WO2015135384A1 - Procédé et système de paiement sécurisé o2o et terminal de point de vente - Google Patents

Procédé et système de paiement sécurisé o2o et terminal de point de vente Download PDF

Info

Publication number
WO2015135384A1
WO2015135384A1 PCT/CN2015/070397 CN2015070397W WO2015135384A1 WO 2015135384 A1 WO2015135384 A1 WO 2015135384A1 CN 2015070397 W CN2015070397 W CN 2015070397W WO 2015135384 A1 WO2015135384 A1 WO 2015135384A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
transaction
terminal
background
mobile terminal
Prior art date
Application number
PCT/CN2015/070397
Other languages
English (en)
Chinese (zh)
Inventor
孟陆强
洪逸轩
姚承勇
陈瑞兵
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Priority to JP2016574321A priority Critical patent/JP6370407B2/ja
Publication of WO2015135384A1 publication Critical patent/WO2015135384A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials

Definitions

  • the present invention relates to the field of electronic payment, and in particular to a O2O Secure payment method, system and kind POS terminal.
  • O2O Online To Offline It refers to the combination of offline business opportunities and the Internet, making the Internet a front-end for offline transactions. From 2010 Entering China at the end of the year has aroused widespread discussion in the industry, and its broad prospects are optimistic for all parties. O2O The industry is also widely regarded as the next market of billions of dollars.
  • the mobile phone is an application carrier that is often connected to the public network. Mobile viruses, mobile phone Trojans and other malware are not uncommon, and the password entered on the mobile phone has become the object of such malware theft.
  • the attacker can copy the sound waves at the transaction site at the transaction site, and forge the personal voucher code to complete the transaction without authorization by the user if the user is not present at the scene.
  • the present invention provides a payment that is more secure. O2O Secure payment method.
  • the secure payment method comprises the steps of: the mobile terminal acquires a dynamic transaction code sent by the payment background; the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the payment terminal receives the input transaction amount; and the payment terminal sends the dynamic personal voucher
  • the code and the transaction amount are sent to the payment background; after the payment background verifies the dynamic personal voucher code, the verification information is sent to the payment terminal; after receiving the input account password, the payment terminal sends the transaction message packet including the account password ciphertext to the payment background. , to make a payment.
  • the “mobile terminal acquiring the dynamic transaction code sent by the payment background” specifically includes: the mobile terminal login payment client communicates with the payment background, and obtains the temporary payment account information generated by the payment background according to the payment account; the mobile terminal uses the payment client to The payment method is sent to the payment background, and the payment background generates a corresponding temporary transaction number and sends it to the mobile terminal.
  • the mobile terminal sends the dynamic personal voucher code containing the dynamic transaction code to the payment terminal.
  • the mobile terminal will: The temporary payment account information and the temporary transaction order number group are packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal; after the “payment background verification dynamic personal voucher code, the verification information is sent to the payment terminal”
  • the method includes: the payment background verification, the temporary payment account information, and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification information is sent to the payment terminal after the verification is passed.
  • the sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing.
  • the “mobile terminal acquires the dynamic transaction code sent by the payment background” further includes: the mobile terminal logs in to the payment client and the payment background communication, and synchronizes the transaction serial number with the payment background; the “mobile terminal will include the dynamic transaction code”
  • the sending of the dynamic personal voucher code to the payment terminal further includes: when the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal adds the temporary payment account information and accumulates The subsequent transaction serial number group is packaged into a dynamic personal voucher code, and the dynamic personal voucher code is sent to the payment terminal;
  • the “payment of the background verification dynamic personal voucher code, the verification information is sent to the payment terminal” specifically includes: payment background verification Whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and after the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction serial number is verified After that, the verification information is sent to the payment terminal.
  • the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background, and is sent to the mobile terminal.
  • the method further includes: the mobile terminal inputs the payment combination input by the user through the payment client. The method is sent to the payment background; after receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination method includes a primary account payment, a quick payment, a coupon payment, and a point.
  • the step of “sending verification information to the payment terminal” specifically includes: the payment background determines an actual transaction payment combination according to the transaction amount and an amount to be paid for each payment method; The payment background sends the determined transaction payment combination and the amount that each payment method needs to pay to the payment terminal; the step “after the payment terminal receives the input account password, the account password is sent to the payment background for payment” includes: The payment terminal displays the received payment combination to The amount of payment required for each payment method; the user selects the actual transaction amount for each payment method, and enters the account password; the payment terminal sends the actual transaction amount and account password of each payment method to the payment background; the payment background receives The transaction amount and account password are verified, and the payment is made when the verification is passed.
  • the method further includes the steps of: the payment background sends the transaction result prompt information to the payment terminal, the transaction result prompt information includes the buyer partial account real information; and the payment terminal prints the paper transaction certificate.
  • the method further includes: the payment terminal is provided with a payment PIN Before the step "the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background", the payment terminal further includes: the payment terminal acquires the input of the user on the payment terminal. PIN And will PIN Sent to the payment backend; the payment backend received PIN Verify that the next steps are performed when the verification passes.
  • the mobile terminal communicates via sound waves, NFC Or Bluetooth sends a dynamic personal voucher code to the payment terminal.
  • the secure payment system includes a mobile terminal, a payment terminal, and a payment backend.
  • the mobile terminal includes a dynamic transaction code acquisition module and a first transceiver module.
  • the payment terminal includes a first input module, a second input module, and a second transceiver module.
