  • the method is based on a social network application.
  • the consumer may log on to the payment server by using a social network application account to view his transaction record, and acknowledge it. If the consumer buys a fake and shoddy product and hopes to be refunded, he may input a refund instruction, and send an evidence document of a type such as pictures, texts or videos to a customer service account by using the social network application.
  • the customer service personnel may receive the evidence document by using the customer service account, and if the evidence document passes auditing, the payment amount may be returned to the user payment account corresponding to the social network application account initiating refund from the third-party guarantee account.
  • the payment server receives feedback information uploaded corresponding to the transaction record, regularly acquires a transaction record, acquires an authorized payment receiving account, payment amount and corresponding feedback information corresponding to the transaction account, and pays the payment amount from a third-party guarantee account to the authorized payment receiving account according to the feedback information.
  • the user may access the payment server to browse the transaction record, and add corresponding feedback information, where the feedback information may include evaluation information and/or an evidence document.
  • the payment server may regularly (for example, a weekly, monthly settlement cycle) settle transaction records (that is, migration records of financial data) , to acquire feedback information corresponding to the transaction records. If the feedback information is negative evaluation, to which a corresponding evidence document is attached, the customer service personnel may, after negotiation with the seller, return the payment amount in the third-party guarantee account to the user payment account corresponding to the transaction record.
  • the service provider or the commodity provider corresponding to the authorized payment receiving account may be punished, and the punishment manner may include freezing the account, deducting the security deposit paid by the provider in registration of the authorized payment receiving account, reducing the credit rating or extending the settlement cycle or the like; if the feedback information is positive evaluation or non-evaluation, the payment amount may be paid to the authorized payment receiving account from the third-party payment account.
  • the service provider or the commodity provider may previously upload a commodity price list to the payment server.
  • the payment server may judge whether the payment amount corresponding to the transaction record matches the corresponding commodity price list, and if yes, pay the payment amount to the authorized payment receiving account from the third-party guarantee account. For example, a corresponding price value may be searched for in the commodity price list according to a commodity name in the transaction record, and if payment amount matches the price value, the payment amount is paid to the authorized payment receiving account from the third-party guarantee account.
  • the method further includes:
  • the payment server may previously classify authorized payment receiving accounts according to registration information submitted in registration of the authorized payment receiving accounts, and set receiving thresholds for different types of authorized payment receiving accounts respectively. For example, for an authorized payment receiving account of which the type of registration information is convenience store, the receiving threshold corresponding thereto is evidently less than that of the authorized payment receiving account of which the type of registration information is home appliance shopping mall.
  • the payment server may judge whether the payment amount corresponding to the transaction record is greater than the receiving threshold corresponding to the authorized payment receiving account, if yes, return a notification of migration failure; and if no, pay the payment amount from the third-party guarantee account to the authorized payment receiving account.
  • a system for making payment by using a mobile terminal includes a scanning device 20 and a payment server 30.
  • the scanning device 20 is used for reading an authentication code generated by the mobile terminal in a physical reception manner and decoding the authentication code to obtain authorization information, acquiring payment amount and an authorized payment receiving account, and sending the authorization information, the payment amount and the authorized payment receiving account to the payment server 30.
  • the payment server 30 is used for acquiring authorization of a user payment account corresponding to the authorization information, and paying the payment amount from the user payment account to the authorized payment receiving account.
  • the payment server 30 is further used for paying the payment amount from the user payment account to a third-party guarantee account, and generating a transaction record corresponding to the user payment account and the authorized payment receiving account.
  • the payment server 30 is further used for receiving an uploaded payment acknowledgment instruction, acquiring a transaction record corresponding to the payment acknowledgment instruction, acquiring an authorized payment receiving account and payment amount corresponding to the transaction record, and paying the payment amount from a third-party guarantee account to the authorized payment receiving account.
  • the payment server 30 is further used for receiving feedback information uploaded corresponding to the transaction record, regularly acquiring a transaction record, acquiring an authorized payment receiving account, payment amount and corresponding feedback information corresponding to the transaction account, and paying the payment amount from a third-party guarantee account to the authorized payment receiving account according to the feedback information.
  • the payment server 30 is further used for acquiring a receiving threshold corresponding to the authorized payment receiving account, judging whether the payment amount is greater than the receiving threshold, and if yes, returning a notification of payment failure.
  • the method relies on a computer program, and runs on a computer system based on a Von Neumann system.
  • the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30.
  • the mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices.
  • the scanning device 20 may be a POS machine with a camera, a microphone or an NFC sensor chip.
  • the payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
  • the method includes the following steps.
  • Step S302. A mobile terminal acquires authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receives an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • Step S304 A scanning device reads the authentication code in a physical reception manner and decodes the authentication code to obtain the certificate information, acquires payment amount and an authorized payment receiving account, and sends the authorization information, the payment amount and the authorized payment receiving account to a payment server.
  • Step S306 The payment server acquires authorization of a user payment account corresponding to the authorization information, and pays the payment amount from the user payment amount to the authorized payment receiving account.
  • FIG. 8 shows a complete payment process of the offline payment method.
  • the mobile terminal regularly acquires system parameter information and authorization information to update the certificate information every a preset update cycle. After the consumer determines a commodity to be bought, the seller may input payment amount in the scanning device and display the payment amount to the consumer for acknowledgment, the consumer may trigger an authentication code generation instruction after acknowledging that the payment account is error-free, and the mobile terminal generates an authentication code such as a graphical code, an NFC message or a voiceprint according to the certificate information.
  • the scanning device obtains the authorization information through extraction by reading the authentication code, acquires an authorized payment receiving account pre-stored by the seller in the scanning device, and uploads the payment amount, the authorization information and the authorized payment receiving account to the payment server.
  • the payment server may return an ACK (a payment acknowledgment message) to notify the scanning device that uploading is successful.
  • the scanning device may display payment result information indicating payment success.
  • the payment server may acquire authorization of the consumer according to the authorization information after receiving the payment amount, the authorization information and the authorized payment receiving account, so as to pay the payment amount from the user payment account of the consumer to a corresponding third-party guarantee account (for example, if the user payment account is a TenPay account, the payment amount is 10.00, and the unit is RMB, financial amount of which the amount is 10.00 and the unit is RMB may be paid to a TenPay guarantee account from the user payment account) .
  • a third-party guarantee account for example, if the user payment account is a TenPay account, the payment amount is 10.00, and the unit is RMB, financial amount of which the amount is 10.00 and the unit is RMB may be paid to a TenPay guarantee account from the user payment account.
  • the consumer may subsequently open the network connection of the mobile terminal for networking, then access the payment server to download a transaction record, and upload a payment acknowledgment instruction to acknowledge the transaction record.
  • the payment server may pay the payment amount from a third-party guarantee account to the authorized payment receiving account.
  • the consumer may subsequently open the network connection of the mobile terminal for networking, then access the payment server to download a transaction record, and upload feedback information corresponding to the transaction record.
  • the payment server may regularly settle authorized payment receiving accounts according to the feedback information, pay payment amount corresponding to transaction records whose feedback information is positive evaluation to corresponding authorized payment receiving accounts, and punish authorized payment receiving accounts corresponding to transaction records whose feedback information is negative evaluation.
  • a mobile terminal 10 In an embodiment, as shown in FIG. 2, a mobile terminal 10, a scanning device 20 and a payment server 30 are included.
  • the mobile terminal 10 is used for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • the scanning device 20 is used for reading the authentication code in a physical reception manner and decoding the authentication code to obtain the certificate information, acquiring payment amount and an authorized payment receiving account, and sending the authorization information, the payment amount and the authorized payment receiving account to the payment server.
  • the payment server 30 is used for acquiring authorization of a user payment account corresponding to the authorization information, and paying the payment amount from the user payment amount to the authorized payment receiving account.
  • a method for generating an authentication code including authorization information includes the following steps.
  • Step 402. Acquire authorization information corresponding to a user payment account, to generate certificate information according to the authorization information.
  • Step 404 Receive an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • the authentication code generation instruction is a graphical code generation instruction.
  • the step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
  • the authentication code generation instruction is an NFC message generation instruction.
  • the step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
  • the authentication code generation instruction is a voiceprint generation instruction.
  • the step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
  • the step of generating certificate information according to the authorization information further includes:
  • system parameter information includes at least one of a system time, a system version and an equipment identity.
  • an apparatus for generating an authentication code including authorization information includes:
  • a certificate generating module 102 for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information
  • an authentication code generating module 104 for receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
  • the authentication code generation instruction is a graphical code generation instruction.
  • the authentication code generating module 104 is further used for generating an authentication code whose type is a graphical code according to the certificate information.
  • the authentication code generation instruction is an NFC message generation instruction.
  • the authentication code generating module 104 is further used for generating an authentication code whose type is an NFC message according to the certificate information.
  • the authentication code generation instruction is a voiceprint generation instruction.
  • the authentication code generating module 104 is further used for generating an authentication code whose type is a voiceprint according to the certificate information.
  • the certificate generating module 102 is further used for acquiring system parameter information and/or a payment threshold, and generating certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
  • a method for reading authorization information stored in a mobile terminal includes the following steps.
  • Step S502 Read an authentication code generated by the mobile terminal in a physical manner to obtain certificate information.
  • Step S504. Extract authorization information according to the certificate information.
  • the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
  • the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
  • the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
  • the certificate information includes system parameter information corresponding to the mobile terminal, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
  • the step of extracting authorization information according to the certificate information further includes:
  • the certificate information further includes a payment threshold.
  • the payment threshold may be extracted from the certificate information, payment amount is acquired, whether the payment amount is greater than the payment threshold is judged, and if yes, acquisition of the authorization information fails.
  • an apparatus for reading authorization information stored in a mobile terminal includes:
  • a certificate reading module 202 for reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information
  • an authorization information extracting module 204 for extracting authorization information according to the certificate information.
  • the certificate reading module 202 is further used for scanning and decoding a graphical code generated by the mobile terminal to obtain the certificate information.
  • the certificate reading module 202 is further used for sensing and decoding an NFC message generated by the mobile terminal to obtain the certificate information.
  • the certificate reading module 202 is further used for capturing and decoding a voiceprint generated by the mobile terminal to obtain the certificate information.
  • the certificate information includes system parameter information corresponding to the mobile terminal, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
  • the authorization information extracting module 204 is further used for decoding the certificate information according to the system parameter information to obtain the authorization information.
  • the certificate information further includes a payment threshold.
  • the authorization information extracting module 204 is further used for extracting the payment threshold from the certificate information, acquiring payment amount, and judging whether the payment amount is greater than the payment threshold is judged, where if yes, acquisition of the authorization information fails.
  • the mobile terminal may first generate certificate information according to authorization information corresponding to a user payment account when in an offline state, and then encode the certificate information into an authentication code that can be physically received after receiving an authentication code generation instruction input by a user; a scanning device may read the authentication code in a physical reception manner by using various types of sensors and extract the corresponding authorization information, so that the mobile terminal may provide authorization corresponding to the user payment account for the scanning device without uploading information authenticating user identity such as password, voiceprint or fingerprint, and the authorization process does not rely on the network environment, which achieves authorization when the mobile terminal is in an offline state.
  • the phrase "if it is determined [that a stated condition precedent is true]"or"if [astated condition precedent is true]”or"when [a stated condition precedent is true]” may be construed to mean"upon determining"or"in response to determining"or”in accordance with a determination”or"upon detecting"or”in response to detecting"that the stated condition precedent is true, depending on the context.
  • stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.

