一种O2O安全支付方法、系统和一种POS终端O2O secure payment method, system and POS terminal
技术领域Technical field
本发明涉及电子支付领域,特别是涉及一种The present invention relates to the field of electronic payment, and in particular to a
O2OO2O
安全支付方法、系统和一种Secure payment method, system and kind
POSPOS
终端。terminal.
背景技术Background technique
随着国内智能终端的普及和移动互联网的高速发展,网络支付的使用率增速涨幅较大,并成为亮点,特别是在交通通信、教育文化、食品、居住等方面渗透会有大幅的提升。作为移动支付的一个热门词汇,With the popularization of domestic intelligent terminals and the rapid development of mobile Internet, the growth rate of the use rate of online payment has increased greatly, and has become a bright spot, especially in the areas of transportation and communication, education and culture, food, and residence. As a popular term for mobile payments,
O2OO2O
逐渐为人们所熟悉,Gradually familiar with people,
O2OO2O
即which is
Online
To OfflineOnline
To Offline
,是指将线下的商务机会与互联网结合,让互联网成为线下交易的前台。自It refers to the combination of offline business opportunities and the Internet, making the Internet a front-end for offline transactions. from
20102010
年底进入中国来引起了业界的广泛讨论,其广阔的前景为各方所看好,Entering China at the end of the year has aroused widespread discussion in the industry, and its broad prospects are optimistic for all parties.
O2OO2O
行业也被普遍认为是下一个亿万元规模的市场。微信支付及支付宝的当面付可以看作是The industry is also widely regarded as the next market of billions of dollars. WeChat payment and Alipay’s face-to-face payment can be regarded as
O2OO2O
的一个典型应用,这两种支付方式均使用用户手机作为载体,通过手机绑定银行卡号,扫描二维码获得商品信息,在手机上输入支付密码,实现电子交易的快捷完成,这种方式确实方便人们的日常生活。但这种支付方式存在着严重的隐患:A typical application, both of which use the user's mobile phone as a carrier, bind the bank card number through the mobile phone, scan the QR code to obtain the product information, and input the payment password on the mobile phone to realize the fast completion of the electronic transaction. Convenient for people's daily lives. However, there are serious hidden dangers in this payment method:
、手机是一个时常连接于公开网络的应用载体,手机病毒、手机木马等恶意软件屡见不鲜,而在手机上输入的密码已经成为了这类恶意软件的窃取对象。The mobile phone is an application carrier that is often connected to the public network. Mobile viruses, mobile phone Trojans and other malware are not uncommon, and the password entered on the mobile phone has become the object of such malware theft.
、对于声波支付,攻击者可以在交易现场复制交易时的声波,在用户不在现场的情况下,伪造个人凭证码完成未经用户授权的交易。For sonic payment, the attacker can copy the sound waves at the transaction site at the transaction site, and forge the personal voucher code to complete the transaction without authorization by the user if the user is not present at the scene.
、在现有的In the existing
O2OO2O
支付方式中,交易完成后,付款人没有得到相应的纸质凭证,若后续发生交易纠纷不利于付款人维护自己的权益。In the payment method, after the transaction is completed, the payer does not get the corresponding paper certificate, and if the subsequent transaction dispute is not conducive to the payer to protect his rights and interests.
、若手机无法与支付后台通讯,则无法完成正常交易。If the mobile phone cannot communicate with the payment background, the normal transaction cannot be completed.
发明内容Summary of the invention
为解决上述技术问题,本发明提供一种支付更加安全的In order to solve the above technical problem, the present invention provides a payment that is more secure.
O2OO2O
安全支付方法。Secure payment method.
一种One kind
O2OO2O
安全支付方法,包括步骤:移动终端获取支付后台发送的动态交易码;移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;支付终端接收输入的交易金额;支付终端将动态个人凭证码和交易金额发送给支付后台;支付后台验证动态个人凭证码后,将验证信息发送给支付终端;支付终端接收输入的账户密码后,将包含账户密码密文的交易报文包发送给支付后台,进行支付。The secure payment method comprises the steps of: the mobile terminal acquires a dynamic transaction code sent by the payment background; the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the payment terminal receives the input transaction amount; and the payment terminal sends the dynamic personal voucher The code and the transaction amount are sent to the payment background; after the payment background verifies the dynamic personal voucher code, the verification information is sent to the payment terminal; after receiving the input account password, the payment terminal sends the transaction message packet including the account password ciphertext to the payment background. , to make a payment.
