WO2015135384A1 - O2o secure payment method and system, and pos terminal - Google Patents

O2o secure payment method and system, and pos terminal Download PDF

Info

Publication number
WO2015135384A1
WO2015135384A1 PCT/CN2015/070397 CN2015070397W WO2015135384A1 WO 2015135384 A1 WO2015135384 A1 WO 2015135384A1 CN 2015070397 W CN2015070397 W CN 2015070397W WO 2015135384 A1 WO2015135384 A1 WO 2015135384A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
transaction
terminal
background
mobile terminal
Prior art date
Application number
PCT/CN2015/070397
Other languages
French (fr)
Chinese (zh)
Inventor
孟陆强
洪逸轩
姚承勇
陈瑞兵
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to JP2016574321A priority Critical patent/JP6370407B2/en
Publication of WO2015135384A1 publication Critical patent/WO2015135384A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials

Definitions

  • the present invention relates to the field of electronic payment, and in particular to a O2O Secure payment method, system and kind POS terminal.
  • O2O Online To Offline It refers to the combination of offline business opportunities and the Internet, making the Internet a front-end for offline transactions. From 2010 Entering China at the end of the year has aroused widespread discussion in the industry, and its broad prospects are optimistic for all parties. O2O The industry is also widely regarded as the next market of billions of dollars.
  • the mobile phone is an application carrier that is often connected to the public network. Mobile viruses, mobile phone Trojans and other malware are not uncommon, and the password entered on the mobile phone has become the object of such malware theft.
  • the attacker can copy the sound waves at the transaction site at the transaction site, and forge the personal voucher code to complete the transaction without authorization by the user if the user is not present at the scene.
  • the present invention provides a payment that is more secure. O2O Secure payment method.
  • the secure payment method comprises the steps of: the mobile terminal acquires a dynamic transaction code sent by the payment background; the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the payment terminal receives the input transaction amount; and the payment terminal sends the dynamic personal voucher
  • the code and the transaction amount are sent to the payment background; after the payment background verifies the dynamic personal voucher code, the verification information is sent to the payment terminal; after receiving the input account password, the payment terminal sends the transaction message packet including the account password ciphertext to the payment background. , to make a payment.
  • the “mobile terminal acquiring the dynamic transaction code sent by the payment background” specifically includes: the mobile terminal login payment client communicates with the payment background, and obtains the temporary payment account information generated by the payment background according to the payment account; the mobile terminal uses the payment client to The payment method is sent to the payment background, and the payment background generates a corresponding temporary transaction number and sends it to the mobile terminal.
  • the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal.
  • the mobile terminal will: The temporary payment account information and the temporary transaction order number group are packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; after the “payment background verification dynamic personal voucher code, the verification information is sent to the payment terminal”
  • the method includes: the payment background verification, the temporary payment account information, and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification information is sent to the payment terminal after the verification is passed.
  • the sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing.
  • the “mobile terminal acquires the dynamic transaction code sent by the payment background” further includes: the mobile terminal logs in to the payment client and the payment background communication, and synchronizes the transaction serial number with the payment background; the “mobile terminal will include the dynamic transaction code”
  • the sending of the dynamic personal voucher code to the payment terminal further includes: when the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal adds the temporary payment account information and accumulates The subsequent transaction serial number group is packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal;
  • the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes: payment background verification Whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and after the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction serial number is verified After that, the verification information is sent to the payment terminal.
  • the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background, and is sent to the mobile terminal.
  • the method further includes: the mobile terminal inputs the payment combination input by the user through the payment client. The method is sent to the payment background; after receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination method includes a primary account payment, a quick payment, a coupon payment, and a point.
  • the step of “sending verification information to the payment terminal” specifically includes: the payment background determines an actual transaction payment combination according to the transaction amount and an amount to be paid for each payment method; The payment background sends the determined transaction payment combination and the amount that each payment method needs to pay to the payment terminal; the step “after the payment terminal receives the input account password, the account password is sent to the payment background for payment” includes: The payment terminal displays the received payment combination to The amount of payment required for each payment method; the user selects the actual transaction amount for each payment method, and enters the account password; the payment terminal sends the actual transaction amount and account password of each payment method to the payment background; the payment background receives The transaction amount and account password are verified, and the payment is made when the verification is passed.
  • the method further includes the steps of: the payment background sends the transaction result prompt information to the payment terminal, the transaction result prompt information includes the buyer partial account real information; and the payment terminal prints the paper transaction certificate.
  • the method further includes: the payment terminal is provided with a payment PIN Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the payment terminal further includes: the payment terminal acquires the input of the user on the payment terminal. PIN And will PIN Sent to the payment backend; the payment backend received PIN Verify that the next steps are performed when the verification passes.
  • the mobile terminal communicates via sound waves, NFC Or Bluetooth sends a dynamic personal voucher code to the payment terminal.
  • the secure payment system includes a mobile terminal, a payment terminal, and a payment backend.
  • the mobile terminal includes a dynamic transaction code acquisition module and a first transceiver module.
  • the payment terminal includes a first input module, a second input module, and a second transceiver module.
  • the payment backend includes a verification module, a third transceiver module, and a payment module; the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background; and the first transceiver module is configured to: use a dynamic individual that includes a dynamic transaction code
  • the voucher code is sent to the payment terminal, wherein the first transceiver module is an acoustic wave communication module, NFC a module, a Bluetooth module; the first input module is configured to receive an input transaction amount; the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, and send the dynamic personal voucher code and the transaction amount to the payment a background, and configured to send an account password to the payment background; the verification module is configured to verify the dynamic personal voucher code and an account password; the third transceiver module is configured to send the verification information to the payment terminal; The input module is configured to receive an account password input by the user; the payment module is configured to perform payment after the verification module passes the verification.
  • the invention also provides a POS
  • the terminal includes a printing module and the first input module, the second input module, and the second transceiver module, and the printing module is configured to print a paper transaction voucher.
  • the second transceiver module is an acoustic wave communication module, NFC Module, Bluetooth module or other non-physical contact communication module.
  • the method further includes: a display module, configured to display verification information sent by the payment background.
  • the invention has the beneficial effects that the account password must be input by the mobile terminal in the payment process in the existing online payment.
  • the mobile terminal automatically transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user is
  • the mobile terminal completes the input of the account password; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding the mobile terminal obtaining the account information and the account password at the same time, and the account information and The account password is attacked and stolen in the mobile terminal, which greatly improves the security of online payment.
  • Figure 1 Is an embodiment of the present invention O2O Flow chart of a secure payment method
  • Figure 2 Is an embodiment of the present invention O2O Schematic diagram of the structure of a secure payment system
  • Figure 3 Is an embodiment of the present invention POS Schematic diagram of the structure of the terminal.
  • the invention pays by inputting the account password of the online payment on the payment terminal, thereby avoiding the account password leakage caused by the loss of the mobile terminal or the attack by the Trojan horse, thereby greatly improving the account password.
  • O2O The security of the payment.
  • the mobile terminal acquires a dynamic transaction code sent by the payment background
  • the mobile terminal sends the dynamic personal voucher code including the dynamic transaction code to the payment terminal;
  • the payment terminal receives the input transaction amount
  • the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
  • the verification information is sent to the payment terminal;
  • the payment terminal After receiving the input account password, the payment terminal sends the transaction packet containing the account password ciphertext to the payment background to perform payment.
  • the payment terminal is in accordance with the transaction packet containing the account password ciphertext.
  • the package format can also be other packaging formats.
  • the embodiment relates to a mobile terminal, a payment terminal, and a payment background (the payment background is a system server of a specific bank, or a server of a third-party payment system), wherein the mobile terminal is installed with a payment client and a public key certificate.
  • CERT1 public key certificate CERT1 Corresponding private key PR1 Saved in the payment background
  • the user communicates with the payment background by logging in to the payment terminal on the mobile terminal, so that the payment account is bound to the user's mobile terminal.
  • the payment background After the mobile terminal logs in to the payment client, the payment background generates a corresponding dynamic transaction code according to the payment account bound by the mobile terminal, and the dynamic transaction code includes temporary payment account information (each time the mobile terminal logs in to the payment terminal, the corresponding generation of the payment background is different.
  • the dynamic transaction code that is, the temporary payment account information obtained by each mobile terminal is different).
  • the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background.
  • the mobile terminal groups the obtained temporary payment account information and the temporary transaction order number into a dynamic personal voucher code, and sends the dynamic personal voucher code to the payment terminal.
  • the payment terminal is disposed at the merchant, and the payment terminal acquires the input transaction amount (ie, the payment terminal acquires the total amount of the purchased product input by the merchant operator), and the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment. Backstage.
  • the payment background After receiving the dynamic personal voucher code through the payment terminal, the payment background verifies whether the temporary payment account information and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification is passed. After that, the payment background retrieves the corresponding real account information in the background according to the temporary payment account information, and verifies whether the account information is correct (such as verifying whether the account exists, whether the status of the account is available, whether the account balance is sufficient, etc.) After the verification is passed, the payment background verifies whether the account password uploaded from the payment terminal corresponds to the real account corresponding to the temporary payment account information of the dynamic personal certificate code, and the payment is performed after the account password verification is passed.
  • the account password must be input by the mobile terminal.
  • the mobile terminal securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user completes the account password on the mobile terminal.
