WO2015101310A1 - Service processing method, device and system - Google Patents

Service processing method, device and system Download PDF

Info

Publication number
WO2015101310A1
WO2015101310A1 PCT/CN2014/095771 CN2014095771W WO2015101310A1 WO 2015101310 A1 WO2015101310 A1 WO 2015101310A1 CN 2014095771 W CN2014095771 W CN 2014095771W WO 2015101310 A1 WO2015101310 A1 WO 2015101310A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user
terminal
service
identity information
Prior art date
Application number
PCT/CN2014/095771
Other languages
French (fr)
Chinese (zh)
Inventor
李茂材
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2015101310A1 publication Critical patent/WO2015101310A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • the present invention relates to the field of computer information processing technologies, and in particular, to a service processing method, apparatus, and system.
  • the security processing methods include a security card and a password protection medium for a commercial bank or a personal online banking with a USB (Universal Serial Bus) interface.
  • the password protection medium may be a U-Shield or the like.
  • the security processing method of the security card generally after the user inputs the transaction password, the digital combination of the corresponding position in the security card is input according to the prompt of the server to verify the identity of the user.
  • the U shield is implemented by online bank transfer to initiate payment. First, insert the U shield into the terminal's USB interface. After verifying that the U shield is legal, notify the user to enter the payment password instead of directly entering the password.
  • the security processing method in the prior art needs hardware support such as a security card or a U shield, and the cost is high, and the security card and the U shield are separated from the payment terminal, and the user needs to carry it at any time, and cannot be lost, otherwise it cannot be The payment is completed, and the operation process is relatively complicated.
  • the technical problem to be solved by the embodiments of the present invention is to provide a service processing method, a terminal, and The system can realize secure business processing conveniently and quickly.
  • an embodiment of the present invention provides a service processing method, including:
  • the first terminal acquires the first identity information
  • the second terminal reads the first identity information from the first terminal, acquires service information of the user, and generates a service processing request that includes the first identity information and the service information.
  • the server After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service indicated by the service information in the service processing request.
  • the embodiment of the invention further provides another service processing method, including:
  • the first terminal acquires the first identity information
  • the notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
  • the embodiment of the invention further provides another service processing method, including:
  • the second terminal reads the first identity information from the first terminal
  • embodiments of the present invention also provide a terminal, including a memory, and one or more programs, wherein one or more programs are stored in a memory and configured to be executed by one or more processors An instruction contained in one or more programs for performing the following methods:
  • the notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
  • Another embodiment of the present invention provides a terminal, including a processor and a transmitter:
  • the processor is configured to read the first identity information from the first terminal, obtain the service information of the user, and generate a service processing request that includes the first identity information and the service information;
  • the sender is configured to send the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
  • the embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores a program, and when the program is executed, the method includes the above method.
  • the embodiment of the present invention further provides a service processing system, including: a first terminal, a server, and a second terminal, where
  • the first terminal is configured to acquire first identity information.
  • the second terminal is configured to read the first identity information from the first terminal, obtain service information of the user, and generate a service processing request that includes the first identity information and the service information;
  • the server is configured to: after receiving the service processing request, perform authentication on the first identity information in the service processing request, and after the authentication is passed, process the service information in the service processing request business.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • FIG. 1 is a schematic flowchart of a service processing method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of another service processing method according to an embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of another service processing method according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an interaction process of a method for completing a service according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart diagram of still another service processing method according to an embodiment of the present invention.
  • FIG. 6 is a schematic flowchart of still another service processing method according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a service processing system according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
  • FIG. 9 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present invention.
  • FIG. 10 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of another service processing apparatus according to an embodiment of the present invention.
  • FIG. 12 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
  • FIG. 1 is a schematic flowchart of a service processing method according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be specifically applied to types such as payment transaction processing.
  • the method in the embodiment of the present invention includes:
  • S101 The first terminal acquires the first identity information.
  • the first identity information includes user information and a user identifier for marking the user information.
  • the user information may include terminal information of the first terminal and user account information of the user corresponding to the first terminal, where the terminal information of the first terminal may be the first IP address of the terminal (Internet Protocol, protocol exchanged between networks), etc.
  • the user information is stored locally in the first terminal, and the first terminal directly obtains user information from the local.
  • the first terminal can obtain the user tag by using the following two methods, including:
  • the first terminal acquires user information, and invokes a preset tag generation module to generate a user tag for marking the user information, thereby obtaining first identity information including the user information and the user tag.
  • the tag generation module is pre-installed and configured in the first terminal, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the user corresponding to the first terminal.
  • the server that needs to verify the user tag, the user information of the first terminal and the tag generating module that matches the tag generating module in the first terminal are also bound, and the server may pass the matching tag.
  • the generating module verifies the user tag of the first terminal.
  • the second terminal acquires the user information, sends the user information to the server, and causes the server to generate a user identifier for marking the user information, and receives the user identifier sent by the server, thereby obtaining the user information and the location.
  • the first identity information of the user tag is not limited to the user information, sends the user information to the server, and causes the server to generate a user identifier for marking the user information, and receives the user identifier sent by the server, thereby obtaining the user information and the location.
  • the server After generating the user tag, the server also obtains first identity information including the user tag and the user information and stores the first identity information.
  • the first terminal may further encrypt the first identity information, and send the encrypted first identity information to the second terminal by wire or wireless, or the first terminal encrypts the first identity.
  • An identity information is encoded to obtain information such as a graphic code, a voice signal, and the like for indicating the first identity information, so as to be notified to the second terminal.
  • the user of the first terminal includes a user who requests a service, such as a paying party user who purchases a service or an item, and the user of the second terminal provides a user for a service, such as various merchants.
  • a service such as a paying party user who purchases a service or an item
  • the user of the second terminal provides a user for a service, such as various merchants.
  • the second terminal reads the first identity information from the first terminal, and obtains service information of the user, and generates a service processing request including the first identity information and the service information, to the server. Sending the business processing request.
  • the second terminal may correspondingly scan the graphic code, or receive the voice information and parse the encrypted first identity information, or receive the encrypted first identity information by wire or wirelessly.
  • the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal directly extracts and enters the service information related to the user of the first terminal, for example,
  • the user of the second terminal can extract and input the order information of the transaction with the user of the first terminal through the displayed human-machine interface; the second terminal can also process the first identity information, and extract the user information of the first terminal therein. Then, based on the user information, the corresponding business information such as an order is automatically found.
  • the service information includes at least a user account information and a transfer value of the user corresponding to the second terminal, and the transfer value may be a transaction amount in the transaction scenario.
  • the second terminal After the first identity information and the service information are obtained, the second terminal generates a service. Processing the request to request the related server to perform business processing on the service information based on the first identity information.
  • the service processing request is generated in S102, the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user may be added to the related server.
  • the server After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service information in the service processing request. Business.
  • the server After receiving the service processing request of the service providing user such as a merchant, the server extracts the first identity information and the service information in the service processing request, and then may use the first and second modes to process the first identity information. Perform authentication, including.
  • the server acquires a tag generation module that is bound to the user information in the first identity information, and the first identity information is authenticated by the tag generation module.
  • the server may verify the first identity information based on an existing manner about digital certificate verification, and the server passes the first identity information
  • the digital certificate bound by the user information is used to verify the information integrity of the corresponding user tag.
  • the user information such as the terminal information and the user account information is verified, and if the verification is passed, the first is The first identity information authentication of the terminal is passed.
  • the server may be based on a specific token value of the user tag (eg, a number of a specified time period), and then according to the first identity information in the server.
  • Corresponding user information is bound to the dynamic token, and the corresponding token value is obtained.
  • the user token is verified by comparing the two, and after the verification is passed, the user information such as terminal information and user account information is verified. After the verification is passed, the first identity information of the first terminal is authenticated and passed.
  • the server determines whether the first identity information is stored locally, and if so, authenticates the first identity information.
  • the server Since the first identity information is generated by the first terminal requesting server, and the server also saves a copy after the generation, the first identity information in the service processing request is also saved in the server, indicating that the first identity information is the first one.
  • the terminal is authorized to the second terminal, so after the first identity information is authenticated, the service indicated by the service information in the service processing request can be processed.
  • the server further needs to verify the second identity information, and the specific verification mode may also complete the verification based on the digital certificate or the dynamic token.
  • the server After verifying the first identity information, or the first identity information and the second identity information, the server initiates a service processing process according to the service information in the first identity information, for example, if the first identity information is used.
  • the service information in the process is the order information
  • the process of paying the user information in the first identity information is initiated according to the order information, and the information is exchanged with the user corresponding to the user information in the first identity information and the related payment server and the bank server.
  • the first identity information sent by the second terminal is authenticated by the server, and the authentication is passed, indicating that the first identity information is authorized by the first terminal to the second terminal, and then the service processing process can be performed, and the implementation is not required.
  • the password can be used to authenticate the user of the first terminal.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • FIG. 2 is a schematic flowchart of another service processing method according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be applied to, for example, payment transaction processing.
  • the method of the embodiment of the present invention includes:
  • S201 The first terminal submits an authentication request including user information, where the verification request includes user information of the first terminal.
  • the user information may include user account information of the user corresponding to the first terminal and terminal information of the first terminal, and may also include other information that can mark the user.
  • the server After receiving the verification request, the server acquires a mark generation module for generating a user mark, and binds the stored user information and the obtained mark generation module.
  • the tag generation module can be a digital certificate module or a dynamic token generation module.
  • the server may digitally sign the user information to obtain a digital certificate by using a preset digital signature algorithm, and form a digital certificate module by using a preset digital signature algorithm and the digital certificate; or,
  • the preset token generation algorithm processes the user information to obtain a dynamic token, and the preset token generation algorithm and the dynamic token form a dynamic token generation module.
  • the first terminal may submit user account information, terminal information, and other user information that can mark the user, requesting the server to allocate a corresponding digital certificate, dynamic token, etc. to the first terminal to obtain installation data for generating the user token.
  • the package generates a tag generation module.
  • the server Before obtaining the mark generation module, the server also verifies the user information submitted by the user, including the user password verification. After the verification is passed, the installation data packet for generating the user tag is obtained for the first terminal, and the server executes the installation data. The packet is sent to the first terminal by a packet generation module such as a digital certificate module and a dynamic token module on the server side.
  • a packet generation module such as a digital certificate module and a dynamic token module on the server side.
  • S203 The server sends, to the first terminal, an installation data packet corresponding to the acquired tag generation module for generating a user tag.
  • the first terminal After receiving the installation data packet for generating the user identifier, the first terminal presets the label generation module according to the installation data package for generating the user identifier.
  • the tag generation module according to the installation data package preset for generating a user tag includes: a digital certificate module and/or a dynamic token generation module.
  • the first terminal After receiving the installation data packet of the digital certificate module or the dynamic token generation module, the first terminal obtains a digital certificate module or a dynamic token generation module based on the installation data package, thereby obtaining a mark generation module and completing the mark generation module. Preset.
  • the S201 to S204 are preset processes of the tag generation module of the first terminal.
  • the first terminal acquires user information, and invokes a preset tag generation module to generate a user tag for marking the user information, to obtain first identity information including the user information and the user tag.
  • the user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account, or some other security-enhanced user information.
  • the first terminal may obtain user information by providing a user interface to request user input, or directly extract the user account that the current user logs in in the first terminal and the terminal information of the first terminal, and the terminal information may be an IP address and/or Terminal identification such as mobile phone number.
  • the preset mark generation module in the S205 when the preset mark generation module includes the digital certificate module, the preset mark generation module in the S205 generates a user mark for marking the user information, including: calling the preset The tag generating module generates digital signature information for marking the user information as a user tag; when the preset tag generating module includes a dynamic token generating module, the tag generating module that is preset in the S205 is generated for the tagging
  • the user tag of the user information includes: calling the preset tag generation module to generate token information corresponding to the current time for marking the user information as a user tag.
  • the digital certificate module includes a digital signature algorithm and a digital certificate, and the first terminal invokes the preset digital certificate module to generate an operation for marking the digital signature information of the user information, which may be: according to the digital certificate, by the digital signature
  • the algorithm digitally signs the user information to obtain digital signature information for marking the user information.
  • the dynamic token generating module includes a dynamic token and a token generating algorithm, and the operation of the first terminal invoking the preset dynamic token module to generate token information for marking the user information may be: according to the dynamic token,
  • the user information is processed by the token generation algorithm to obtain token information for marking the user information.
  • the first terminal may encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information.
  • Information such as a graphic code or a voice signal indicating the first identity information is obtained to facilitate notification to the second terminal.
  • the first timestamp before the first terminal encrypts the first identity information, the first timestamp may be obtained, the first timestamp is added to the first identity information, and then the first time is added.
  • the first identity information of the stamp is encrypted.
  • the first terminal notifies the second terminal of the first identity information in a graphic code manner.
  • the method further includes: the first terminal adds a timestamp to the first identity information; and the first terminal generates a graphic code according to the first identity information added with a timestamp, So that the second terminal reads the first identity information from the first terminal by scanning a graphic code.
  • S206 The second terminal reads the first identity information from the first terminal.
  • the second terminal acquires service information of a user corresponding to the first terminal, where the service information includes order information corresponding to the user.
  • the service information is service information such as order information obtained after the first terminal user (service originating user) and the second terminal user (service providing user) negotiate.
  • the second terminal searches for the corresponding information of the stored user information and the service information by using the user information as a key, and obtains the service information corresponding to the user information, and if not, the service corresponding to the user information is not found.
  • the information may be further requested by the user corresponding to the second terminal to manually input the service information corresponding to the user of the first terminal, so as to perform S208 described below.
  • the service information includes order information corresponding to the user information, and the order information may include user account information and a transfer value of the user corresponding to the second terminal, where the transfer value may be a transaction amount.
  • the second terminal acquires second identity information that is used to identify the identity of the second terminal user.
  • the second terminal can also obtain the mark generation module of the second terminal according to the same processing manners as S201 to S204, and the second terminal obtains the user mark corresponding to the second terminal user information by using the mark generation module, and the second terminal
  • the user tag and user information of the terminal are used as the second identity information.
  • the second terminal generates a service processing request, where the service processing request includes the first identity information and the service information, and further includes the second identity information.
  • the second terminal sends the first identity information, the service information, and the second identity information to the server together with the service processing request.
  • the second terminal adds the time information corresponding to the timestamp to the service processing request and sends the time information to the server.
  • the server After receiving the service processing request, the server authenticates the user identifier and the user information included in the first identity information in the service processing request, and after the authentication is passed, processes the The service processes the service indicated by the service information in the request.
  • the server After receiving the service processing request, the server performs authentication verification on the first identity information and the second identity information based on the corresponding bound digital certificate, dynamic token, etc., and after the authentication is passed, initiates the Business process flow of business information.
  • the server obtains the first identity information in the service processing request and a tag generating module that is bound to the user information in the first identity information, and the first identity information is authenticated by the tag generating module.
  • the tag generation module is a digital certificate module
  • the digital certificate module includes a digital certificate and a digital signature algorithm
  • the server digitally signs the user information in the first identity information according to the digital certificate to obtain a digital signature.
  • the information is verified by the first identity information if the digital signature information is the same as the user identifier in the first identity information; otherwise, the first identity information is not verified.
  • the tag generation module is a dynamic token module
  • the dynamic token module includes a dynamic token and a token generation algorithm
  • the server processes the user information in the first identity information by using the token generation algorithm according to the dynamic token.
  • the token information is obtained. If the generated token information is the same as the user identifier in the first identity information, the first identity information is verified to pass, otherwise, the first identity convenience store verification fails.
  • the server further determines, according to the preset validity period rule, the validity period of the first identity based on the time information and the current time information, if the validity period is within the validity period. And performing authentication verification on the first identity information; otherwise, sending a service processing error prompt to the second terminal.
  • the first identity information can be determined as follows, as follows:
  • the server obtains the current second timestamp, and calculates a time difference between the second timestamp and the first timestamp in the first identity information. If the time difference does not exceed the preset time threshold, determining that the first identity information is valid, otherwise, It is determined that the first identity information is invalid, and the preset time threshold may be 3 minutes, 4 minutes, or 5 minutes, and the like.
  • the user information in the first identity information includes the user account information of the user corresponding to the first terminal
  • the service information in the service processing request includes the user account information and the transfer value of the user corresponding to the second terminal.
  • the server obtains, according to the user account information of the user corresponding to the first terminal and the user account information corresponding to the second terminal, the first resource value included in the user account of the user corresponding to the first terminal, and the user account of the user corresponding to the second terminal, respectively.
  • the second resource value is obtained by subtracting the transfer value from the first resource value and adding the transfer value to the second resource value.
  • the first resource value and the second resource value are both the amount
  • the transfer value is the transaction amount, that is, the transaction amount is transferred from the user account of the user corresponding to the first terminal to the second terminal. In the user's user account.
  • the embodiment of the present invention generates a user tag by presetting a corresponding tag generating module, such as a digital certificate, a dynamic token, and the like, and completes the interaction and processing between the terminals of the two parties by using the method steps of the embodiment of the present invention.
  • a corresponding tag generating module such as a digital certificate, a dynamic token, and the like.
  • the processing of the corresponding business satisfies the requirements of user automation and intelligence, and does not require additional hardware products such as a secret security card or U shield, which saves the overhead and ensures that the user does not carry or lose the security card or Unable to pay for hardware products such as U-Shield.
  • FIG. 3 is a schematic flowchart of another service processing method according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be applied to, for example, payment transaction processing.
  • the method of the embodiment of the present invention includes:
  • S301 The first terminal acquires user information, and sends the user information to the server.
  • the first terminal detects the service processing operation performed by the user in the human-machine interface for processing the service (such as when the related function button is clicked). That is to start to get user information.
  • the user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account, or some other security-enhanced user information.
  • the first terminal may obtain the user information entered by the user in the human-machine interface, or directly extract the user account that the current user logs in in the first terminal and the terminal information of the first terminal, and the terminal information may be an IP address and/or a mobile phone number. Wait.
  • the server After receiving the user information, the server acquires a user identifier for marking the user information, and sends the user identifier to the first terminal.
  • the server may digitally sign the user information by using a preset digital signature algorithm to obtain digital signature information for marking the user information, where the digital signature information is Marking the user; or processing the user information by a preset token generation algorithm to obtain a dynamic token for marking the user information, the dynamic token being a user token.
  • S303 The server combines the user information and the user identifier into the first identity information and stores the first identity information.
  • the server further acquires a current first timestamp, and binds the first identity information and the first timestamp.
  • the first terminal receives a user identifier sent by the server, and marks the user and The user information constitutes first identity information.
  • the first terminal may encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information.