  • the payment backend includes a verification module, a third transceiver module, and a payment module; the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background; and the first transceiver module is configured to: use a dynamic individual that includes a dynamic transaction code
  • the voucher code is sent to the payment terminal, wherein the first transceiver module is an acoustic wave communication module, NFC a module, a Bluetooth module; the first input module is configured to receive an input transaction amount; the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, and send the dynamic personal voucher code and the transaction amount to the payment a background, and configured to send an account password to the payment background; the verification module is configured to verify the dynamic personal voucher code and an account password; the third transceiver module is configured to send the verification information to the payment terminal; The input module is configured to receive an account password input by the user; the payment module is configured to perform payment after the verification module passes the verification.
  • the invention also provides a POS
  • the terminal includes a printing module and the first input module, the second input module, and the second transceiver module, and the printing module is configured to print a paper transaction voucher.
  • the second transceiver module is an acoustic wave communication module, NFC Module, Bluetooth module or other non-physical contact communication module.
  • the method further includes: a display module, configured to display verification information sent by the payment background.
  • the invention has the beneficial effects that the account password must be input by the mobile terminal in the payment process in the existing online payment.
  • the mobile terminal automatically transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user is
  • the mobile terminal completes the input of the account password; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding the mobile terminal obtaining the account information and the account password at the same time, and the account information and The account password is attacked and stolen in the mobile terminal, which greatly improves the security of online payment.
  • Figure 1 Is an embodiment of the present invention O2O Flow chart of a secure payment method
  • Figure 2 Is an embodiment of the present invention O2O Schematic diagram of the structure of a secure payment system
  • Figure 3 Is an embodiment of the present invention POS Schematic diagram of the structure of the terminal.
  • the invention pays by inputting the account password of the online payment on the payment terminal, thereby avoiding the account password leakage caused by the loss of the mobile terminal or the attack by the Trojan horse, thereby greatly improving the account password.
  • O2O The security of the payment.
  • the mobile terminal acquires a dynamic transaction code sent by the payment background
  • the mobile terminal sends the dynamic personal voucher code including the dynamic transaction code to the payment terminal;
  • the payment terminal receives the input transaction amount
  • the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
  • the verification information is sent to the payment terminal;
  • the payment terminal After receiving the input account password, the payment terminal sends the transaction packet containing the account password ciphertext to the payment background to perform payment.
  • the payment terminal is in accordance with the transaction packet containing the account password ciphertext.
  • the package format can also be other packaging formats.
  • the embodiment relates to a mobile terminal, a payment terminal, and a payment background (the payment background is a system server of a specific bank, or a server of a third-party payment system), wherein the mobile terminal is installed with a payment client and a public key certificate.
  • CERT1 public key certificate CERT1 Corresponding private key PR1 Saved in the payment background
  • the user communicates with the payment background by logging in to the payment terminal on the mobile terminal, so that the payment account is bound to the user's mobile terminal.
  • the payment background After the mobile terminal logs in to the payment client, the payment background generates a corresponding dynamic transaction code according to the payment account bound by the mobile terminal, and the dynamic transaction code includes temporary payment account information (each time the mobile terminal logs in to the payment terminal, the corresponding generation of the payment background is different.
  • the dynamic transaction code that is, the temporary payment account information obtained by each mobile terminal is different).
  • the mobile terminal sends the payment method to the payment background through the payment client, and the corresponding temporary transaction number is generated in the payment background.
  • the mobile terminal groups the obtained temporary payment account information and the temporary transaction order number into a dynamic personal voucher code, and sends the dynamic personal voucher code to the payment terminal.
  • the payment terminal is disposed at the merchant, and the payment terminal acquires the input transaction amount (ie, the payment terminal acquires the total amount of the purchased product input by the merchant operator), and the payment terminal sends the dynamic personal voucher code and the transaction amount to the payment. Backstage.
  • the payment background After receiving the dynamic personal voucher code through the payment terminal, the payment background verifies whether the temporary payment account information and the temporary transaction order number are consistent with the temporary payment account information and the temporary transaction number generated by the payment background, and the verification is passed. After that, the payment background retrieves the corresponding real account information in the background according to the temporary payment account information, and verifies whether the account information is correct (such as verifying whether the account exists, whether the status of the account is available, whether the account balance is sufficient, etc.) After the verification is passed, the payment background verifies whether the account password uploaded from the payment terminal corresponds to the real account corresponding to the temporary payment account information of the dynamic personal certificate code, and the payment is performed after the account password verification is passed.
  • the account password must be input by the mobile terminal.
  • the mobile terminal securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal, and the user completes the account password on the mobile terminal.
  • the payment terminal After receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, thereby effectively preventing the account information and the account password from being The possibility of attack stealing greatly improves the security of online payment.
  • the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
  • the sending, by the mobile terminal, the dynamic personal voucher code including the dynamic transaction code to the payment terminal further includes: the mobile terminal sending the transaction configuration information to the payment terminal, wherein the transaction configuration information identifies whether the data sent by the mobile terminal is In the ciphertext, if the ciphertext is marked, the payment terminal cannot decrypt the original data of the key data, and the payment terminal can only upload the dynamic personal voucher code ciphertext and the transaction configuration information to the payment background processing. Encryption can better guarantee the security of payment data transmission. For simple data, you don't have to encrypt it. If you want to encrypt, the communication data sent by the mobile terminal needs to pass the public key certificate. CERT1 After encryption, transfer.