  • the payment terminal After receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, thereby effectively preventing the account information and the account password from being The possibility of attack stealing greatly improves the security of online payment.
  • the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
  • the sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing. Encryption can better guarantee the security of payment data transmission. For simple data, you don't have to encrypt it. If you want to encrypt, the communication data sent by the mobile terminal needs to pass the public key certificate. CERT1 After encryption, transfer.
  • the encryption algorithm is an asymmetric algorithm and can be used. RSA , ECC , national secret algorithm, etc.
  • This encrypted data (such as a dynamic personal voucher code)
  • the payment terminal cannot be decrypted because it does not have a corresponding private key. PR1 Therefore, the payment terminal can only upload the dynamic personal voucher code ciphertext to the payment background processing as it is, thereby improving the security of the dynamic personal voucher code in the transmission process.
  • the mobile terminal can communicate through sound waves.
  • NFC Bluetooth or non-physical contact communication method sends a dynamic personal voucher code to the payment terminal.
  • the payment terminal may be a merchant POS
  • the terminal may also be another electronic payment device having a password input function.
  • the payment is made by the amount in the cash account in the account, but in the actual use process, there are other payment methods such as coupon payment, point payment, etc., in order to improve the convenience of the payment method in the above embodiment, In the present embodiment, payment can also be made by a payment combination.
  • the mobile terminal sends the payment combination mode input by the user to the payment background through the payment client;
  • the payment background After receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment.
  • the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment.
  • the payment method may also be other possible payment methods;
  • the step of “sending the verification information to the payment terminal” specifically includes:
  • the payment background determines the actual transaction payment combination according to the transaction amount and the amount that each payment method needs to pay;
  • the payment back-end determines the transaction payment combination and the amount that each payment method needs to pay to the payment terminal;
  • the step “after the payment terminal receives the input account password, the account password is sent to the payment background to perform payment” includes:
  • the payment terminal displays the received payment combination and the amount that each payment method needs to pay;
  • the user selects the actual transaction amount for each payment method and enters the account password;
  • the payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
  • the payment background verifies the received transaction amount and account password, and pays when the verification is passed.
  • the user selects the actual transaction amount for each payment method.
  • the user For the payment method that requires input of the account password (such as when paying with the cash account in the payment account), the user enters the account password on the payment terminal (for the case where the account password is not required, the user does not need to Enter the account password);
  • the payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
  • the payment background verifies the received transaction amount and account password, and pays when the verification is passed.
  • the payment may be performed without inputting the account password (if the selected payment combination does not include the cash account or the cash account is zero. ).
  • the user can select an appropriate payment combination method according to the payment method bound on the mobile terminal, and determine an actual payment combination manner according to the transaction amount on the payment terminal, such as coupon payment, point payment, coupon and cash payment combination or coupon, and points. , cash payment combination.
  • the online payment combination of multiple payment methods can be realized, which greatly improves the convenience of payment.
  • the embodiment may further include: the payment background sends the transaction result prompt information to the payment terminal or the mobile terminal.
  • the voucher for each transaction may be printed by the payment terminal, and the transaction result prompt information includes the real information of the buyer part account, thereby avoiding the dispute caused by the online payment without the physical transaction voucher.
  • the method further includes:
  • the mobile terminal logs in to the payment client to communicate with the payment background, and synchronizes the transaction serial number with the payment background;
  • the “mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal” further includes:
  • the mobile terminal When the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code. And sending the dynamic personal voucher code to the payment terminal;
  • the verification information is sent to the payment terminal.
  • the payment background verifies whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and when the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction sequence After the verification is passed, the verification information is sent to the payment terminal.
  • the present embodiment performs payment by temporarily paying an account.
  • the mobile terminal logs into the payment background, the temporary payment account is obtained from the payment background.
  • the mobile terminal determines whether it can connect to the payment background. If the connection is available, the temporary transaction number is obtained from the payment background, and the temporary transaction order is obtained. And the temporary transaction account information group is packaged into a dynamic personal voucher code and sent to the payment terminal.
  • the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code, and the dynamic personal voucher code
  • the payment is sent to the payment terminal, and the payment background determines whether the payment is made by verifying the correctness of the temporary payment account information and the transaction serial number. Therefore, the payment can be effectively prevented even when the mobile terminal has no network signal, and the reset attack can be effectively prevented (only when the transaction sequence number received by the payment background is larger than the serial number stored in the payment background, the payment can be prevented, thereby preventing Reset the attack).
  • the payment terminal is further provided with a payment.
  • PIN a payment.
  • the method further includes:
  • the payment terminal obtains the input of the user on the payment terminal PIN And will PIN Encrypted and sent to the payment background;
  • the PIN Can be an online payment account transaction PIN
  • the password can also be consistent with the bank card account password, and the payment background is only received correctly.
  • PIN The account password verification will be carried out under the premise, thus achieving double payment security guarantee and greatly improving payment security.
  • One kind O2O Secure payment system including mobile terminals 1 Payment terminal 2 And payment background 3 The mobile terminal 1
  • the dynamic transaction code acquisition module and the first transceiver module are included;
  • Payment terminal 2 The first input module, the second input module, and the second transceiver module are included;
  • the payment background 3 The verification module, the third transceiver module and the payment module are included;
  • the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background
  • the first transceiver module is configured to send a dynamic personal voucher code including a dynamic transaction code to the payment terminal, where the first transceiver module is an acoustic communication module, NFC Module, Bluetooth module or other non-physical contact communication module;
  • the first input module is configured to receive an input transaction amount
  • the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, configured to send the dynamic personal voucher code and the transaction amount to the payment background, and send the account password to the payment background;
  • the verification module is configured to verify the dynamic personal voucher code and an account password
  • the third transceiver module is configured to send the verification information to the payment terminal
  • the second input module is configured to receive an account password input by a user
  • the payment module is configured to perform payment after the verification module passes the verification.
  • the mobile terminal of the secure payment system sends a dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the user inputs the account password on the payment terminal, and the payment terminal sends the input account password to the payment background for payment, thereby avoiding In the mobile terminal, the account password and the account password are attacked and stolen, which greatly improves the security of online payment.
  • the invention also provides a POS Terminal, including print module twenty four And the first input module twenty one Second input module twenty two Second transceiver module twenty three ;
  • the terminal receives the dynamic personal voucher code sent by the mobile terminal through the second transceiver module, and sends the dynamic personal voucher code, the input transaction amount and the account password to the payment background through the second transceiver module, and the payment background dynamically according to the received transaction amount.
  • the dynamic transaction code in the voucher code is paid, so the account password for online payment can be POS Terminal input has greatly expanded POS The scope of use of the terminal, meanwhile, also increases the security of online payment.
  • the second transceiver module is an acoustic wave communication module, NFC Near field wireless communication such as modules or Bluetooth modules.
  • POS further includes: a display module, configured to display the verification information sent by the payment background.
  • the user downloads the payment client through the mobile phone (mobile terminal) and binds the corresponding bank card (the bank card includes a cash account, a coupon account, a point account, etc., that is, a payment method);
  • the user logs in to the mobile payment terminal and the payment background communication, and the payment background generates the temporary payment account information according to the bundled bank card and sends the information to the mobile phone.
  • the user selects the payment combination method and sends it to the payment background through the mobile phone, and the payment background determines whether the payment combination is successful, and generates a corresponding temporary transaction number to send to the mobile phone;
  • the operator of the merchant first inputs the product information (including the amount of the commodity) purchased by the user to the merchant.
  • POS a terminal (ie, the payment terminal); wherein the operator first inputs the product information purchased by the user to the merchant POS
  • the terminal There is no strict relationship between the terminal and the mobile phone to obtain the temporary transaction number.
  • the user sends a dynamic personal voucher code containing the temporary transaction number and temporary payment account information to POS Terminal (when the mobile terminal has no network signal, choose to use the transaction serial number instead of the temporary transaction number), POS The terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
  • the payment background verifies the dynamic personal voucher code and the transaction amount, and determines the combination.
  • the verification information is sent to POS terminal;
  • the terminal displays the payment combination, and obtains the payment combination method selected by the user, and the amount of various payment (for example, the selected payment combination method is: coupon payment) 100 yuan + Point redemption payment 50 yuan + cash payment 10 Yuan), the user is POS Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background;
  • the selected payment combination method is: coupon payment
  • the user is POS Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background
  • the account password entered in the background verification is verified. After the verification is passed, the payment is made according to the final payment combination and the amount of each payment method, and the transaction result is sent to the mobile phone and POS terminal;
  • the terminal prints the received transaction results and transaction credentials.
  • the account password must be input by the mobile terminal in the payment process in the existing online payment.
  • the present invention securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal by the mobile terminal, and the user is at the payment terminal.
  • the input of the account password is completed; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, as well as the account information and the account password.
  • the possibility of being attacked and stolen at the mobile terminal greatly improves the security of online payment.
  • the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
  • the payment terminal by requiring the user to enter a password on the payment terminal, it is guaranteed that only a user can participate in completing a transaction, preventing a user from unauthorized transactions.
  • the payment terminal can still complete the transaction normally, and the transaction can be improved.