  • Information such as a graphic code or a voice signal indicating the first identity information is obtained to facilitate notification to the second terminal.
  • S305 The second terminal reads the first identity information from the first terminal.
  • the second terminal acquires service information of a user corresponding to the first terminal, where the service information includes order information corresponding to the user.
  • the service information is service information such as order information obtained after the first terminal user (service originating user) and the second terminal user (service providing user) negotiate.
  • the second terminal searches for the corresponding information of the stored user information and the service information by using the user information as a key, and obtains service information corresponding to the user information, and if the user information is not found, the corresponding service is obtained.
  • the information may be requested by the user corresponding to the second terminal to manually input the service information of the user corresponding to the first terminal.
  • the service information includes order information corresponding to the user information, and the order information may include a user account and a transfer value of the user corresponding to the second terminal, where the transfer value may be a transaction amount.
  • the second terminal generates a service processing request, where the service processing request includes the first identity information and the service information, and sends the service processing request to a server.
  • the server After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service information indicated by the service processing request. business.
  • the server determines whether the first identity information included in the service processing request is stored locally. If the server stores the first identity information, the first identity information is authenticated. Otherwise, the authentication fails.
  • the server before authenticating the first identity information, the server further acquires a current second timestamp and a first timestamp bound to the first identity information, and calculates a second timestamp and the first timestamp. The time difference is determined. If the time difference does not exceed the preset time threshold, the first identity information is determined to be valid. Otherwise, the first identity information is determined to be invalid.
  • the preset time threshold may be 3 minutes, 4 minutes, or 5 minutes.
  • the user information in the first identity information includes the user account information of the user corresponding to the first terminal
  • the service information in the service processing request includes the user account information and the transfer value of the user corresponding to the second terminal.
  • the server obtains, according to the user account information of the user corresponding to the first terminal and the user account information corresponding to the second terminal, the first resource value included in the user account of the user corresponding to the first terminal, and the user account of the user corresponding to the second terminal, respectively.
  • the second resource value is obtained by subtracting the transfer value from the first resource value and adding the transfer value to the second resource value.
  • the first resource value and the second resource value are both the amount
  • the transfer value is the transaction amount, that is, the transaction amount is transferred from the user account of the user corresponding to the first terminal to the second terminal. In the user's user account.
  • the embodiment of the present invention generates a user tag by presetting a corresponding tag generating module, such as a digital certificate, a dynamic token, and the like, and completes the interaction and processing between the terminals of the two parties by using the method steps of the embodiment of the present invention.
  • a corresponding tag generating module such as a digital certificate, a dynamic token, and the like.
  • the processing of the corresponding business satisfies the requirements of user automation and intelligence, and does not require additional hardware products such as a secret security card or U shield, which saves the overhead and ensures that the user does not carry or lose the security card or Unable to pay for hardware products such as U-Shield.
  • FIG. 4 is a schematic diagram of an interaction process of a method for processing a service according to an embodiment of the present invention.
  • the embodiment of the present invention processes the order service in order to describe the service processing method, where the payment terminal corresponds to the first The terminal, the payment terminal corresponds to the second terminal described above, and the server is used to complete identity verification and transaction processing for the order.
  • the method includes:
  • the payment terminal sends an authentication request to the server, where the verification request is used to request the server to allocate a digital certificate, so that the payment terminal sets the tag generation module.
  • S2 The server responds to the verification request and returns an installation package of the digital certificate. After verifying the user information carried in the verification request, the server sends the installation package of the digital certificate to the payment terminal.
  • S3 The payment terminal installs the installation data packet of the digital certificate, and obtains a mark generation module.
  • the payment terminal When detecting the service initiation operation, acquires the user information, and generates a digital signature by using the mark generation module.
  • the payment terminal displays a two-dimensional code for indicating user information and a digital signature.
  • S6 The payment terminal scans the two-dimensional code to obtain the first identity information.
  • S7 The payment terminal acquires service information according to the first identity information.
  • S8 The payment terminal sends a service processing request to the server according to the first identity information and the obtained service information.
  • the server authenticates the first identity information in the service processing request.
  • the server can also authenticate the user corresponding to the payment terminal.
  • the embodiment of the present invention generates a user identifier by using a label generation module such as a corresponding digital certificate in the terminal, and performs the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention to complete the processing of the corresponding service. It satisfies the needs of user automation and intelligence, and does not require additional hardware products such as security cards or U-Shields, which saves overhead and ensures that users do not carry or lose hardware products such as security cards or U-Shields. The resulting unpaid problem.
  • a label generation module such as a corresponding digital certificate in the terminal
  • FIG. 5 it is a schematic flowchart of another service processing method according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may be applied to a service originating terminal, such as a payment terminal.
  • the method includes:
  • S401 The first terminal acquires the first identity information.
  • the first identity information includes user information of the first terminal and a user identifier for marking the user information, the first terminal acquires user information, and invokes a preset tag generation module to generate a user for marking the user information. mark.
  • the user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account.
  • User identity information including the user information and user tags is generated. Or the first terminal acquires the user information, sends the user information to the server, causes the server to generate a user identifier for marking the user information, and receives the user identifier sent by the server, to obtain the user information and the location.
  • the first identity information of the user tag includes user information of the first terminal and a user identifier for marking the user information, the first terminal acquires user information, and invokes a preset tag generation module to generate a user for marking the user information. mark.
  • the user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account.
  • the tag generating module is pre-installed and configured in the first terminal, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the corresponding user of the first terminal.
  • the server that needs to be verified, the user information of the first terminal and the tag generation module matching the tag generation module in the first terminal are also bound, and the server can use the matched tag generation module to The user tag of the first terminal is verified.
  • the user of the first terminal includes a user who requests a service, such as a paying party user who purchases a service or an item, and the user of the second terminal provides a user for a service, such as various merchants.
  • a service such as a paying party user who purchases a service or an item
  • the user of the second terminal provides a user for a service, such as various merchants.
  • S402 Notifying the generated first identity information to the second terminal, so that the second terminal acquires the service information of the user and the service indicated by the request server to process the service information.
  • the notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
  • the first terminal may also encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information. And obtaining information such as a voice signal indicating the first identity information, so as to be notified to the second terminal.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • FIG. 6 it is a schematic flowchart of a service processing method according to an embodiment of the present invention.
  • the method in the embodiment of the present invention may be applied to a service providing terminal, such as a payment terminal.
  • the method includes :
  • S501 The second terminal reads the first identity information from the first terminal.
  • the first identity information includes user information of the first terminal and a user tag used to mark the user information.
  • the second terminal may correspondingly scan the graphic code, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly.
  • S502 Acquire service information corresponding to the user information in the first identity information, and generate a service processing request that includes the first identity information and the service information.
  • the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal directly extracts and enters the service information related to the user of the first terminal, for example, The user of the second terminal can extract and enter the data through the displayed human-machine interface.
  • the second terminal can also process the first identity information, extract the user information of the first terminal, and then automatically search for corresponding service information such as an order based on the user information.
  • S503 Send the service processing request to the server, so that the server authenticates the first identity information, and processes the service indicated by the service information after the authentication is passed.
  • the second terminal After the first identity information and the service information are obtained, the second terminal generates a service processing request to request the related server to perform service processing on the service information based on the first identity information.
  • the service processing request is generated in S502
  • the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user may be added to the related server.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • FIG. 7 is a schematic structural diagram of a service processing system according to an embodiment of the present invention.
  • the system according to the embodiment of the present invention includes: a first terminal 1, a server 3, and a second terminal 2, wherein the first terminal
  • the user of 1 includes a user who requests a service, such as a paying party user who purchases a service or an item, etc.
  • the user of the second terminal 2 provides a user for a service, such as various merchants. specific:
  • the first terminal 1 is configured to acquire user information, and invoke a preset tag generation module to generate a user tag for marking the user information, to obtain first identity information including the user information and the user tag.
  • the second terminal 2 is configured to read the first identity information from the first terminal 1 and obtain service information corresponding to the user information in the first identity information, to generate the first identity. Information and business processing requests for the business information;
  • the server 3 is configured to: after receiving the service processing request, perform authentication on the user identifier and the user information included in the first identity information in the service processing request, and after the authentication is passed, process The service processes the service indicated by the service information in the request.
  • the tag generation module is pre-installed and configured in the first terminal 1, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the corresponding user of the first terminal 1.
  • the server 3 that needs to be authenticated, the user information of the first terminal 1 and the tag generation module matching the tag generation module in the first terminal 1 are also bound, and the server 3 can pass the matching tag.
  • the generating module verifies the user tag of the first terminal 1.
  • the first terminal 1 may encrypt the first identity information, and send the encrypted information to the second terminal 2 by wire or wirelessly, or the first terminal 1 performs the first identity information.
  • the encoding process obtains information such as a graphic code, a voice signal, and the like indicating the first identity information, so as to be notified to the second terminal 2.
  • the second terminal 2 can correspondingly read the graphic code by scanning, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly.
  • the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal 2 directly extracts and enters the service information related to the user of the first terminal 1, for example,
  • the user of the second terminal 2 can extract and input the order information and the transaction with the user of the first terminal 1 through the displayed human-machine interface; the second terminal 2 can also process the first identity information, and extract the first
  • the user information of the terminal 1 is then automatically searched for corresponding business information such as an order based on the user information.
  • the second terminal 2 After the first identity information and the service information are obtained, the second terminal 2 generates a service processing request to request the related server 3 to perform service processing on the service information based on the first identity information.
  • the service processing request When the service processing request is generated, the second identity information for marking the second terminal 2 user obtained according to the user information corresponding to the second terminal 2 user, such as the merchant information, may be added to the related server 3.
  • the server 3 After receiving the service processing request of the service providing user such as a merchant, the server 3 extracts the first identity information and the service information in the service processing request, and then verifies the user identifier in the first identity information.
  • the server 3 may verify the first identity information based on an existing manner about digital certificate verification, and the server 3 passes the The digital certificate bound to the user information in the first identity information, corresponding to The user tag performs verification on the integrity of the information. After the verification is passed, the user information such as the terminal information and the user account information is verified. After the verification is passed, the first identity information of the first terminal 1 is authenticated.
  • the server 3 may be based on a specific token value of the user tag (for example, a number of a specified time period), and then according to the server 3 and the first
  • the dynamic token bound to the corresponding user information in the identity information obtains the corresponding token value, and the user token is verified by comparing the two, and after the verification is passed, the user such as the terminal information and the user account information is verified. After the information is verified, if the verification is passed, the first identity information of the first terminal 1 is authenticated.
  • the server 3 also needs to verify the second identity information, and the specific verification mode may also be verified based on the digital certificate or the dynamic token. .
  • the server 3 After verifying the first identity information, or the first identity information and the second identity information, the server 3 initiates a service processing process according to the service information such as the order to complete the processing of the service information, for example, initiating the first identity information according to the order.
  • the process of payment by the user information is performed by the user corresponding to the user information in the first identity information and the related payment server and the bank server, and the transaction payment process is completed.
  • the first terminal 1 is further configured to submit a verification request including user information.
  • the server 3 is further configured to: after receiving the verification request, acquire a mark generation module for generating a user identifier, and bind the storage of the user information and the obtained mark generation module;
  • the server 3 is further configured to send the installation data packet for generating the user tag corresponding to the acquired tag generation module to the first terminal 1;
  • the first terminal 1 is further configured to: after receiving the installation data packet for generating a user tag, preset a tag generation module according to the installation data package for generating a user tag;
  • the tag generation module according to the installation data package preset for generating a user tag includes: a digital certificate module and/or a dynamic token generation module.
  • the first terminal 1 may submit user account information, terminal information, and other user information that can mark the user, and request the server 3 to allocate a corresponding digital certificate, dynamic token, etc. to the first terminal 1 to obtain a user token for generating.
  • the installation package generates a tag generation module.
  • the server 3 verifies the user information submitted by the user, and specifically includes the user password verification. After the verification is passed, the installation data packet for generating the user token is obtained for the first terminal 1, and the server 3 executes the installation data packet to obtain the server 3 side.
  • the tag generation module of the digital certificate module, the dynamic token module, and the like, and the installation data packet is sent to the first terminal 1.
  • the first terminal 1 After receiving the installation data packet such as the digital certificate and the dynamic token, the first terminal 1 installs the mark generation module based on the installation data package, and completes the preset of the mark generation module.
  • the second terminal 2 can also apply for a corresponding digital certificate module or a dynamic token module based on the same operation procedure, so that the second identity information of the second terminal 2 can be authenticated and authenticated when needed.
  • the first terminal 1 is specifically configured to: when the digital certificate module is included, invoke a preset tag generation module to generate digital signature information for marking the user information as a user tag; when the dynamic token is included When the module is generated, the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
  • the first terminal 1 is further configured to add a timestamp to the first identity information, and generate a graphic code according to the first identity information added with a timestamp, so as to facilitate the second terminal.
  • the terminal 2 reads the first identity information from the first terminal 1 by scanning a graphic code.
  • the second terminal 2 is specifically configured to read the first identity information from the first terminal 1 and obtain user information in the first identity information, and search for the user.
  • the service information corresponding to the information the service information includes the order information corresponding to the user information, the second identity information used to identify the identity of the second terminal 2 user, and the service processing request, where the service processing request includes the The first identity information and the service information further include the second identity information.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • a service processing system includes: a first terminal 1, a second terminal 2, and a server 3, where
  • the first terminal 1 is configured to acquire first identity information.
  • the second terminal 2 is configured to read the first identity information from the first terminal 1, obtain service information of user information, and generate a service processing request including the first identity information and the service information. ;
  • the server 3 is configured to: after receiving the service processing request, perform authentication on the first identity information in the service processing request, and after the authentication is passed, process the service information in the service processing request Business.
  • the first terminal 1 is further configured to submit, to the server, a verification request including user information;
  • the server 3 is further configured to: after receiving the verification request, control the first terminal to acquire a user identifier according to the user information.
  • the server 3 is configured to acquire a mark generation module for generating a user identifier, and bind the storage of the user information and the obtained mark generation module;
  • the server 3 is further configured to send, to the first terminal, an installation data packet for generating a user tag corresponding to the acquired tag generation module;
  • the first terminal 1 is further configured to: after receiving the installation data packet for generating a user tag, preset a tag generation module according to the installation data package for generating a user tag;
  • the tag generating module is a digital certificate module, calling a preset tag generating module to generate digital signature information for marking the user information as a user tag;
  • the tag generation module is a dynamic token generation module
  • the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
  • the server 3 is configured to process the user information by using a preset processing algorithm to obtain a user identifier, and send the user identifier to the first terminal.
  • the server 3 is further configured to acquire a first timestamp when the first terminal acquires the first identity information, and a current second timestamp, according to the first timestamp and the When the second timestamp determines that the first identity information is valid, performing the operation of authenticating the first identity information in the service processing request.
  • Embodiments of the present invention provide a terminal, including a memory, and one or more programs, wherein one or more programs are stored in a memory and configured to execute the one or one by one or more processors
  • the above program contains instructions for performing the following methods:
  • the notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
  • an embodiment of the present invention provides a terminal, including a processor 31 and a transmitter 32:
  • the processor 31 is configured to read first identity information from the first terminal, acquire service information with the user, and generate a service processing request that includes the first identity information and the service information;
  • the sender 32 is configured to send the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
  • FIG. 9 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present invention.
  • the service processing apparatus in the embodiment of the present invention may be the foregoing first terminal 1.
  • the apparatus includes:
  • the obtaining module 11 is configured to acquire user information, and invoke a preset tag generating module to generate a user tag for marking the user information;
  • a generating module 12 configured to generate user identity information including the user information and a user tag
  • the notification module 13 is configured to notify the generated terminal identity information to the second terminal;
  • the notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
  • the tag generation module invoked by the obtaining module 11 is configured to be pre-installed, and may be specifically obtained based on a digital certificate, a dynamic token, or some other application capable of uniquely authenticating the corresponding user of the first terminal.
  • the server that needs to be verified the user information of the first terminal and the tag generation module matching the tag generation module in the first terminal are also bound, and the server can use the matched tag generation module to The user tag of the first terminal is verified.
  • the user identity information may be encrypted, and the encrypted information is sent to the second terminal by wire or wirelessly, or the user is
  • the identity information is encoded to obtain information such as a voice signal or a graphic code indicating the identity information of the user, so as to be notified to the second terminal.
  • FIG. 10 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
  • the user terminal according to the embodiment of the present invention includes: at least one processor 1001, such as a CPU, at least one communication bus 1002, and at least one network interface. 1003, memory 1004.
  • the communication bus 1002 is used to implement connection communication between these components.
  • the network interface 1003 may optionally include a standard wired interface, a wireless interface (such as WI-FI, a mobile communication interface, etc.).
  • the memory 1004 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 1004 can also optionally be at least one storage device located away from the processor 1001. As shown in FIG. 10, an operating system and a network communication module are stored in a memory 1004 as a computer storage medium, and a business processing program and other programs are stored.
  • the processor 1001 may be configured to invoke a service processing program stored in the memory 1004, and perform the following steps:
  • the notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • FIG. 11 is a schematic structural diagram of another service processing apparatus according to an embodiment of the present invention.
  • the apparatus according to the embodiment of the present invention may be applied to the foregoing second terminal 2.
  • the apparatus includes:
  • the reading module 21 is configured to read the user identity information from the first terminal
  • the requesting module 22 is configured to obtain service information corresponding to user information in the user identity information, and generate a service processing request including the user identity information and the service information;
  • the sending module 23 is configured to send the service processing request to the server.
  • the reading module 21 can correspondingly read the graphic code by scanning, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly.
  • the reading module 21 obtains the user identity information (ie, the first identity information described above), the original user identity information may be retained, and no information is decrypted or extracted, and the user of the second terminal directly extracts and enters the information.
  • the service information related to the user of the user terminal for example, the user of the second terminal can extract and input the order information of the transaction with the user of the first terminal through the displayed human-machine interface; the second terminal can also identify the user identity information. Processing is performed to extract user information of the first terminal therein, and then automatically search for corresponding business information such as an order based on the user information.
  • the second terminal After the reading module 21 reads the user identity information and the service information, the second terminal generates a service processing request to request the related server to perform service processing on the service information based on the first identity information. .
  • the requesting module 22 may further add the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user, to the related server.
  • FIG. 12 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
  • the user terminal according to the embodiment of the present invention includes: at least one processor 2001, such as a CPU, at least one communication bus 2002, and at least one network interface. 2003, memory 2004.
  • the communication bus 2002 is used to implement connection communication between these components.
  • the network interface 2003 may optionally include a standard wired interface, a wireless interface (such as WI-FI, a mobile communication interface, etc.).
  • the memory 2004 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 2004 can optionally also be at least one storage device located remotely from the processor 2001.
  • a memory 2004 as a computer storage medium stores an operating system, a network communication module, and stores a business processing program and other programs.
  • the processor 2001 can be used to invoke a service processing program stored in the memory 2004, and perform the following steps:
  • the service processing request is sent to the server.
  • the embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user.
  • Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Abstract