Abstract

A computing device receives an authentication code from a mobile terminal while the mobile terminal is in an offline state. The mobile terminal generates the authentication code based on payment authorization information it receives from a remote payment server while the mobile terminal is in an online state. The computing device extracts the payment authorization information from the authentication code and then generates a payment request using the payment authorization information, a payment amount and an authorized payment receiving account. Next, the computing device sends the payment request to the remote payment server. The remote payment server determines the validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account and returns a payment acknowledgment message to the remote computer. The computing device forwards the payment acknowledgment message to the mobile terminal, which then completes the payment transaction.

Description

METHOD AND SYSTEM FOR PROVIDING AUTHORIZATION BY USING MOBILE TERMINAL
RELATED APPLICATION
This application claims priority to Chinese Patent Application No. 201310430889.2, “METHOD AND SYSTEM FOR PROVIDING AUTHORIZATION BY USING MOBILE TERMINAL, ” filed on September 18, 2013, which is hereby incorporated by reference in its entirety.
TECHNICAL FIELD
The present application relates to the field of mobile Internet technologies, and in particular, to a method and system for providing authorization by using a mobile terminal.
BACKGROUND
With development of mobile Internet technologies, users already can use mobile phone payment applications for payment whenever and wherever possible. A user may first connect to the Internet through a data communication channel or wifi access, and then input a payment account user name, password, voiceprint or fingerprint on a mobile phone payment application (for example, an online bank application or a third-party payment application such as TenPay, PayPal, and Alipay) to obtain authorization of logging on to the mobile phone payment application, thereby completing payment, transfer or other operations.
However, upon research, the inventor finds that providing authorization by using a mobile terminal in the traditional technology at least has the following problems: a user can be authorized only by inputting data corresponding to authorization information such as password, voiceprint or fingerprint in a network environment and uploading the data to a server, while when a user terminal of the user is in an offline state, as the mobile terminal cannot upload data and cannot perform an authorized operation, so that an authorization act of the user has network-dependent limitations.
SUMMARY
The above deficiencies and other problems associated with the conventional approach of performing authorized operations only in a network environment are reduced or eliminated by the present application disclosed below. In some embodiments, the present application is implemented in a computer that has one or more processors, memory and one or more modules, programs or sets of instructions stored in the memory for performing multiple functions in conjunction with a remote computer server and one or more mobile terminals. Instructions for performing these functions may be included in a computer program product configured for execution by one or more processors.
One aspect of the present application involves a computer-implemented method performed by a computer having one or more processors and memory. The computer-implemented method includes: receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code; generating a payment request using the payment authorization information, a payment amount and an authorized payment receiving account; sending the payment request to a remote payment server; receiving a payment acknowledgment message from the remote payment server; and forwarding the payment acknowledgment message to the mobile terminal.
Another aspect of the present application involves a computer-implemented method performed by a computer server having one or more processors and memory. The computer-implemented method includes: receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal; determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
Another aspect of the present application involves a computer system. The computer system includes memory, one or more processors, and one or more programs stored in the memory and configured for execution by the one or more processors. The one or more programs include instructions for: receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal; determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
Another aspect of the present application involves a computing device. The computing device includes memory, one or more processors, and one or more programs stored in the memory and configured for execution by the one or more processors. The one or more programs include instructions for: receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code; generating a payment request using the payment authorization information, a  payment amount and an authorized payment receiving account; sending the payment request to a remote payment server; receiving a payment acknowledgment message from the remote payment server; and forwarding the payment acknowledgment message to the mobile terminal.
BRIEF DESCRIPTION OF THE DRAWINGS
The aforementioned features and advantages of the present application as well as additional features and advantages thereof will be more clearly understood hereinafter as a result of a detailed description of preferred embodiments when taken in conjunction with the drawings.
FIG. 1 is a flowchart of a method for providing authorization by using a mobile terminal in an embodiment;
FIG. 2 is a schematic structural diagram of an offline payment system in an embodiment;
FIG. 3 is a schematic interaction diagram when a graphical code is used as an authentication code for reading in an embodiment;
FIG. 4 is a schematic interaction diagram when a voiceprint is used as an authentication code for reading in an embodiment;
FIG. 5 is a schematic interaction diagram when an NFC message is used as an authentication code for reading in an embodiment;
FIG. 6 is a flowchart of a method for making payment by using a mobile terminal in an embodiment;
FIG. 7 is a flowchart of an offline payment method in an embodiment;
FIG. 8 is an interactive sequence diagram of an offline payment process in one embodiment;
FIG. 9 is an interactive sequence diagram of an offline payment process in another embodiment;
FIG. 10 is a flowchart of a method for generating an authentication code including authorization information in an embodiment;
FIG. 11 is a schematic structural diagram of an apparatus for generating an authentication code including authorization information in an embodiment;
FIG. 12 is a flowchart of a method for reading authorization information stored in a mobile terminal in an embodiment; and
FIG. 13 is a schematic structural diagram of an apparatus for reading authorization information stored in a mobile terminal in an embodiment.
Like reference numerals refer to corresponding parts throughout the several views of the drawings.
DESCRIPTION OF EMBODIMENTS
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one skilled in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
In an embodiment, as shown in FIG. 1, which illustrates a method for providing authorization by using a mobile terminal, the method relies on a computer program, and runs on a computer system based on a Von Neumann system. As shown in FIG. 2, the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30. The mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices. The scanning device 20 may be a Point of Sale (POS) machine with a camera, a microphone or a Near Field Communication (NFC) sensor chip. The payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
It should be noted that, when the method for providing authorization by using a mobile terminal runs on the computer system, whether the mobile terminal 10 is in a networking state or not is irrelevant to execution of the method.
In this embodiment, the method includes the following steps.
Step S102. The mobile terminal acquires authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receives an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
The user payment account may be an account registered by a user on a third-party payment platform, or may be an online bank account of the user, or may be a social network account or a network game account of the user. The user payment account includes financial instrument data in a corresponding application thereof, including physical currency data (physical currency data such as RMB, Hong Kong dollar or US dollar in online bank applications) and virtual currency data (virtual currency data such as forum points, network game currency or social network application recharge card data) .
The authorization information is an authorization code or an authorization number for acknowledging a user identity provided by a third-party payment platform, an online bank, a social network application or a network game. According to the authorization information, authorization of its corresponding third-party payment platform, online bank, social network application or network  game application may be acquired, so as to pay or transfer the financial data of the user payment account corresponding thereto to another user, and it is unnecessary to use the user payment account and its password to log on to the corresponding application. The user may previously input the password, voiceprint or fingerprint when the mobile terminal is in the networking state, so as to download the corresponding authorization information and store the authoritarian information on the mobile terminal.
In this embodiment, the authentication code that can be physically received is authentication information that can be received by the user in a physical manner by using a sensor, which may include at least one of a graphical code, an NFC message and a voiceprint. The authentication code that can be physically received does not require the mobile terminal to establish a network connection with another device and then is sent to the device by the mobile terminal, and a sensor on the another device may automatically physically receive an authentication code displayed by the mobile terminal in multiple types of physical manners.
In some embodiments, there is a time-to-live parameter associated with the authentication code. For example, the mobile terminal may generate a time-to-live based on its current timestamp for the authentication code, which might be a few minutes or multiple hours from the current timestamp, and transmit the time-to-live to the scanning device along with the authentication code (e.g. , the time-to-live may be part of the authentication code) . In some other embodiments, the time-to-live may be used to encode the corresponding authentication code before transmitting the authentication code to the scanning device. For example, while in an offline state, the mobile terminal receives a user instruction to generate the authentication code. In response to the user instruction, the mobile terminal determines a time-to-live based on the current timestamp of the mobile terminal and identifies payment authorization information for the authentication code. The payment authorization information is generated by a remote payment server and downloaded into the mobile terminal while the mobile terminal is in an online state. For example, before the user of the mobile terminal makes a field trip to a remote area, the user may initiate a request for receiving the payment authorization information while the mobile terminal is in the online state. With this approach, the user can avoid carrying a large amount of cash with him/her when traveling to remote areas where the wireless connection is not reliable. The payment authorization information may include a maximum authorized payment amount and a payment authorization time window and/or geographical region such that any attempt of using the authorization information outside the payment authorization time window and/or the geographical region may be prevented.
In some embodiments, the mobile terminal generates different time-to-live parameters for different authentication codes when different authentication codes may have different authorized payment amounts. For example, a small time-to-live may be assigned to an authentication code  associated with a large financial transaction and a large time-to-level to an authentication code associated with a small financial transaction. The authorized payment amount associated with an authentication code may be specified by the user of the mobile terminal when initiating the authentication code generation instruction or before that (e.g. , upon receipt of the payment authorization information) . In the former case, the payment server may not have the authorized payment amount since the mobile terminal is in an offline state. In the latter case, the payment server may have the authorized payment amount because the mobile terminal is in an online state. By doing so, the approaches disclosed in the present application provide an additional layer of security for financial transactions.
Step S104. A scanning device reads the authentication code in a physical reception manner to obtain the certificate information, and extracts the authorization information according to the certificate information.
The manner that a scanning device reads the authentication code in a physical reception manner is that the scanning device physically receives the authentication code displayed by the mobile terminal by using multiple types of sensors, instead of that the mobile terminal sends the authentication code to the scanning device by using a network connection.
In some embodiments, the scanning device generates a payment request using the payment authorization information extracted from the authentication code. As noted above, the approaches described in the present application may be used in a remote area where there is no reliable wireless connection for the user of the mobile terminal to receive a real-time authorization for completing a purchase transaction. In some embodiments, the mobile terminal generates the certificate information using the identified payment authorization information and encodes the certificate information into the authentication code using the time-to-live. Upon receipt of the authentication code, the scanning device extracts the time-to-live from the authentication code and compares the time-to-live with a current timestamp of the scanning device to determine whether the authentication code is valid or not. For example, the authentication code is deemed to be invalid when the current timestamp is outside the time window defined by the time-to-live. In this case, the scanning device does not need to generate the payment request.