其中,所述“移动终端获取支付后台发送的动态交易码”具体包括:移动终端登陆支付客户端与支付后台通讯,获取支付后台根据支付账户生成的临时支付账户信息;移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端;所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”具体包括:移动终端将所述临时支付账户信息和临时交易单号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:支付后台验证所述临时支付账户信息与临时交易单号是否与所述支付后台生成的临时支付账户信息、临时交易单号一致,验证通过后将验证信息发送给支付终端。The “mobile terminal acquiring the dynamic transaction code sent by the payment background” specifically includes: the mobile terminal login payment client communicates with the payment background, and obtains the temporary payment account information generated by the payment background according to the payment account; the mobile terminal uses the payment client to The payment method is sent to the payment background, and the payment background generates a corresponding temporary transaction number and sends it to the mobile terminal. The mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal. Specifically, the mobile terminal will: The temporary payment account information and the temporary transaction order number group are packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; after the “payment background verification dynamic personal voucher code, the verification information is sent to the payment terminal” Specifically, the method includes: the payment background verification, the temporary payment account information, and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification information is sent to the payment terminal after the verification is passed.
其中,所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:移动终端发送交易配置信息给支付终端,其中,交易配置信息标识了移动终端发送的数据是否是密文,若标志了是密文,则支付终端无法解密获取这些关键数据的原始数据,支付终端只能原样把该动态个人凭证码密文以及交易配置信息上传到支付后台处理。The sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal, further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing.
其中,所述“移动终端获取支付后台发送的动态交易码”还包括:移动终端登陆支付客户端与支付后台通讯,并与支付后台同步交易序列号;所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:当移动终端无法与支付后台连接获取临时交易单号时,移动终端对所述交易序列号进行累加,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:支付后台验证所述临时支付账户信息与所述支付后台生成的临时支付账户是否一致,当验证通过后,验证接收到的交易序列号是否大于支付后台内存储的交易序列号,当所述交易序列号验证通过后,将验证信息发送给支付终端。The “mobile terminal acquires the dynamic transaction code sent by the payment background” further includes: the mobile terminal logs in to the payment client and the payment background communication, and synchronizes the transaction serial number with the payment background; the “mobile terminal will include the dynamic transaction code” The sending of the dynamic personal voucher code to the payment terminal further includes: when the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal adds the temporary payment account information and accumulates The subsequent transaction serial number group is packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes: payment background verification Whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and after the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction serial number is verified After that, the verification information is sent to the payment terminal.
其中,所述“移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端”还包括:移动终端通过支付客户端将用户输入的支付组合方式发送给支付后台;支付后台接收到支付组合后生成相应的临时交易单号,并将临时交易单号发送给移动终端,其中,支付组合方式包括主账户支付、快捷支付、优惠券支付、积分支付、预付费卡支付中的一种或多种;所述步骤“将验证信息发送给支付终端”具体包括:支付后台根据交易金额确定实际的交易支付组合以及每种支付方式需要支付的金额;支付后台将确定的交易支付组合以及每种支付方式需要支付的金额发送给支付终端;所述步骤“支付终端接收到输入的账户密码后,将账户密码发送给支付后台,进行支付”具体包括:支付终端显示接收到的支付组合以及每种支付方式需要支付的金额;用户选择每种支付方式的实际交易金额,并输入账户密码;支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background, and is sent to the mobile terminal. The method further includes: the mobile terminal inputs the payment combination input by the user through the payment client. The method is sent to the payment background; after receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination method includes a primary account payment, a quick payment, a coupon payment, and a point. One or more of payment, prepaid card payment; the step of “sending verification information to the payment terminal” specifically includes: the payment background determines an actual transaction payment combination according to the transaction amount and an amount to be paid for each payment method; The payment background sends the determined transaction payment combination and the amount that each payment method needs to pay to the payment terminal; the step “after the payment terminal receives the input account password, the account password is sent to the payment background for payment” includes: The payment terminal displays the received payment combination to The amount of payment required for each payment method; the user selects the actual transaction amount for each payment method, and enters the account password; the payment terminal sends the actual transaction amount and account password of each payment method to the payment background; the payment background receives The transaction amount and account password are verified, and the payment is made when the verification is passed.
其中,还包括步骤:支付后台将交易结果提示信息发送给支付终端,交易结果提示信息包含买方部分账户真实信息;支付终端打印纸质交易凭证。The method further includes the steps of: the payment background sends the transaction result prompt information to the payment terminal, the transaction result prompt information includes the buyer partial account real information; and the payment terminal prints the paper transaction certificate.
其中,还包括:所述支付终端设置有支付Wherein, the method further includes: the payment terminal is provided with a payment
PINPIN
;在步骤“支付终端将动态个人凭证码和交易金额发送给支付后台”前还包括:支付终端获取用户在支付终端上输入的Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the payment terminal further includes: the payment terminal acquires the input of the user on the payment terminal.
PINPIN
,并将所述And will
PINPIN
发送给支付后台;支付后台对接收到的Sent to the payment backend; the payment backend received
PINPIN
进行验证,当验证通过后才执行后续步骤。Verify that the next steps are performed when the verification passes.
其中,所述移动终端通过声波通讯、Wherein the mobile terminal communicates via sound waves,
NFCNFC
或蓝牙将动态个人凭证码发送给支付终端。Or Bluetooth sends a dynamic personal voucher code to the payment terminal.