Disclosed are a service processing method, device and system. The method comprises: a first terminal (1) obtains the first identity information (S101); a second terminal (2) reads the first identity information from the first terminal (1), obtains the service information of a user, and generates a service processing request comprising the first identity information and the service information (S102); a server (3) performs authentication on the first identity information in the service processing request after receiving the service processing request, and processes the service indicated by the service information in the service processing request after authentication is successful (S103). The method can achieve safe service processing fast and conveniently.

Description

一种业务处理方法、装置及系统Business processing method, device and system
本申请要求于2013年12月31日提交中国专利局、申请号为201310752236.6、发明名称为“一种业务处理方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201310752236.6, entitled "A Business Processing Method, Apparatus, and System" on December 31, 2013, the entire contents of which are incorporated herein by reference. In the application.
技术领域Technical field
本发明涉及计算机信息处理技术领域,尤其涉及一种业务处理方法、装置及系统。The present invention relates to the field of computer information processing technologies, and in particular, to a service processing method, apparatus, and system.
背景技术Background technique
随着计算机技术和网络技术的发展,人们基本上可以随时随地通过手持设备、计算机、笔记本电脑等电子设备进行与工作、学习以及生活相关的活动,手持设备可以为手机或平板电脑等。通常电子设备需要执行大量的业务处理操作,在此过程中,如何保证业务处理的安全,特别是在诸如手机支付、购票、充值等业务处理过程中的安全成为研究的热点。With the development of computer technology and network technology, people can basically carry out activities related to work, study and life through electronic devices such as handheld devices, computers, laptops, etc., and the handheld devices can be mobile phones or tablets. Generally, electronic devices need to perform a large number of business processing operations. In this process, how to ensure the security of business processing, especially in the process of business processing such as mobile payment, ticket purchase, and recharge, has become a research hotspot.
目前采用的安全处理方式包括密保卡和带USB(Universal Serial Bus,通用串行总线)接口的商业银行、个人网上银行的密码保护介质,该密码保护介质可以为U盾等。对于密保卡的安全处理方式,一般是在用户输入交易密码后,再次根据服务器的提示输入密保卡中相应位置的数字组合,以对用户身份进行验证。而U盾的实现方式则是通过网上银行转账发起支付时,先将U盾插入终端的USB接口,在验证U盾合法后,再通知用户输入支付密码,而不可直接输入密码。Currently, the security processing methods include a security card and a password protection medium for a commercial bank or a personal online banking with a USB (Universal Serial Bus) interface. The password protection medium may be a U-Shield or the like. For the security processing method of the security card, generally after the user inputs the transaction password, the digital combination of the corresponding position in the security card is input according to the prompt of the server to verify the identity of the user. The U shield is implemented by online bank transfer to initiate payment. First, insert the U shield into the terminal's USB interface. After verifying that the U shield is legal, notify the user to enter the payment password instead of directly entering the password.
现有技术中的安全处理方式需要有密保卡或者U盾等硬件支持,成本较高,且密保卡和U盾是与支付终端相分离,需要用户随时携带,并且不能丢失,否则就无法完成支付,另外操作使用过程也相对较为复杂。The security processing method in the prior art needs hardware support such as a security card or a U shield, and the cost is high, and the security card and the U shield are separated from the payment terminal, and the user needs to carry it at any time, and cannot be lost, otherwise it cannot be The payment is completed, and the operation process is relatively complicated.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种业务处理方法、终端及 系统,可方便、快捷地实现安全的业务处理。The technical problem to be solved by the embodiments of the present invention is to provide a service processing method, a terminal, and The system can realize secure business processing conveniently and quickly.
为了解决上述技术问题,本发明实施例提供了一种业务处理方法,包括:In order to solve the above technical problem, an embodiment of the present invention provides a service processing method, including:
第一终端获取第一身份信息;The first terminal acquires the first identity information;
第二终端从所述第一终端中读取所述第一身份信息,获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal reads the first identity information from the first terminal, acquires service information of the user, and generates a service processing request that includes the first identity information and the service information.
所述服务器在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service indicated by the service information in the service processing request.
本发明实施例还提供了另一种业务处理方法,包括:The embodiment of the invention further provides another service processing method, including:
第一终端获取第一身份信息;The first terminal acquires the first identity information;
将所述第一身份信息通知给第二终端,使所述第二终端获取用户的业务信息并请求服务器处理所述业务信息所指示的业务;Notifying the second terminal to the second terminal, so that the second terminal acquires service information of the user and requests the server to process the service indicated by the service information;
其中,所述将所述第一身份信息通知给第二终端包括:根据所述第一身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述第一身份信息。The notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
本发明实施例还提供了又一种业务处理方法,包括:The embodiment of the invention further provides another service processing method, including:
第二终端从第一终端中读取第一身份信息;The second terminal reads the first identity information from the first terminal;
获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;Obtaining service information of the user, and generating a service processing request including the first identity information and the service information;
将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权并在鉴权通过后处理所述业务信息所指示的业务。Sending the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
相应地,本发明实施例还提供了一种终端,包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:Accordingly, embodiments of the present invention also provide a terminal, including a memory, and one or more programs, wherein one or more programs are stored in a memory and configured to be executed by one or more processors An instruction contained in one or more programs for performing the following methods:
获取第一身份信息;Obtaining the first identity information;
将所述第一身份信息通知给第二终端,使所述第二终端获取用户的业务信息并请求服务器处理所述业务信息所指示的业务;Notifying the second terminal to the second terminal, so that the second terminal acquires service information of the user and requests the server to process the service indicated by the service information;
其中,所述将所述第一身份信息通知给第二终端包括:根据所述第一身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述第一身份信息。 The notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
本发明实施例还提供了另一种终端,包括处理器和发送器:Another embodiment of the present invention provides a terminal, including a processor and a transmitter:
所述处理器,用于从第一终端中读取第一身份信息;获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The processor is configured to read the first identity information from the first terminal, obtain the service information of the user, and generate a service processing request that includes the first identity information and the service information;
所述发送器,用于将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权并在鉴权通过后处理所述业务信息所指示的业务。The sender is configured to send the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
本发明实施例还提供了一种计算机存储介质,所述计算机存储介质中存储有程序,该程序在执行时,包括上述的方法。The embodiment of the invention further provides a computer storage medium, wherein the computer storage medium stores a program, and when the program is executed, the method includes the above method.
相应地,本发明实施例还提供了一种业务处理系统,包括:第一终端、服务器以及第二终端,其中,Correspondingly, the embodiment of the present invention further provides a service processing system, including: a first terminal, a server, and a second terminal, where
所述第一终端,用于获取第一身份信息;The first terminal is configured to acquire first identity information.
所述第二终端,用于从所述第一终端中读取所述第一身份信息,获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal is configured to read the first identity information from the first terminal, obtain service information of the user, and generate a service processing request that includes the first identity information and the service information;
所述服务器,用于在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。The server is configured to: after receiving the service processing request, perform authentication on the first identity information in the service processing request, and after the authentication is passed, process the service information in the service processing request business.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是本发明实施例的一种业务处理方法的流程示意图;1 is a schematic flowchart of a service processing method according to an embodiment of the present invention;
图2是本发明实施例的另一种业务处理方法的流程示意图;2 is a schematic flowchart of another service processing method according to an embodiment of the present invention;
图3是本发明实施例的另一种业务处理方法的流程示意图; 3 is a schematic flowchart of another service processing method according to an embodiment of the present invention;
图4是本发明实施例的完成业务处理方法的交互流程示意图;4 is a schematic diagram of an interaction process of a method for completing a service according to an embodiment of the present invention;
图5是本发明实施例的又一种业务处理方法的流程示意图;FIG. 5 is a schematic flowchart diagram of still another service processing method according to an embodiment of the present invention; FIG.
图6是本发明实施例的再一种业务处理方法的流程示意图;6 is a schematic flowchart of still another service processing method according to an embodiment of the present invention;
图7是本发明实施例的一种业务处理系统的结构示意图;7 is a schematic structural diagram of a service processing system according to an embodiment of the present invention;
图8是本发明实施例的一种终端的结构示意图;FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present invention; FIG.
图9是本发明实施例的一种业务处理装置的结构示意图;FIG. 9 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present invention; FIG.
图10是本发明实施例的一种用户终端的结构示意图;FIG. 10 is a schematic structural diagram of a user terminal according to an embodiment of the present invention; FIG.
图11是本发明实施例的另一种业务处理装置的结构示意图;11 is a schematic structural diagram of another service processing apparatus according to an embodiment of the present invention;
图12是本发明实施例的一种用户终端的结构示意图。FIG. 12 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
请参见图1,是本发明实施例的一种业务处理方法的流程示意图,本发明实施例的所述方法可以在各类用户终端和服务器中实现,具体可应用在诸如支付交易处理等类型的业务场景中,本发明实施例的所述方法包括:1 is a schematic flowchart of a service processing method according to an embodiment of the present invention. The method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be specifically applied to types such as payment transaction processing. In the service scenario, the method in the embodiment of the present invention includes:
S101:第一终端获取第一身份信息。S101: The first terminal acquires the first identity information.
第一身份信息包括用户信息和用于标记该用户信息的用户标记,用户信息可以包括第一终端的终端信息和第一终端对应的用户的用户账号信息,第一终端的终端信息可以为第一终端的IP(Internet Protocol,网络之间互连的协议)地址等。The first identity information includes user information and a user identifier for marking the user information. The user information may include terminal information of the first terminal and user account information of the user corresponding to the first terminal, where the terminal information of the first terminal may be the first IP address of the terminal (Internet Protocol, protocol exchanged between networks), etc.
用户信息存储在第一终端本地,第一终端直接从本地获取用户信息。而对于用户标记,第一终端可以通过如下第一和第二两种方式获取用户标记,包括:The user information is stored locally in the first terminal, and the first terminal directly obtains user information from the local. For the user tag, the first terminal can obtain the user tag by using the following two methods, including:
第一、第一终端获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记,从而得到包括所述用户信息和用户标记的第一身份信息。 First, the first terminal acquires user information, and invokes a preset tag generation module to generate a user tag for marking the user information, thereby obtaining first identity information including the user information and the user tag.
所述标记生成模块在第一终端中预先被安装配置,其具体可以基于数字证书、动态令牌或其他一些能够对第一终端对应的用户进行唯一身份认证标记的应用得到。在需要对用户标记进行验证的服务器中,也同时绑定了所述第一终端的用户信息以及与所述第一终端中的标记生成模块匹配的标记生成模块,服务器可以通过所述匹配的标记生成模块对所述第一终端的用户标记进行验证。The tag generation module is pre-installed and configured in the first terminal, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the user corresponding to the first terminal. In the server that needs to verify the user tag, the user information of the first terminal and the tag generating module that matches the tag generating module in the first terminal are also bound, and the server may pass the matching tag. The generating module verifies the user tag of the first terminal.
第二、第一终端获取用户信息,向服务器发送所述用户信息,使服务器生成用于标记所述用户信息的用户标记,接收服务器发送的所述用户标记,从而得到包括所述用户信息和所述用户标记的第一身份信息。The second terminal acquires the user information, sends the user information to the server, and causes the server to generate a user identifier for marking the user information, and receives the user identifier sent by the server, thereby obtaining the user information and the location. The first identity information of the user tag.
服务器在生成所述用户标记后,也得到了包括所述用户标记和所述用户信息的第一身份信息并存储第一身份信息。After generating the user tag, the server also obtains first identity information including the user tag and the user information and stores the first identity information.
第一终端在得到第一身份信息后,还可以对所述第一身份信息进行加密,并将加密后的第一身份信息通过有线或无线发送给第二终端,或者第一终端将加密的第一身份信息进行编码处理,得到表示第一身份信息的图形码、语音信号等信息,以便于通知给第二终端。After obtaining the first identity information, the first terminal may further encrypt the first identity information, and send the encrypted first identity information to the second terminal by wire or wireless, or the first terminal encrypts the first identity. An identity information is encoded to obtain information such as a graphic code, a voice signal, and the like for indicating the first identity information, so as to be notified to the second terminal.
所述第一终端的用户包括业务请求的用户,例如购买服务或者商品的付款方用户等,所述第二终端的用户为业务提供用户,例如各种商家。The user of the first terminal includes a user who requests a service, such as a paying party user who purchases a service or an item, and the user of the second terminal provides a user for a service, such as various merchants.
S102:所述第二终端从所述第一终端中读取所述第一身份信息,并获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求,向服务器发送所述业务处理请求。S102: The second terminal reads the first identity information from the first terminal, and obtains service information of the user, and generates a service processing request including the first identity information and the service information, to the server. Sending the business processing request.
所述第二终端可以对应地通过扫描读取图形码、或者接收语音信息并解析得到加密的第一身份信息、或者通过有线或无线接收加密的第一身份信息。得到第一身份信息后,可以保留原始的第一身份信息,并不用解密或提取其中的任何信息,由第二终端的用户直接提取并录入与第一终端的用户相关的业务信息,例如,第二终端的用户可以通过显示的人机界面,提取并录入与第一终端的用户进行交易的订单信息等;第二终端也可以对第一身份信息进行处理,提取其中的第一终端的用户信息,然后基于该用户信息自动查找对应的诸如订单等业务信息。所述业务信息至少包括第二终端对应的用户的用户账号信息和转移数值,在交易场景中转移数值可以为交易金额。The second terminal may correspondingly scan the graphic code, or receive the voice information and parse the encrypted first identity information, or receive the encrypted first identity information by wire or wirelessly. After obtaining the first identity information, the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal directly extracts and enters the service information related to the user of the first terminal, for example, The user of the second terminal can extract and input the order information of the transaction with the user of the first terminal through the displayed human-machine interface; the second terminal can also process the first identity information, and extract the user information of the first terminal therein. Then, based on the user information, the corresponding business information such as an order is automatically found. The service information includes at least a user account information and a transfer value of the user corresponding to the second terminal, and the transfer value may be a transaction amount in the transaction scenario.
在读取得到所述第一身份信息和所述业务信息后,所述第二终端生成业务 处理请求,以请求相关的服务器基于第一身份信息对所述业务信息进行业务处理。在S102中生成业务处理请求时,还可以加入根据第二终端用户对应的诸如商家信息等用户信息得到的标记第二终端用户的第二身份信息一同发送给相关的服务器。After the first identity information and the service information are obtained, the second terminal generates a service. Processing the request to request the related server to perform business processing on the service information based on the first identity information. When the service processing request is generated in S102, the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user may be added to the related server.
S103:所述服务器在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,并在鉴权通过后,处理所述业务处理请求中的业务信息所指示的业务。S103: After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service information in the service processing request. Business.
所述服务器在接收到商家等业务提供用户的业务处理请求后,提取所述业务处理请求中的第一身份信息和业务信息,然后可以通过如下第一和第二两种方式对第一身份信息进行鉴权,包括。After receiving the service processing request of the service providing user such as a merchant, the server extracts the first identity information and the service information in the service processing request, and then may use the first and second modes to process the first identity information. Perform authentication, including.
第一、服务器获取与第一身份信息中的用户信息绑定的标记生成模块,通过该标记生成模块对第一身份信息进行鉴权。First, the server acquires a tag generation module that is bound to the user information in the first identity information, and the first identity information is authenticated by the tag generation module.
其中,若所述用户标记是第一终端通过数字证书进行的数字签名,则服务器可以基于现有的关于数字证书验证的方式来对第一身份信息进行验证,服务器通过与所述第一身份信息中的用户信息绑定的数字证书,对相应的用户标记进行关于信息完整性的验证,验证通过后,再对其中的终端信息、用户账户信息等用户信息进行验证,验证通过,则对第一终端的第一身份信息鉴权通过。Wherein, if the user identifier is a digital signature by the first terminal by using a digital certificate, the server may verify the first identity information based on an existing manner about digital certificate verification, and the server passes the first identity information The digital certificate bound by the user information is used to verify the information integrity of the corresponding user tag. After the verification is passed, the user information such as the terminal information and the user account information is verified, and if the verification is passed, the first is The first identity information authentication of the terminal is passed.
而如果所述用户标记是第一终端通过动态令牌生成的,则所述服务器可以根据该用户标记的具体令牌值(例如指定时段的数字),然后根据服务器中与该第一身份信息中对应的用户信息绑定的动态令牌,得到相应的令牌值,通过两者比较来对用户标记进行验证,并在验证通过后,再对其中的终端信息、用户账户信息等用户信息进行验证,验证通过,则对所述第一终端的第一身份信息鉴权通过。And if the user tag is generated by the first terminal by using a dynamic token, the server may be based on a specific token value of the user tag (eg, a number of a specified time period), and then according to the first identity information in the server. Corresponding user information is bound to the dynamic token, and the corresponding token value is obtained. The user token is verified by comparing the two, and after the verification is passed, the user information such as terminal information and user account information is verified. After the verification is passed, the first identity information of the first terminal is authenticated and passed.
第二、服务器确定本地是否存储第一身份信息,如果是,对第一身份信息鉴权通过。Second, the server determines whether the first identity information is stored locally, and if so, authenticates the first identity information.
由于第一身份信息中是第一终端请求服务器生成的,且在生成后服务器也保存一份,所以当业务处理请求中的第一身份信息也在服务器中保存,表明第一身份信息是第一终端授权给第二终端的,所以在对第一身份信息鉴权通过后便可以处理所述业务处理请求中的业务信息所指示的业务。 Since the first identity information is generated by the first terminal requesting server, and the server also saves a copy after the generation, the first identity information in the service processing request is also saved in the server, indicating that the first identity information is the first one. The terminal is authorized to the second terminal, so after the first identity information is authenticated, the service indicated by the service information in the service processing request can be processed.
若业务处理请求中还包括第二终端的第二身份信息,则服务器还需要对该第二身份信息进行验证,具体的验证方式也可以基于对于的数字证书或者动态令牌等方式完成验证。If the service processing request further includes the second identity information of the second terminal, the server further needs to verify the second identity information, and the specific verification mode may also complete the verification based on the digital certificate or the dynamic token.
服务器在对第一身份信息,或者第一身份信息和第二身份信息验证通过后,即根据第一身份信息中的业务信息发起业务处理流程完成对业务信息的处理,例如,若第一身份信息中的业务信息为订单信息,根据该订单信息发起对第一身份信息中用户信息进行支付的流程,通过与第一身份信息中用户信息对应的用户以及相关的支付服务器、银行服务器进行信息交互,完成交易支付等流程。After verifying the first identity information, or the first identity information and the second identity information, the server initiates a service processing process according to the service information in the first identity information, for example, if the first identity information is used. The service information in the process is the order information, and the process of paying the user information in the first identity information is initiated according to the order information, and the information is exchanged with the user corresponding to the user information in the first identity information and the related payment server and the bank server. Complete the transaction payment process.
本发明实施例通过服务器对第二终端发送的第一身份信息进行鉴权,鉴权通过,表明第一身份信息为第一终端授权给第二终端的,然后可以进行业务处理过程,实现不需要密码就可以对第一终端的用户进行验证,In the embodiment of the present invention, the first identity information sent by the second terminal is authenticated by the server, and the authentication is passed, indicating that the first identity information is authorized by the first terminal to the second terminal, and then the service processing process can be performed, and the implementation is not required. The password can be used to authenticate the user of the first terminal.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
再请参见图2,是本发明实施例的另一种业务处理方法的流程示意图,本发明实施例的所述方法可以在各类用户终端和服务器中实现,具体可应用在诸如支付交易处理等类型的业务场景中,本发明实施例的所述方法包括:2 is a schematic flowchart of another service processing method according to an embodiment of the present invention. The method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be applied to, for example, payment transaction processing. The method of the embodiment of the present invention includes:
S201:第一终端提交包括用户信息的验证请求,该验证请求包括第一终端的用户信息。S201: The first terminal submits an authentication request including user information, where the verification request includes user information of the first terminal.
该用户信息可以包括第一终端对应的用户的用户账号信息和第一终端的终端信息,还可以包括其他一些可以标记该用户的信息。The user information may include user account information of the user corresponding to the first terminal and terminal information of the first terminal, and may also include other information that can mark the user.
S202:服务器接收到所述验证请求后,获取用于生成用户标记的标记生成模块,并绑定存储所述用户信息和得到的标记生成模块。S202: After receiving the verification request, the server acquires a mark generation module for generating a user mark, and binds the stored user information and the obtained mark generation module.
标记生成模块可以为数字证书模块或动态令牌生成模块。服务器接收到验证请求后,可以通过预设的数字签名算法,对该用户信息进行数字签名得到数字证书,将预设的数字签名算法和该数字证书组成数字证书模块;或者,通过 预设的令牌生成算法,对该用户信息进行处理得到动态令牌,将预设的令牌生成算法和该动态令牌组成动态令牌生成模块。The tag generation module can be a digital certificate module or a dynamic token generation module. After receiving the verification request, the server may digitally sign the user information to obtain a digital certificate by using a preset digital signature algorithm, and form a digital certificate module by using a preset digital signature algorithm and the digital certificate; or, The preset token generation algorithm processes the user information to obtain a dynamic token, and the preset token generation algorithm and the dynamic token form a dynamic token generation module.
第一终端可以提交包括用户账号信息、终端信息、以及其他一些可以标记该用户的用户信息,请求服务器为第一终端分配相应的数字证书、动态令牌等以获取用于生成用户标记的安装数据包生成标记生成模块。The first terminal may submit user account information, terminal information, and other user information that can mark the user, requesting the server to allocate a corresponding digital certificate, dynamic token, etc. to the first terminal to obtain installation data for generating the user token. The package generates a tag generation module.
服务器在获取标记生成模块前,还对用户提交的用户信息进行验证,具体包括用户密码验证等,在验证通过后,为第一终端获取用于生成用户标记的安装数据包,服务器执行该安装数据包得到服务器侧的数字证书模块、动态令牌模块等标记生成模块,并将该安装数据包下发给所述第一终端。Before obtaining the mark generation module, the server also verifies the user information submitted by the user, including the user password verification. After the verification is passed, the installation data packet for generating the user tag is obtained for the first terminal, and the server executes the installation data. The packet is sent to the first terminal by a packet generation module such as a digital certificate module and a dynamic token module on the server side.
S203:所述服务器将所述获取的标记生成模块对应的用于生成用户标记的安装数据包发送给所述第一终端。S203: The server sends, to the first terminal, an installation data packet corresponding to the acquired tag generation module for generating a user tag.
S204:所述第一终端在接收到所述用于生成用户标记的安装数据包后,根据所述用于生成用户标记的安装数据包预置得到标记生成模块。S204: After receiving the installation data packet for generating the user identifier, the first terminal presets the label generation module according to the installation data package for generating the user identifier.
其中,所述根据所述用于生成用户标记的安装数据包预置得到标记生成模块包括:数字证书模块和/或动态令牌生成模块。The tag generation module according to the installation data package preset for generating a user tag includes: a digital certificate module and/or a dynamic token generation module.
所述第一终端接收到数字证书模块或动态令牌生成模块的安装数据包后,基于该安装数据包安装得到数字证书模块或动态令牌生成模块,即得到标记生成模块,完成标记生成模块的预置。所述S201至S204为第一终端的标记生成模块的预置过程。After receiving the installation data packet of the digital certificate module or the dynamic token generation module, the first terminal obtains a digital certificate module or a dynamic token generation module based on the installation data package, thereby obtaining a mark generation module and completing the mark generation module. Preset. The S201 to S204 are preset processes of the tag generation module of the first terminal.
S205:第一终端获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记,得到包括所述用户信息和用户标记的第一身份信息。S205: The first terminal acquires user information, and invokes a preset tag generation module to generate a user tag for marking the user information, to obtain first identity information including the user information and the user tag.
在用户进行近场支付、离线支付等需要进行身份授权验证的场景下,第一终端通过相应的人机界面检测到用户的业务处理操作时(如点击相关功能按钮时),即开始获取用户信息。所述第一终端获取的用户信息包括:所述第一终端的终端标识和/或用户账号,或者其他一些安全强化的用户信息。第一终端可以通过提供人机界面要求用户录入的方式获取用户信息,或者直接提取当前用户在第一终端中登录的用户账号以及第一终端的终端信息,该终端信息可以为IP地址和/或手机号等终端标识。 In the scenario where the user performs the identity authorization verification, such as the near-field payment and the offline payment, when the first terminal detects the user's business processing operation through the corresponding human-machine interface (such as when the related function button is clicked), the user information is started. . The user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account, or some other security-enhanced user information. The first terminal may obtain user information by providing a user interface to request user input, or directly extract the user account that the current user logs in in the first terminal and the terminal information of the first terminal, and the terminal information may be an IP address and/or Terminal identification such as mobile phone number.
对应于上述的S201至S204,当预置的标记生成模块包括数字证书模块时,所述S205中调用预置的标记生成模块生成用于标记所述用户信息的用户标记,包括:调用预置的标记生成模块生成用于标记所述用户信息的数字签名信息作为用户标记;当预置的标记生成模块包括动态令牌生成模块时,所述S205中调用预置的标记生成模块生成用于标记所述用户信息的用户标记,包括:调用预置的标记生成模块生成用于标记所述用户信息的当前时间对应的令牌信息作为用户标记。Corresponding to the above S201 to S204, when the preset mark generation module includes the digital certificate module, the preset mark generation module in the S205 generates a user mark for marking the user information, including: calling the preset The tag generating module generates digital signature information for marking the user information as a user tag; when the preset tag generating module includes a dynamic token generating module, the tag generating module that is preset in the S205 is generated for the tagging The user tag of the user information includes: calling the preset tag generation module to generate token information corresponding to the current time for marking the user information as a user tag.
其中,数字证书模块包括数字签名算法和数字证书,第一终端调用预置的数字证书模块生成用于标记所述用户信息的数字签名信息的操作,可以为:根据该数字证书,通过该数字签名算法对该用户信息进行数字签名,得到用于标记该用户信息的数字签名信息。The digital certificate module includes a digital signature algorithm and a digital certificate, and the first terminal invokes the preset digital certificate module to generate an operation for marking the digital signature information of the user information, which may be: according to the digital certificate, by the digital signature The algorithm digitally signs the user information to obtain digital signature information for marking the user information.
动态令牌生成模块包括动态令牌和令牌生成算法,第一终端调用预置的动态令牌模块生成用于标记所述用户信息的令牌信息的操作,可以为:根据该动态令牌,通过该令牌生成算法对该用户信息进行处理,得到用于标记该用户信息的令牌信息。The dynamic token generating module includes a dynamic token and a token generating algorithm, and the operation of the first terminal invoking the preset dynamic token module to generate token information for marking the user information may be: according to the dynamic token, The user information is processed by the token generation algorithm to obtain token information for marking the user information.
第一终端在得到第一身份信息后,可以对该第一身份信息进行加密,并将加密后的信息通过有线或无线发送给第二终端,或者第一终端将第一身份信息进行编码处理,得到表示第一身份信息的图形码或语音信号等信息,以便于通知给第二终端。After obtaining the first identity information, the first terminal may encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information. Information such as a graphic code or a voice signal indicating the first identity information is obtained to facilitate notification to the second terminal.
在本发明实施例中,第一终端对第一身份信息进行加密前,还可以获取当前的第一时间戳,将第一时间戳添加到第一身份信息中,然后再对添加了第一时间戳的第一身份信息进行加密。In the embodiment of the present invention, before the first terminal encrypts the first identity information, the first timestamp may be obtained, the first timestamp is added to the first identity information, and then the first time is added. The first identity information of the stamp is encrypted.
例如,第一终端以图形码的方式向第二终端通知第一身份信息。具体的,在所述S205之后,还包括:所述第一终端在所述第一身份信息中添加时间戳;所述第一终端根据所述添加了时间戳的第一身份信息生成图形码,以便于所述第二终端通过扫描图形码从所述第一终端中读取所述第一身份信息。For example, the first terminal notifies the second terminal of the first identity information in a graphic code manner. Specifically, after the step S205, the method further includes: the first terminal adds a timestamp to the first identity information; and the first terminal generates a graphic code according to the first identity information added with a timestamp, So that the second terminal reads the first identity information from the first terminal by scanning a graphic code.
S206:所述第二终端从所述第一终端中读取所述第一身份信息。S206: The second terminal reads the first identity information from the first terminal.
S207:所述第二终端获取第一终端对应的用户的业务信息,所述业务信息包括该用户对应的订单信息。 S207: The second terminal acquires service information of a user corresponding to the first terminal, where the service information includes order information corresponding to the user.
所述业务信息是所述第一终端用户(业务发起用户)和第二终端用户(业务提供用户)协商后得到的诸如订单信息等业务信息。所述第二终端以所述用户信息为关键字在已存储的用户信息与业务信息的对应关系中进行查找,得到所述用户信息对应的业务信息,若没有查找得到所述用户信息对应的业务信息,则还可以请求第二终端对应的用户通过手动输入第一终端的用户对应的业务信息,以便于执行下述的S208。The service information is service information such as order information obtained after the first terminal user (service originating user) and the second terminal user (service providing user) negotiate. The second terminal searches for the corresponding information of the stored user information and the service information by using the user information as a key, and obtains the service information corresponding to the user information, and if not, the service corresponding to the user information is not found. The information may be further requested by the user corresponding to the second terminal to manually input the service information corresponding to the user of the first terminal, so as to perform S208 described below.
所述业务信息包括该用户信息对应的订单信息,该订单信息可以包括第二终端对应的用户的用户账号信息和转移数值,在交易场景中该转移数值可以为交易金额。The service information includes order information corresponding to the user information, and the order information may include user account information and a transfer value of the user corresponding to the second terminal, where the transfer value may be a transaction amount.
S208:所述第二终端获取用于标识所述第二终端用户身份的第二身份信息。S208: The second terminal acquires second identity information that is used to identify the identity of the second terminal user.
所述第二终端同样可以根据上述的S201至S204相同的处理方式得到第二终端的标记生成模块,第二终端通过其标记生成模块来得到第二终端用户信息对应的用户标记,并将第二终端的用户标记和用户信息作为第二身份信息。The second terminal can also obtain the mark generation module of the second terminal according to the same processing manners as S201 to S204, and the second terminal obtains the user mark corresponding to the second terminal user information by using the mark generation module, and the second terminal The user tag and user information of the terminal are used as the second identity information.
S209:所述第二终端生成业务处理请求,所述业务处理请求包括所述第一身份信息和所述业务信息,还包括所述第二身份信息。S209: The second terminal generates a service processing request, where the service processing request includes the first identity information and the service information, and further includes the second identity information.
所述第二终端将第一身份信息、业务信息以及第二身份信息携带在业务处理请求中一同发送给服务器。The second terminal sends the first identity information, the service information, and the second identity information to the server together with the service processing request.
另外,若第一终端生成的第一身份信息还包括时间戳时,所述第二终端还将该时间戳对应的时间信息添加到业务处理请求中一并发送给服务器。In addition, if the first identity information generated by the first terminal further includes a timestamp, the second terminal adds the time information corresponding to the timestamp to the service processing request and sends the time information to the server.
S210:所述服务器在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息包括的用户标记和所述用户信息进行鉴权,并在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。S210: After receiving the service processing request, the server authenticates the user identifier and the user information included in the first identity information in the service processing request, and after the authentication is passed, processes the The service processes the service indicated by the service information in the request.
所述服务器在接收到业务处理请求后,基于对应绑定的数字证书、动态令牌等,对第一身份信息和第二身份信息进行鉴权验证,并在鉴权通过后,发起对所述业务信息的业务处理流程。After receiving the service processing request, the server performs authentication verification on the first identity information and the second identity information based on the corresponding bound digital certificate, dynamic token, etc., and after the authentication is passed, initiates the Business process flow of business information.
可选的,所述服务器获取所述业务处理请求中的第一身份信息以及与第一身份信息中的用户信息绑定的标记生成模块,通过该标记生成模块对第一身份信息进行鉴权。 Optionally, the server obtains the first identity information in the service processing request and a tag generating module that is bound to the user information in the first identity information, and the first identity information is authenticated by the tag generating module.
如果该标记生成模块为数字证书模块,该数字证书模块包括的数字证书和数字签名算法,服务器根据该数字证书,通过该数字签名算法对第一身份信息中的用户信息进行数字签名,得到数字签名信息,如果该数字签名信息与第一身份信息中的用户标记相同,则对第一身份信息验证通过,否则,对第一身份信息验证不通过。If the tag generation module is a digital certificate module, the digital certificate module includes a digital certificate and a digital signature algorithm, and the server digitally signs the user information in the first identity information according to the digital certificate to obtain a digital signature. The information is verified by the first identity information if the digital signature information is the same as the user identifier in the first identity information; otherwise, the first identity information is not verified.
如果该标记生成模块为动态令牌模块,该动态令牌模块包括动态令牌和令牌生成算法,服务器根据该动态令牌,通过该令牌生成算法对第一身份信息中的用户信息进行处理得到令牌信息,如果生成的令牌信息与第一身份信息中的用户标记相同,则对第一身份信息验证通过,否则,对第一身份便利店验证不通过。If the tag generation module is a dynamic token module, the dynamic token module includes a dynamic token and a token generation algorithm, and the server processes the user information in the first identity information by using the token generation algorithm according to the dynamic token. The token information is obtained. If the generated token information is the same as the user identifier in the first identity information, the first identity information is verified to pass, otherwise, the first identity convenience store verification fails.
若所述业务处理请求中还包括对第一身份信息的时间信息,则所述服务器还根据预置的有效期规则基于该时间信息和当前的时间信息来确定第一身份的有效期,若在有效期内,则对第一身份信息进行鉴权验证,否则,发出业务处理错误提示给所述第二终端。If the service processing request further includes time information about the first identity information, the server further determines, according to the preset validity period rule, the validity period of the first identity based on the time information and the current time information, if the validity period is within the validity period. And performing authentication verification on the first identity information; otherwise, sending a service processing error prompt to the second terminal.
可以按如下方式来确定第一身份信息是否有效,具体如下:The first identity information can be determined as follows, as follows:
服务器获取当前的第二时间戳,计算第二时间戳与第一身份信息中的第一时间戳之间的时间差,如果该时间差未超过预设时间阈值,则确定第一身份信息有效,否则,确定第一身份信息无效,预设时间阈值可以为3分钟、4分钟或5分钟等。The server obtains the current second timestamp, and calculates a time difference between the second timestamp and the first timestamp in the first identity information. If the time difference does not exceed the preset time threshold, determining that the first identity information is valid, otherwise, It is determined that the first identity information is invalid, and the preset time threshold may be 3 minutes, 4 minutes, or 5 minutes, and the like.
第一身份信息中的用户信息包括第一终端对应的用户的用户账号信息,业务处理请求中的业务信息包括第二终端对应的用户的用户账号信息和转移数值。在鉴权通过后,服务器该业务信息所指示的业务的过程可以为:The user information in the first identity information includes the user account information of the user corresponding to the first terminal, and the service information in the service processing request includes the user account information and the transfer value of the user corresponding to the second terminal. After the authentication is passed, the process of the service indicated by the service information of the server may be:
服务器根据第一终端对应的用户的用户账号信息和第二终端对应的用户账号信息,分别获取第一终端对应的用户的用户账户包括的第一资源数值和第二终端对应的用户的用户账户包括的第二资源数值,从第一资源数值中减去该转移数值以及将该转移数值加到第二资源数值上。其中,在交易场景下,第一资源数值和第二资源数值都为金额,转移数值为交易金额,即实现从第一终端对应的用户的用户账户中将该交易金额转移到第二终端对应的用户的用户账户中。 The server obtains, according to the user account information of the user corresponding to the first terminal and the user account information corresponding to the second terminal, the first resource value included in the user account of the user corresponding to the first terminal, and the user account of the user corresponding to the second terminal, respectively. The second resource value is obtained by subtracting the transfer value from the first resource value and adding the transfer value to the second resource value. In the transaction scenario, the first resource value and the second resource value are both the amount, and the transfer value is the transaction amount, that is, the transaction amount is transferred from the user account of the user corresponding to the first terminal to the second terminal. In the user's user account.
本发明实施例通过在终端预置相应的诸如数字证书、动态令牌等标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting a corresponding tag generating module, such as a digital certificate, a dynamic token, and the like, and completes the interaction and processing between the terminals of the two parties by using the method steps of the embodiment of the present invention. The processing of the corresponding business satisfies the requirements of user automation and intelligence, and does not require additional hardware products such as a secret security card or U shield, which saves the overhead and ensures that the user does not carry or lose the security card or Unable to pay for hardware products such as U-Shield.
再请参见图3,是本发明实施例的另一种业务处理方法的流程示意图,本发明实施例的所述方法可以在各类用户终端和服务器中实现,具体可应用在诸如支付交易处理等类型的业务场景中,本发明实施例的所述方法包括:FIG. 3 is a schematic flowchart of another service processing method according to an embodiment of the present invention. The method in the embodiment of the present invention may be implemented in various types of user terminals and servers, and may be applied to, for example, payment transaction processing. The method of the embodiment of the present invention includes:
S301:第一终端获取用户信息,向服务器发送所述用户信息。S301: The first terminal acquires user information, and sends the user information to the server.
在用户进行近场支付、离线支付等需要进行身份授权验证的场景下,第一终端检测到用户在用于处理业务的人机界面中执行的业务处理操作时(如点击相关功能按钮时),即开始获取用户信息。所述第一终端获取的用户信息包括:所述第一终端的终端标识和/或用户账号,或者其他一些安全强化的用户信息。第一终端可以获取用户在人机界面中录入的用户信息,或者直接提取当前用户在第一终端中登录的用户账号以及第一终端的终端信息,该终端信息可以为IP地址和/或手机号等。In a scenario where the user performs the identity authorization verification, such as the near-field payment, the offline payment, and the like, the first terminal detects the service processing operation performed by the user in the human-machine interface for processing the service (such as when the related function button is clicked). That is to start to get user information. The user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account, or some other security-enhanced user information. The first terminal may obtain the user information entered by the user in the human-machine interface, or directly extract the user account that the current user logs in in the first terminal and the terminal information of the first terminal, and the terminal information may be an IP address and/or a mobile phone number. Wait.
S302:服务器接收到所述用户信息后,获取用于标记所述用户信息的用户标记,向第一终端发送所述用户标记。S302: After receiving the user information, the server acquires a user identifier for marking the user information, and sends the user identifier to the first terminal.
具体地,所述服务器接收到所述用户信息后,可以通过预设的数字签名算法,对所述用户信息进行数字签名得到用于标记所述用户信息的数字签名信息,所述数字签名信息即为用户标记;或者,通过预设的令牌生成算法,对所述用户信息进行处理得到用于标记所述用户信息的动态令牌,所述动态令牌即为用户标记。Specifically, after receiving the user information, the server may digitally sign the user information by using a preset digital signature algorithm to obtain digital signature information for marking the user information, where the digital signature information is Marking the user; or processing the user information by a preset token generation algorithm to obtain a dynamic token for marking the user information, the dynamic token being a user token.
S303:所述服务器将所述用户信息和所述用户标记组成第一身份信息并存储第一身份信息。S303: The server combines the user information and the user identifier into the first identity information and stores the first identity information.
进一步地,所述服务器还获取当前的第一时间戳,绑定第一身份信息和第一时间戳。Further, the server further acquires a current first timestamp, and binds the first identity information and the first timestamp.
S304:所述第一终端接收所述服务器发送的用户标记,将所述用户标记和 所述用户信息组成第一身份信息。S304: The first terminal receives a user identifier sent by the server, and marks the user and The user information constitutes first identity information.
第一终端在得到第一身份信息后,可以对该第一身份信息进行加密,并将加密后的信息通过有线或无线发送给第二终端,或者第一终端将第一身份信息进行编码处理,得到表示第一身份信息的图形码或语音信号等信息,以便于通知给第二终端。After obtaining the first identity information, the first terminal may encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information. Information such as a graphic code or a voice signal indicating the first identity information is obtained to facilitate notification to the second terminal.
S305:所述第二终端从所述第一终端中读取所述第一身份信息。S305: The second terminal reads the first identity information from the first terminal.
S306:所述第二终端获取第一终端对应的用户的业务信息,所述业务信息包括该用户对应的订单信息。S306: The second terminal acquires service information of a user corresponding to the first terminal, where the service information includes order information corresponding to the user.