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

Disclosed is a secure payment method. The secure payment method comprises the steps of: acquiring, by a mobile terminal, a dynamic transaction code sent by a payment background; sending to a payment terminal, by the mobile terminal, a dynamic personal voucher code containing the dynamic transaction code; receiving, by the payment terminal, the input transaction amount; sending, by the payment terminal, the dynamic personal voucher code and the transaction amount to the payment background; after the dynamic personal voucher code is verified, sending, by the payment background, verification information to the payment terminal; and after an input account password is received, sending, by the payment terminal, the account password to the payment background to conduct payment. Also disclosed are a secure payment system and a POS terminal. The account password for payment is input from the payment terminal, thereby effectively avoiding the potential security risks caused by inputting a password from the mobile terminal, so that the payment security is improved.

Description

一种O2O安全支付方法、系统和一种POS终端O2O secure payment method, system and POS terminal
技术领域Technical field
本发明涉及电子支付领域,特别是涉及一种The present invention relates to the field of electronic payment, and in particular to a O2OO2O 安全支付方法、系统和一种Secure payment method, system and kind POSPOS 终端。terminal.
背景技术Background technique
随着国内智能终端的普及和移动互联网的高速发展,网络支付的使用率增速涨幅较大,并成为亮点,特别是在交通通信、教育文化、食品、居住等方面渗透会有大幅的提升。作为移动支付的一个热门词汇,With the popularization of domestic intelligent terminals and the rapid development of mobile Internet, the growth rate of the use rate of online payment has increased greatly, and has become a bright spot, especially in the areas of transportation and communication, education and culture, food, and residence. As a popular term for mobile payments, O2OO2O 逐渐为人们所熟悉,Gradually familiar with people, O2OO2O which is Online To OfflineOnline To Offline ,是指将线下的商务机会与互联网结合,让互联网成为线下交易的前台。自It refers to the combination of offline business opportunities and the Internet, making the Internet a front-end for offline transactions. from 20102010 年底进入中国来引起了业界的广泛讨论,其广阔的前景为各方所看好,Entering China at the end of the year has aroused widespread discussion in the industry, and its broad prospects are optimistic for all parties. O2OO2O 行业也被普遍认为是下一个亿万元规模的市场。微信支付及支付宝的当面付可以看作是The industry is also widely regarded as the next market of billions of dollars. WeChat payment and Alipay’s face-to-face payment can be regarded as O2OO2O 的一个典型应用,这两种支付方式均使用用户手机作为载体,通过手机绑定银行卡号,扫描二维码获得商品信息,在手机上输入支付密码,实现电子交易的快捷完成,这种方式确实方便人们的日常生活。但这种支付方式存在着严重的隐患:A typical application, both of which use the user's mobile phone as a carrier, bind the bank card number through the mobile phone, scan the QR code to obtain the product information, and input the payment password on the mobile phone to realize the fast completion of the electronic transaction. Convenient for people's daily lives. However, there are serious hidden dangers in this payment method:
、手机是一个时常连接于公开网络的应用载体,手机病毒、手机木马等恶意软件屡见不鲜,而在手机上输入的密码已经成为了这类恶意软件的窃取对象。The mobile phone is an application carrier that is often connected to the public network. Mobile viruses, mobile phone Trojans and other malware are not uncommon, and the password entered on the mobile phone has become the object of such malware theft.
、对于声波支付,攻击者可以在交易现场复制交易时的声波,在用户不在现场的情况下,伪造个人凭证码完成未经用户授权的交易。For sonic payment, the attacker can copy the sound waves at the transaction site at the transaction site, and forge the personal voucher code to complete the transaction without authorization by the user if the user is not present at the scene.
、在现有的In the existing O2OO2O 支付方式中,交易完成后,付款人没有得到相应的纸质凭证,若后续发生交易纠纷不利于付款人维护自己的权益。In the payment method, after the transaction is completed, the payer does not get the corresponding paper certificate, and if the subsequent transaction dispute is not conducive to the payer to protect his rights and interests.
、若手机无法与支付后台通讯,则无法完成正常交易。If the mobile phone cannot communicate with the payment background, the normal transaction cannot be completed.
发明内容Summary of the invention
为解决上述技术问题,本发明提供一种支付更加安全的In order to solve the above technical problem, the present invention provides a payment that is more secure. O2OO2O 安全支付方法。Secure payment method.
一种One kind O2OO2O 安全支付方法,包括步骤:移动终端获取支付后台发送的动态交易码;移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;支付终端接收输入的交易金额;支付终端将动态个人凭证码和交易金额发送给支付后台;支付后台验证动态个人凭证码后,将验证信息发送给支付终端;支付终端接收输入的账户密码后,将包含账户密码密文的交易报文包发送给支付后台,进行支付。The secure payment method comprises the steps of: the mobile terminal acquires a dynamic transaction code sent by the payment background; the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the payment terminal receives the input transaction amount; and the payment terminal sends the dynamic personal voucher The code and the transaction amount are sent to the payment background; after the payment background verifies the dynamic personal voucher code, the verification information is sent to the payment terminal; after receiving the input account password, the payment terminal sends the transaction message packet including the account password ciphertext to the payment background. , to make a payment.
其中,所述“移动终端获取支付后台发送的动态交易码”具体包括:移动终端登陆支付客户端与支付后台通讯,获取支付后台根据支付账户生成的临时支付账户信息;移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端;所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”具体包括:移动终端将所述临时支付账户信息和临时交易单号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:支付后台验证所述临时支付账户信息与临时交易单号是否与所述支付后台生成的临时支付账户信息、临时交易单号一致,验证通过后将验证信息发送给支付终端。The “mobile terminal acquiring the dynamic transaction code sent by the payment background” specifically includes: the mobile terminal login payment client communicates with the payment background, and obtains the temporary payment account information generated by the payment background according to the payment account; the mobile terminal uses the payment client to The payment method is sent to the payment background, and the payment background generates a corresponding temporary transaction number and sends it to the mobile terminal. The mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal. Specifically, the mobile terminal will: The temporary payment account information and the temporary transaction order number group are packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; after the “payment background verification dynamic personal voucher code, the verification information is sent to the payment terminal” Specifically, the method includes: the payment background verification, the temporary payment account information, and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification information is sent to the payment terminal after the verification is passed.
其中,所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:移动终端发送交易配置信息给支付终端,其中,交易配置信息标识了移动终端发送的数据是否是密文,若标志了是密文,则支付终端无法解密获取这些关键数据的原始数据,支付终端只能原样把该动态个人凭证码密文以及交易配置信息上传到支付后台处理。The sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal, further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing.
其中,所述“移动终端获取支付后台发送的动态交易码”还包括:移动终端登陆支付客户端与支付后台通讯,并与支付后台同步交易序列号;所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:当移动终端无法与支付后台连接获取临时交易单号时,移动终端对所述交易序列号进行累加,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:支付后台验证所述临时支付账户信息与所述支付后台生成的临时支付账户是否一致,当验证通过后,验证接收到的交易序列号是否大于支付后台内存储的交易序列号,当所述交易序列号验证通过后,将验证信息发送给支付终端。The “mobile terminal acquires the dynamic transaction code sent by the payment background” further includes: the mobile terminal logs in to the payment client and the payment background communication, and synchronizes the transaction serial number with the payment background; the “mobile terminal will include the dynamic transaction code” The sending of the dynamic personal voucher code to the payment terminal further includes: when the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal adds the temporary payment account information and accumulates The subsequent transaction serial number group is packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes: payment background verification Whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and after the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction serial number is verified After that, the verification information is sent to the payment terminal.
其中,所述“移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端”还包括:移动终端通过支付客户端将用户输入的支付组合方式发送给支付后台;支付后台接收到支付组合后生成相应的临时交易单号,并将临时交易单号发送给移动终端,其中,支付组合方式包括主账户支付、快捷支付、优惠券支付、积分支付、预付费卡支付中的一种或多种;所述步骤“将验证信息发送给支付终端”具体包括:支付后台根据交易金额确定实际的交易支付组合以及每种支付方式需要支付的金额;支付后台将确定的交易支付组合以及每种支付方式需要支付的金额发送给支付终端;所述步骤“支付终端接收到输入的账户密码后,将账户密码发送给支付后台,进行支付”具体包括:支付终端显示接收到的支付组合以及每种支付方式需要支付的金额;用户选择每种支付方式的实际交易金额,并输入账户密码;支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background, and is sent to the mobile terminal. The method further includes: the mobile terminal inputs the payment combination input by the user through the payment client. The method is sent to the payment background; after receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination method includes a primary account payment, a quick payment, a coupon payment, and a point. One or more of payment, prepaid card payment; the step of “sending verification information to the payment terminal” specifically includes: the payment background determines an actual transaction payment combination according to the transaction amount and an amount to be paid for each payment method; The payment background sends the determined transaction payment combination and the amount that each payment method needs to pay to the payment terminal; the step “after the payment terminal receives the input account password, the account password is sent to the payment background for payment” includes: The payment terminal displays the received payment combination to The amount of payment required for each payment method; the user selects the actual transaction amount for each payment method, and enters the account password; the payment terminal sends the actual transaction amount and account password of each payment method to the payment background; the payment background receives The transaction amount and account password are verified, and the payment is made when the verification is passed.
其中,还包括步骤:支付后台将交易结果提示信息发送给支付终端,交易结果提示信息包含买方部分账户真实信息;支付终端打印纸质交易凭证。The method further includes the steps of: the payment background sends the transaction result prompt information to the payment terminal, the transaction result prompt information includes the buyer partial account real information; and the payment terminal prints the paper transaction certificate.