Assuming that the authentication code is valid, the payment request may also include a payment amount and an authorized payment receiving account. Note that the payment amount may be entered by the user of the scanning device or come from the mobile terminal as, e.g. , part of the authentication code. The scanning device sends the payment request to a remote payment server, which may have a wireless or wired connection with the scanning device as shown in FIG. 2. The payment server then processes the payment request and determines whether it should be approved or not. Regardless of whether the payment request is approved or not, the payment server returns a  payment acknowledgment message to the scanning device. In some embodiments, the payment server may return multiple messages for different purposes. For example, the first returned message indicates that the payment request has been received and is being processed. The second returned message indicates that the payment request has been approved or denied. The scanning device may forward one or more of the payment acknowledgment messages to the mobile terminal, e.g. , using one of the physical information exchange manners described in the present application.
In some embodiments, the authentication code has been encoded by the mobile terminal using the time-to-live. Upon receipt of the authentication code using the physical receipt manners described above, the scanning device extracts the time-to-live from the authentication code and decodes the authentication code using the time-to-live parameter when the authentication code is deemed to be valid and then extracts the payment authorization information from the decoded authentication code.
In some embodiments, as shown in FIG. 2, another computing device 40 may be involved in the completion of the purchase transaction. Note that the computing device 40 does not have to be a computer and it can be another mobile terminal such as a smartphone as long as it has network connection with the payment server 30. For example, the user of the computing device 40 may be a parent of the user (e.g. , a teenager child) of the mobile terminal 10 who is on a field trip to a remote area. Although the child user has been allowed to use his/her mobile terminal 10 to purchase goods such as food, the parent may still want to have a final say on whether or not to approve the food chosen by the child if, e.g. , the child may be allergic to certain food. In this case, upon receipt of the payment request, the payment server may need to determine the validity of the payment request. One reason of the validity checking is to determine whether the payment request includes the correct payment authorization information. If not, the payment server should return a message denying the payment request. Another reason of the validity checking is to let the parent at the computing device 40 decide whether the transaction should be completed or not based on the merchandise information provided by the scanning device and included in the payment request.
For example, the payment server extracts the merchandise information from the payment request and forwards it to a second mobile terminal used by the parent of the child purchaser. The merchandise information may identify the type of merchandise or the specific item as well. The parent is then alerted by the arrival of the merchandise information, e.g. , in the form of an instant message transmitted through a social networking platform that is associated with the payment server. Upon receipt of the merchandise information, the parent can decide whether or not to approve the transaction based on, e.g. , the merchandise to be purchased and the payment amount to be spent, and return a payment authorization/denial message to the payment server. Based on the response from the second mobile terminal, the payment server prepares its own payment  acknowledgment message to the scanning device and returns it to the scanning device. The user of the scanning device then proceeds with the purchase transaction according to the payment acknowledgment message.
As noted in the present application, the authorized payment receiving account does not necessarily receive the payment after the scanning device forwards a payment acknowledgment message approving the purchase transaction. Instead, the payment amount of financial instrument may be taken out of an account associated with the user of the mobile terminal 10 or the user of the computing device 40 and put into an escrow account associated with the authorized payment receiving account. By doing so, the user of the mobile terminal 10 is given a second chance of approving the transaction or ranking the service he/she receives in association with the transaction. For example, the user of the mobile terminal 10 may send a payment approval message including an identifier of the payment acknowledgment message it receives from the scanning device 20 within a predefined time window (e.g. , a day or a week) when the mobile terminal 10 is back online. Upon receipt of the payment approval message from the mobile terminal 10, the payment server 30 then completes the transfer of the financial instrument corresponding to the payment amount to the authorized payment receiving account. In some embodiments, the payment server may automatically complete the transfer of the financial instrument corresponding to the payment amount to the authorized payment receiving account without express authorization from the user of the mobile terminal 10, e.g. , when the user of the mobile terminal 10 fails to send the payment approval message within the predefined time window. In some embodiments, the authorized payment receiving account may not need to wait for the approval of the mobile terminal 10 when the user of the computing device 40 has approved the purchase before receiving the financial instrument.
In an embodiment, as shown in FIG. 3, a mobile terminal may generate through encoding, according to the certification information, an authentication code whose type is a graphical code. A scanning device may scan and decode the graphical code to obtain the certification information. The graphical code may be a bar code, a two-dimensional code or other authentication codes of an image type. The mobile terminal may generate the graphical code after receiving a graphical code generation instruction input by a user, and display the graphical code in a picture form. The scanning device may scan the graphical code displayed by the mobile terminal by using a camera, and then decode the read graphical code to obtain the certificate information.
In an embodiment, as shown in FIG. 4, a mobile terminal may generate through encoding, according to the certificate information, an authentication code whose type is a voiceprint. A scanning device may capture and decode the voiceprint to obtain the certificate information. The mobile terminal generates the corresponding voiceprint according to the certification information after receiving a voiceprint generation instruction input by a user, and plays the voiceprint by using a  loudspeaker for display. A nearby scanning device may capture the voiceprint by using a microphone or other devices and decode the voiceprint to obtain the corresponding certificate information.
In an embodiment, as shown in FIG. 5, a mobile terminal may generate through encoding, according to certificate information, an authentication code whose type is an NFC message. A scanning device may sense and decode the NFC message to obtain the certificate information. The NFC message is an authentication code obtained through encoding of an NFC chip. A user may make the mobile terminal close to the scanning device, and then input an NFC message generation instruction. The mobile terminal may encode the certificate information into an NFC message by using the NFC chip after receiving the NFC message generation instruction input by the user, and a nearby scanning device may sense the NFC message by using the NFC chip, and obtain the certification information through decoding.
In this embodiment, the step that the mobile terminal generates certificate information according to the authorization information further includes: the mobile terminal acquiring system parameter information, and generating the certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
The scanning device may decode the certificate information according to the system parameter information to obtain the authorization information.
Further, the mobile terminal may regularly acquire the system parameter information, and update the certificate information according to the system parameter information. In other words, the certificate information on the mobile terminal may be data changing regularly, thereby preventing the certificate information from being repeatedly used by criminals after being stolen.
In an application scenario, the method may be based on a social network application, the user may previously bind his social network account to his online bank account or to his third-party payment account, and after logging on to the social network application on the mobile terminal, obtain corresponding authorization information on the online bank or third-party payment platform, the mobile terminal may acquire a system time, system version information, an equipment identity (an equipment ex-factory number or an International Mobile Equipment Identity (IMEI) code) or a social network account corresponding to the mobile terminal every a preset update cycle of 30 seconds or 1 minute, and then generate the certificate information through encryption according to information such as the authorization information, the system time, the system version information, the equipment identity and the social network account.
For example, if the user first unlocks the screen of the graphical code generated by the mobile terminal according to the certificate information and saves the graphical code as a screenshot,  and then waits for a time of an update cycle over 30 seconds to provide the screenshot for the scanning device for scanning, the scanning device may acquire its own system time, then performs a subtraction operation on the system time and the system time in the read certificate information, and can identify that the graphical code has expired, the read certificate information is an invalid certificate, so that the authorization information cannot be extracted, that is, the scanning device fails to acquire the authorization information.
For another example, after replacing the mobile terminal, the user may upload system version information and/or equipment identity and other information of the mobile terminal after replacement by using a social network application and replace related system parameters of the mobile terminal before replacement stored in the social network application. If the authentication code displayed on the mobile terminal before replacement is displayed to the scanning device for reading, the scanning device may download system version information and/or equipment identity and other information corresponding to the user by using the social network application, and then compare the information with the system parameter information included in the certificate information. As the mobile terminal of the user has been replaced, they do not match, and the authorization information cannot be extracted from the certificate information, that is, the scanning device fails to acquire the authorization information.
In an embodiment, the certificate information may further include a payment threshold. The scanning device may further extract the payment threshold from the certificate information, acquire payment amount, and judge whether the payment amount is greater than the payment threshold, where if yes, acquisition of the authorization information fails.
In an application scenario of providing authorization by using a mobile terminal so as to make payment, a user may set a payment threshold in a social network application corresponding to a user payment account. The mobile terminal may acquire the payment threshold according to the social network application, and then add the payment threshold when generating the certificate information.
A service or commodity provider may input payment amount by using a scanning device and display the payment amount to a user for acknowledgment, and the user may input an authentication code generation instruction after acknowledgment, and display the mobile terminal to the service or commodity provider. After the service or commodity provider reads it by using the scanning device in a physical reception manner, if the payment threshold included in the certificate information is less than the payment threshold, it indicates that financial data to be paid for the consumption of the user exceeds consumer expectations of the user, and thus authorization cannot be provided.
In an embodiment, as shown in FIG. 2, a system for providing authorization by using a mobile terminal includes a mobile terminal 10 and a scanning device 20.
The mobile terminal 10 is used for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
The scanning device 20 is used for reading the authentication code in a physical reception manner to obtain the certificate information, and extracting the authorization information according to the certificate information.
In an embodiment, the mobile terminal 10 is further used for generating through encoding, according to the certification information, an authentication code whose type is a graphical code; and
the scanning device 20 is further used for scanning and decoding the graphical code to obtain the certification information.
In an embodiment, the mobile terminal 10 is further used for generating through encoding, according to certificate information, an authentication code whose type is an NFC message.
The scanning device 20 is further used for sensing and decoding the NFC message to obtain the certificate information.
In an embodiment, the mobile terminal 10 is further used for generating through encoding, according to the certificate information, an authentication code whose type is a voiceprint.
The scanning device 20 is further used for capturing and decoding a voiceprint to obtain the certificate information.
In an embodiment, the mobile terminal 10 is further used for acquiring system parameter information, and generating the certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity; and
the scanning device 20 is further used for decoding the certificate information according to the system parameter information to obtain the authorization information.
In an embodiment, the certificate information further includes a payment threshold.
The scanning device 20 is further used for extracting the payment threshold from the certificate information, acquiring payment amount, and judging whether the payment amount is greater than the payment threshold, where if yes, acquisition of the authorization information fails.
In an embodiment, as shown in FIG. 6, which illustrates a method for making payment by using a mobile terminal, the method relies on a computer program, and runs on a  computer system based on a Von Neumann system. As shown in FIG. 2, the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30. The mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices. The scanning device 20 may be a POS machine with a camera, a microphone or an NFC sensor chip. The payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
The method includes the following steps.
Step S202. A scanning device reads an authentication code generated by the mobile terminal in a physical reception manner and decodes the authentication code to obtain authorization information, acquires payment amount and an authorized payment receiving account, and sends the authorization information, the payment amount and the authorized payment receiving account to a payment server.