为解决上述技术问题,本发明还提供一种In order to solve the above technical problem, the present invention also provides a
O2OO2O
安全支付系统,包括移动终端、支付终端和支付后台,所述移动终端包括动态交易码获取模块、第一收发模块;所述支付终端包括第一输入模块、第二输入模块、第二收发模块;所述支付后台包括验证模块、第三收发模块、支付模块;所述动态交易码获取模块用于从支付后台获取动态交易码;所述第一收发模块用于将包含有动态交易码的动态个人凭证码发送给支付终端,其中,第一收发模块为声波通讯模块、The secure payment system includes a mobile terminal, a payment terminal, and a payment backend. The mobile terminal includes a dynamic transaction code acquisition module and a first transceiver module. The payment terminal includes a first input module, a second input module, and a second transceiver module. The payment backend includes a verification module, a third transceiver module, and a payment module; the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background; and the first transceiver module is configured to: use a dynamic individual that includes a dynamic transaction code The voucher code is sent to the payment terminal, wherein the first transceiver module is an acoustic wave communication module,
NFCNFC
模块,蓝牙模块;所述第一输入模块用于接收输入的交易金额;所述第二收发模块用于接收移动终端发送的动态个人凭证码,用于将动态个人凭证码和交易金额发送给支付后台,以及用于将账户密码发送给支付后台;所述验证模块用于验证所述动态个人凭证码和账户密码;所述第三收发模块用于将验证信息发送给支付终端;所述第二输入模块用于接收用户输入的账户密码;所述支付模块用于当所述验证模块验证通过后进行支付。a module, a Bluetooth module; the first input module is configured to receive an input transaction amount; the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, and send the dynamic personal voucher code and the transaction amount to the payment a background, and configured to send an account password to the payment background; the verification module is configured to verify the dynamic personal voucher code and an account password; the third transceiver module is configured to send the verification information to the payment terminal; The input module is configured to receive an account password input by the user; the payment module is configured to perform payment after the verification module passes the verification.
本发明还提供一种The invention also provides a
POSPOS
终端,包括打印模块和上述的第一输入模块、第二输入模块、第二收发模块;所述打印模块用于打印纸质交易凭证。The terminal includes a printing module and the first input module, the second input module, and the second transceiver module, and the printing module is configured to print a paper transaction voucher.
其中,所述第二收发模块为声波通讯模块、Wherein, the second transceiver module is an acoustic wave communication module,
NFCNFC
模块,蓝牙模块或其它非物理接触式的通讯模块。Module, Bluetooth module or other non-physical contact communication module.
其中,还包括:显示模块,用于显示支付后台发送的验证信息。The method further includes: a display module, configured to display verification information sent by the payment background.
本发明的有益效果为:区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在移动终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,以及账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。The invention has the beneficial effects that the account password must be input by the mobile terminal in the payment process in the existing online payment. The mobile terminal automatically transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user is The mobile terminal completes the input of the account password; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding the mobile terminal obtaining the account information and the account password at the same time, and the account information and The account password is attacked and stolen in the mobile terminal, which greatly improves the security of online payment.
附图说明DRAWINGS
图Figure
11
为本发明实施方式一种Is an embodiment of the present invention
O2OO2O
安全支付方法的流程图;Flow chart of a secure payment method;
图Figure
22
为本发明实施方式一种Is an embodiment of the present invention
O2OO2O
安全支付系统的结构示意图;Schematic diagram of the structure of a secure payment system;
图Figure
33
为本发明实施方式一种Is an embodiment of the present invention
POSPOS
终端的结构示意图。Schematic diagram of the structure of the terminal.
主要标号说明:The main label description:
移动终端;Mobile terminal
2- 2-
支付终端;Payment terminal
3- 3-
支付后台;Payment backstage;
21- twenty one-
第一输入模块;First input module;
22- twenty two-
第二输入模块;a second input module;
23- twenty three-
第二收发模块;a second transceiver module;
24- twenty four-
打印模块。Print module.
具体实施方式detailed description
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。The detailed description of the technical contents, structural features, and the objects and effects of the present invention will be described in detail below with reference to the accompanying drawings.
本发明通过在支付终端上输入在线支付的账户密码进行支付,避免了移动终端丢失或被木马攻击等因素导致的账户密码泄露,从而大大提高了The invention pays by inputting the account password of the online payment on the payment terminal, thereby avoiding the account password leakage caused by the loss of the mobile terminal or the attack by the Trojan horse, thereby greatly improving the account password.
O2OO2O
支付的安全性。The security of the payment.