其中,还包括:所述支付终端设置有支付Wherein, the method further includes: the payment terminal is provided with a payment PINPIN ;在步骤“支付终端将动态个人凭证码和交易金额发送给支付后台”前还包括:支付终端获取用户在支付终端上输入的Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the payment terminal further includes: the payment terminal acquires the input of the user on the payment terminal. PINPIN ,并将所述And will PINPIN 发送给支付后台;支付后台对接收到的Sent to the payment backend; the payment backend received PINPIN 进行验证,当验证通过后才执行后续步骤。Verify that the next steps are performed when the verification passes.
其中,所述移动终端通过声波通讯、Wherein the mobile terminal communicates via sound waves, NFCNFC 或蓝牙将动态个人凭证码发送给支付终端。Or Bluetooth sends a dynamic personal voucher code to the payment terminal.
为解决上述技术问题,本发明还提供一种In order to solve the above technical problem, the present invention also provides a O2OO2O 安全支付系统,包括移动终端、支付终端和支付后台,所述移动终端包括动态交易码获取模块、第一收发模块;所述支付终端包括第一输入模块、第二输入模块、第二收发模块;所述支付后台包括验证模块、第三收发模块、支付模块;所述动态交易码获取模块用于从支付后台获取动态交易码;所述第一收发模块用于将包含有动态交易码的动态个人凭证码发送给支付终端,其中,第一收发模块为声波通讯模块、The secure payment system includes a mobile terminal, a payment terminal, and a payment backend. The mobile terminal includes a dynamic transaction code acquisition module and a first transceiver module. The payment terminal includes a first input module, a second input module, and a second transceiver module. The payment backend includes a verification module, a third transceiver module, and a payment module; the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background; and the first transceiver module is configured to: use a dynamic individual that includes a dynamic transaction code The voucher code is sent to the payment terminal, wherein the first transceiver module is an acoustic wave communication module, NFCNFC 模块,蓝牙模块;所述第一输入模块用于接收输入的交易金额;所述第二收发模块用于接收移动终端发送的动态个人凭证码,用于将动态个人凭证码和交易金额发送给支付后台,以及用于将账户密码发送给支付后台;所述验证模块用于验证所述动态个人凭证码和账户密码;所述第三收发模块用于将验证信息发送给支付终端;所述第二输入模块用于接收用户输入的账户密码;所述支付模块用于当所述验证模块验证通过后进行支付。a module, a Bluetooth module; the first input module is configured to receive an input transaction amount; the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, and send the dynamic personal voucher code and the transaction amount to the payment a background, and configured to send an account password to the payment background; the verification module is configured to verify the dynamic personal voucher code and an account password; the third transceiver module is configured to send the verification information to the payment terminal; The input module is configured to receive an account password input by the user; the payment module is configured to perform payment after the verification module passes the verification.
本发明还提供一种The invention also provides a POSPOS 终端,包括打印模块和上述的第一输入模块、第二输入模块、第二收发模块;所述打印模块用于打印纸质交易凭证。The terminal includes a printing module and the first input module, the second input module, and the second transceiver module, and the printing module is configured to print a paper transaction voucher.
其中,所述第二收发模块为声波通讯模块、Wherein, the second transceiver module is an acoustic wave communication module, NFCNFC 模块,蓝牙模块或其它非物理接触式的通讯模块。Module, Bluetooth module or other non-physical contact communication module.
其中,还包括:显示模块,用于显示支付后台发送的验证信息。The method further includes: a display module, configured to display verification information sent by the payment background.
本发明的有益效果为:区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在移动终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,以及账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。The invention has the beneficial effects that the account password must be input by the mobile terminal in the payment process in the existing online payment. The mobile terminal automatically transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user is The mobile terminal completes the input of the account password; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding the mobile terminal obtaining the account information and the account password at the same time, and the account information and The account password is attacked and stolen in the mobile terminal, which greatly improves the security of online payment.
附图说明DRAWINGS
Figure 11 为本发明实施方式一种Is an embodiment of the present invention O2OO2O 安全支付方法的流程图;Flow chart of a secure payment method;
Figure 22 为本发明实施方式一种Is an embodiment of the present invention O2OO2O 安全支付系统的结构示意图;Schematic diagram of the structure of a secure payment system;
Figure 33 为本发明实施方式一种Is an embodiment of the present invention POSPOS 终端的结构示意图。Schematic diagram of the structure of the terminal.
主要标号说明:The main label description:
移动终端;Mobile terminal 2- 2- 支付终端;Payment terminal 3- 3- 支付后台;Payment backstage; 21- twenty one- 第一输入模块;First input module; 22- twenty two- 第二输入模块;a second input module; 23- twenty three- 第二收发模块;a second transceiver module; 24- twenty four- 打印模块。Print module.
具体实施方式detailed description
为详细说明本发明的技术内容、构造特征、所实现目的及效果,以下结合实施方式并配合附图详予说明。The detailed description of the technical contents, structural features, and the objects and effects of the present invention will be described in detail below with reference to the accompanying drawings.
本发明通过在支付终端上输入在线支付的账户密码进行支付,避免了移动终端丢失或被木马攻击等因素导致的账户密码泄露,从而大大提高了The invention pays by inputting the account password of the online payment on the payment terminal, thereby avoiding the account password leakage caused by the loss of the mobile terminal or the attack by the Trojan horse, thereby greatly improving the account password. O2OO2O 支付的安全性。The security of the payment.
实施例一Embodiment 1
请参阅图Please refer to the picture 11 ,为本实施方式一种, a method of the present embodiment O2OO2O 安全支付方法的流程图,本方法包括步骤:A flowchart of a secure payment method, the method comprising the steps of:
、移动终端获取支付后台发送的动态交易码;And the mobile terminal acquires a dynamic transaction code sent by the payment background;
、移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;The mobile terminal sends the dynamic personal voucher code including the dynamic transaction code to the payment terminal;
、支付终端接收输入的交易金额;And the payment terminal receives the input transaction amount;
、支付终端将动态个人凭证码和交易金额发送给支付后台;The payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
、支付后台验证动态个人凭证码后,将验证信息发送给支付终端;After the background verification dynamic personal voucher code is sent, the verification information is sent to the payment terminal;
、支付终端接收输入的账户密码后,将包含账户密码密文的交易报文包发送给支付后台,进行支付。After receiving the input account password, the payment terminal sends the transaction packet containing the account password ciphertext to the payment background to perform payment.
其中,支付终端对包含账户密码密文的交易报文包是按照Wherein, the payment terminal is in accordance with the transaction packet containing the account password ciphertext. 85838583 包格式,也可以是其他打包格式。The package format can also be other packaging formats.
本实施例涉及移动终端、支付终端和支付后台(所述支付后台为具体银行的系统服务器,也可以是第三方支付系统的服务器),其中,移动终端上安装有支付客户端和公钥证书The embodiment relates to a mobile terminal, a payment terminal, and a payment background (the payment background is a system server of a specific bank, or a server of a third-party payment system), wherein the mobile terminal is installed with a payment client and a public key certificate. CERT1CERT1 (公钥证书(public key certificate CERT1CERT1 对应的私钥Corresponding private key PR1PR1 保存在支付后台),用户在移动终端通过登陆支付客户端,与支付后台通讯,使得支付账户和用户的移动终端绑定。移动终端登陆支付客户端后,支付后台根据移动终端所绑定的支付账户生成对应的动态交易码,动态交易码包含临时支付账户信息(移动终端每次登陆支付终端,支付后台都相应的生成不同的动态交易码,即每次移动终端所获取到的临时支付账户信息都是不同的)。当需要进行支付时,移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号。Saved in the payment background), the user communicates with the payment background by logging in to the payment terminal on the mobile terminal, so that the payment account is bound to the user's mobile terminal. After the mobile terminal logs in to the payment client, the payment background generates a corresponding dynamic transaction code according to the payment account bound by the mobile terminal, and the dynamic transaction code includes temporary payment account information (each time the mobile terminal logs in to the payment terminal, the corresponding generation of the payment background is different. The dynamic transaction code, that is, the temporary payment account information obtained by each mobile terminal is different). When the payment needs to be made, the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background.
移动终端将获取到的临时支付账户信息和临时交易单号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端。所述支付终端设置于商户,支付终端获取输入的交易金额(即支付终端获取商户操作员输入的此次购买的商品的总金额),支付终端将所述动态个人凭证码和交易金额发送给支付后台。The mobile terminal groups the obtained temporary payment account information and the temporary transaction order number into a dynamic personal voucher code, and sends the dynamic personal voucher code to the payment terminal. The payment terminal is disposed at the merchant, and the payment terminal acquires the input transaction amount (ie, the payment terminal acquires the total amount of the purchased product input by the merchant operator), and the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment. Backstage.
支付后台在通过支付终端接收到动态个人凭证码后,支付后台验证所述临时支付账户信息与临时交易单号是否与所述支付后台生成的临时支付账户信息、临时交易单号一致,当验证通过后,支付后台根据临时支付账户信息检索到后台中对应的真实账户信息,验证其中的账户信息是否正确(如验证是否存在该账户、该账户的状态是否为可用、账户余额是否足够等),当所述验证通过后,支付后台验证从支付终端上传上来的账户密码与所述动态个人凭证码的临时支付账户信息所对应的真实账户是否对应,当所述账户密码验证通过后才进行支付。After receiving the dynamic personal voucher code through the payment terminal, the payment background verifies whether the temporary payment account information and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification is passed. After that, the payment background retrieves the corresponding real account information in the background according to the temporary payment account information, and verifies whether the account information is correct (such as verifying whether the account exists, whether the status of the account is available, whether the account balance is sufficient, etc.) After the verification is passed, the payment background verifies whether the account password uploaded from the payment terminal corresponds to the real account corresponding to the temporary payment account information of the dynamic personal certificate code, and the payment is performed after the account password verification is passed.