所述业务信息是所述第一终端用户(业务发起用户)和第二终端用户(业务提供用户)协商后得到的诸如订单信息等业务信息。所述第二终端以所述用户信息为关键字在已存储的用户信息与业务信息的对应关系中进行查找,得到所述用户信息对应的业务信息,若没有查找所述用户信息得到对应的业务信息,则还可以请求第二终端对应的用户通过手动输入第一终端对应的用户的业务信息。The service information is service information such as order information obtained after the first terminal user (service originating user) and the second terminal user (service providing user) negotiate. The second terminal searches for the corresponding information of the stored user information and the service information by using the user information as a key, and obtains service information corresponding to the user information, and if the user information is not found, the corresponding service is obtained. The information may be requested by the user corresponding to the second terminal to manually input the service information of the user corresponding to the first terminal.
所述业务信息包括该用户信息对应的订单信息,该订单信息可以包括第二终端对应的用户的用户账号和转移数值,在交易场景中该转移数值可以为交易金额。The service information includes order information corresponding to the user information, and the order information may include a user account and a transfer value of the user corresponding to the second terminal, where the transfer value may be a transaction amount.
S307:所述第二终端生成业务处理请求,所述业务处理请求包括所述第一身份信息和所述业务信息,向服务器发送该业务处理请求。S307: The second terminal generates a service processing request, where the service processing request includes the first identity information and the service information, and sends the service processing request to a server.
S308:所述服务器在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,并在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。S308: After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service information indicated by the service processing request. business.
所述服务器在接收到业务处理请求后,确定本地是否存储该业务处理请求包括的第一身份信息,如果存储,则对第一身份信息鉴权通过,否则,鉴权不通过。After receiving the service processing request, the server determines whether the first identity information included in the service processing request is stored locally. If the server stores the first identity information, the first identity information is authenticated. Otherwise, the authentication fails.
进一步地,服务器在对第一身份信息进行鉴权之前,还获取当前的第二时间戳和与第一身份信息绑定的第一时间戳,计算第二时间戳与第一时间戳之间的时间差,如果该时间差未超过预设时间阈值,则确定第一身份信息有效,否则,确定第一身份信息无效,预设时间阈值可以为3分钟、4分钟或5分钟等。 Further, before authenticating the first identity information, the server further acquires a current second timestamp and a first timestamp bound to the first identity information, and calculates a second timestamp and the first timestamp. The time difference is determined. If the time difference does not exceed the preset time threshold, the first identity information is determined to be valid. Otherwise, the first identity information is determined to be invalid. The preset time threshold may be 3 minutes, 4 minutes, or 5 minutes.
第一身份信息中的用户信息包括第一终端对应的用户的用户账号信息,业务处理请求中的业务信息包括第二终端对应的用户的用户账号信息和转移数值。在鉴权通过后,服务器该业务信息所指示的业务的过程可以为:The user information in the first identity information includes the user account information of the user corresponding to the first terminal, and the service information in the service processing request includes the user account information and the transfer value of the user corresponding to the second terminal. After the authentication is passed, the process of the service indicated by the service information of the server may be:
服务器根据第一终端对应的用户的用户账号信息和第二终端对应的用户账号信息,分别获取第一终端对应的用户的用户账户包括的第一资源数值和第二终端对应的用户的用户账户包括的第二资源数值,从第一资源数值中减去该转移数值以及将该转移数值加到第二资源数值上。其中,在交易场景下,第一资源数值和第二资源数值都为金额,转移数值为交易金额,即实现从第一终端对应的用户的用户账户中将该交易金额转移到第二终端对应的用户的用户账户中。The server obtains, according to the user account information of the user corresponding to the first terminal and the user account information corresponding to the second terminal, the first resource value included in the user account of the user corresponding to the first terminal, and the user account of the user corresponding to the second terminal, respectively. The second resource value is obtained by subtracting the transfer value from the first resource value and adding the transfer value to the second resource value. In the transaction scenario, the first resource value and the second resource value are both the amount, and the transfer value is the transaction amount, that is, the transaction amount is transferred from the user account of the user corresponding to the first terminal to the second terminal. In the user's user account.
本发明实施例通过在终端预置相应的诸如数字证书、动态令牌等标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting a corresponding tag generating module, such as a digital certificate, a dynamic token, and the like, and completes the interaction and processing between the terminals of the two parties by using the method steps of the embodiment of the present invention. The processing of the corresponding business satisfies the requirements of user automation and intelligence, and does not require additional hardware products such as a secret security card or U shield, which saves the overhead and ensures that the user does not carry or lose the security card or Unable to pay for hardware products such as U-Shield.
再请参见图4,是本发明实施例的完成业务处理方法的交互流程示意图,本发明实施例以对订单业务进行处理为了来对业务处理方法进行说明,其中的支付终端对应为上述的第一终端,收款终端对应为上述的第二终端,服务器用于完成身份验证以及针对订单的交易处理。具体的,所述方法包括:FIG. 4 is a schematic diagram of an interaction process of a method for processing a service according to an embodiment of the present invention. The embodiment of the present invention processes the order service in order to describe the service processing method, where the payment terminal corresponds to the first The terminal, the payment terminal corresponds to the second terminal described above, and the server is used to complete identity verification and transaction processing for the order. Specifically, the method includes:
S1:支付终端向服务器发送验证请求,该验证请求用于请求服务器分配数字证书,以便于支付终端设置得到标记生成模块。S1: The payment terminal sends an authentication request to the server, where the verification request is used to request the server to allocate a digital certificate, so that the payment terminal sets the tag generation module.
S2:服务器响应验证请求,返回数字证书的安装数据包。服务器具体在对验证请求中携带的用户信息验证通过后,向支付终端下发该数字证书的安装包。S2: The server responds to the verification request and returns an installation package of the digital certificate. After verifying the user information carried in the verification request, the server sends the installation package of the digital certificate to the payment terminal.
S3:支付终端安装数字证书的安装数据包,得到标记生成模块。S3: The payment terminal installs the installation data packet of the digital certificate, and obtains a mark generation module.
S4:支付终端在检测到业务发起操作时,获取用户信息,并通过标记生成模块生成数字签名。S4: When detecting the service initiation operation, the payment terminal acquires the user information, and generates a digital signature by using the mark generation module.
S5:支付终端显示用于表示用户信息和数字签名的二维码。 S5: The payment terminal displays a two-dimensional code for indicating user information and a digital signature.
S6:收款终端扫描二维码,得到第一身份信息。S6: The payment terminal scans the two-dimensional code to obtain the first identity information.
S7:收款终端根据第一身份信息获取业务信息。S7: The payment terminal acquires service information according to the first identity information.
S8:收款终端根据第一身份信息和获取的业务信息,得到业务处理请求发送给服务器。S8: The payment terminal sends a service processing request to the server according to the first identity information and the obtained service information.
S9:服务器对业务处理请求中的第一身份信息进行鉴权。服务器还可以对收款终端对应的用户进行鉴权。S9: The server authenticates the first identity information in the service processing request. The server can also authenticate the user corresponding to the payment terminal.
S10:服务器在鉴权通过后,根据所述业务处理请求中的业务信息发起业务处理流程。S10: After the server passes the authentication, the server initiates a service processing process according to the service information in the service processing request.
本发明实施例通过在终端预置相应的数字证书等标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user identifier by using a label generation module such as a corresponding digital certificate in the terminal, and performs the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention to complete the processing of the corresponding service. It satisfies the needs of user automation and intelligence, and does not require additional hardware products such as security cards or U-Shields, which saves overhead and ensures that users do not carry or lose hardware products such as security cards or U-Shields. The resulting unpaid problem.
再请参见图5,是本发明实施例的又一种业务处理方法的流程示意图,本发明实施例的所述方法可应用在诸如付款终端等业务发起终端中,具体的,所述方法包括:Referring to FIG. 5, it is a schematic flowchart of another service processing method according to an embodiment of the present invention. The method in the embodiment of the present invention may be applied to a service originating terminal, such as a payment terminal. Specifically, the method includes:
S401:第一终端获取第一身份信息。S401: The first terminal acquires the first identity information.
其中,第一身份信息包括第一终端的用户信息和用于标记所述用户信息的用户标记,第一终端获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记。所述第一终端获取的用户信息包括:所述第一终端的终端标识和/或用户账号。生成包括所述用户信息和用户标记的用户身份信息。或者,第一终端获取用户信息,向服务器发送所述用户信息,使所述服务器生成用于标记所述用户信息的用户标记,接收所述服务器发送的用户标记,得到包括所述用户信息和所述用户标记的第一身份信息。The first identity information includes user information of the first terminal and a user identifier for marking the user information, the first terminal acquires user information, and invokes a preset tag generation module to generate a user for marking the user information. mark. The user information acquired by the first terminal includes: a terminal identifier of the first terminal and/or a user account. User identity information including the user information and user tags is generated. Or the first terminal acquires the user information, sends the user information to the server, causes the server to generate a user identifier for marking the user information, and receives the user identifier sent by the server, to obtain the user information and the location. The first identity information of the user tag.
所述标记生成模块在第一终端中预先被安装配置,其具体可以基于数字证书、动态令牌或其他一些能够对第一终端对应用户的进行唯一身份认证标记的应用得到。在需要对其进行验证的服务器中,也同时绑定了该第一终端的用户信息以及与该第一终端中的标记生成模块匹配的标记生成模块,服务器可以通过该匹配的标记生成模块对所述第一终端的用户标记进行验证。 The tag generating module is pre-installed and configured in the first terminal, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the corresponding user of the first terminal. In the server that needs to be verified, the user information of the first terminal and the tag generation module matching the tag generation module in the first terminal are also bound, and the server can use the matched tag generation module to The user tag of the first terminal is verified.
所述第一终端的用户包括业务请求的用户,例如购买服务或者商品的付款方用户等,所述第二终端的用户为业务提供用户,例如各种商家。The user of the first terminal includes a user who requests a service, such as a paying party user who purchases a service or an item, and the user of the second terminal provides a user for a service, such as various merchants.
S402:将生成的第一身份信息通知给第二终端,以便第二终端获取与用户的业务信息以及请求服务器处理所述业务信息所指示的业务。S402: Notifying the generated first identity information to the second terminal, so that the second terminal acquires the service information of the user and the service indicated by the request server to process the service information.
其中,所述将生成的用户身份信息通知给第二终端包括:根据所述用户身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述用户身份信息。The notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
第一终端在得到第一身份信息后,也可以对该第一身份信息进行加密,并将加密后的信息通过有线或无线发送给第二终端,或者第一终端将第一身份信息进行编码处理,得到表示第一身份信息的语音信号等信息,以便于通知给第二终端。After obtaining the first identity information, the first terminal may also encrypt the first identity information, and send the encrypted information to the second terminal by wire or wireless, or the first terminal encodes the first identity information. And obtaining information such as a voice signal indicating the first identity information, so as to be notified to the second terminal.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
再请参见图6,是本发明实施例的再一种业务处理方法的流程示意图,本发明实施例的所述方法可应用在诸如收款终端等业务提供终端中,具体的,所述方法包括:Referring to FIG. 6 , it is a schematic flowchart of a service processing method according to an embodiment of the present invention. The method in the embodiment of the present invention may be applied to a service providing terminal, such as a payment terminal. Specifically, the method includes :
S501:第二终端从第一终端中读取第一身份信息。S501: The second terminal reads the first identity information from the first terminal.
其中,所述第一身份信息包括所述第一终端的用户信息和用于标记所述用户信息的用户标记。第一终端中生成第一身份信息的方式可参考上述图1至图5对应实施例的描述。所述第二终端可以对应地通过扫描读取图形码、或者接收语音信息并解析得到数据、或者通过有线或无线接收加密的数据。The first identity information includes user information of the first terminal and a user tag used to mark the user information. For the manner of generating the first identity information in the first terminal, refer to the description of the corresponding embodiment of FIG. 1 to FIG. 5 above. The second terminal may correspondingly scan the graphic code, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly.
S502:获取与所述第一身份信息中用户信息对应的业务信息,并生成包括所述第一身份信息和所述业务信息的业务处理请求;S502: Acquire service information corresponding to the user information in the first identity information, and generate a service processing request that includes the first identity information and the service information.
得到第一身份信息后,可以保留原始的第一身份信息,并不用解密或提取其中的任何信息,由第二终端的用户直接提取并录入与第一终端的用户相关的业务信息,例如,第二终端的用户可以通过显示的人机界面,提取并录入与第 一终端的用户进行交易的订单信息等;第二终端也可以对第一身份信息进行处理,提取其中的第一终端的用户信息,然后基于该用户信息自动查找对应的诸如订单等业务信息。After obtaining the first identity information, the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal directly extracts and enters the service information related to the user of the first terminal, for example, The user of the second terminal can extract and enter the data through the displayed human-machine interface. The second terminal can also process the first identity information, extract the user information of the first terminal, and then automatically search for corresponding service information such as an order based on the user information.
S503:将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权,在鉴权通过后处理所述业务信息所指示的业务。S503: Send the service processing request to the server, so that the server authenticates the first identity information, and processes the service indicated by the service information after the authentication is passed.
在读取得到所述第一身份信息和所述业务信息后,所述第二终端生成业务处理请求,以请求相关的服务器基于第一身份信息对所述业务信息进行业务处理。在S502中生成业务处理请求时,还可以加入根据第二终端用户对应的诸如商家信息等用户信息得到的标记第二终端用户的第二身份信息一同发送给相关的服务器。After the first identity information and the service information are obtained, the second terminal generates a service processing request to request the related server to perform service processing on the service information based on the first identity information. When the service processing request is generated in S502, the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user may be added to the related server.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
下面对本发明实施例的业务处理装置及系统进行详细描述。The service processing apparatus and system of the embodiments of the present invention are described in detail below.
请参见图7,是本发明实施例的一种业务处理系统的结构示意图,本发明实施例的所述系统包括:第一终端1、服务器3以及第二终端2,其中,所述第一终端1的用户包括业务请求的用户,例如购买服务或者商品的付款方用户等,所述第二终端2的用户为业务提供用户,例如各种商家。具体的:FIG. 7 is a schematic structural diagram of a service processing system according to an embodiment of the present invention. The system according to the embodiment of the present invention includes: a first terminal 1, a server 3, and a second terminal 2, wherein the first terminal The user of 1 includes a user who requests a service, such as a paying party user who purchases a service or an item, etc., and the user of the second terminal 2 provides a user for a service, such as various merchants. specific:
所述第一终端1,用于获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记,得到包括所述用户信息和用户标记的第一身份信息;The first terminal 1 is configured to acquire user information, and invoke a preset tag generation module to generate a user tag for marking the user information, to obtain first identity information including the user information and the user tag.
所述第二终端2,用于从所述第一终端1中读取所述第一身份信息,并获取与所述第一身份信息中用户信息对应的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal 2 is configured to read the first identity information from the first terminal 1 and obtain service information corresponding to the user information in the first identity information, to generate the first identity. Information and business processing requests for the business information;
所述服务器3,用于在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息包括的用户标记和所述用户信息进行鉴权,并在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。 The server 3 is configured to: after receiving the service processing request, perform authentication on the user identifier and the user information included in the first identity information in the service processing request, and after the authentication is passed, process The service processes the service indicated by the service information in the request.
所述标记生成模块在第一终端1中预先被安装配置,其具体可以基于数字证书、动态令牌或其他一些能够对第一终端1对应用户的进行唯一身份认证标记的应用得到。在需要对其进行验证的服务器3中,也同时绑定了该第一终端1的用户信息以及与该第一终端1中的标记生成模块匹配的标记生成模块,服务器3可以通过该匹配的标记生成模块对所述第一终端1的用户标记进行验证。The tag generation module is pre-installed and configured in the first terminal 1, which may be specifically obtained based on a digital certificate, a dynamic token or some other application capable of uniquely authenticating the corresponding user of the first terminal 1. In the server 3 that needs to be authenticated, the user information of the first terminal 1 and the tag generation module matching the tag generation module in the first terminal 1 are also bound, and the server 3 can pass the matching tag. The generating module verifies the user tag of the first terminal 1.
第一终端1在得到第一身份信息后,可以对该第一身份信息进行加密,并将加密后的信息通过有线或无线发送给第二终端2,或者第一终端1将第一身份信息进行编码处理,得到表示第一身份信息的图形码、语音信号等信息,以便于通知给第二终端2。After obtaining the first identity information, the first terminal 1 may encrypt the first identity information, and send the encrypted information to the second terminal 2 by wire or wirelessly, or the first terminal 1 performs the first identity information. The encoding process obtains information such as a graphic code, a voice signal, and the like indicating the first identity information, so as to be notified to the second terminal 2.
所述第二终端2可以对应地通过扫描读取图形码、或者接收语音信息并解析得到数据、或者通过有线或无线接收加密的数据。得到第一身份信息后,可以保留原始的第一身份信息,并不用解密或提取其中的任何信息,由第二终端2的用户直接提取并录入与第一终端1的用户相关的业务信息,例如,第二终端2的用户可以通过显示的人机界面,提取并录入与第一终端1的用户进行交易的订单信息等;第二终端2也可以对第一身份信息进行处理,提取其中的第一终端1的用户信息,然后基于该用户信息自动查找对应的诸如订单等业务信息。The second terminal 2 can correspondingly read the graphic code by scanning, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly. After obtaining the first identity information, the original first identity information may be retained, and without decrypting or extracting any information therein, the user of the second terminal 2 directly extracts and enters the service information related to the user of the first terminal 1, for example, The user of the second terminal 2 can extract and input the order information and the transaction with the user of the first terminal 1 through the displayed human-machine interface; the second terminal 2 can also process the first identity information, and extract the first The user information of the terminal 1 is then automatically searched for corresponding business information such as an order based on the user information.
在读取得到所述第一身份信息和所述业务信息后,所述第二终端2生成业务处理请求,以请求相关的服务器3基于第一身份信息对所述业务信息进行业务处理。在生成业务处理请求时,还可以加入根据第二终端2用户对应的诸如商家信息等用户信息得到的用于标记第二终端2用户的第二身份信息一同发送给相关的服务器3。After the first identity information and the service information are obtained, the second terminal 2 generates a service processing request to request the related server 3 to perform service processing on the service information based on the first identity information. When the service processing request is generated, the second identity information for marking the second terminal 2 user obtained according to the user information corresponding to the second terminal 2 user, such as the merchant information, may be added to the related server 3.
所述服务器3在接收到商家等业务提供用户的业务处理请求后,提取所述业务处理请求中的第一身份信息和业务信息,然后再对第一身份信息中的用户标记进行验证。After receiving the service processing request of the service providing user such as a merchant, the server 3 extracts the first identity information and the service information in the service processing request, and then verifies the user identifier in the first identity information.
具体的,若所述用户标记是第一终端1通过数字证书进行的数字签名,则服务器3可以基于现有的关于数字证书验证的方式来对第一身份信息进行验证,服务器3通过与所述第一身份信息中的用户信息绑定的数字证书,对相应 的用户标记进行关于信息完整性的验证,验证通过后,再对其中的终端信息、用户账户信息等用户信息进行验证,验证通过,则对第一终端1的第一身份信息鉴权通过。Specifically, if the user identifier is a digital signature performed by the first terminal 1 by using a digital certificate, the server 3 may verify the first identity information based on an existing manner about digital certificate verification, and the server 3 passes the The digital certificate bound to the user information in the first identity information, corresponding to The user tag performs verification on the integrity of the information. After the verification is passed, the user information such as the terminal information and the user account information is verified. After the verification is passed, the first identity information of the first terminal 1 is authenticated.
而如果所述用户标记是第一终端1通过动态令牌生成的,则所述服务器3可以根据该用户标记的具体令牌值(例如指定时段的数字),然后根据服务器3中与该第一身份信息中对应的用户信息绑定的动态令牌,得到相应的令牌值,通过两者比较来对用户标记进行验证,并在验证通过后,再对其中的终端信息、用户账户信息等用户信息进行验证,验证通过,则对所述第一终端1的第一身份信息鉴权通过。And if the user tag is generated by the first terminal 1 by using a dynamic token, the server 3 may be based on a specific token value of the user tag (for example, a number of a specified time period), and then according to the server 3 and the first The dynamic token bound to the corresponding user information in the identity information obtains the corresponding token value, and the user token is verified by comparing the two, and after the verification is passed, the user such as the terminal information and the user account information is verified. After the information is verified, if the verification is passed, the first identity information of the first terminal 1 is authenticated.