  • the encryption algorithm is an asymmetric algorithm and can be used. RSA , ECC , national secret algorithm, etc.
  • This encrypted data (such as a dynamic personal voucher code)
  • the payment terminal cannot be decrypted because it does not have a corresponding private key. PR1 Therefore, the payment terminal can only upload the dynamic personal voucher code ciphertext to the payment background processing as it is, thereby improving the security of the dynamic personal voucher code in the transmission process.
  • the mobile terminal can communicate through sound waves.
  • NFC Bluetooth or non-physical contact communication method sends a dynamic personal voucher code to the payment terminal.
  • the payment terminal may be a merchant POS
  • the terminal may also be another electronic payment device having a password input function.
  • the payment is made by the amount in the cash account in the account, but in the actual use process, there are other payment methods such as coupon payment, point payment, etc., in order to improve the convenience of the payment method in the above embodiment, In the present embodiment, payment can also be made by a payment combination.
  • the mobile terminal sends the payment combination mode input by the user to the payment background through the payment client;
  • the payment background After receiving the payment combination, the payment background generates a corresponding temporary transaction number, and sends the temporary transaction number to the mobile terminal, wherein the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment.
  • the payment combination includes a primary account payment, a quick payment, a coupon payment, a point payment, and a prepaid card payment.
  • the payment method may also be other possible payment methods;
  • the step of “sending the verification information to the payment terminal” specifically includes:
  • the payment background determines the actual transaction payment combination according to the transaction amount and the amount that each payment method needs to pay;
  • the payment back-end determines the transaction payment combination and the amount that each payment method needs to pay to the payment terminal;
  • the step “after the payment terminal receives the input account password, the account password is sent to the payment background to perform payment” includes:
  • the payment terminal displays the received payment combination and the amount that each payment method needs to pay;
  • the user selects the actual transaction amount for each payment method and enters the account password;
  • the payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
  • the payment background verifies the received transaction amount and account password, and pays when the verification is passed.
  • the user selects the actual transaction amount for each payment method.
  • the user For the payment method that requires input of the account password (such as when paying with the cash account in the payment account), the user enters the account password on the payment terminal (for the case where the account password is not required, the user does not need to Enter the account password);
  • the payment terminal sends the actual transaction amount and the account password of each payment method to the payment background;
  • the payment background verifies the received transaction amount and account password, and pays when the verification is passed.
  • the payment may be performed without inputting the account password (if the selected payment combination does not include the cash account or the cash account is zero. ).
  • the user can select an appropriate payment combination method according to the payment method bound on the mobile terminal, and determine an actual payment combination manner according to the transaction amount on the payment terminal, such as coupon payment, point payment, coupon and cash payment combination or coupon, and points. , cash payment combination.
  • the online payment combination of multiple payment methods can be realized, which greatly improves the convenience of payment.
  • the embodiment may further include: the payment background sends the transaction result prompt information to the payment terminal or the mobile terminal.
  • the voucher for each transaction may be printed by the payment terminal, and the transaction result prompt information includes the real information of the buyer part account, thereby avoiding the dispute caused by the online payment without the physical transaction voucher.
  • the method further includes:
  • the mobile terminal logs in to the payment client to communicate with the payment background, and synchronizes the transaction serial number with the payment background;
  • the “mobile terminal transmitting the dynamic personal voucher code including the dynamic transaction code to the payment terminal” further includes:
  • the mobile terminal When the mobile terminal is unable to obtain a temporary transaction number with the payment background connection, the mobile terminal accumulates the transaction serial number, and the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code. And sending the dynamic personal voucher code to the payment terminal;
  • the verification information is sent to the payment terminal.
  • the payment background verifies whether the temporary payment account information is consistent with the temporary payment account generated by the payment background, and when the verification is passed, verifying whether the received transaction serial number is greater than the transaction serial number stored in the payment background, when the transaction sequence After the verification is passed, the verification information is sent to the payment terminal.
  • the present embodiment performs payment by temporarily paying an account.
  • the mobile terminal logs into the payment background, the temporary payment account is obtained from the payment background.
  • the mobile terminal determines whether it can connect to the payment background. If the connection is available, the temporary transaction number is obtained from the payment background, and the temporary transaction order is obtained. And the temporary transaction account information group is packaged into a dynamic personal voucher code and sent to the payment terminal.
  • the mobile terminal packages the temporary payment account information and the accumulated transaction serial number into a dynamic personal voucher code, and the dynamic personal voucher code
  • the payment is sent to the payment terminal, and the payment background determines whether the payment is made by verifying the correctness of the temporary payment account information and the transaction serial number. Therefore, the payment can be effectively prevented even when the mobile terminal has no network signal, and the reset attack can be effectively prevented (only when the transaction sequence number received by the payment background is larger than the serial number stored in the payment background, the payment can be prevented, thereby preventing Reset the attack).
  • the payment terminal is further provided with a payment.
  • PIN a payment.
  • the method further includes:
  • the payment terminal obtains the input of the user on the payment terminal PIN And will PIN Encrypted and sent to the payment background;
  • the PIN Can be an online payment account transaction PIN
  • the password can also be consistent with the bank card account password, and the payment background is only received correctly.