As stated previously, the scanning device may include a camera, a microphone or an NFC chip or other sensing devices, and the scanning device may scan a graphical code picture generated by the mobile terminal by using the camera, sense an NFC message generated by the mobile terminal by using the NFC chip or capture a voiceprint sent by a loudspeaker of the mobile terminal by using the microphone to obtain certificate information stored in the mobile terminal, and then obtain authorization information through extraction by decoding the certificate information.
The authorized payment receiving account includes an online bank account, a third-party payment account, a social network account or a network game account or the like of a service provider or a commodity provider. The authorized payment receiving account further includes receiving authorization information previously acquired by the payment server, so as to acknowledge that the service provider or the commodity provider is a financial data receiver having legal identity.
The receiving authorization information may be obtained by using an application to the payment server when the service provider or the commodity provider registers the authorized payment receiving account. The service provider or the commodity provider may submit data such as business information, identity information and security deposit in registration, and after the data passes auditing of the customer service personnel, the receiving authorization information may be distributed to the authorized payment receiving account by using the payment server. The service or commodity provider may store the authorized payment receiving account including the receiving authorization information into the scanning device.
In this embodiment, the payment amount may be obtained through manual input of the service provider or the commodity provider. For example, in an application scenario, the scanning device may be a personal computer with a camera. If a consumer hopes to pay for one-time haircut consumption offline by using a smart phone, a cashier in a barber shop may manually input  payment amount on the personal computer, and display the payment amount to the consumer for acknowledgment, after acknowledgment, the consumer may open an application corresponding to the method on the smart phone, and then display a generated graphical code picture to the cashier, and the cashier may scan the graphical code picture by using the camera on the personal computer so as to obtain authorization information corresponding to the consumer through extraction from the scanning device.
In another embodiment, the payment amount may further be obtained by reading a configuration file. For example, in an application scenario, the scanning device may be a drink vending machine with an NFC chip. When a consumer hopes to buy a bottle of drink offline by using a smart watch, the consumer may first select the drink according to a price on the vending machine, and payment amount corresponding to the price may be stored in a configuration file of the vending machine. Then, the consumer may make the smart watch close to an NFC sensor corresponding to the drink, so as to send certificate information generated by an application corresponding to the method on the smart watch to the vending machine by using NFC. The vending machine may obtain authorization information through extraction, and read the corresponding payment amount according to a drink logo corresponding to the NFC sensor. After subsequent payment succeeds, the vending machine may open a corresponding padlock according to the drink logo corresponding to the NFC sensor, and the consumer may take away the drink to complete the transaction.
In an embodiment, for a mobile terminal and a scanning device having an NFC chip, the scanning device may return a prompt message to the mobile terminal by using NFC before sending the authorization information, the payment amount and the authorized payment receiving account to a payment server, where the prompt information may include information such as product name, product quantity and payment amount. The mobile terminal displays the prompt message after receiving it by using NFC, and returns a payment acknowledge message to the scanning device by using NFC after the user inputs an acknowledgment instruction, and the scanning device sends the authorization information, the payment amount and the authorized payment receiving account to a payment server after receiving the payment acknowledge message.
Step S204. The payment server acquires authorization of a user payment account corresponding to the authorization information, and pays the payment amount from the user payment account to the authorized payment receiving account.
In this embodiment, the payment server may acquire authorization of a corresponding online bank, a third-party payment platform, a social network application or a network game application according to the authorization information, and then pay the payment amount from the user payment account corresponding to the authorization information to the authorized payment  receiving account. The payment amount may correspond to physical currency financial data, or may correspond to virtual currency financial data.
In another embodiment, the user payment amount and the authorized payment receiving account both may be a third-party payment account.
The step of paying the payment amount from the user payment account to the authorized payment receiving account may include:
paying, by the payment server, the payment amount from the user payment account to a third-party guarantee account, and generating a transaction record corresponding to the user payment account and the authorized payment receiving account.
In this embodiment, the payment server receives an uploaded payment acknowledgment instruction, acquires a transaction record corresponding to the payment acknowledgment instruction, acquires an authorized payment receiving account and payment amount corresponding to the transaction record, and pays the payment amount from a third-party guarantee account to the authorized payment receiving account.
In this embodiment, the user may access the payment server according to the user payment account to download the transaction record after the mobile terminal is in a networking state, and upload a payment acknowledgment instruction to the payment server according to the transaction record displayed by the mobile terminal. In other embodiments, the user may also access the payment server according to the user payment account on other networking devices such as a personal computer, a notebook and other devices, and upload a payment acknowledgment instruction.
In other words, after the service or commodity provider reads the authentication code displayed by the mobile terminal in an offline state by using the scanning device to obtain authorization information and uploads the authorization information to the payment server, the payment server does not directly pay financial data corresponding to the payment amount in the user payment account to the authorized payment receiving account, but first pays the financial data to a third-party guarantee account provided by the third-party payment platform. The third-party guarantee account may play a role of guarantee, and only when the consumer is reconnected to the Internet, accesses the payment server by using the mobile terminal or other networking devices to browse the transaction record and acknowledges it, the payment server will pay the financial data corresponding to the payment amount to the authorized payment receiving account from the third-party guarantee account, thereby preventing the service provider or the commodity provider from selling fake and shoddy products.
If the consumer finds that the commodity he buys is a fake product, he may not acknowledge the transaction record, and submit an evidence document to the payment server to apply for arbitration. The customer service personnel may obtain the evidence document by using  the payment server and audit it, and if it passes auditing, may return the payment amount to the user payment account of the consumer after negotiation with a seller corresponding to the authorized payment receiving account. Preferably, if the consumer has not acknowledged the transaction for a long term, the payment amount may be automatically paid to the authorized payment receiving account after a generation time of the transaction record times out.
For example, in an application scenario, the method is based on a social network application. The consumer may log on to the payment server by using a social network application account to view his transaction record, and acknowledge it. If the consumer buys a fake and shoddy product and hopes to be refunded, he may input a refund instruction, and send an evidence document of a type such as pictures, texts or videos to a customer service account by using the social network application. The customer service personnel may receive the evidence document by using the customer service account, and if the evidence document passes auditing, the payment amount may be returned to the user payment account corresponding to the social network application account initiating refund from the third-party guarantee account.
In another embodiment, the payment server receives feedback information uploaded corresponding to the transaction record, regularly acquires a transaction record, acquires an authorized payment receiving account, payment amount and corresponding feedback information corresponding to the transaction account, and pays the payment amount from a third-party guarantee account to the authorized payment receiving account according to the feedback information.
In other words, after being reconnected to the Internet by using the mobile terminal or other terminal devices, the user may access the payment server to browse the transaction record, and add corresponding feedback information, where the feedback information may include evaluation information and/or an evidence document. The payment server may regularly (for example, a weekly, monthly settlement cycle) settle transaction records (that is, migration records of financial data) , to acquire feedback information corresponding to the transaction records. If the feedback information is negative evaluation, to which a corresponding evidence document is attached, the customer service personnel may, after negotiation with the seller, return the payment amount in the third-party guarantee account to the user payment account corresponding to the transaction record.
Preferably, the service provider or the commodity provider corresponding to the authorized payment receiving account may be punished, and the punishment manner may include freezing the account, deducting the security deposit paid by the provider in registration of the authorized payment receiving account, reducing the credit rating or extending the settlement cycle or the like; if the feedback information is positive evaluation or non-evaluation, the payment amount may be paid to the authorized payment receiving account from the third-party payment account.
Preferably, the service provider or the commodity provider may previously upload a commodity price list to the payment server. When settling a transaction record of the authorized payment receiving account, the payment server may judge whether the payment amount corresponding to the transaction record matches the corresponding commodity price list, and if yes, pay the payment amount to the authorized payment receiving account from the third-party guarantee account. For example, a corresponding price value may be searched for in the commodity price list according to a commodity name in the transaction record, and if payment amount matches the price value, the payment amount is paid to the authorized payment receiving account from the third-party guarantee account.
Further, before the step that the payment server pays the payment amount from the user payment account corresponding to the authorization information to the authorized payment receiving account, the method further includes:
acquiring, by the payment server, a receiving threshold corresponding to the authorized payment receiving account, judging whether the payment amount is greater than the receiving threshold, and if yes, returning a notification of payment failure.
The payment server may previously classify authorized payment receiving accounts according to registration information submitted in registration of the authorized payment receiving accounts, and set receiving thresholds for different types of authorized payment receiving accounts respectively. For example, for an authorized payment receiving account of which the type of registration information is convenience store, the receiving threshold corresponding thereto is evidently less than that of the authorized payment receiving account of which the type of registration information is home appliance shopping mall. When settling a transaction record of the authorized payment receiving account, the payment server may judge whether the payment amount corresponding to the transaction record is greater than the receiving threshold corresponding to the authorized payment receiving account, if yes, return a notification of migration failure; and if no, pay the payment amount from the third-party guarantee account to the authorized payment receiving account.
In an embodiment, as shown in FIG. 2, a system for making payment by using a mobile terminal includes a scanning device 20 and a payment server 30.
The scanning device 20 is used for reading an authentication code generated by the mobile terminal in a physical reception manner and decoding the authentication code to obtain authorization information, acquiring payment amount and an authorized payment receiving account, and sending the authorization information, the payment amount and the authorized payment receiving account to the payment server 30.
The payment server 30 is used for acquiring authorization of a user payment account corresponding to the authorization information, and paying the payment amount from the user payment account to the authorized payment receiving account.
In an embodiment, the payment server 30 is further used for paying the payment amount from the user payment account to a third-party guarantee account, and generating a transaction record corresponding to the user payment account and the authorized payment receiving account.
In an embodiment, the payment server 30 is further used for receiving an uploaded payment acknowledgment instruction, acquiring a transaction record corresponding to the payment acknowledgment instruction, acquiring an authorized payment receiving account and payment amount corresponding to the transaction record, and paying the payment amount from a third-party guarantee account to the authorized payment receiving account.
In an embodiment, the payment server 30 is further used for receiving feedback information uploaded corresponding to the transaction record, regularly acquiring a transaction record, acquiring an authorized payment receiving account, payment amount and corresponding feedback information corresponding to the transaction account, and paying the payment amount from a third-party guarantee account to the authorized payment receiving account according to the feedback information.
In an embodiment, the payment server 30 is further used for acquiring a receiving threshold corresponding to the authorized payment receiving account, judging whether the payment amount is greater than the receiving threshold, and if yes, returning a notification of payment failure.