实施例一Embodiment 1
请参阅图Please refer to the picture
11
,为本实施方式一种, a method of the present embodiment
O2OO2O
安全支付方法的流程图,本方法包括步骤:A flowchart of a secure payment method, the method comprising the steps of:
、移动终端获取支付后台发送的动态交易码;And the mobile terminal acquires a dynamic transaction code sent by the payment background;
、移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;The mobile terminal sends the dynamic personal voucher code including the dynamic transaction code to the payment terminal;
、支付终端接收输入的交易金额;And the payment terminal receives the input transaction amount;
、支付终端将动态个人凭证码和交易金额发送给支付后台;The payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
、支付后台验证动态个人凭证码后,将验证信息发送给支付终端;After the background verification dynamic personal voucher code is sent, the verification information is sent to the payment terminal;
、支付终端接收输入的账户密码后,将包含账户密码密文的交易报文包发送给支付后台,进行支付。After receiving the input account password, the payment terminal sends the transaction packet containing the account password ciphertext to the payment background to perform payment.
其中,支付终端对包含账户密码密文的交易报文包是按照Wherein, the payment terminal is in accordance with the transaction packet containing the account password ciphertext.
85838583
包格式,也可以是其他打包格式。The package format can also be other packaging formats.
本实施例涉及移动终端、支付终端和支付后台(所述支付后台为具体银行的系统服务器,也可以是第三方支付系统的服务器),其中,移动终端上安装有支付客户端和公钥证书The embodiment relates to a mobile terminal, a payment terminal, and a payment background (the payment background is a system server of a specific bank, or a server of a third-party payment system), wherein the mobile terminal is installed with a payment client and a public key certificate.
CERT1CERT1
(公钥证书(public key certificate
CERT1CERT1
对应的私钥Corresponding private key
PR1PR1
保存在支付后台),用户在移动终端通过登陆支付客户端,与支付后台通讯,使得支付账户和用户的移动终端绑定。移动终端登陆支付客户端后,支付后台根据移动终端所绑定的支付账户生成对应的动态交易码,动态交易码包含临时支付账户信息(移动终端每次登陆支付终端,支付后台都相应的生成不同的动态交易码,即每次移动终端所获取到的临时支付账户信息都是不同的)。当需要进行支付时,移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号。Saved in the payment background), the user communicates with the payment background by logging in to the payment terminal on the mobile terminal, so that the payment account is bound to the user's mobile terminal. After the mobile terminal logs in to the payment client, the payment background generates a corresponding dynamic transaction code according to the payment account bound by the mobile terminal, and the dynamic transaction code includes temporary payment account information (each time the mobile terminal logs in to the payment terminal, the corresponding generation of the payment background is different. The dynamic transaction code, that is, the temporary payment account information obtained by each mobile terminal is different). When the payment needs to be made, the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background.
移动终端将获取到的临时支付账户信息和临时交易单号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端。所述支付终端设置于商户,支付终端获取输入的交易金额(即支付终端获取商户操作员输入的此次购买的商品的总金额),支付终端将所述动态个人凭证码和交易金额发送给支付后台。The mobile terminal groups the obtained temporary payment account information and the temporary transaction order number into a dynamic personal voucher code, and sends the dynamic personal voucher code to the payment terminal. The payment terminal is disposed at the merchant, and the payment terminal acquires the input transaction amount (ie, the payment terminal acquires the total amount of the purchased product input by the merchant operator), and the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment. Backstage.
支付后台在通过支付终端接收到动态个人凭证码后,支付后台验证所述临时支付账户信息与临时交易单号是否与所述支付后台生成的临时支付账户信息、临时交易单号一致,当验证通过后,支付后台根据临时支付账户信息检索到后台中对应的真实账户信息,验证其中的账户信息是否正确(如验证是否存在该账户、该账户的状态是否为可用、账户余额是否足够等),当所述验证通过后,支付后台验证从支付终端上传上来的账户密码与所述动态个人凭证码的临时支付账户信息所对应的真实账户是否对应,当所述账户密码验证通过后才进行支付。After receiving the dynamic personal voucher code through the payment terminal, the payment background verifies whether the temporary payment account information and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification is passed. After that, the payment background retrieves the corresponding real account information in the background according to the temporary payment account information, and verifies whether the account information is correct (such as verifying whether the account exists, whether the status of the account is available, whether the account balance is sufficient, etc.) After the verification is passed, the payment background verifies whether the account password uploaded from the payment terminal corresponds to the real account corresponding to the temporary payment account information of the dynamic personal certificate code, and the payment is performed after the account password verification is passed.
区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在移动终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,有效防止账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。进一步地,在本发明中支付后台根据移动终端绑定的账户生成临时支付账户信息,在支付过程中移动终端和支付终端都是使用临时支付账户进行传输,因此即使传输过程中的数据被截取,也仍然无法真实的支付账户信息(真实的支付账户信息只有支付后台和移动终端中的支付客户端知道,没有出现在传输过程中),从而进一步提高了支付安全。Different from the existing online payment, the account password must be input by the mobile terminal. In the present invention, the mobile terminal securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user completes the account password on the mobile terminal. After receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, thereby effectively preventing the account information and the account password from being The possibility of attack stealing greatly improves the security of online payment. Further, in the present invention, the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
其中,所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:移动终端发送交易配置信息给支付终端,其中,交易配置信息标识了移动终端发送的数据是否是密文,若标志了是密文,则支付终端无法解密获取这些关键数据的原始数据,支付终端只能原样把该动态个人凭证码密文以及交易配置信息上传到支付后台处理。加密可以更好地保证支付数据的传输安全。对于简单的数据,也可以不必加密。如果要加密,则移动终端发送的通讯数据需经过公钥证书The sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal, further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing. Encryption can better guarantee the security of payment data transmission. For simple data, you don't have to encrypt it. If you want to encrypt, the communication data sent by the mobile terminal needs to pass the public key certificate.