  • PIN The account password verification will be carried out under the premise, thus achieving double payment security guarantee and greatly improving payment security.
  • One kind O2O Secure payment system including mobile terminals 1 Payment terminal 2 And payment background 3 The mobile terminal 1
  • the dynamic transaction code acquisition module and the first transceiver module are included;
  • Payment terminal 2 The first input module, the second input module, and the second transceiver module are included;
  • the payment background 3 The verification module, the third transceiver module and the payment module are included;
  • the dynamic transaction code acquisition module is configured to obtain a dynamic transaction code from a payment background
  • the first transceiver module is configured to send a dynamic personal voucher code including a dynamic transaction code to the payment terminal, where the first transceiver module is an acoustic communication module, NFC Module, Bluetooth module or other non-physical contact communication module;
  • the first input module is configured to receive an input transaction amount
  • the second transceiver module is configured to receive a dynamic personal voucher code sent by the mobile terminal, configured to send the dynamic personal voucher code and the transaction amount to the payment background, and send the account password to the payment background;
  • the verification module is configured to verify the dynamic personal voucher code and an account password
  • the third transceiver module is configured to send the verification information to the payment terminal
  • the second input module is configured to receive an account password input by a user
  • the payment module is configured to perform payment after the verification module passes the verification.
  • the mobile terminal of the secure payment system sends a dynamic personal voucher code containing the dynamic transaction code to the payment terminal; the user inputs the account password on the payment terminal, and the payment terminal sends the input account password to the payment background for payment, thereby avoiding In the mobile terminal, the account password and the account password are attacked and stolen, which greatly improves the security of online payment.
  • the invention also provides a POS Terminal, including print module twenty four And the first input module twenty one Second input module twenty two Second transceiver module twenty three ;
  • the terminal receives the dynamic personal voucher code sent by the mobile terminal through the second transceiver module, and sends the dynamic personal voucher code, the input transaction amount and the account password to the payment background through the second transceiver module, and the payment background dynamically according to the received transaction amount.
  • the dynamic transaction code in the voucher code is paid, so the account password for online payment can be POS Terminal input has greatly expanded POS The scope of use of the terminal, meanwhile, also increases the security of online payment.
  • the second transceiver module is an acoustic wave communication module, NFC Near field wireless communication such as modules or Bluetooth modules.
  • POS further includes: a display module, configured to display the verification information sent by the payment background.
  • the user downloads the payment client through the mobile phone (mobile terminal) and binds the corresponding bank card (the bank card includes a cash account, a coupon account, a point account, etc., that is, a payment method);
  • the user logs in to the mobile payment terminal and the payment background communication, and the payment background generates the temporary payment account information according to the bundled bank card and sends the information to the mobile phone.
  • the user selects the payment combination method and sends it to the payment background through the mobile phone, and the payment background determines whether the payment combination is successful, and generates a corresponding temporary transaction number to send to the mobile phone;
  • the operator of the merchant first inputs the product information (including the amount of the commodity) purchased by the user to the merchant.
  • POS a terminal (ie, the payment terminal); wherein the operator first inputs the product information purchased by the user to the merchant POS
  • the terminal There is no strict relationship between the terminal and the mobile phone to obtain the temporary transaction number.
  • the user sends a dynamic personal voucher code containing the temporary transaction number and temporary payment account information to POS Terminal (when the mobile terminal has no network signal, choose to use the transaction serial number instead of the temporary transaction number), POS The terminal sends the dynamic personal voucher code and the transaction amount to the payment background;
  • the payment background verifies the dynamic personal voucher code and the transaction amount, and determines the combination.
  • the verification information is sent to POS terminal;
  • the terminal displays the payment combination, and obtains the payment combination method selected by the user, and the amount of various payment (for example, the selected payment combination method is: coupon payment) 100 yuan + Point redemption payment 50 yuan + cash payment 10 Yuan), the user is POS Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background;
  • the selected payment combination method is: coupon payment
  • the user is POS Enter the account password on the terminal, and send the obtained payment combination and the amount of each payment method and the account password to the payment background
  • the account password entered in the background verification is verified. After the verification is passed, the payment is made according to the final payment combination and the amount of each payment method, and the transaction result is sent to the mobile phone and POS terminal;
  • the terminal prints the received transaction results and transaction credentials.
  • the account password must be input by the mobile terminal in the payment process in the existing online payment.
  • the present invention securely transmits the dynamic personal voucher code containing the dynamic transaction code to the payment terminal by the mobile terminal, and the user is at the payment terminal.
  • the input of the account password is completed; after receiving the input account password, the payment terminal sends the ciphertext account password to the payment background to perform payment, thereby avoiding that the mobile terminal can simultaneously obtain the account information and the account password, as well as the account information and the account password.
  • the possibility of being attacked and stolen at the mobile terminal greatly improves the security of online payment.
  • the payment background generates temporary payment account information according to the account bound by the mobile terminal, and both the mobile terminal and the payment terminal use the temporary payment account for transmission during the payment process, so even if the data during the transmission is intercepted, Still, the account information cannot be actually paid (the real payment account information is known only to the payment client in the payment background and the mobile terminal, and does not appear in the transmission process), thereby further improving payment security.
  • the payment terminal by requiring the user to enter a password on the payment terminal, it is guaranteed that only a user can participate in completing a transaction, preventing a user from unauthorized transactions.
  • the payment terminal can still complete the transaction normally, and the transaction can be improved.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