In an embodiment, as shown in FIG. 7, which illustrates an offline payment method, the method relies on a computer program, and runs on a computer system based on a Von Neumann system. As shown in FIG. 2, the computer system may include a mobile terminal 10, a scanning device 20 and a payment server 30. The mobile terminal 10 may be a smart phone, a tablet PC, a handheld computer, a smart watch and other portable terminal devices. The scanning device 20 may be a POS machine with a camera, a microphone or an NFC sensor chip. The payment server 30 may be an online bank server, a third-party payment server or a third-party server as an agent for payment.
The method includes the following steps.
Step S302. A mobile terminal acquires authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receives an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
Step S304. A scanning device reads the authentication code in a physical reception manner and decodes the authentication code to obtain the certificate information, acquires payment  amount and an authorized payment receiving account, and sends the authorization information, the payment amount and the authorized payment receiving account to a payment server.
Step S306. The payment server acquires authorization of a user payment account corresponding to the authorization information, and pays the payment amount from the user payment amount to the authorized payment receiving account.
In an application scenario, as shown in FIG. 8, FIG. 8 shows a complete payment process of the offline payment method.
The mobile terminal regularly acquires system parameter information and authorization information to update the certificate information every a preset update cycle. After the consumer determines a commodity to be bought, the seller may input payment amount in the scanning device and display the payment amount to the consumer for acknowledgment, the consumer may trigger an authentication code generation instruction after acknowledging that the payment account is error-free, and the mobile terminal generates an authentication code such as a graphical code, an NFC message or a voiceprint according to the certificate information.
The scanning device obtains the authorization information through extraction by reading the authentication code, acquires an authorized payment receiving account pre-stored by the seller in the scanning device, and uploads the payment amount, the authorization information and the authorized payment receiving account to the payment server. The payment server may return an ACK (a payment acknowledgment message) to notify the scanning device that uploading is successful. The scanning device may display payment result information indicating payment success.
The payment server may acquire authorization of the consumer according to the authorization information after receiving the payment amount, the authorization information and the authorized payment receiving account, so as to pay the payment amount from the user payment account of the consumer to a corresponding third-party guarantee account (for example, if the user payment account is a TenPay account, the payment amount is 10.00, and the unit is RMB, financial amount of which the amount is 10.00 and the unit is RMB may be paid to a TenPay guarantee account from the user payment account) .
The consumer may subsequently open the network connection of the mobile terminal for networking, then access the payment server to download a transaction record, and upload a payment acknowledgment instruction to acknowledge the transaction record. The payment server may pay the payment amount from a third-party guarantee account to the authorized payment receiving account.
In another application scenario, as shown in FIG. 9, the consumer may subsequently open the network connection of the mobile terminal for networking, then access the payment server to download a transaction record, and upload feedback information corresponding to the transaction  record. The payment server may regularly settle authorized payment receiving accounts according to the feedback information, pay payment amount corresponding to transaction records whose feedback information is positive evaluation to corresponding authorized payment receiving accounts, and punish authorized payment receiving accounts corresponding to transaction records whose feedback information is negative evaluation.
In an embodiment, as shown in FIG. 2, a mobile terminal 10, a scanning device 20 and a payment server 30 are included.
The mobile terminal 10 is used for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
The scanning device 20 is used for reading the authentication code in a physical reception manner and decoding the authentication code to obtain the certificate information, acquiring payment amount and an authorized payment receiving account, and sending the authorization information, the payment amount and the authorized payment receiving account to the payment server.
The payment server 30 is used for acquiring authorization of a user payment account corresponding to the authorization information, and paying the payment amount from the user payment amount to the authorized payment receiving account.
In an embodiment, as shown in FIG. 10, a method for generating an authentication code including authorization information includes the following steps.
Step 402. Acquire authorization information corresponding to a user payment account, to generate certificate information according to the authorization information.
Step 404. Receive an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
In an embodiment, the authentication code generation instruction is a graphical code generation instruction.
The step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
generating an authentication code whose type is a graphical code according to the certificate information.
In an embodiment, the authentication code generation instruction is an NFC message generation instruction.
The step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
generating an authentication code whose type is an NFC message according to the certificate information.
In an embodiment, the authentication code generation instruction is a voiceprint generation instruction.
The step of generating through encoding, according to the certificate information, an authentication code that can be physically received further includes:
generating an authentication code whose type is a voiceprint according to the certificate information.
In an embodiment, the step of generating certificate information according to the authorization information further includes:
acquiring system parameter information and/or a payment threshold, and generating certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
In an embodiment, as shown in FIG. 11, an apparatus for generating an authentication code including authorization information includes:
certificate generating module 102, for acquiring authorization information corresponding to a user payment account, to generate certificate information according to the authorization information; and
an authentication code generating module 104, for receiving an authentication code generation instruction, to generate through encoding, according to the certificate information, an authentication code that can be physically received.
In an embodiment, the authentication code generation instruction is a graphical code generation instruction.
The authentication code generating module 104 is further used for generating an authentication code whose type is a graphical code according to the certificate information.
In an embodiment, the authentication code generation instruction is an NFC message generation instruction.
The authentication code generating module 104 is further used for generating an authentication code whose type is an NFC message according to the certificate information.
In an embodiment, the authentication code generation instruction is a voiceprint generation instruction.
The authentication code generating module 104 is further used for generating an authentication code whose type is a voiceprint according to the certificate information.
In an embodiment, the certificate generating module 102 is further used for acquiring system parameter information and/or a payment threshold, and generating certificate information according to the system parameter information and the authorization information, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
In an embodiment, as shown in FIG. 12, a method for reading authorization information stored in a mobile terminal includes the following steps.
Step S502. Read an authentication code generated by the mobile terminal in a physical manner to obtain certificate information.
Step S504. Extract authorization information according to the certificate information.
In an embodiment, the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
scanning and decoding a graphical code generated by the mobile terminal to obtain the certificate information.
In an embodiment, the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
sensing and decoding an NFC message generated by the mobile terminal to obtain the certificate information.
In an embodiment, the step of reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information further includes:
capturing and decoding a voiceprint generated by the mobile terminal to obtain the certificate information.
In an embodiment, the certificate information includes system parameter information corresponding to the mobile terminal, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
The step of extracting authorization information according to the certificate information further includes:
decoding the certificate information according to the system parameter information to obtain the authorization information.
In an embodiment, the certificate information further includes a payment threshold.
The payment threshold may be extracted from the certificate information, payment amount is acquired, whether the payment amount is greater than the payment threshold is judged, and if yes, acquisition of the authorization information fails.
In an embodiment, as shown in FIG. 13, an apparatus for reading authorization information stored in a mobile terminal includes:
certificate reading module 202, for reading an authentication code generated by the mobile terminal in a physical manner to obtain certificate information; and
an authorization information extracting module 204, for extracting authorization information according to the certificate information.
In an embodiment, the certificate reading module 202 is further used for scanning and decoding a graphical code generated by the mobile terminal to obtain the certificate information.
In an embodiment, the certificate reading module 202 is further used for sensing and decoding an NFC message generated by the mobile terminal to obtain the certificate information.
In an embodiment, the certificate reading module 202 is further used for capturing and decoding a voiceprint generated by the mobile terminal to obtain the certificate information.
In an embodiment, the certificate information includes system parameter information corresponding to the mobile terminal, where the system parameter information includes at least one of a system time, a system version and an equipment identity.
The authorization information extracting module 204 is further used for decoding the certificate information according to the system parameter information to obtain the authorization information.
In an embodiment, the certificate information further includes a payment threshold.
The authorization information extracting module 204 is further used for extracting the payment threshold from the certificate information, acquiring payment amount, and judging whether the payment amount is greater than the payment threshold is judged, where if yes, acquisition of the authorization information fails.
In the method and system for providing authorization by using a mobile terminal, the method and apparatus for generating an authentication code including authorization information, the method and apparatus for acquiring authorization information stored in a mobile terminal, the method and system for making payment by using a mobile terminal and the offline payment method and system, the mobile terminal may first generate certificate information according to authorization information corresponding to a user payment account when in an offline state, and then encode the certificate information into an authentication code that can be physically received after receiving an authentication code generation instruction input by a user; a scanning device may read the authentication code in a physical reception manner by using various types of sensors and extract the corresponding authorization information, so that the mobile terminal may provide authorization corresponding to the user payment account for the scanning device without uploading information authenticating user identity such as password, voiceprint or fingerprint, and the authorization process  does not rely on the network environment, which achieves authorization when the mobile terminal is in an offline state.
While particular embodiments are described above, it will be understood it is not intended to limit the present application to these particular embodiments. On the contrary, the present application includes alternatives, modifications and equivalents that are within the spirit and scope of the appended claims. Numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one of ordinary skill in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
The terminology used in the description of the present application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present application. As used in the description of the present application and the appended claims, the singular forms"a,""an,"and"the"are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will also be understood that the term"and/or"as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. It will be further understood that the terms"includes,""including,""comprises,"and/or"comprising,"when used in this specification, specify the presence of stated features, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, operations, elements, components, and/or groups thereof.
As used herein, the term"if"may be construed to mean"when"or"upon"or"in response to determining"or"in accordance with a determination"or"in response to detecting,"that a stated condition precedent is true, depending on the context. Similarly, the phrase"if it is determined [that a stated condition precedent is true]"or"if [astated condition precedent is true]"or"when [a stated condition precedent is true]"may be construed to mean"upon determining"or"in response to determining"or"in accordance with a determination"or"upon detecting"or"in response to detecting"that the stated condition precedent is true, depending on the context.
Although some of the various drawings illustrate a number of logical stages in a particular order, stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to  be exhaustive or to limit the present application to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the present application and its practical applications, to thereby enable others skilled in the art to best utilize the present application and various embodiments with various modifications as are suited to the particular use contemplated.