CERT1CERT1
进行加密后进行传输。其中,涉及加密算法为非对称算法,可使用After encryption, transfer. Among them, the encryption algorithm is an asymmetric algorithm and can be used.
RSARSA
、,
ECCECC
、国密算法等。这种加密后的数据(例如动态个人凭证码),支付终端是无法解密的,因为其没有对应的私钥, national secret algorithm, etc. This encrypted data (such as a dynamic personal voucher code), the payment terminal cannot be decrypted because it does not have a corresponding private key.
PR1PR1
,所以支付终端只能原样把该动态个人凭证码密文上传到支付后台处理,从而提高了动态个人凭证码在传输过程中的安全。Therefore, the payment terminal can only upload the dynamic personal voucher code ciphertext to the payment background processing as it is, thereby improving the security of the dynamic personal voucher code in the transmission process.
其中,为了方便移动终端与支付终端之间的数据传输,所述移动终端可以通过声波通讯、In order to facilitate data transmission between the mobile terminal and the payment terminal, the mobile terminal can communicate through sound waves.
NFCNFC
、蓝牙或非物理接触式的通讯方式将动态个人凭证码发送给支付终端。所述支付终端可以是商户的Bluetooth or non-physical contact communication method sends a dynamic personal voucher code to the payment terminal. The payment terminal may be a merchant
POSPOS
终端,也可以是具有密码输入功能的其他电子支付装置。The terminal may also be another electronic payment device having a password input function.
实施例二Embodiment 2
在上述实施例中是以账户中的现金账户中的金额进行支付,但实际使用过程在还存在优惠券支付、积分支付等其他的支付方式,为了提高了上述实施例中支付方式的便捷性,在本实施方式中还可以通过支付组合方式进行支付。In the above embodiment, the payment is made by the amount in the cash account in the account, but in the actual use process, there are other payment methods such as coupon payment, point payment, etc., in order to improve the convenience of the payment method in the above embodiment, In the present embodiment, payment can also be made by a payment combination.
移动终端通过支付客户端将用户输入的支付组合方式发送给支付后台;The mobile terminal sends the payment combination mode input by the user to the payment background through the payment client;
支付后台接收到支付组合后生成相应的临时交易单号,并将临时交易单号发送给移动终端,其中,支付组合方式包括主账户支付、快捷支付、优惠券支付、积分支付、预付费卡支付中的一种或多种,所述支付方式也可以是其它可能的支付方式;After receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment. One or more of the payment methods, and the payment method may also be other possible payment methods;
所述步骤“将验证信息发送给支付终端”具体包括:The step of “sending the verification information to the payment terminal” specifically includes:
支付后台根据交易金额确定实际的交易支付组合以及每种支付方式需要支付的金额;The payment background determines the actual transaction payment combination according to the transaction amount and the amount that each payment method needs to pay;
支付后台将确定的交易支付组合以及每种支付方式需要支付的金额发送给支付终端;The payment back-end determines the transaction payment combination and the amount that each payment method needs to pay to the payment terminal;
所述步骤“支付终端接收到输入的账户密码后,将账户密码发送给支付后台,进行支付”具体包括:The step “after the payment terminal receives the input account password, the account password is sent to the payment background to perform payment” includes:
支付终端显示接收到的支付组合以及每种支付方式需要支付的金额;The payment terminal displays the received payment combination and the amount that each payment method needs to pay;
用户选择每种支付方式的实际交易金额,并输入账户密码;The user selects the actual transaction amount for each payment method and enters the account password;
支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;The payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The payment background verifies the received transaction amount and account password, and pays when the verification is passed.
用户选择每种支付方式的实际交易金额,对于需要输入账户密码的支付方式(如用支付账户里的现金账户进行支付时),用户在支付终端上输入账户密码(对于无需账户密码的则不需要输入账户密码);The user selects the actual transaction amount for each payment method. For the payment method that requires input of the account password (such as when paying with the cash account in the payment account), the user enters the account password on the payment terminal (for the case where the account password is not required, the user does not need to Enter the account password);
支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;The payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The payment background verifies the received transaction amount and account password, and pays when the verification is passed.