La présente invention concerne un procédé de paiement sécurisé en ligne et hors ligne (O2O). Le procédé de paiement sécurisé comprend les étapes suivantes : l'acquisition par un terminal mobile, d'un code de transaction dynamique envoyé par un arrière-plan de paiement ; l'envoi à un terminal de paiement, par le terminal mobile, d'un code dynamique de bon personnel contenant le code dynamique de transaction ; la réception, par le terminal de paiement, du montant de la transaction d'entrée ; l'envoi, par le terminal de paiement, du code dynamique de bon personnel et du montant de la transaction à l'arrière-plan de paiement ; après que le code dynamique de bon personnel est vérifié, l'envoi, par le paiement d'arrière-plan, des informations de vérification au terminal de paiement ; et après qu'un mot de passe du compte d'entrée est reçu, l'envoi, par le terminal de paiement, du mot de passe du compte à l'arrière-plan de paiement pour réaliser le paiement. La présente invention concerne également un système de paiement sécurisé et un terminal de point de vente (POS). Le mot de passe du compte destiné au paiement est entré à partir du terminal de paiement, ce qui permet d'éviter efficacement les risques de sécurité potentiels provoqués par l'entrée d'un mot de passe à partir du terminal mobile, de manière à ce que la sécurité de paiement soit améliorée.
PCT/CN2015/070397 2014-03-14 2015-01-09 Procédé et système de paiement sécurisé o2o et terminal de point de vente WO2015135384A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2016574321A JP6370407B2 (ja) 2014-03-14 2015-01-09 O2o安全決済方法及びo2o安全決済システム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410096384.1A CN103903141B (zh) 2014-03-14 2014-03-14 一种o2o安全支付方法、系统和一种pos终端
CN201410096384.1 2014-03-14