Claims (29)

  1. A computer-implemented method, comprising:
    at a computer having one or more processors and memory storing programs executed by the one or more processors,
    receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code;
    generating a payment request using the payment authorization information, a payment amount and an authorized payment receiving account;
    sending the payment request to a remote payment server;
    receiving a payment acknowledgment message from the remote payment server; and
    forwarding the payment acknowledgment message to the mobile terminal.
  2. The computer-implemented method of claim 1, wherein the authentication code received from the mobile terminal has an associated time-to-live, the method further comprising:
    extracting the time-to-live from the authentication code;
    comparing the time-to-live with a current timestamp to determine whether the authentication code is valid or not; and
    generating the payment request when the authentication code is deemed to be valid.
  3. The computer-implemented method of claim 2, wherein the authentication code received has been encoded by the mobile terminal using the time-to-live and extracting payment authorization information from the authentication code further comprises:
    decoding the authentication code into certificate information using the time-to-live when the authentication code is deemed to be valid; and
    extracting the payment authorization information from the certificate information.
  4. The computer-implemented method of claim 1, wherein the authentication code is generated by the mobile terminal as follows:
    while the mobile terminal is in the offline state:
    receiving a user instruction to generate the authentication code;
    in response to the user instruction:
    determining a time-to-live based on a current timestamp of the mobile terminal and identifying payment authorization information for the authentication code;
    generating the certificate information using the identified payment authorization information and encoding the certificate information into the authentication code using the time-to-live.
  5. The computer-implemented method of claim 4, wherein the payment authorization information is generated by the remote payment server and downloaded into the mobile terminal while the mobile terminal is in an online state.
  6. The computer-implemented method of claim 5, wherein the payment authorization information includes a maximum authorized payment amount and a payment authorization time window.
  7. The computer-implemented method of claim 1, wherein the authentication code from the mobile terminal includes the payment amount.
  8. The computer-implemented method of claim 1, wherein the payment request further includes merchandise information and the remote payment server is configured to forward the merchandise information and the payment amount to a second mobile terminal, receive a payment authorization/denial message from the second mobile terminal and then generate the payment acknowledgment message based on the payment authorization/denial message.
  9. The computer-implemented method of claim 8, wherein the payment amount of financial instrument is transferred to the authorized payment receiving account after the payment server receives the payment authorization/denial message from the second mobile terminal.
  10. The computer-implemented method of claim 1, wherein the payment amount of financial instrument is transferred to the authorized payment receiving account after the payment acknowledgment message is approved by an end user of the mobile terminal while the mobile terminal is in an online state.
  11. A computer-implemented method, comprising:
    at a computer server having one or more processors and memory storing programs executed by the one or more processors,
    receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal;
    determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and
    returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
  12. The computer-implemented method of claim 11, wherein the payment authorization information is generated by the payment server in response to a request from the mobile terminal and downloaded into the mobile terminal while the mobile terminal is in an online state.
  13. The computer-implemented method of claim 12, wherein the payment authorization information includes a maximum authorized payment amount.
  14. The computer-implemented method of claim 11, wherein the payment request further includes merchandise information, the method further comprising:
    after receiving the payment request:
    forwarding the merchandise information and the payment amount to a second mobile terminal;
    receiving a payment authorization/denial message from the second terminal; and
    generating the payment acknowledgment message based on the payment authorization/denial message.
  15. The computer-implemented method of claim 14, further comprising:
    in response to receiving a payment authorization message from the second terminal, transferring the payment amount of financial instrument to the authorized payment receiving account.
  16. The computer-implemented method of claim 11, further comprising:
    receiving a payment approval message from the mobile terminal after the payment acknowledgment message is approved by an end user of the mobile terminal while the mobile terminal is in an online state; and
    transferring the payment amount of financial instrument to the authorized payment receiving account.
  17. A computer system, comprising:
    one or more processors;
    memory; and
    one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions for:
    receiving a payment request from a remote computer, the payment request including payment authorization information, a payment amount and an authorized payment receiving account and the payment authorization information coming from a mobile terminal;
    determining validity of the payment request based on the payment authorization information, the payment amount and the authorized payment receiving account; and
    returning a payment acknowledgment message to the remote computer in accordance with a validity determination result of the payment request, wherein the remote computer is configured to forward the payment acknowledgment message to the mobile terminal.
  18. The computer system of claim 17, wherein the payment authorization information is generated by the computer system in response to a request from the mobile terminal and downloaded into the mobile terminal while the mobile terminal is in an online state.
  19. The computer system of claim 18, wherein the payment authorization information includes a maximum authorized payment amount and a payment authorization time window.
  20. The computer system of claim 17, wherein the payment request further includes merchandise information, and the one or more program modules further include instructions for:
    after receiving the payment request:
    forwarding the merchandise information and the payment amount to a second mobile terminal;
    receiving a payment authorization/denial message from the second terminal; and
    generating the payment acknowledgment message based on the payment authorization/denial message.
  21. The computer system of claim 20, wherein the one or more program modules further include instructions for:
    in response to receiving a payment authorization message from the second terminal, transferring the payment amount of financial instrument to the authorized payment receiving account.
  22. The computer system of claim 17, wherein the one or more program modules further include instructions for:
    receiving a payment approval message from the mobile terminal after the paymentacknowledgment message is approved by an end user of the mobile terminal while the mobileterminal is in an online state; and
    transferring the payment amount of financial instrument to the authorized payment receiving account.
  23. A computing device, comprising:
    one or more processors;
    memory; and
    one or more programs stored in the memory and configured for execution by the one or more processors, the one or more programs including instructions for:
    receiving an authentication code from a mobile terminal while the mobile terminal is in an offline state and extracting payment authorization information from the authentication code;
    generating a payment request using the payment authorization information, a payment amount and an authorized payment receiving account;
    sending the payment request to a remote payment server;
    receiving a payment acknowledgment message from the remote payment server; and
    forwarding the payment acknowledgment message to the mobile terminal.
  24. The computing device of claim 23, wherein the authentication code received from the mobile terminal has an associated time-to-live, and the one or more programs further include instructions for:
    extracting the time-to-live from the authentication code;
    comparing the time-to-live with a current timestamp to determine whether the authentication code is valid or not; and
    generating the payment request when the authentication code is deemed to be valid.
  25. The computing device of claim 24, wherein the authentication code received has been encoded by the mobile terminal using the time-to-live and the instruction for extracting payment authorization information from the authentication code further comprises instructions for:
    decoding the authentication code into certificate information using the time-to-live when the authentication code is deemed to be valid; and
    extracting the payment authorization information from the certificate information.
  26. The computing device of claim 23, wherein the authentication code from the mobile terminal includes the payment amount.
  27. The computing device of claim 23, wherein the payment request further includes merchandise information and the remote payment server is configured to forward the merchandise information and the payment amount to a second mobile terminal, receive a payment authorization/denial message from the second mobile terminal and then generate the payment acknowledgment message based on the payment authorization/denial message.
  28. The computing device of claim 27, wherein the payment amount of financial instrument istransferred to the authorized payment receiving account after the payment server receives the payment authorization/denial message from the second mobile terminal.
  29. The computing device of claim 23, wherein the payment amount of financial instrument is transferred to the authorized payment receiving account after the payment acknowledgment message is approved by an end user of the mobile terminal while the mobile terminal is in an online state.
PCT/CN2014/085992 2013-09-18 2014-09-05 Method and system for providing authorization by using mobile terminal WO2015039568A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310430889.2A CN104063790B (en) 2013-09-18 2013-09-18 The method and system for authorizing are provided by mobile terminal
CN201310430889.2 2013-09-18