区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在移动终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,有效防止账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。进一步地,在本发明中支付后台根据移动终端绑定的账户生成临时支付账户信息,在支付过程中移动终端和支付终端都是使用临时支付账户进行传输,因此即使传输过程中的数据被截取,也仍然无法真实的支付账户信息(真实的支付账户信息只有支付后台和移动终端中的支付客户端知道,没有出现在传输过程中),从而进一步提高了支付安全。Different from the existing online payment, the account password must be input by the mobile terminal. In the present invention, the mobile terminal securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user completes the account password on the mobile terminal. After receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, thereby effectively preventing the account information and the account password from being The possibility of attack stealing greatly improves the security of online payment. Further, in the present invention, the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
其中,所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:移动终端发送交易配置信息给支付终端,其中,交易配置信息标识了移动终端发送的数据是否是密文,若标志了是密文,则支付终端无法解密获取这些关键数据的原始数据,支付终端只能原样把该动态个人凭证码密文以及交易配置信息上传到支付后台处理。加密可以更好地保证支付数据的传输安全。对于简单的数据,也可以不必加密。如果要加密,则移动终端发送的通讯数据需经过公钥证书The sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal, further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing. Encryption can better guarantee the security of payment data transmission. For simple data, you don't have to encrypt it. If you want to encrypt, the communication data sent by the mobile terminal needs to pass the public key certificate. CERT1CERT1 进行加密后进行传输。其中,涉及加密算法为非对称算法,可使用After encryption, transfer. Among them, the encryption algorithm is an asymmetric algorithm and can be used. RSARSA , ECCECC 、国密算法等。这种加密后的数据(例如动态个人凭证码),支付终端是无法解密的,因为其没有对应的私钥, national secret algorithm, etc. This encrypted data (such as a dynamic personal voucher code), the payment terminal cannot be decrypted because it does not have a corresponding private key. PR1PR1 ,所以支付终端只能原样把该动态个人凭证码密文上传到支付后台处理,从而提高了动态个人凭证码在传输过程中的安全。Therefore, the payment terminal can only upload the dynamic personal voucher code ciphertext to the payment background processing as it is, thereby improving the security of the dynamic personal voucher code in the transmission process.
其中,为了方便移动终端与支付终端之间的数据传输,所述移动终端可以通过声波通讯、In order to facilitate data transmission between the mobile terminal and the payment terminal, the mobile terminal can communicate through sound waves. NFCNFC 、蓝牙或非物理接触式的通讯方式将动态个人凭证码发送给支付终端。所述支付终端可以是商户的Bluetooth or non-physical contact communication method sends a dynamic personal voucher code to the payment terminal. The payment terminal may be a merchant POSPOS 终端,也可以是具有密码输入功能的其他电子支付装置。The terminal may also be another electronic payment device having a password input function.
实施例二Embodiment 2
在上述实施例中是以账户中的现金账户中的金额进行支付,但实际使用过程在还存在优惠券支付、积分支付等其他的支付方式,为了提高了上述实施例中支付方式的便捷性,在本实施方式中还可以通过支付组合方式进行支付。In the above embodiment, the payment is made by the amount in the cash account in the account, but in the actual use process, there are other payment methods such as coupon payment, point payment, etc., in order to improve the convenience of the payment method in the above embodiment, In the present embodiment, payment can also be made by a payment combination.
移动终端通过支付客户端将用户输入的支付组合方式发送给支付后台;The mobile terminal sends the payment combination mode input by the user to the payment background through the payment client;
支付后台接收到支付组合后生成相应的临时交易单号,并将临时交易单号发送给移动终端,其中,支付组合方式包括主账户支付、快捷支付、优惠券支付、积分支付、预付费卡支付中的一种或多种,所述支付方式也可以是其它可能的支付方式;After receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment. One or more of the payment methods, and the payment method may also be other possible payment methods;
所述步骤“将验证信息发送给支付终端”具体包括:The step of “sending the verification information to the payment terminal” specifically includes:
支付后台根据交易金额确定实际的交易支付组合以及每种支付方式需要支付的金额;The payment background determines the actual transaction payment combination according to the transaction amount and the amount that each payment method needs to pay;
支付后台将确定的交易支付组合以及每种支付方式需要支付的金额发送给支付终端;The payment back-end determines the transaction payment combination and the amount that each payment method needs to pay to the payment terminal;
所述步骤“支付终端接收到输入的账户密码后,将账户密码发送给支付后台,进行支付”具体包括:The step “after the payment terminal receives the input account password, the account password is sent to the payment background to perform payment” includes:
支付终端显示接收到的支付组合以及每种支付方式需要支付的金额;The payment terminal displays the received payment combination and the amount that each payment method needs to pay;
用户选择每种支付方式的实际交易金额,并输入账户密码;The user selects the actual transaction amount for each payment method and enters the account password;
支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;The payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The payment background verifies the received transaction amount and account password, and pays when the verification is passed.
用户选择每种支付方式的实际交易金额,对于需要输入账户密码的支付方式(如用支付账户里的现金账户进行支付时),用户在支付终端上输入账户密码(对于无需账户密码的则不需要输入账户密码);The user selects the actual transaction amount for each payment method. For the payment method that requires input of the account password (such as when paying with the cash account in the payment account), the user enters the account password on the payment terminal (for the case where the account password is not required, the user does not need to Enter the account password);
支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;The payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The payment background verifies the received transaction amount and account password, and pays when the verification is passed.
在本实施方式中,如果用户所选择的支付组合方式中不需要确认账户密码的,则无需输入账户密码即可进行支付(如所选择的支付组合中不包括现金账户或现金账户的金额为零)。用户可以根据移动终端上绑定的支付方式选择适当支付组合方式,并根据支付终端上的交易金额确定实际支付组合方式,如优惠券支付、积分支付、优惠券与现金支付组合或优惠券、积分、现金支付组合。本实施例可以现实多个支付方式在线支付组合,大大提高了支付的便捷性。In this embodiment, if the account password is not required to be confirmed in the payment combination mode selected by the user, the payment may be performed without inputting the account password (if the selected payment combination does not include the cash account or the cash account is zero. ). The user can select an appropriate payment combination method according to the payment method bound on the mobile terminal, and determine an actual payment combination manner according to the transaction amount on the payment terminal, such as coupon payment, point payment, coupon and cash payment combination or coupon, and points. , cash payment combination. In this embodiment, the online payment combination of multiple payment methods can be realized, which greatly improves the convenience of payment.
进一步地,为了方便用户和商户能够及时的了解到所述交易的结果,在本实施方式还可以包括:支付后台将交易结果提示信息发送给支付终端或移动终端。Further, in order to facilitate the user and the merchant to know the result of the transaction in time, the embodiment may further include: the payment background sends the transaction result prompt information to the payment terminal or the mobile terminal.
进一步地,本实施方式还可以通过支付终端打印每次交易的凭证,所述交易结果提示信息包含买方部分账户真实信息,从而避免由于在线支付无实物交易凭证所带来的纠纷。Further, in this embodiment, the voucher for each transaction may be printed by the payment terminal, and the transaction result prompt information includes the real information of the buyer part account, thereby avoiding the dispute caused by the online payment without the physical transaction voucher.
实施例三Embodiment 3
在上述实施例一中,还包括:In the first embodiment, the method further includes:
移动终端登陆支付客户端与支付后台通讯,并与支付后台同步交易序列号;The mobile terminal logs in to the payment client to communicate with the payment background, and synchronizes the transaction serial number with the payment background;
所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:The “mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal” further includes:
当移动终端无法与支付后台连接获取临时交易单号时,移动终端对所述交易序列号进行累加,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;When the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code. And sending the dynamic personal voucher code to the payment terminal;
所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:After the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes:
支付后台验证所述临时支付账户信息与所述支付后台生成的临时支付账户是否一致,当验证通过后,验证接收到的交易序列号是否大于支付后台内存储的交易序列号,当所述交易序列号验证通过后,将验证信息发送给支付终端。The payment background verifies whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and when the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction sequence After the verification is passed, the verification information is sent to the payment terminal.
在实际应用中,通过移动终端进行在线支付都必需借助移动终端的网络如In practical applications, online payment through a mobile terminal must rely on the network of the mobile terminal, such as 3G3G 网络、The internet, WIFIWIFI 等,但在很多商户移动终端的网络信号并不好或没有信号覆盖,为了解决在无网络覆盖情况下的支付,本实施方式通过临时支付账号进行支付。当移动终端登入支付后台时,从支付后台获取临时支付账号,当需要进行支付时,移动终端判断是否能够连接支付后台,若是能够连接,则从支付后台获取临时交易单号,并将临时交易单号与临时交易账户信息组包成动态个人凭证码发送给支付终端,否则,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端,支付后台通过验证所述临时支付账户信息和交易序列号的正确性判断是否进行支付。从而有效防止在移动终端无网络信号的情况下仍然可以实现支付,并能有效防止重置攻击(只有当支付后台接收到的交易序列号大于支付后台存储的序列号时才进行支付,因此能够防止重置攻击)。Etc. However, in many merchant mobile terminals, the network signal is not good or there is no signal coverage. In order to solve the payment without network coverage, the present embodiment performs payment by temporarily paying an account. When the mobile terminal logs into the payment background, the temporary payment account is obtained from the payment background. When the payment needs to be made, the mobile terminal determines whether it can connect to the payment background. If the connection is available, the temporary transaction number is obtained from the payment background, and the temporary transaction order is obtained. And the temporary transaction account information group is packaged into a dynamic personal voucher code and sent to the payment terminal. Otherwise, the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code, and the dynamic personal voucher code The payment is sent to the payment terminal, and the payment background determines whether the payment is made by verifying the correctness of the temporary payment account information and the transaction serial number. Therefore, the payment can be effectively prevented even when the mobile terminal has no network signal, and the reset attack can be effectively prevented (only when the transaction sequence number received by the payment background is larger than the serial number stored in the payment background, the payment can be prevented, thereby preventing Reset the attack).
实施例四Embodiment 4
在上述实施例一中,所述支付终端还设置有支付In the first embodiment, the payment terminal is further provided with a payment. PINPIN ;