若业务处理请求中还包括第二终端2的第二身份信息,则服务器3还需要对该第二身份信息进行验证,具体的验证方式也可以基于对于的数字证书或者动态令牌等方式完成验证。If the service processing request further includes the second identity information of the second terminal 2, the server 3 also needs to verify the second identity information, and the specific verification mode may also be verified based on the digital certificate or the dynamic token. .
服务器3在对第一身份信息,或者第一身份信息和第二身份信息验证通过后,即根据订单等业务信息发起业务处理流程完成对业务信息的处理,例如,根据订单发起对第一身份信息中用户信息进行支付的流程,通过与第一身份信息中用户信息对应的用户以及相关的支付服务器、银行服务器进行信息交互,完成交易支付等流程。After verifying the first identity information, or the first identity information and the second identity information, the server 3 initiates a service processing process according to the service information such as the order to complete the processing of the service information, for example, initiating the first identity information according to the order. The process of payment by the user information is performed by the user corresponding to the user information in the first identity information and the related payment server and the bank server, and the transaction payment process is completed.
具体可选的,所述第一终端1,还用于提交包括用户信息的验证请求;Specifically, the first terminal 1 is further configured to submit a verification request including user information.
所述服务器3,还用于接收到所述验证请求后,获取用于生成用户标记的标记生成模块,并绑定存储所述用户信息和得到的标记生成模块;The server 3 is further configured to: after receiving the verification request, acquire a mark generation module for generating a user identifier, and bind the storage of the user information and the obtained mark generation module;
所述服务器3,还用于将所述获取的标记生成模块对应的用于生成用户标记的安装数据包发送给所述第一终端1;The server 3 is further configured to send the installation data packet for generating the user tag corresponding to the acquired tag generation module to the first terminal 1;
所述第一终端1,还用于在接收到所述用于生成用户标记的安装数据包后,根据所述用于生成用户标记的安装数据包预置得到标记生成模块;The first terminal 1 is further configured to: after receiving the installation data packet for generating a user tag, preset a tag generation module according to the installation data package for generating a user tag;
其中,所述根据所述用于生成用户标记的安装数据包预置得到标记生成模块包括:数字证书模块和/或动态令牌生成模块。The tag generation module according to the installation data package preset for generating a user tag includes: a digital certificate module and/or a dynamic token generation module.
第一终端1可以提交包括用户账号信息、终端信息、以及其他一些可以标记该用户的用户信息,请求服务器3为第一终端1分配相应的数字证书、动态令牌等以获取用于生成用户标记的安装数据包生成标记生成模块。 The first terminal 1 may submit user account information, terminal information, and other user information that can mark the user, and request the server 3 to allocate a corresponding digital certificate, dynamic token, etc. to the first terminal 1 to obtain a user token for generating. The installation package generates a tag generation module.
服务器3对用户提交的用户信息进行验证,具体包括用户密码验证等,在验证通过后,为第一终端1获取用于生成用户标记的安装数据包,服务器3执行该安装数据包得到服务器3侧的数字证书模块、动态令牌模块等标记生成模块,并将该安装数据包下发给所述第一终端1。The server 3 verifies the user information submitted by the user, and specifically includes the user password verification. After the verification is passed, the installation data packet for generating the user token is obtained for the first terminal 1, and the server 3 executes the installation data packet to obtain the server 3 side. The tag generation module of the digital certificate module, the dynamic token module, and the like, and the installation data packet is sent to the first terminal 1.
所述第一终端1接收到数字证书、动态令牌等安装数据包后,基于该安装数据包安装得到标记生成模块,完成标记生成模块的预置。After receiving the installation data packet such as the digital certificate and the dynamic token, the first terminal 1 installs the mark generation module based on the installation data package, and completes the preset of the mark generation module.
所述第二终端2也可以基于相同的操作流程,申请对应的数字证书模块或者动态令牌模块,从而在需要时也能够实现对第二终端2的第二身份信息完成鉴权认证。The second terminal 2 can also apply for a corresponding digital certificate module or a dynamic token module based on the same operation procedure, so that the second identity information of the second terminal 2 can be authenticated and authenticated when needed.
进一步可选地,所述第一终端1,具体用于当包括数字证书模块时,调用预置的标记生成模块生成用于标记所述用户信息的数字签名信息作为用户标记;当包括动态令牌生成模块时,调用预置的标记生成模块生成用于标记所述用户信息的当前时间对应的令牌信息作为用户标记。Further optionally, the first terminal 1 is specifically configured to: when the digital certificate module is included, invoke a preset tag generation module to generate digital signature information for marking the user information as a user tag; when the dynamic token is included When the module is generated, the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
进一步可选地,所述第一终端1,还用于在所述第一身份信息中添加时间戳,并根据所述添加了时间戳的第一身份信息生成图形码,以便于所述第二终端2通过扫描图形码从所述第一终端1中读取所述第一身份信息。Further optionally, the first terminal 1 is further configured to add a timestamp to the first identity information, and generate a graphic code according to the first identity information added with a timestamp, so as to facilitate the second terminal. The terminal 2 reads the first identity information from the first terminal 1 by scanning a graphic code.
进一步可选地,所述第二终端2,具体用于从所述第一终端1中读取所述第一身份信息,并获取所述第一身份信息中的用户信息,查找与所述用户信息对应的业务信息,所述业务信息包括该用户信息对应的订单信息;获取用于标识所述第二终端2用户身份的第二身份信息;生成业务处理请求,所述业务处理请求包括所述第一身份信息和所述业务信息,还包括所述第二身份信息。Further, the second terminal 2 is specifically configured to read the first identity information from the first terminal 1 and obtain user information in the first identity information, and search for the user. The service information corresponding to the information, the service information includes the order information corresponding to the user information, the second identity information used to identify the identity of the second terminal 2 user, and the service processing request, where the service processing request includes the The first identity information and the service information further include the second identity information.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
参见图7,本发明实施例提供的一种业务处理系统,包括:第一终端1、第二终端2和服务器3,其中,Referring to FIG. 7, a service processing system according to an embodiment of the present invention includes: a first terminal 1, a second terminal 2, and a server 3, where
所述第一终端1,用于获取第一身份信息; The first terminal 1 is configured to acquire first identity information.
所述第二终端2,用于从所述第一终端1中读取所述第一身份信息,获取用户信息的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal 2 is configured to read the first identity information from the first terminal 1, obtain service information of user information, and generate a service processing request including the first identity information and the service information. ;
所述服务器3,用于在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。The server 3 is configured to: after receiving the service processing request, perform authentication on the first identity information in the service processing request, and after the authentication is passed, process the service information in the service processing request Business.
进一步地,所述第一终端1,还用于向所述服务器提交包括用户信息的验证请求;Further, the first terminal 1 is further configured to submit, to the server, a verification request including user information;
所述服务器3,还用于接收到所述验证请求后,根据所述用户信息控制所述第一终端获取用户标记。The server 3 is further configured to: after receiving the verification request, control the first terminal to acquire a user identifier according to the user information.
可选的,所述服务器3,用于获取用于生成用户标记的标记生成模块,并绑定存储所述用户信息和得到的标记生成模块;Optionally, the server 3 is configured to acquire a mark generation module for generating a user identifier, and bind the storage of the user information and the obtained mark generation module;
所述服务器3,还用于将所述获取的标记生成模块对应的用于生成用户标记的安装数据包发送给所述第一终端;The server 3 is further configured to send, to the first terminal, an installation data packet for generating a user tag corresponding to the acquired tag generation module;
所述第一终端1,还用于在接收到所述用于生成用户标记的安装数据包后,根据所述用于生成用户标记的安装数据包预置得到标记生成模块;The first terminal 1 is further configured to: after receiving the installation data packet for generating a user tag, preset a tag generation module according to the installation data package for generating a user tag;
当所述标记生成模块为数字证书模块时,调用预置的标记生成模块生成用于标记所述用户信息的数字签名信息作为用户标记;When the tag generating module is a digital certificate module, calling a preset tag generating module to generate digital signature information for marking the user information as a user tag;
当所述标记生成模块为动态令牌生成模块时,调用预置的标记生成模块生成用于标记所述用户信息的当前时间对应的令牌信息作为用户标记。When the tag generation module is a dynamic token generation module, the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
可选的,所述服务器3,用于通过预设的处理算法对所述用户信息进行处理得到用户标记,发送所述用户标记给所述第一终端。Optionally, the server 3 is configured to process the user information by using a preset processing algorithm to obtain a user identifier, and send the user identifier to the first terminal.
进一步地,所述服务器3,还用于获取所述第一终端在获取到所述第一身份信息时的第一时间戳以及当前的第二时间戳,根据所述第一时间戳和所述第二时间戳确定出所述第一身份信息有效时,执行所述对所述业务处理请求中的第一身份信息进行鉴权的操作。Further, the server 3 is further configured to acquire a first timestamp when the first terminal acquires the first identity information, and a current second timestamp, according to the first timestamp and the When the second timestamp determines that the first identity information is valid, performing the operation of authenticating the first identity information in the service processing request.
本发明实施例提供了一种终端,包括包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令: Embodiments of the present invention provide a terminal, including a memory, and one or more programs, wherein one or more programs are stored in a memory and configured to execute the one or one by one or more processors The above program contains instructions for performing the following methods:
获取第一身份信息;Obtaining the first identity information;
将第一身份信息通知给第二终端,使所述第二终端获取用户的业务信息并请求服务器处理所述业务信息所指示的业务;Notifying the second terminal to the second terminal, so that the second terminal acquires service information of the user and requests the server to process the service indicated by the service information;
其中,所述将所述第一身份信息通知给第二终端包括:根据所述第一身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述第一身份信息。The notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
参见图8,本发明实施例提供了一种终端,包括处理器31和发送器32:Referring to FIG. 8, an embodiment of the present invention provides a terminal, including a processor 31 and a transmitter 32:
所述处理器31,用于从第一终端中读取第一身份信息;获取与用户的业务信息,并生成包括所述第一身份信息和所述业务信息的业务处理请求;The processor 31 is configured to read first identity information from the first terminal, acquire service information with the user, and generate a service processing request that includes the first identity information and the service information;
所述发送器32,用于将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权并在鉴权通过后处理所述业务信息所指示的业务。The sender 32 is configured to send the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
再请参见图9,是本发明实施例的一种业务处理装置的结构示意图,本发明实施例的所述业务处理装置可以为上述的第一终端1,具体的,所述装置包括:FIG. 9 is a schematic structural diagram of a service processing apparatus according to an embodiment of the present invention. The service processing apparatus in the embodiment of the present invention may be the foregoing first terminal 1. Specifically, the apparatus includes:
获取模块11,用于获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记;The obtaining module 11 is configured to acquire user information, and invoke a preset tag generating module to generate a user tag for marking the user information;
生成模块12,用于生成包括所述用户信息和用户标记的用户身份信息;a generating module 12, configured to generate user identity information including the user information and a user tag;
通知模块13,用于将生成的用户身份信息通知给第二终端;The notification module 13 is configured to notify the generated terminal identity information to the second terminal;
其中,所述将生成的用户身份信息通知给第二终端包括:根据所述用户身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述用户身份信息。The notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
所述获取模块11调用的标记生成模块为预先被安装配置的,其具体可以基于数字证书、动态令牌或其他一些能够对第一终端对应用户的进行唯一身份认证标记的应用得到。在需要对其进行验证的服务器中,也同时绑定了该第一终端的用户信息以及与该第一终端中的标记生成模块匹配的标记生成模块,服务器可以通过该匹配的标记生成模块对所述第一终端的用户标记进行验证。The tag generation module invoked by the obtaining module 11 is configured to be pre-installed, and may be specifically obtained based on a digital certificate, a dynamic token, or some other application capable of uniquely authenticating the corresponding user of the first terminal. In the server that needs to be verified, the user information of the first terminal and the tag generation module matching the tag generation module in the first terminal are also bound, and the server can use the matched tag generation module to The user tag of the first terminal is verified.
在所述生成模块12得到用户身份信息(即上述的第一身份信息)后,也可以对该用户身份信息进行加密,并将加密后的信息通过有线或无线发送给第二终端,或者将用户身份信息进行编码处理,得到表示用户身份信息的语音信号或图形码等信息,以便于通知给第二终端。 After the generating module 12 obtains the user identity information (that is, the first identity information described above), the user identity information may be encrypted, and the encrypted information is sent to the second terminal by wire or wirelessly, or the user is The identity information is encoded to obtain information such as a voice signal or a graphic code indicating the identity information of the user, so as to be notified to the second terminal.
具体请参见图10,是本发明实施例的一种用户终端的结构示意图,本发明实施例的所述用户终端包括:至少一个处理器1001,例如CPU,至少一个通信总线1002,至少一个网络接口1003,存储器1004。其中,通信总线1002用于实现这些组件之间的连接通信。其中,所述网络接口1003可选的可以包括标准的有线接口、无线接口(如WI-FI、移动通信接口等)。所述存储器1004可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。所述存储器1004可选的还可以是至少一个位于远离前述处理器1001的存储装置。如图10所示,作为一种计算机存储介质的存储器1004中存储有操作系统、网络通信模块,并存储有业务处理程序以及其他程序。FIG. 10 is a schematic structural diagram of a user terminal according to an embodiment of the present invention. The user terminal according to the embodiment of the present invention includes: at least one processor 1001, such as a CPU, at least one communication bus 1002, and at least one network interface. 1003, memory 1004. Among them, the communication bus 1002 is used to implement connection communication between these components. The network interface 1003 may optionally include a standard wired interface, a wireless interface (such as WI-FI, a mobile communication interface, etc.). The memory 1004 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 1004 can also optionally be at least one storage device located away from the processor 1001. As shown in FIG. 10, an operating system and a network communication module are stored in a memory 1004 as a computer storage medium, and a business processing program and other programs are stored.
其中具体的,所述处理器1001可以用于调用所述存储器1004中存储的业务处理程序,执行以下步骤:Specifically, the processor 1001 may be configured to invoke a service processing program stored in the memory 1004, and perform the following steps:
获取用户信息,并调用预置的标记生成模块生成用于标记所述用户信息的用户标记;Obtaining user information, and calling a preset tag generation module to generate a user tag for marking the user information;
生成包括所述用户信息和用户标记的用户身份信息;Generating user identity information including the user information and the user tag;
将生成的用户身份信息通知给第二终端;Notifying the generated user identity information to the second terminal;
其中,所述将生成的用户身份信息通知给第二终端包括:根据所述用户身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述用户身份信息。The notifying the generated user identity information to the second terminal includes: generating a graphic code according to the user identity information, so that the second terminal reads the user identity information by scanning the graphic code.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
再请参见图11,是本发明实施例的另一种业务处理装置的结构示意图,本发明实施例的所述装置可应用于上述的第二终端2中,具体的,所述装置包括:FIG. 11 is a schematic structural diagram of another service processing apparatus according to an embodiment of the present invention. The apparatus according to the embodiment of the present invention may be applied to the foregoing second terminal 2. Specifically, the apparatus includes:
读取模块21,用于从所述第一终端中读取所述用户身份信息;The reading module 21 is configured to read the user identity information from the first terminal;
请求模块22,用于获取与所述用户身份信息中用户信息对应的业务信息,并生成包括所述用户身份信息和所述业务信息的业务处理请求; The requesting module 22 is configured to obtain service information corresponding to user information in the user identity information, and generate a service processing request including the user identity information and the service information;
发送模块23,用于将所述业务处理请求发送给服务器。The sending module 23 is configured to send the service processing request to the server.
所述读取模块21可以对应地通过扫描读取图形码、或者接收语音信息并解析得到数据、或者通过有线或无线接收加密的数据。The reading module 21 can correspondingly read the graphic code by scanning, or receive the voice information and parse the data, or receive the encrypted data by wire or wirelessly.
在所述读取模块21得到用户身份信息(即上述的第一身份信息)后,可以保留原始的用户身份信息,并不用解密或提取其中的任何信息,由第二终端的用户直接提取并录入与用户终端的用户相关的业务信息,例如,第二终端的用户可以通过显示的人机界面,提取并录入与第一终端的用户进行交易的订单信息等;第二终端也可以对用户身份信息进行处理,提取其中的第一终端的用户信息,然后基于该用户信息自动查找对应的诸如订单等业务信息。After the reading module 21 obtains the user identity information (ie, the first identity information described above), the original user identity information may be retained, and no information is decrypted or extracted, and the user of the second terminal directly extracts and enters the information. The service information related to the user of the user terminal, for example, the user of the second terminal can extract and input the order information of the transaction with the user of the first terminal through the displayed human-machine interface; the second terminal can also identify the user identity information. Processing is performed to extract user information of the first terminal therein, and then automatically search for corresponding business information such as an order based on the user information.
在所述读取模块21读取得到所述用户身份信息和所述业务信息后,所述第二终端生成业务处理请求,以请求相关的服务器基于第一身份信息对所述业务信息进行业务处理。所述请求模块22生成业务处理请求时,还可以加入根据第二终端用户对应的诸如商家信息等用户信息得到的标记第二终端用户的第二身份信息一同发送给相关的服务器。After the reading module 21 reads the user identity information and the service information, the second terminal generates a service processing request to request the related server to perform service processing on the service information based on the first identity information. . When the requesting module 22 generates the service processing request, the requesting module 22 may further add the second identity information of the second terminal user that is obtained according to the user information, such as the merchant information, corresponding to the second terminal user, to the related server.
具体请参见图12,是本发明实施例的一种用户终端的结构示意图,本发明实施例的所述用户终端包括:至少一个处理器2001,例如CPU,至少一个通信总线2002,至少一个网络接口2003,存储器2004。其中,通信总线2002用于实现这些组件之间的连接通信。其中,所述网络接口2003可选的可以包括标准的有线接口、无线接口(如WI-FI、移动通信接口等)。所述存储器2004可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。所述存储器2004可选的还可以是至少一个位于远离前述处理器2001的存储装置。如图8所示,作为一种计算机存储介质的存储器2004中存储有操作系统、网络通信模块,并存储有业务处理程序以及其他程序。FIG. 12 is a schematic structural diagram of a user terminal according to an embodiment of the present invention. The user terminal according to the embodiment of the present invention includes: at least one processor 2001, such as a CPU, at least one communication bus 2002, and at least one network interface. 2003, memory 2004. Among them, the communication bus 2002 is used to implement connection communication between these components. The network interface 2003 may optionally include a standard wired interface, a wireless interface (such as WI-FI, a mobile communication interface, etc.). The memory 2004 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 2004 can optionally also be at least one storage device located remotely from the processor 2001. As shown in FIG. 8, a memory 2004 as a computer storage medium stores an operating system, a network communication module, and stores a business processing program and other programs.
其中具体的,所述处理器2001可以用于调用所述存储器2004中存储的业务处理程序,执行以下步骤:Specifically, the processor 2001 can be used to invoke a service processing program stored in the memory 2004, and perform the following steps:
从所述第一终端中读取所述第一身份信息;Reading the first identity information from the first terminal;
获取与所述第一身份信息中用户信息对应的业务信息,并生成包括所述第一身份信息和所述业务信息的业务处理请求; Obtaining service information corresponding to the user information in the first identity information, and generating a service processing request including the first identity information and the service information;
将所述业务处理请求发送给服务器。The service processing request is sent to the server.
本发明实施例通过在终端预置相应的标记生成模块生成用户标记,并且通过本发明实施例的方法步骤,完成业务双方的终端之间的交互以及处理,完成对相应业务的处理,满足了用户自动化、智能化的需求,并且不需要额外的加入密保卡或者U盾等硬件产品,节省了开销,也保证了用户不会因为没有携带或者丢失密保卡或者U盾等硬件产品导致的无法支付的问题。The embodiment of the present invention generates a user tag by presetting the corresponding tag generating module in the terminal, and completes the interaction and processing between the terminals of the two parties through the method steps of the embodiment of the present invention, completes the processing of the corresponding service, and satisfies the user. Automated, intelligent requirements, and no need to add additional security products such as security card or U shield, saving overhead, and ensuring that users will not be unable to carry or lose hardware products such as security cards or U shields. The problem of payment.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the foregoing embodiments can be completed by a computer program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, the flow of an embodiment of the methods as described above may be included. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明较佳实施例而已,当然不能以此来限定本发明之权利范围,因此依本发明权利要求所作的等同变化,仍属本发明所涵盖的范围。 The above is only the preferred embodiment of the present invention, and the scope of the present invention is not limited thereto, and thus equivalent changes made in the claims of the present invention are still within the scope of the present invention.