Publications (1)

Publication Number Publication Date
WO2015039568A1 true WO2015039568A1 (en) 2015-03-26

Family

ID=51551488

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/085992 WO2015039568A1 (en) 2013-09-18 2014-09-05 Method and system for providing authorization by using mobile terminal

Country Status (2)

Country Link
CN (2) CN107194697B (en)
WO (1) WO2015039568A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106789839A (en) * 2015-11-20 2017-05-31 北京奇虎科技有限公司 The method and device that mobile terminal safety pays
CN110838012A (en) * 2018-08-16 2020-02-25 腾讯科技(深圳)有限公司 Payment method, storage medium and related equipment
US10573115B2 (en) 2016-01-21 2020-02-25 Leadot Innovation, Inc. Cloud coin slot device capable of supporting a third party payment function
RU2727158C1 (en) * 2016-06-20 2020-07-21 Алибаба Груп Холдинг Лимитед Offline payment method and device
CN111613228A (en) * 2020-04-15 2020-09-01 上海雷尘智能科技有限公司 Identity and content recognition system based on voiceprint codes
CN111833043A (en) * 2015-05-25 2020-10-27 创新先进技术有限公司 Information interaction method, equipment and server
WO2021070177A3 (en) * 2019-10-10 2021-06-03 Cardlatch Ltd. System and method for authenticating devices
CN113095816A (en) * 2016-06-01 2021-07-09 创新先进技术有限公司 Mobile payment method, device and system
CN113781039A (en) * 2021-08-23 2021-12-10 广西申能达智能技术有限公司 Payment system binding all-purpose card and mobile phone