其中,所述支付终端的支付Wherein the payment of the payment terminal PINPIN 是用户在移动终端通过支付客户端与支付后台设定的;It is set by the user in the mobile terminal through the payment client and the payment background;
在所述步骤“支付终端将动态个人凭证码和交易金额发送给支付后台”前还包括:Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the method further includes:
支付终端获取用户在支付终端上输入的The payment terminal obtains the input of the user on the payment terminal PINPIN ,并将所述And will PINPIN 加密后发送给支付后台;Encrypted and sent to the payment background;
支付后台对接收到的Payment backend received PINPIN 进行验证,当验证通过后才执行后续步骤。Verify that the next steps are performed when the verification passes.
本实施方式中,所述In this embodiment, the PINPIN 可以是线上支付账户的交易Can be an online payment account transaction PINPIN 密码,也可以与银行卡账户密码保持一致,支付后台只有在收到正确的The password can also be consistent with the bank card account password, and the payment background is only received correctly. PINPIN 的前提下才会进行账户密码验证,从而实现了双重支付安全保证,大大提高了支付安全。The account password verification will be carried out under the premise, thus achieving double payment security guarantee and greatly improving payment security.
实施例五Embodiment 5
一种One kind O2OO2O 安全支付系统,包括移动终端Secure payment system, including mobile terminals 11 、支付终端Payment terminal 22 和支付后台And payment background 33 ,所述移动终端The mobile terminal 11 包括动态交易码获取模块、第一收发模块;The dynamic transaction code acquisition module and the first transceiver module are included;
所述支付终端Payment terminal 22 包括第一输入模块、第二输入模块、第二收发模块;The first input module, the second input module, and the second transceiver module are included;
所述支付后台The payment background 33 包括验证模块、第三收发模块、支付模块;The verification module, the third transceiver module and the payment module are included;
所述动态交易码获取模块用于从支付后台获取动态交易码;The dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background;
所述第一收发模块用于将包含有动态交易码的动态个人凭证码发送给支付终端,其中,第一收发模块为声波通讯模块、The first transceiver module is configured to send a dynamic personal voucher code including a dynamic transaction code to the payment terminal, where the first transceiver module is an acoustic communication module, NFCNFC 模块,蓝牙模块或其它非物理接触式的通讯模块;Module, Bluetooth module or other non-physical contact communication module;
所述第一输入模块用于接收输入的交易金额;The first input module is configured to receive an input transaction amount;
所述第二收发模块用于接收移动终端发送的动态个人凭证码,用于将动态个人凭证码和交易金额发送给支付后台,以及用于将账户密码发送给支付后台;The second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, configured to send the dynamic personal voucher code and the transaction amount to the payment background, and send the account password to the payment background;
所述验证模块用于验证所述动态个人凭证码和账户密码;The verification module is configured to verify the dynamic personal voucher code and an account password;
所述第三收发模块用于将验证信息发送给支付终端;The third transceiver module is configured to send the verification information to the payment terminal;
所述第二输入模块用于接收用户输入的账户密码;The second input module is configured to receive an account password input by a user;
所述支付模块用于当所述验证模块验证通过后进行支付。The payment module is configured to perform payment after the verification module passes the verification.
this O2OO2O 安全支付系统的移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;用户在支付终端上进行账户密码输入,支付终端将接收到输入的账户密码发送给支付后台进行支付,因此避免了在移动终端输入账户密码和账户密码被攻击窃取的可能,大大提高了在线支付的安全性。The mobile terminal of the secure payment system sends a dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the user inputs the account password on the payment terminal, and the payment terminal sends the input account password to the payment background for payment, thereby avoiding In the mobile terminal, the account password and the account password are attacked and stolen, which greatly improves the security of online payment.
本发明还提供了一种The invention also provides a POSPOS 终端,包括打印模块Terminal, including print module 24twenty four 和所述的第一输入模块And the first input module 21twenty one 、第二输入模块Second input module 22twenty two 、第二收发模块Second transceiver module 23twenty three ;
所述打印模块The printing module 24twenty four 用于打印纸质交易凭证。Used to print paper transaction vouchers.
所述Said POSPOS 终端通过第二收发模块接收移动终端发送的动态个人凭证码,以及通过第二收发模块将动态个人凭证码、输入的交易金额和账户密码发送给支付后台,支付后台根据接收到的交易金额动态个人凭证码中的动态交易码进行支付,因此使在线支付的账户密码可以在The terminal receives the dynamic personal voucher code sent by the mobile terminal through the second transceiver module, and sends the dynamic personal voucher code, the input transaction amount and the account password to the payment background through the second transceiver module, and the payment background dynamically according to the received transaction amount. The dynamic transaction code in the voucher code is paid, so the account password for online payment can be POSPOS 终端输入,大大扩大了Terminal input has greatly expanded POSPOS 终端的使用范围,同时,也提高了在线支付的安全性。The scope of use of the terminal, meanwhile, also increases the security of online payment.
进一步地,为了提高Further, in order to improve POSPOS 终端与移动终端之间的数据传输安全和便捷性,所述第二收发模块为声波通讯模块、The data transmission security and convenience between the terminal and the mobile terminal, the second transceiver module is an acoustic wave communication module, NFCNFC 模块或蓝牙模块等近场无线通讯。Near field wireless communication such as modules or Bluetooth modules.
进一步地,为了便于显示交易过程的信息,对用户的操作进行提示,以及显示交易结果,所述Further, in order to facilitate displaying information of the transaction process, prompting the user's operation, and displaying the transaction result, POSPOS 终端还包括:显示模块,用于显示支付后台发送的验证信息。The terminal further includes: a display module, configured to display the verification information sent by the payment background.
示例Example
用户通过手机(移动终端)下载支付客户端并绑定相应的银行卡(银行卡中包含现金账户、优惠券账户、积分账户等,即支付方式);The user downloads the payment client through the mobile phone (mobile terminal) and binds the corresponding bank card (the bank card includes a cash account, a coupon account, a point account, etc., that is, a payment method);
用户通过登陆手机支付终端与支付后台通讯,支付后台根据所绑定的银行卡生成临时支付账户信息并下发给手机。The user logs in to the mobile payment terminal and the payment background communication, and the payment background generates the temporary payment account information according to the bundled bank card and sends the information to the mobile phone.
当用户到商户那需要购买商品时,通过手机选择支付组合方式并发送给支付后台,支付后台判断该支付组合是否成功,是则生成相应的临时交易单号发送给手机;When the user needs to purchase the product, the user selects the payment combination method and sends it to the payment background through the mobile phone, and the payment background determines whether the payment combination is successful, and generates a corresponding temporary transaction number to send to the mobile phone;
商户的操作员先将用户购买的商品信息(包括商品金额)输入到商户的The operator of the merchant first inputs the product information (including the amount of the commodity) purchased by the user to the merchant. POSPOS 终端(即所述支付终端);其中,操作员先将用户购买的商品信息输入到商户的a terminal (ie, the payment terminal); wherein the operator first inputs the product information purchased by the user to the merchant POSPOS 终端与手机获取临时交易单号这两步骤没有严格的先后关系;There is no strict relationship between the terminal and the mobile phone to obtain the temporary transaction number.
结账时,用户将包含有临时交易单号和临时支付账户信息的动态个人凭证码发送给At checkout, the user sends a dynamic personal voucher code containing the temporary transaction number and temporary payment account information to POSPOS 终端(当移动终端无网络信号时选择使用交易序列号代替临时交易单号),Terminal (when the mobile terminal has no network signal, choose to use the transaction serial number instead of the temporary transaction number), POSPOS 终端将所述动态个人凭证码和交易金额发送给支付后台;The terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
支付后台验证动态个人凭证码以及交易金额,并确定组合,当验证通过后将验证信息发送给The payment background verifies the dynamic personal voucher code and the transaction amount, and determines the combination. When the verification is passed, the verification information is sent to POSPOS 终端;terminal;
终端显示支付组合,以及获取用户选择的支付组合方式、各种支付的金额(如选择的支付组合方式为:优惠券支付The terminal displays the payment combination, and obtains the payment combination method selected by the user, and the amount of various payment (for example, the selected payment combination method is: coupon payment) 100100 yuan ++ 积分兑换支付Point redemption payment 5050 yuan ++ 现金支付cash payment 1010 元),用户在Yuan), the user is POSPOS 终端上输入账户密码,并将获取到的支付组合及各支付方式的金额以及账户密码发送给支付后台;Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background;
支付后台验证输入的账户密码,当验证通过后,根据最终收到的支付组合及各支付方式的金额进行支付,并将交易结果发送给手机和The account password entered in the background verification is verified. After the verification is passed, the payment is made according to the final payment combination and the amount of each payment method, and the transaction result is sent to the mobile phone and POSPOS 终端;terminal;
终端打印收到的交易结果和交易凭证。The terminal prints the received transaction results and transaction credentials.
综上所述,区别于现有的在线支付中支付过程中账户密码必需由移动终端输入,本发明由移动终端将包含有动态交易码的动态个人凭证码安全发送给支付终端,用户在支付终端上完成账户密码的输入;支付终端接收到输入的账户密码后,将密文账户密码发送给支付后台,进行支付,因此避免了移动终端可同时获取账户信息及账户密码,以及账户信息及账户密码在移动终端被攻击窃取的可能,大大提高了在线支付的安全性。进一步地,在本发明中支付后台根据移动终端绑定的账户生成临时支付账户信息,在支付过程中移动终端和支付终端都是使用临时支付账户进行传输,因此即使传输过程中的数据被截取,也仍然无法真实的支付账户信息(真实的支付账户信息只有支付后台和移动终端中的支付客户端知道,没有出现在传输过程中),从而进一步提高了支付安全。另外,通过要求用户在支付终端上输入密码,保证只有用户参与才能完成一笔交易,防止出现用户未授权的交易。同时,在用户手机无法与支付后台通讯时,借助于支付终端,仍可正常完成交易,提高In summary, the account password must be input by the mobile terminal in the payment process in the existing online payment. The present invention securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal by the mobile terminal, and the user is at the payment terminal. The input of the account password is completed; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, as well as the account information and the account password. The possibility of being attacked and stolen at the mobile terminal greatly improves the security of online payment. Further, in the present invention, the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security. In addition, by requiring the user to enter a password on the payment terminal, it is guaranteed that only a user can participate in completing a transaction, preventing a user from unauthorized transactions. At the same time, when the user's mobile phone cannot communicate with the payment background, the payment terminal can still complete the transaction normally, and the transaction can be improved. O2OO2O 支付方案的整体可行性。The overall feasibility of the payment plan.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformation of the present invention and the contents of the drawings may be directly or indirectly applied to other related technologies. The fields are all included in the scope of patent protection of the present invention.