在本实施方式中,如果用户所选择的支付组合方式中不需要确认账户密码的,则无需输入账户密码即可进行支付(如所选择的支付组合中不包括现金账户或现金账户的金额为零)。用户可以根据移动终端上绑定的支付方式选择适当支付组合方式,并根据支付终端上的交易金额确定实际支付组合方式,如优惠券支付、积分支付、优惠券与现金支付组合或优惠券、积分、现金支付组合。本实施例可以现实多个支付方式在线支付组合,大大提高了支付的便捷性。In this embodiment, if the account password is not required to be confirmed in the payment combination mode selected by the user, the payment may be performed without inputting the account password (if the selected payment combination does not include the cash account or the cash account is zero. ). The user can select an appropriate payment combination method according to the payment method bound on the mobile terminal, and determine an actual payment combination manner according to the transaction amount on the payment terminal, such as coupon payment, point payment, coupon and cash payment combination or coupon, and points. , cash payment combination. In this embodiment, the online payment combination of multiple payment methods can be realized, which greatly improves the convenience of payment.
进一步地,为了方便用户和商户能够及时的了解到所述交易的结果,在本实施方式还可以包括:支付后台将交易结果提示信息发送给支付终端或移动终端。Further, in order to facilitate the user and the merchant to know the result of the transaction in time, the embodiment may further include: the payment background sends the transaction result prompt information to the payment terminal or the mobile terminal.
进一步地,本实施方式还可以通过支付终端打印每次交易的凭证,所述交易结果提示信息包含买方部分账户真实信息,从而避免由于在线支付无实物交易凭证所带来的纠纷。Further, in this embodiment, the voucher for each transaction may be printed by the payment terminal, and the transaction result prompt information includes the real information of the buyer part account, thereby avoiding the dispute caused by the online payment without the physical transaction voucher.
实施例三Embodiment 3
在上述实施例一中,还包括:In the first embodiment, the method further includes:
移动终端登陆支付客户端与支付后台通讯,并与支付后台同步交易序列号;The mobile terminal logs in to the payment client to communicate with the payment background, and synchronizes the transaction serial number with the payment background;
所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:The “mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal” further includes:
当移动终端无法与支付后台连接获取临时交易单号时,移动终端对所述交易序列号进行累加,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;When the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code. And sending the dynamic personal voucher code to the payment terminal;
所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:After the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes:
支付后台验证所述临时支付账户信息与所述支付后台生成的临时支付账户是否一致,当验证通过后,验证接收到的交易序列号是否大于支付后台内存储的交易序列号,当所述交易序列号验证通过后,将验证信息发送给支付终端。The payment background verifies whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and when the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction sequence After the verification is passed, the verification information is sent to the payment terminal.
在实际应用中,通过移动终端进行在线支付都必需借助移动终端的网络如In practical applications, online payment through a mobile terminal must rely on the network of the mobile terminal, such as
3G3G
网络、The internet,
WIFIWIFI
等,但在很多商户移动终端的网络信号并不好或没有信号覆盖,为了解决在无网络覆盖情况下的支付,本实施方式通过临时支付账号进行支付。当移动终端登入支付后台时,从支付后台获取临时支付账号,当需要进行支付时,移动终端判断是否能够连接支付后台,若是能够连接,则从支付后台获取临时交易单号,并将临时交易单号与临时交易账户信息组包成动态个人凭证码发送给支付终端,否则,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端,支付后台通过验证所述临时支付账户信息和交易序列号的正确性判断是否进行支付。从而有效防止在移动终端无网络信号的情况下仍然可以实现支付,并能有效防止重置攻击(只有当支付后台接收到的交易序列号大于支付后台存储的序列号时才进行支付,因此能够防止重置攻击)。Etc. However, in many merchant mobile terminals, the network signal is not good or there is no signal coverage. In order to solve the payment without network coverage, the present embodiment performs payment by temporarily paying an account. When the mobile terminal logs into the payment background, the temporary payment account is obtained from the payment background. When the payment needs to be made, the mobile terminal determines whether it can connect to the payment background. If the connection is available, the temporary transaction number is obtained from the payment background, and the temporary transaction order is obtained. And the temporary transaction account information group is packaged into a dynamic personal voucher code and sent to the payment terminal. Otherwise, the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code, and the dynamic personal voucher code The payment is sent to the payment terminal, and the payment background determines whether the payment is made by verifying the correctness of the temporary payment account information and the transaction serial number. Therefore, the payment can be effectively prevented even when the mobile terminal has no network signal, and the reset attack can be effectively prevented (only when the transaction sequence number received by the payment background is larger than the serial number stored in the payment background, the payment can be prevented, thereby preventing Reset the attack).
实施例四Embodiment 4
在上述实施例一中,所述支付终端还设置有支付In the first embodiment, the payment terminal is further provided with a payment.
PINPIN
;;
其中,所述支付终端的支付Wherein the payment of the payment terminal
PINPIN
是用户在移动终端通过支付客户端与支付后台设定的;It is set by the user in the mobile terminal through the payment client and the payment background;
在所述步骤“支付终端将动态个人凭证码和交易金额发送给支付后台”前还包括:Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the method further includes:
支付终端获取用户在支付终端上输入的The payment terminal obtains the input of the user on the payment terminal
PINPIN
,并将所述And will
PINPIN
加密后发送给支付后台;Encrypted and sent to the payment background;
支付后台对接收到的Payment backend received
PINPIN
进行验证,当验证通过后才执行后续步骤。Verify that the next steps are performed when the verification passes.