Claims (16)

  1. 一种业务处理方法,其特征在于,包括:A service processing method, comprising:
    第一终端获取第一身份信息;The first terminal acquires the first identity information;
    第二终端从所述第一终端中读取所述第一身份信息,获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal reads the first identity information from the first terminal, acquires service information of the user, and generates a service processing request that includes the first identity information and the service information.
    服务器在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。After receiving the service processing request, the server authenticates the first identity information in the service processing request, and after the authentication is passed, processes the service indicated by the service information in the service processing request.
  2. 如权利要求1所述的方法,其特征在于,所述第一身份信息包括:用户信息和用户标识,所述第一终端获取第一身份信息之前,还包括:The method of claim 1, wherein the first identity information comprises: user information and a user identifier, and before the first terminal obtains the first identity information, the method further includes:
    第一终端向服务器提交包括用户信息的验证请求;The first terminal submits a verification request including user information to the server;
    所述服务器接收到所述验证请求后,根据所述用户信息控制所述第一终端获取用户标记。After receiving the verification request, the server controls the first terminal to acquire a user identifier according to the user information.
  3. 如权利要求2所述的方法,其特征在于,所述根据所述用户信息控制所述第一终端获取用户标记,包括:The method of claim 2, wherein the controlling the first terminal to acquire a user tag according to the user information comprises:
    所述服务器获取用于生成用户标记的标记生成模块,并绑定存储所述用户信息和得到的标记生成模块;将所述获取的标记生成模块对应的用于生成用户标记的安装数据包发送给所述第一终端;The server acquires a tag generation module for generating a user tag, and binds and stores the user information and the obtained tag generation module; and sends an installation data packet for generating the user tag corresponding to the acquired tag generation module to The first terminal;
    所述第一终端在接收到所述用于生成用户标记的安装数据包后,根据所述用于生成用户标记的安装数据包预置得到标记生成模块;After receiving the installation data packet for generating the user identifier, the first terminal presets the label generation module according to the installation data packet used to generate the user identifier;
    当所述标记生成模块为数字证书模块时,调用预置的标记生成模块生成用于标记所述用户信息的数字签名信息作为用户标记;When the tag generating module is a digital certificate module, calling a preset tag generating module to generate digital signature information for marking the user information as a user tag;
    当所述标记生成模块为动态令牌生成模块时,调用预置的标记生成模块生成用于标记所述用户信息的当前时间对应的令牌信息作为用户标记。When the tag generation module is a dynamic token generation module, the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
  4. 如权利要求2所述的方法,其特征在于,所述根据所述用户信息控制所 述第一终端获取用户标记,包括:The method of claim 2, wherein said controlling said location based on said user information The first terminal obtains the user identifier, including:
    所述服务器通过预设的处理算法对所述用户信息进行处理得到用户标记,发送所述用户标记给所述第一终端。The server processes the user information by using a preset processing algorithm to obtain a user identifier, and sends the user identifier to the first terminal.
  5. 如权利要求1所述的方法,其特征在于,所述对所述业务处理请求中的第一身份信息进行鉴权之前,还包括:The method according to claim 1, wherein before the authenticating the first identity information in the service processing request, the method further includes:
    获取所述第一终端在获取到所述第一身份信息时的第一时间戳以及当前的第二时间戳,根据所述第一时间戳和所述第二时间戳确定出所述第一身份信息有效时,执行所述对所述业务处理请求中的第一身份信息进行鉴权的操作。Obtaining a first timestamp when the first terminal acquires the first identity information, and a current second timestamp, and determining the first identity according to the first timestamp and the second timestamp. When the information is valid, performing the operation of authenticating the first identity information in the service processing request.
  6. 一种业务处理方法,其特征在于,包括:A service processing method, comprising:
    第一终端获取第一身份信息;The first terminal acquires the first identity information;
    将所述第一身份信息通知给第二终端,使所述第二终端获取用户的业务信息并请求服务器处理所述业务信息所指示的业务;Notifying the second terminal to the second terminal, so that the second terminal acquires service information of the user and requests the server to process the service indicated by the service information;
    其中,所述将第一身份信息通知给第二终端包括:根据所述第一身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述第一身份信息。The notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning the graphic code.
  7. 一种业务处理方法,其特征在于,包括:A service processing method, comprising:
    第二终端从第一终端中读取第一身份信息;The second terminal reads the first identity information from the first terminal;
    获取用户的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;Obtaining service information of the user, and generating a service processing request including the first identity information and the service information;
    将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权并在鉴权通过后处理所述业务信息所指示的业务。Sending the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
  8. 一种终端,其特征在于,包括存储器,以及一个或者一个以上的程序,其中一个或者一个以上程序存储于存储器中,且经配置以由一个或者一个以上处理器执行所述一个或者一个以上程序包含的用于进行以下方法的指令:A terminal, comprising: a memory, and one or more programs, wherein one or more programs are stored in the memory and configured to execute the one or more programs by one or more processors Instructions for doing the following:
    获取第一身份信息;Obtaining the first identity information;
    将第一身份信息通知给第二终端,使所述第二终端获取用户的业务信息并请求服务器处理所述业务信息所指示的业务; Notifying the second terminal to the second terminal, so that the second terminal acquires service information of the user and requests the server to process the service indicated by the service information;
    其中,所述将所述第一身份信息通知给第二终端包括:根据所述第一身份信息生成图形码,以便所述第二终端通过扫描图形码读取所述第一身份信息。The notifying the first identity information to the second terminal includes: generating a graphic code according to the first identity information, so that the second terminal reads the first identity information by scanning a graphic code.
  9. 一种终端,其特征在于,包括处理器和发送器:A terminal characterized by comprising a processor and a transmitter:
    所述处理器,用于从第一终端中读取第一身份信息;获取与用户的业务信息,并生成包括所述第一身份信息和所述业务信息的业务处理请求;The processor is configured to read first identity information from the first terminal, obtain service information with the user, and generate a service processing request that includes the first identity information and the service information;
    所述发送器,用于将所述业务处理请求发送给服务器,使所述服务器对所述第一身份信息进行鉴权并在鉴权通过后处理所述业务信息所指示的业务。The sender is configured to send the service processing request to the server, so that the server authenticates the first identity information and processes the service indicated by the service information after the authentication is passed.
  10. 一种计算机存储介质,其特征在于,所述计算机存储介质中存储有程序,该程序在执行时,包括如权利要求6所述的方法中的各步骤。A computer storage medium, characterized in that the computer storage medium stores a program, the program comprising, when executed, the steps of the method of claim 6.
  11. 一种计算机存储介质,其特征在于,所述计算机存储介质中存储有程序,该程序在执行时,包括如权利要求7所述的方法中的各步骤。A computer storage medium, characterized in that the computer storage medium stores a program, which, when executed, includes the steps of the method of claim 7.
  12. 一种业务处理系统,其特征在于,包括:第一终端、服务器以及第二终端,其中,A service processing system, comprising: a first terminal, a server, and a second terminal, where
    所述第一终端,用于获取第一身份信息;The first terminal is configured to acquire first identity information.
    所述第二终端,用于从所述第一终端中读取所述第一身份信息,获取用户信息的业务信息,生成包括所述第一身份信息和所述业务信息的业务处理请求;The second terminal is configured to read the first identity information from the first terminal, obtain service information of user information, and generate a service processing request that includes the first identity information and the service information;
    所述服务器,用于在接收到所述业务处理请求后,对所述业务处理请求中的第一身份信息进行鉴权,在鉴权通过后,处理所述业务处理请求中业务信息所指示的业务。The server is configured to: after receiving the service processing request, perform authentication on the first identity information in the service processing request, and after the authentication is passed, process the service information in the service processing request business.
  13. 如权利要求12所述的系统,其特征在于,The system of claim 12 wherein:
    所述第一终端,还用于向所述服务器提交包括用户信息的验证请求;The first terminal is further configured to submit, to the server, a verification request including user information;
    所述服务器,还用于接收到所述验证请求后,根据所述用户信息控制所述第一终端获取用户标记。 The server is further configured to: after receiving the verification request, control, by the user information, the first terminal to acquire a user identifier.
  14. 如权利要求13所述的系统,其特征在于,The system of claim 13 wherein:
    所述服务器,用于获取用于生成用户标记的标记生成模块,并绑定存储所述用户信息和得到的标记生成模块;The server is configured to acquire a mark generation module for generating a user mark, and bind the storage of the user information and the obtained mark generation module;
    所述服务器,还用于将所述获取的标记生成模块对应的用于生成用户标记的安装数据包发送给所述第一终端;The server is further configured to send, to the first terminal, an installation data packet for generating a user tag corresponding to the acquired tag generation module;
    所述第一终端,还用于在接收到所述用于生成用户标记的安装数据包后,根据所述用于生成用户标记的安装数据包预置得到标记生成模块;The first terminal is further configured to: after receiving the installation data packet for generating a user tag, preset a tag generation module according to the installation data package for generating a user tag;
    当所述标记生成模块为数字证书模块时,调用预置的标记生成模块生成用于标记所述用户信息的数字签名信息作为用户标记;When the tag generating module is a digital certificate module, calling a preset tag generating module to generate digital signature information for marking the user information as a user tag;
    当所述标记生成模块为动态令牌生成模块时,调用预置的标记生成模块生成用于标记所述用户信息的当前时间对应的令牌信息作为用户标记。When the tag generation module is a dynamic token generation module, the preset tag generation module is called to generate token information corresponding to the current time for marking the user information as a user tag.
  15. 如权利要求13所述的系统,其特征在于,所述服务器,用于通过预设的处理算法对所述用户信息进行处理得到用户标记,发送所述用户标记给所述第一终端。The system according to claim 13, wherein the server is configured to process the user information by a preset processing algorithm to obtain a user tag, and send the user tag to the first terminal.
  16. 如权利要求12所述的系统,其特征在于,The system of claim 12 wherein:
    所述服务器,还用于获取所述第一终端在获取到所述第一身份信息时的第一时间戳以及当前的第二时间戳,根据所述第一时间戳和所述第二时间戳确定出所述第一身份信息有效时,执行所述对所述业务处理请求中的第一身份信息进行鉴权的操作。 The server is further configured to acquire a first timestamp when the first terminal acquires the first identity information, and a current second timestamp, according to the first timestamp and the second timestamp. When it is determined that the first identity information is valid, performing the operation of authenticating the first identity information in the service processing request.
PCT/CN2014/095771 2013-12-31 2014-12-31 Service processing method, device and system WO2015101310A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310752236.6 2013-12-31
CN201310752236.6A CN104751334B (en) 2013-12-31 2013-12-31 Service processing method, device and system