Claims (12)

  1. 一种O2O安全支付方法,其特征在于,包括步骤:An O2O secure payment method, comprising the steps of:
    移动终端获取支付后台发送的动态交易码;The mobile terminal acquires a dynamic transaction code sent by the payment background;
    移动终端将包含有动态交易码的动态个人凭证码发送给支付终端;The mobile terminal sends a dynamic personal voucher code including a dynamic transaction code to the payment terminal;
    支付终端接收输入的交易金额;The payment terminal receives the input transaction amount;
    支付终端将动态个人凭证码和交易金额发送给支付后台;The payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
    支付后台验证动态个人凭证码后,将验证信息发送给支付终端;After the background verification dynamic personal voucher code is sent, the verification information is sent to the payment terminal;
    支付终端接收输入的账户密码后,将包含账户密码密文的交易报文包发送给支付后台,进行支付。After receiving the input account password, the payment terminal sends a transaction packet containing the account password ciphertext to the payment background to perform payment.
  2. 根据权利要求1所述的O2O安全支付方法,其特征在于,所述“移动终端获取支付后台发送的动态交易码”具体包括:The O2O secure payment method according to claim 1, wherein the "mobile terminal acquires a dynamic transaction code sent by the payment background" specifically includes:
    移动终端登陆支付客户端与支付后台通讯,获取支付后台根据支付账户生成的临时支付账户信息;The mobile terminal logs in to the payment client to communicate with the payment background, and obtains the temporary payment account information generated by the payment background according to the payment account;
    移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端;The mobile terminal sends the payment method to the payment background through the payment client, and generates a corresponding temporary transaction number in the payment background, and sends the corresponding temporary transaction number to the mobile terminal;
    所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”具体包括:The “mobile terminal sends a dynamic personal voucher code including a dynamic transaction code to the payment terminal” specifically includes:
    移动终端将所述临时支付账户信息和临时交易单号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;The mobile terminal groups the temporary payment account information and the temporary transaction order number into a dynamic personal voucher code, and sends the dynamic personal voucher code to the payment terminal;
    所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:After the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes:
    支付后台验证所述临时支付账户信息与临时交易单号是否与所述支付后台生成的临时支付账户信息、临时交易单号一致,验证通过后将验证信息发送给支付终端。The payment background verifies whether the temporary payment account information and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification information is sent to the payment terminal after the verification is passed.
  3. 根据权利要求2所述的O2O安全支付方法,其特征在于,所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:The O2O secure payment method according to claim 2, wherein the "mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal" further includes:
    移动终端发送交易配置信息给支付终端,其中,交易配置信息标识了移动终端发送的数据是否是密文,若标志了是密文,则支付终端无法解密获取这些关键数据的原始数据,支付终端只能原样把该动态个人凭证码密文以及交易配置信息上传到支付后台处理。The mobile terminal sends the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is a ciphertext. If the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal only The dynamic personal voucher code ciphertext and transaction configuration information can be uploaded to the payment background processing as it is.
  4. 根据权利要求2所述的O2O安全支付方法,其特征在于,所述“移动终端获取支付后台发送的动态交易码”还包括:The O2O secure payment method according to claim 2, wherein the "mobile terminal acquires a dynamic transaction code sent by the payment background" further includes:
    移动终端登陆支付客户端与支付后台通讯,并与支付后台同步交易序列号;The mobile terminal logs in to the payment client to communicate with the payment background, and synchronizes the transaction serial number with the payment background;
    所述“移动终端将包含有动态交易码的动态个人凭证码发送给支付终端”还包括:The “mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal” further includes:
    当移动终端无法与支付后台连接获取临时交易单号时,移动终端对所述交易序列号进行累加,移动终端将所述临时支付账户信息和累加后的交易序列号组包成动态个人凭证码,并将动态个人凭证码发送给支付终端;When the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code. And sending the dynamic personal voucher code to the payment terminal;
    所述“支付后台验证动态个人凭证码后,将验证信息发送给支付终端”具体包括:After the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes:
    支付后台验证所述临时支付账户信息与所述支付后台生成的临时支付账户是否一致,当验证通过后,验证接收到的交易序列号是否大于支付后台内存储的交易序列号,当所述交易序列号验证通过后,将验证信息发送给支付终端。The payment background verifies whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and when the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction sequence After the verification is passed, the verification information is sent to the payment terminal.
  5. 根据权利要求2所述的O2O安全支付方法,其特征在于,所述“移动终端通过支付客户端将支付方式发送给支付后台,支付后台生成相应的临时交易单号,并发送给移动终端”还包括:The O2O secure payment method according to claim 2, wherein the mobile terminal sends the payment method to the payment background through the payment client, and generates a corresponding temporary transaction number in the payment background, and sends the corresponding temporary transaction number to the mobile terminal. include:
    移动终端通过支付客户端将用户输入的支付组合方式发送给支付后台;The mobile terminal sends the payment combination mode input by the user to the payment background through the payment client;
    支付后台接收到支付组合后生成相应的临时交易单号,并将临时交易单号发送给移动终端,其中,支付组合方式包括主账户支付、快捷支付、优惠券支付、积分支付、预付费卡支付中的一种或多种; After receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment. One or more of
    所述步骤“将验证信息发送给支付终端”具体包括:The step of “sending the verification information to the payment terminal” specifically includes:
    支付后台根据交易金额确定实际的交易支付组合以及每种支付方式需要支付的金额;The payment background determines the actual transaction payment combination according to the transaction amount and the amount that each payment method needs to pay;
    支付后台将确定的交易支付组合以及每种支付方式需要支付的金额发送给支付终端;The payment back-end determines the transaction payment combination and the amount that each payment method needs to pay to the payment terminal;
    所述步骤“支付终端接收到输入的账户密码后,将账户密码发送给支付后台,进行支付”具体包括:The step “after the payment terminal receives the input account password, the account password is sent to the payment background to perform payment” includes:
    支付终端显示接收到的支付组合以及每种支付方式需要支付的金额;The payment terminal displays the received payment combination and the amount that each payment method needs to pay;
    用户选择每种支付方式的实际交易金额,并输入账户密码;The user selects the actual transaction amount for each payment method and enters the account password;
    支付终端将所述每种支付方式的实际交易金额和账户密码发送给支付后台;The payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
    支付后台对接收到的交易金额和账户密码进行验证,当验证通过后进行支付。The payment background verifies the received transaction amount and account password, and pays when the verification is passed.
  6. 根据权利要求2所述的O2O安全支付方法,其特征在于,还包括步骤:The O2O secure payment method according to claim 2, further comprising the steps of:
    支付后台将交易结果提示信息发送给支付终端;The payment background sends the transaction result prompt information to the payment terminal;
    支付终端打印纸质交易凭证。The payment terminal prints a paper transaction voucher.
  7. 根据权利要求1所述的O2O安全支付方法,其特征在于,还包括:The O2O secure payment method according to claim 1, further comprising:
    所述支付终端设置有支付PIN;The payment terminal is provided with a payment PIN;
    在步骤“支付终端将动态个人凭证码和交易金额发送给支付后台”前还包括:Before the step "Payment terminal sends the dynamic personal voucher code and transaction amount to the payment background", it also includes:
    支付终端获取用户在支付终端上输入的PIN,并将所述PIN发送给支付后台;The payment terminal acquires the PIN entered by the user on the payment terminal, and sends the PIN to the payment background;
    支付后台对接收到的PIN进行验证,当验证通过后才执行后续步骤。The payment background verifies the received PIN, and the subsequent steps are performed after the verification is passed.
  8. 根据权利要求1所述的O2O安全支付方法,其特征在于,所述移动终端通过声波通讯、NFC或蓝牙将动态个人凭证码发送给支付终端。The O2O secure payment method according to claim 1, wherein the mobile terminal transmits the dynamic personal voucher code to the payment terminal via voice communication, NFC or Bluetooth.
  9. 一种O2O安全支付系统,其特征在于,包括移动终端、支付终端和支付后台,所述移动终端包括动态交易码获取模块、第一收发模块;An O2O secure payment system, comprising: a mobile terminal, a payment terminal, and a payment background, wherein the mobile terminal comprises a dynamic transaction code acquisition module and a first transceiver module;
    所述支付终端包括第一输入模块、第二输入模块、第二收发模块;The payment terminal includes a first input module, a second input module, and a second transceiver module;
    所述支付后台包括验证模块、第三收发模块、支付模块;The payment background includes a verification module, a third transceiver module, and a payment module;
    所述动态交易码获取模块用于从支付后台获取动态交易码;The dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background;
    所述第一收发模块用于将包含有动态交易码的动态个人凭证码发送给支付终端,其中,第一收发模块为声波通讯模块、NFC模块,蓝牙模块;The first transceiver module is configured to send a dynamic personal voucher code including a dynamic transaction code to the payment terminal, where the first transceiver module is an acoustic communication module, an NFC module, and a Bluetooth module;
    所述第一输入模块用于接收输入的交易金额;The first input module is configured to receive an input transaction amount;
    所述第二收发模块用于接收移动终端发送的动态个人凭证码,用于将动态个人凭证码和交易金额发送给支付后台,以及用于将账户密码发送给支付后台;The second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, configured to send the dynamic personal voucher code and the transaction amount to the payment background, and send the account password to the payment background;
    所述验证模块用于验证所述动态个人凭证码和账户密码;The verification module is configured to verify the dynamic personal voucher code and an account password;
    所述第三收发模块用于将验证信息发送给支付终端;The third transceiver module is configured to send the verification information to the payment terminal;
    所述第二输入模块用于接收用户输入的账户密码;The second input module is configured to receive an account password input by a user;
    所述支付模块用于当所述验证模块验证通过后进行支付。The payment module is configured to perform payment after the verification module passes the verification.
  10. 一种POS终端,其特征在于,包括打印模块和权利要求7所述的第一输入模块、第二输入模块、第二收发模块;A POS terminal, comprising: a printing module and the first input module, the second input module, and the second transceiver module according to claim 7;
    所述打印模块用于打印纸质交易凭证。The printing module is used to print a paper transaction voucher.
  11. 根据权利要求10所述的POS终端,其特征在于,所述第二收发模块为声波通讯模块、NFC模块,蓝牙模块或其它非物理接触式的通讯模块。The POS terminal according to claim 10, wherein the second transceiver module is an acoustic communication module, an NFC module, a Bluetooth module or other non-physical contact communication module.
  12. 根据权利要求10所述的POS终端,其特征在于,还包括:The POS terminal according to claim 10, further comprising:
    显示模块,用于显示支付后台发送的验证信息。A display module for displaying verification information sent by the payment background.
     