本实施方式中,所述In this embodiment, the
PINPIN
可以是线上支付账户的交易Can be an online payment account transaction
PINPIN
密码,也可以与银行卡账户密码保持一致,支付后台只有在收到正确的The password can also be consistent with the bank card account password, and the payment background is only received correctly.
PINPIN
的前提下才会进行账户密码验证,从而实现了双重支付安全保证,大大提高了支付安全。The account password verification will be carried out under the premise, thus achieving double payment security guarantee and greatly improving payment security.
实施例五Embodiment 5
一种One kind
O2OO2O
安全支付系统,包括移动终端Secure payment system, including mobile terminals
11
、支付终端Payment terminal
22
和支付后台And payment background
33
,所述移动终端The mobile terminal
11
包括动态交易码获取模块、第一收发模块;The dynamic transaction code acquisition module and the first transceiver module are included;
所述支付终端Payment terminal
22
包括第一输入模块、第二输入模块、第二收发模块;The first input module, the second input module, and the second transceiver module are included;
所述支付后台The payment background
33
包括验证模块、第三收发模块、支付模块;The verification module, the third transceiver module and the payment module are included;
所述动态交易码获取模块用于从支付后台获取动态交易码;The dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background;
所述第一收发模块用于将包含有动态交易码的动态个人凭证码发送给支付终端,其中,第一收发模块为声波通讯模块、The first transceiver module is configured to send a dynamic personal voucher code including a dynamic transaction code to the payment terminal, where the first transceiver module is an acoustic communication module,
NFCNFC
模块,蓝牙模块或其它非物理接触式的通讯模块;Module, Bluetooth module or other non-physical contact communication module;
所述第一输入模块用于接收输入的交易金额;The first input module is configured to receive an input transaction amount;
所述第二收发模块用于接收移动终端发送的动态个人凭证码,用于将动态个人凭证码和交易金额发送给支付后台,以及用于将账户密码发送给支付后台;The second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, configured to send the dynamic personal voucher code and the transaction amount to the payment background, and send the account password to the payment background;
所述验证模块用于验证所述动态个人凭证码和账户密码;The verification module is configured to verify the dynamic personal voucher code and an account password;
所述第三收发模块用于将验证信息发送给支付终端;The third transceiver module is configured to send the verification information to the payment terminal;
所述第二输入模块用于接收用户输入的账户密码;The second input module is configured to receive an account password input by a user;
所述支付模块用于当所述验证模块验证通过后进行支付。The payment module is configured to perform payment after the verification module passes the verification.
本this
O2OO2O
安全支付系统的移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;用户在支付终端上进行账户密码输入,支付终端将接收到输入的账户密码发送给支付后台进行支付,因此避免了在移动终端输入账户密码和账户密码被攻击窃取的可能,大大提高了在线支付的安全性。The mobile terminal of the secure payment system sends a dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the user inputs the account password on the payment terminal, and the payment terminal sends the input account password to the payment background for payment, thereby avoiding In the mobile terminal, the account password and the account password are attacked and stolen, which greatly improves the security of online payment.
本发明还提供了一种The invention also provides a
POSPOS
终端,包括打印模块Terminal, including print module
24twenty four
和所述的第一输入模块And the first input module
21twenty one
、第二输入模块Second input module
22twenty two
、第二收发模块Second transceiver module
23twenty three
;;
所述打印模块The printing module
24twenty four
用于打印纸质交易凭证。Used to print paper transaction vouchers.
所述Said
POSPOS
终端通过第二收发模块接收移动终端发送的动态个人凭证码,以及通过第二收发模块将动态个人凭证码、输入的交易金额和账户密码发送给支付后台,支付后台根据接收到的交易金额动态个人凭证码中的动态交易码进行支付,因此使在线支付的账户密码可以在The terminal receives the dynamic personal voucher code sent by the mobile terminal through the second transceiver module, and sends the dynamic personal voucher code, the input transaction amount and the account password to the payment background through the second transceiver module, and the payment background dynamically according to the received transaction amount. The dynamic transaction code in the voucher code is paid, so the account password for online payment can be
POSPOS
终端输入,大大扩大了Terminal input has greatly expanded
POSPOS
终端的使用范围,同时,也提高了在线支付的安全性。The scope of use of the terminal, meanwhile, also increases the security of online payment.
进一步地,为了提高Further, in order to improve
POSPOS
终端与移动终端之间的数据传输安全和便捷性,所述第二收发模块为声波通讯模块、The data transmission security and convenience between the terminal and the mobile terminal, the second transceiver module is an acoustic wave communication module,
NFCNFC
模块或蓝牙模块等近场无线通讯。Near field wireless communication such as modules or Bluetooth modules.