Families Citing this family (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230196328A1 (en) * 2013-02-14 2023-06-22 Advanced New Technologies Co., Ltd. Data interaction method and device, and offline credit payment method and device
CN105376203B (en) * 2014-08-26 2019-11-05 阿里巴巴集团控股有限公司 The processing method of interactive information, apparatus and system
US10062072B2 (en) * 2014-12-19 2018-08-28 Facebook, Inc. Facilitating sending and receiving of peer-to-business payments
CN104537529B (en) * 2015-01-15 2018-04-27 上海亘好信息技术有限公司 A kind of live offline electronic payment transaction system and method based on portable terminal device general-purpose interface
CN105631667A (en) * 2015-08-05 2016-06-01 宇龙计算机通信科技(深圳)有限公司 Authentication method, device and system
CN106535082B (en) * 2015-09-09 2021-07-06 腾讯科技(深圳)有限公司 Data processing method, device and system
CN106779673B (en) * 2015-11-23 2021-07-09 南京星云数字技术有限公司 Electronic payment method and system
WO2017166135A1 (en) * 2016-03-30 2017-10-05 华为技术有限公司 Transaction method, transaction information processing method, transaction terminal and server
CN106096947B (en) * 2016-06-08 2019-10-29 广东工业大学 The half off-line anonymous method of payment based on NFC
EP3340196A1 (en) * 2016-12-23 2018-06-27 Qbo Coffee GmbH Method for operating a machine for making beverages, machine for making beverages and computer program
CN107194676A (en) * 2017-05-05 2017-09-22 北京库神信息技术有限公司 A kind of virtual coin store transaction system and its application method
CN107277068B (en) * 2017-08-14 2020-01-03 福建米客互联网科技有限公司 Identity recognition method and terminal
CN107679853A (en) * 2017-09-29 2018-02-09 南京中高知识产权股份有限公司 Offline electronic payment system and its method of work
CN107911352B (en) * 2017-11-06 2020-09-08 湖南微算互联信息技术有限公司 Authorization method of cloud mobile phone
CN109816363A (en) * 2017-11-21 2019-05-28 富泰华工业(深圳)有限公司 The processing unit and method of storage medium, commodity transaction information
TWI690882B (en) * 2017-11-21 2020-04-11 鴻海精密工業股份有限公司 Storage medium, device and method for processing commodity trading information
CN108564359B (en) * 2018-02-24 2020-10-16 创新先进技术有限公司 Data processing method, terminal equipment and data processing system
CN108647944B (en) * 2018-05-22 2021-10-12 创新先进技术有限公司 Data processing method and device in online payment process
CN109902473B (en) * 2019-02-27 2021-09-07 Oppo广东移动通信有限公司 Pattern generation method, pattern generation device and mobile terminal
CN110245936A (en) * 2019-05-14 2019-09-17 阿里巴巴集团控股有限公司 The self-service contracting method of mobile payment, device and system
CN111522541B (en) * 2020-01-17 2023-08-01 中国银联股份有限公司 Graphical code generation method and device and computer readable storage medium
CN111815318A (en) * 2020-06-17 2020-10-23 衡水海博云科技有限公司 Equipment, system and method for aggregated payment
CN113344572A (en) * 2021-06-23 2021-09-03 支付宝(杭州)信息技术有限公司 Offline payment method, device and equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012135026A1 (en) * 2011-03-25 2012-10-04 T-Mobile Usa, Inc. Service enhancements using near field communication
CN102831734A (en) * 2011-06-15 2012-12-19 上海博路信息技术有限公司 Payment method of mobile terminal client
CN103268547A (en) * 2013-06-04 2013-08-28 北京邮电大学 NFC (Near Field Communication) mobile phone payment system with fingerprint authentication mechanism

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090127332A1 (en) * 2007-11-16 2009-05-21 Kyung Yang Park System for processing payment employing off-line transaction approval mode of mobile card and method thereof
CN101236673B (en) * 2008-03-07 2012-08-22 北京握奇数据系统有限公司 Method for accomplishing electronic purse off-line charging, complex function card and authorization carrier
CN101976402A (en) * 2010-09-08 2011-02-16 无锡中星微电子有限公司 Mobile phone payment system and method
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone
CN102903045A (en) * 2011-07-25 2013-01-30 上海博路信息技术有限公司 Offline payment method with internet manner
CN103218717B (en) * 2013-05-13 2017-07-11 李万君 Credit authorization method based on planar code

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012135026A1 (en) * 2011-03-25 2012-10-04 T-Mobile Usa, Inc. Service enhancements using near field communication
CN102831734A (en) * 2011-06-15 2012-12-19 上海博路信息技术有限公司 Payment method of mobile terminal client
CN103268547A (en) * 2013-06-04 2013-08-28 北京邮电大学 NFC (Near Field Communication) mobile phone payment system with fingerprint authentication mechanism

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111833043B (en) * 2015-05-25 2024-04-19 创新先进技术有限公司 Information interaction method, equipment and server
CN111833043A (en) * 2015-05-25 2020-10-27 创新先进技术有限公司 Information interaction method, equipment and server
CN106789839A (en) * 2015-11-20 2017-05-31 北京奇虎科技有限公司 The method and device that mobile terminal safety pays
CN106789839B (en) * 2015-11-20 2021-09-28 北京奇虎科技有限公司 Method and device for secure payment of mobile terminal
US10573115B2 (en) 2016-01-21 2020-02-25 Leadot Innovation, Inc. Cloud coin slot device capable of supporting a third party payment function
CN113095816A (en) * 2016-06-01 2021-07-09 创新先进技术有限公司 Mobile payment method, device and system
US11195167B2 (en) 2016-06-20 2021-12-07 Advanced New Technologies Co., Ltd. Offline payment method and device
RU2727158C1 (en) * 2016-06-20 2020-07-21 Алибаба Груп Холдинг Лимитед Offline payment method and device
US11250412B2 (en) 2016-06-20 2022-02-15 Advanced New Technologies Co., Ltd. Offline payment method and device
CN110838012B (en) * 2018-08-16 2023-09-19 腾讯科技(深圳)有限公司 Payment method, storage medium and related equipment
CN110838012A (en) * 2018-08-16 2020-02-25 腾讯科技(深圳)有限公司 Payment method, storage medium and related equipment
WO2021070177A3 (en) * 2019-10-10 2021-06-03 Cardlatch Ltd. System and method for authenticating devices
CN111613228A (en) * 2020-04-15 2020-09-01 上海雷尘智能科技有限公司 Identity and content recognition system based on voiceprint codes
CN113781039A (en) * 2021-08-23 2021-12-10 广西申能达智能技术有限公司 Payment system binding all-purpose card and mobile phone

Also Published As

Publication number Publication date
CN104063790B (en) 2017-07-07
CN107194697A (en) 2017-09-22
CN107194697B (en) 2019-10-25
CN104063790A (en) 2014-09-24

Similar Documents

Publication Publication Date Title
WO2015039568A1 (en) Method and system for providing authorization by using mobile terminal
US10915906B2 (en) System and method for facilitating secure self payment transactions of retail goods
US20210406857A1 (en) Consumer device based point-of-sale
US20220253825A1 (en) Peer-to-peer payment processing
US20200320512A1 (en) Consumer device based point-of-sale
US11127009B2 (en) Methods and systems for using a mobile device to effect a secure electronic transaction
KR101797887B1 (en) Method, user terminal, and service terminal for processing service data
US11049096B2 (en) Fault tolerant token based transaction systems
WO2015103971A1 (en) Method and system for verifying transactions using a smart card
US20160019528A1 (en) System and method for payment and settlement using barcode
US20130238503A1 (en) System and method to manage information for conducting secure transactions
US20130198079A1 (en) Verification of Online Transactions
US20160117656A1 (en) Data batch processing method and system
US20140263630A1 (en) Systems and methods for processing a financial transaction
US20210166215A1 (en) Method for performing a contactless payment transaction
TWI642012B (en) Matching transaction information for payment
US20220270075A1 (en) Method for performing a contactless payment transaction
KR102081353B1 (en) Apparatus of providing remote ordering service

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14845130

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 30-06-16

122 Ep: pct application non-entry in european phase

Ref document number: 14845130

Country of ref document: EP

Kind code of ref document: A1