     
     
PCT/CN2015/070397 2014-03-14 2015-01-09 O2o secure payment method and system, and pos terminal WO2015135384A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2016574321A JP6370407B2 (en) 2014-03-14 2015-01-09 O2O secure settlement method and O2O secure settlement system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410096384.1 2014-03-14
CN201410096384.1A CN103903141B (en) 2014-03-14 2014-03-14 A kind of O2O safe payment methods, system and a kind of POS terminal

Publications (1)

Publication Number Publication Date
WO2015135384A1 true WO2015135384A1 (en) 2015-09-17

Family

ID=50994451

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/070397 WO2015135384A1 (en) 2014-03-14 2015-01-09 O2o secure payment method and system, and pos terminal

Country Status (3)

Country Link
JP (1) JP6370407B2 (en)
CN (1) CN103903141B (en)
WO (1) WO2015135384A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107862524A (en) * 2017-12-12 2018-03-30 江苏国光信息产业股份有限公司 A kind of encryption device and its implementation for quickly generating and transmitting payment cipher
JP2020507877A (en) * 2017-02-13 2020-03-12 モビドゥ シーオー.,エルティーディー Mobile payment system that maps identification information using acoustic waves and dynamic codes of buyers
CN111861451A (en) * 2019-04-25 2020-10-30 刘永乐 Offline transaction method, client device and POS (point of sale) machine
CN113935742A (en) * 2021-10-19 2022-01-14 中国银行股份有限公司 Terminal substitute payment method and device

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903141B (en) * 2014-03-14 2018-05-08 福建联迪商用设备有限公司 A kind of O2O safe payment methods, system and a kind of POS terminal
CN103914774B (en) * 2014-03-14 2017-05-24 福建联迪商用设备有限公司 O2O safety payment method and system
CN105279683B (en) * 2014-08-10 2019-01-08 北京互帮国际技术有限公司 A method of payment guides and generates order on line
CN104281945A (en) * 2014-09-16 2015-01-14 马洁韵 Mobile safety payment system and safety payment method
CN104820936A (en) * 2015-04-24 2015-08-05 重庆炬野科技发展有限公司 Incentive purchasing system based on commodity information codes, and method
CN105023156A (en) * 2015-07-27 2015-11-04 郑斌 Verification method and verification system for electronic credential
CN105243542B (en) * 2015-11-13 2021-07-02 咪付(广西)网络技术有限公司 Dynamic electronic certificate authentication method
CN106778986A (en) * 2015-11-20 2017-05-31 曲立东 OTO application apparatus and application process based on data label
CN105931047A (en) * 2015-12-25 2016-09-07 中国银联股份有限公司 Offline payment method, terminal device, backend payment apparatus and offline payment system
CN105678535A (en) * 2016-01-29 2016-06-15 北京智能果技术有限公司 Payment method and device
CN105894275A (en) * 2016-04-19 2016-08-24 南京永为科技有限公司 Two-dimensional-code-based intelligent payment system
CN105913250A (en) * 2016-05-31 2016-08-31 知而行(上海)营销咨询有限公司 Secure payment terminal based on access point verification and verification method thereof
CN107194689B (en) * 2017-06-16 2024-05-03 河南晟宇信息技术有限公司 Mobile phone payment system and method based on near field magnetic communication and proximity relation detection
CN107292606A (en) * 2017-07-27 2017-10-24 中国银联股份有限公司 A kind of method of payment and device
CN108288155B (en) * 2018-02-08 2021-11-30 上海链庄数据技术有限公司 Off-line settlement method for unmanned supermarket
WO2019165572A1 (en) * 2018-02-27 2019-09-06 福建联迪商用设备有限公司 Data transmission method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243739A (en) * 2011-07-04 2011-11-16 中国建设银行股份有限公司 Mobile-phone bank payment method, mobile-phone bank payment system and mobile-phone bank client based on two-dimension code
TW201329882A (en) * 2011-09-09 2013-07-16 Naxos Finance Sa Method for validating an electronic transaction, and system thereof
CN103268548A (en) * 2013-04-25 2013-08-28 广州闪购软件服务有限公司 On-line off-line payment system based on two-dimension code
US20130339233A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Electronic wallet based payment
CN103903141A (en) * 2014-03-14 2014-07-02 福建联迪商用设备有限公司 O2O safety payment method, system and POS terminal

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001344545A (en) * 2000-03-29 2001-12-14 Ibm Japan Ltd Processing system, server, processing terminal, communication terminal, processing method, data managing method, processing performing method and program
JP2002298046A (en) * 2001-04-02 2002-10-11 Hitachi Ltd Settling method using cell phone
JP2003150885A (en) * 2001-11-15 2003-05-23 Hitachi Ltd Settlement system and settlement device
JP2004062771A (en) * 2002-07-31 2004-02-26 Show Engineering:Kk Settlement system using account of internet bank
JP2004214994A (en) * 2002-12-27 2004-07-29 Matsushita Electric Ind Co Ltd Information processor, equipment therefor and communication equipment
CN1941009A (en) * 2005-09-29 2007-04-04 普天信息技术研究院 Method for realizing fee payment by mobile telecommunication terminal
CN1804889A (en) * 2005-12-30 2006-07-19 中国工商银行股份有限公司 POS payment system and method for payment with mobile phone
US7802719B2 (en) * 2006-09-29 2010-09-28 Sony Ericsson Mobile Communications Ab System and method for presenting multiple transaction options in a portable device
JP2008158638A (en) * 2006-12-21 2008-07-10 Mastercard Internatl Japan Inc Payment processing support system, payment processing support method, payment processing support apparatus and credit card back end system
CN101034449A (en) * 2007-04-17 2007-09-12 华中科技大学 Method, system and mobile terminal for implementing electronic payment
US20090254479A1 (en) * 2008-04-02 2009-10-08 Pharris Dennis J Transaction server configured to authorize payment transactions using mobile telephone devices
US10839384B2 (en) * 2008-12-02 2020-11-17 Paypal, Inc. Mobile barcode generation and payment
CN102831734A (en) * 2011-06-15 2012-12-19 上海博路信息技术有限公司 Payment method of mobile terminal client
JP2013114291A (en) * 2011-11-25 2013-06-10 Seiko Epson Corp Settlement system, store terminal, settlement method and program for settlement system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243739A (en) * 2011-07-04 2011-11-16 中国建设银行股份有限公司 Mobile-phone bank payment method, mobile-phone bank payment system and mobile-phone bank client based on two-dimension code
TW201329882A (en) * 2011-09-09 2013-07-16 Naxos Finance Sa Method for validating an electronic transaction, and system thereof
US20130339233A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Electronic wallet based payment
CN103268548A (en) * 2013-04-25 2013-08-28 广州闪购软件服务有限公司 On-line off-line payment system based on two-dimension code
CN103903141A (en) * 2014-03-14 2014-07-02 福建联迪商用设备有限公司 O2O safety payment method, system and POS terminal

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020507877A (en) * 2017-02-13 2020-03-12 モビドゥ シーオー.,エルティーディー Mobile payment system that maps identification information using acoustic waves and dynamic codes of buyers
US11037130B2 (en) 2017-02-13 2021-06-15 Mobidoo Co., Ltd. Mobile payment system for mapping identification information to dynamic code of buyer using sound wave
CN107862524A (en) * 2017-12-12 2018-03-30 江苏国光信息产业股份有限公司 A kind of encryption device and its implementation for quickly generating and transmitting payment cipher
CN111861451A (en) * 2019-04-25 2020-10-30 刘永乐 Offline transaction method, client device and POS (point of sale) machine
CN113935742A (en) * 2021-10-19 2022-01-14 中国银行股份有限公司 Terminal substitute payment method and device

Also Published As

Publication number Publication date
JP2017514242A (en) 2017-06-01
CN103903141B (en) 2018-05-08
JP6370407B2 (en) 2018-08-08
CN103903141A (en) 2014-07-02

Similar Documents

Publication Publication Date Title
WO2015135384A1 (en) O2o secure payment method and system, and pos terminal
CN107609866B (en) Electronic payment and electronic cash collection method and device based on virtual currency
WO2015135393A1 (en) O2o secure payment method and system, and secure payment background
CN102202300B (en) A kind of based on twin-channel dynamic cipher authentication system and method
CN103914774B (en) O2O safety payment method and system
WO2015161699A1 (en) Secure data interaction method and system
EP1758053A1 (en) Wireless computer wallet for physical point of sale (POS) transactions
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
CN102722816B (en) A kind of method, system and device of mobile payment
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
WO2016118087A1 (en) System and method for secure online payment using integrated circuit card
EP2718888A1 (en) A transaction system and method for use with a mobile device
CN104363199A (en) Security authentication method based on time synchronization codes and time synchronization code module
CN104463576A (en) NFC mobile payment communication method based on online payment
CN103093341A (en) Safe payment pattern based on radio frequency identification device (RFID) intelligent payment system
CN105809417A (en) Safe reliable real-time electronic payment settlement merchant terminal, user terminal, bank front-end system, system, and method
CN108694580A (en) A kind of payment system and method based on quantum cryptography
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
CN106033571A (en) Trading method of electronic signature devices, electronic signature devices and trading system
CN104574049A (en) Real-time electronic payment and settlement system based on SET (security electronic transaction) protocol
CN103955820A (en) Non-card payment method and device
CN103218717B (en) Credit authorization method based on planar code
CN108416400A (en) A kind of method of payment and payment system based on dynamic two-dimension code
WO2016099468A1 (en) Use of encryption to provide secure credit card payments
WO2017193836A1 (en) Secure payment method and system related to point-of-sale terminal and based on signaling network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15761673

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: IDP00201605938

Country of ref document: ID

ENP Entry into the national phase

Ref document number: 2016574321

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15761673

Country of ref document: EP

Kind code of ref document: A1