进一步地,为了便于显示交易过程的信息,对用户的操作进行提示,以及显示交易结果,所述Further, in order to facilitate displaying information of the transaction process, prompting the user's operation, and displaying the transaction result,
POSPOS
终端还包括:显示模块,用于显示支付后台发送的验证信息。The terminal further includes: a display module, configured to display the verification information sent by the payment background.
示例Example
用户通过手机(移动终端)下载支付客户端并绑定相应的银行卡(银行卡中包含现金账户、优惠券账户、积分账户等,即支付方式);The user downloads the payment client through the mobile phone (mobile terminal) and binds the corresponding bank card (the bank card includes a cash account, a coupon account, a point account, etc., that is, a payment method);
用户通过登陆手机支付终端与支付后台通讯,支付后台根据所绑定的银行卡生成临时支付账户信息并下发给手机。The user logs in to the mobile payment terminal and the payment background communication, and the payment background generates the temporary payment account information according to the bundled bank card and sends the information to the mobile phone.
当用户到商户那需要购买商品时,通过手机选择支付组合方式并发送给支付后台,支付后台判断该支付组合是否成功,是则生成相应的临时交易单号发送给手机;When the user needs to purchase the product, the user selects the payment combination method and sends it to the payment background through the mobile phone, and the payment background determines whether the payment combination is successful, and generates a corresponding temporary transaction number to send to the mobile phone;
商户的操作员先将用户购买的商品信息(包括商品金额)输入到商户的The operator of the merchant first inputs the product information (including the amount of the commodity) purchased by the user to the merchant.
POSPOS
终端(即所述支付终端);其中,操作员先将用户购买的商品信息输入到商户的a terminal (ie, the payment terminal); wherein the operator first inputs the product information purchased by the user to the merchant
POSPOS
终端与手机获取临时交易单号这两步骤没有严格的先后关系;There is no strict relationship between the terminal and the mobile phone to obtain the temporary transaction number.
结账时,用户将包含有临时交易单号和临时支付账户信息的动态个人凭证码发送给At checkout, the user sends a dynamic personal voucher code containing the temporary transaction number and temporary payment account information to
POSPOS
终端(当移动终端无网络信号时选择使用交易序列号代替临时交易单号),Terminal (when the mobile terminal has no network signal, choose to use the transaction serial number instead of the temporary transaction number),
POSPOS
终端将所述动态个人凭证码和交易金额发送给支付后台;The terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
支付后台验证动态个人凭证码以及交易金额,并确定组合,当验证通过后将验证信息发送给The payment background verifies the dynamic personal voucher code and the transaction amount, and determines the combination. When the verification is passed, the verification information is sent to
POSPOS
终端;terminal;
终端显示支付组合,以及获取用户选择的支付组合方式、各种支付的金额(如选择的支付组合方式为:优惠券支付The terminal displays the payment combination, and obtains the payment combination method selected by the user, and the amount of various payment (for example, the selected payment combination method is: coupon payment)
100100
元yuan
++
积分兑换支付Point redemption payment
5050
元yuan
++
现金支付cash payment
1010
元),用户在Yuan), the user is
POSPOS
终端上输入账户密码,并将获取到的支付组合及各支付方式的金额以及账户密码发送给支付后台;Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background;
支付后台验证输入的账户密码,当验证通过后,根据最终收到的支付组合及各支付方式的金额进行支付,并将交易结果发送给手机和The account password entered in the background verification is verified. After the verification is passed, the payment is made according to the final payment combination and the amount of each payment method, and the transaction result is sent to the mobile phone and
POSPOS
终端;terminal;
终端打印收到的交易结果和交易凭证。The terminal prints the received transaction results and transaction credentials.
综上所述,区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在支付终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,以及账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。进一步地,在本发明中支付后台根据移动终端绑定的账户生成临时支付账户信息,在支付过程中移动终端和支付终端都是使用临时支付账户进行传输,因此即使传输过程中的数据被截取,也仍然无法真实的支付账户信息(真实的支付账户信息只有支付后台和移动终端中的支付客户端知道,没有出现在传输过程中),从而进一步提高了支付安全。另外,通过要求用户在支付终端上输入密码,保证只有用户参与才能完成一笔交易,防止出现用户未授权的交易。同时,在用户手机无法与支付后台通讯时,借助于支付终端,仍可正常完成交易,提高In summary, the account password must be input by the mobile terminal in the payment process in the existing online payment. The present invention securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal by the mobile terminal, and the user is at the payment terminal. The input of the account password is completed; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, as well as the account information and the account password. The possibility of being attacked and stolen at the mobile terminal greatly improves the security of online payment. Further, in the present invention, the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security. In addition, by requiring the user to enter a password on the payment terminal, it is guaranteed that only a user can participate in completing a transaction, preventing a user from unauthorized transactions. At the same time, when the user's mobile phone cannot communicate with the payment background, the payment terminal can still complete the transaction normally, and the transaction can be improved.
O2OO2O
支付方案的整体可行性。The overall feasibility of the payment plan.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.