Publications (1)

Publication Number Publication Date
WO2015101310A1 true WO2015101310A1 (en) 2015-07-09

Family

ID=53493256

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/095771 WO2015101310A1 (en) 2013-12-31 2014-12-31 Service processing method, device and system

Country Status (2)

Country Link
CN (1) CN104751334B (en)
WO (1) WO2015101310A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190089989A (en) * 2016-12-05 2019-07-31 알리바바 그룹 홀딩 리미티드 Method and apparatus for information exchange
CN112488697A (en) * 2019-06-03 2021-03-12 创新先进技术有限公司 Processing and generating method and device of off-line graphic code
CN112511484A (en) * 2020-08-20 2021-03-16 成都悍力鼎科技有限公司 U shield safety control management system
CN114091632A (en) * 2021-10-29 2022-02-25 新大陆(福建)公共服务有限公司 Combined service processing method and system
US11501294B2 (en) 2016-07-18 2022-11-15 Advanced New Technologies Co., Ltd. Method and device for providing and obtaining graphic code information, and terminal

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106447323A (en) * 2015-08-05 2017-02-22 阿里巴巴集团控股有限公司 Service verification method and service verification device
CN106469261B (en) * 2015-08-21 2020-04-07 阿里巴巴集团控股有限公司 Identity verification method and device
CN106779673B (en) * 2015-11-23 2021-07-09 南京星云数字技术有限公司 Electronic payment method and system
CN105654297A (en) * 2015-12-29 2016-06-08 飞天诚信科技股份有限公司 Terminal-to-terminal interaction method and transaction terminal
CN111861455B (en) * 2015-12-29 2024-01-30 创新先进技术有限公司 Personal information query method and device based on mobile terminal bar code
CN107181714B (en) * 2016-03-09 2021-01-26 创新先进技术有限公司 Verification method and device based on service code and generation method and device of service code
CN105868981A (en) * 2016-04-11 2016-08-17 万集融合信息技术(北京)有限公司 Mobile payment method and system
CN106375444B (en) * 2016-08-31 2019-10-25 北京华大智宝电子系统有限公司 A kind of data processing method and cloud platform server
CN106533695B (en) * 2016-11-15 2019-10-25 北京华大智宝电子系统有限公司 A kind of safety certifying method and equipment
CN106846506B (en) 2017-01-25 2021-08-10 腾讯科技(深圳)有限公司 Method and system for information verification based on information identification code
CN108564363B (en) * 2018-02-28 2020-10-13 阿里巴巴集团控股有限公司 Transaction processing method, server, client and system
CN112381541A (en) * 2020-11-16 2021-02-19 深圳市天行云供应链有限公司 Cross-bank multi-U-shield system and payment method applying same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101576982A (en) * 2009-03-19 2009-11-11 宇龙计算机通信科技(深圳)有限公司 Method, terminal and system for network payment
US20100017334A1 (en) * 2008-07-16 2010-01-21 Masayuki Itoi Authentication system and authentication method
CN101710407A (en) * 2009-12-29 2010-05-19 江西科技师范学院 Payment method capable of consumption payment by mobile phone on basis of two-dimension code and payment system thereof
CN101872454A (en) * 2010-06-18 2010-10-27 杨彬 Sales terminal transaction processing method, equipment and mobile terminal transaction processing method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101593325A (en) * 2008-05-29 2009-12-02 北京方维银通科技有限公司 Secure processing method for financial transaction data, payment platform, portable terminal and system
CN102842081A (en) * 2011-06-23 2012-12-26 上海易悠通信息科技有限公司 Method for generating two-dimensional code and implementing mobile payment by mobile phone

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017334A1 (en) * 2008-07-16 2010-01-21 Masayuki Itoi Authentication system and authentication method
CN101576982A (en) * 2009-03-19 2009-11-11 宇龙计算机通信科技(深圳)有限公司 Method, terminal and system for network payment
CN101710407A (en) * 2009-12-29 2010-05-19 江西科技师范学院 Payment method capable of consumption payment by mobile phone on basis of two-dimension code and payment system thereof
CN101872454A (en) * 2010-06-18 2010-10-27 杨彬 Sales terminal transaction processing method, equipment and mobile terminal transaction processing method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11501294B2 (en) 2016-07-18 2022-11-15 Advanced New Technologies Co., Ltd. Method and device for providing and obtaining graphic code information, and terminal
KR20190089989A (en) * 2016-12-05 2019-07-31 알리바바 그룹 홀딩 리미티드 Method and apparatus for information exchange
US20190266592A1 (en) * 2016-12-05 2019-08-29 Alibaba Group Holding Limited Method and apparatus for information exchange
EP3550491A4 (en) * 2016-12-05 2019-11-06 Alibaba Group Holding Limited Information interaction method and apparatus
US11379819B2 (en) 2016-12-05 2022-07-05 Advanced New Technologies Co., Ltd. Method and apparatus for information exchange
KR102419527B1 (en) * 2016-12-05 2022-07-08 어드밴스드 뉴 테크놀로지스 씨오., 엘티디. Methods and devices for exchanging information
CN112488697A (en) * 2019-06-03 2021-03-12 创新先进技术有限公司 Processing and generating method and device of off-line graphic code
CN112511484A (en) * 2020-08-20 2021-03-16 成都悍力鼎科技有限公司 U shield safety control management system
CN112511484B (en) * 2020-08-20 2023-06-30 成都悍力鼎科技有限公司 U shield safety control management system
CN114091632A (en) * 2021-10-29 2022-02-25 新大陆(福建)公共服务有限公司 Combined service processing method and system
CN114091632B (en) * 2021-10-29 2023-06-13 新大陆(福建)公共服务有限公司 Combined service processing method and system

Also Published As

Publication number Publication date
CN104751334B (en) 2022-04-26
CN104751334A (en) 2015-07-01

Similar Documents

Publication Publication Date Title
WO2015101310A1 (en) Service processing method, device and system
US11663578B2 (en) Login using QR code
EP3457344B1 (en) Payment authentication method, apparatus and system for onboard terminal
KR102424055B1 (en) Apparatus and Method for Providing API Authentication using Two API Tokens
KR102358546B1 (en) System and method for authenticating a client to a device
US20160307194A1 (en) System and method for point of sale payment data credentials management using out-of-band authentication
JP6264674B2 (en) Authentication system and method using QR code
CN105608577B (en) Method for realizing non-repudiation, payment management server and user terminal thereof
US9642005B2 (en) Secure authentication of a user using a mobile device
US9762567B2 (en) Wireless communication of a user identifier and encrypted time-sensitive data
US20130311382A1 (en) Obtaining information for a payment transaction
KR20140114229A (en) Method and apparatus for mutual authenticating between applications
US11329824B2 (en) System and method for authenticating a transaction
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
WO2017206747A1 (en) Mobile payment method, device and system
US20180343247A1 (en) Method, user terminal and authentication service server for authentication
KR20150088703A (en) An electronic payment system and method
KR101404989B1 (en) Financial transaction information certification Method for responding MITB attack by Two-Channel authentication, and Financial server thereof
KR101625065B1 (en) User authentification method in mobile terminal
KR101429737B1 (en) System for user athentication service using security token, method of user athentication service, and apparatus for the same
KR102123405B1 (en) System and method for providing security membership and login hosting service
KR20190020380A (en) System for providing electronic payment by authenticating patient and using card information, method thereof and non-transitory computer readable medium having computer program recorded thereon
WO2016082678A1 (en) Method and device for monitoring display hijack
KR20170029942A (en) Payment service providing apparatus and method using authentication based on web, system and computer readable medium having computer program recorded thereon
WO2015032248A1 (en) Token, dynamic password generation method, and dynamic password authentication method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14877313

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 21.11.16.

122 Ep: pct application non-entry in european phase

Ref document number: 14877313

Country of ref document: EP

Kind code of ref document: A1