Publications (1)

Publication Number Publication Date
WO2015135384A1 true WO2015135384A1 (fr) 2015-09-17

Family

ID=50994451

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/070397 WO2015135384A1 (fr) 2014-03-14 2015-01-09 Procédé et système de paiement sécurisé o2o et terminal de point de vente

Country Status (3)

Country Link
JP (1) JP6370407B2 (fr)
CN (1) CN103903141B (fr)
WO (1) WO2015135384A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107862524A (zh) * 2017-12-12 2018-03-30 江苏国光信息产业股份有限公司 一种快速生成并传递支付密码的加密装置及其实现方法
JP2020507877A (ja) * 2017-02-13 2020-03-12 モビドゥ シーオー.,エルティーディー 音波を用いた識別情報と購入者の動的コードをマッピングするモバイル決済システム
CN111861451A (zh) * 2019-04-25 2020-10-30 刘永乐 离线交易的方法、客户端设备及pos机

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103914774B (zh) * 2014-03-14 2017-05-24 福建联迪商用设备有限公司 一种o2o安全支付方法和系统
CN103903141B (zh) * 2014-03-14 2018-05-08 福建联迪商用设备有限公司 一种o2o安全支付方法、系统和一种pos终端
CN105279683B (zh) * 2014-08-10 2019-01-08 北京互帮国际技术有限公司 一种支付引导并生成线上定单的方法
CN104281945A (zh) * 2014-09-16 2015-01-14 马洁韵 一种移动安全支付系统和安全支付方法
CN104820936A (zh) * 2015-04-24 2015-08-05 重庆炬野科技发展有限公司 基于商品信息编码的激励购买系统及方法
CN105023156A (zh) * 2015-07-27 2015-11-04 郑斌 一种电子凭据的验证方法和验证系统
CN105243542B (zh) * 2015-11-13 2021-07-02 咪付(广西)网络技术有限公司 一种动态电子凭证认证的方法
CN106778986A (zh) * 2015-11-20 2017-05-31 曲立东 基于数据标签的oto应用设备及应用方法
CN105931047A (zh) * 2015-12-25 2016-09-07 中国银联股份有限公司 线下支付方法、终端设备、后台支付装置及线下支付系统
CN105678535A (zh) * 2016-01-29 2016-06-15 北京智能果技术有限公司 支付方法与装置
CN105894275A (zh) * 2016-04-19 2016-08-24 南京永为科技有限公司 一种基于二维码的智能支付系统
CN105913250A (zh) * 2016-05-31 2016-08-31 知而行(上海)营销咨询有限公司 一种基于接入点验证的安全支付终端及其验证方法
CN107194689B (zh) * 2017-06-16 2024-05-03 河南晟宇信息技术有限公司 基于近场磁通信与接近关系检测的手机支付系统与方法
CN107292606A (zh) * 2017-07-27 2017-10-24 中国银联股份有限公司 一种支付方法及装置
CN108288155B (zh) * 2018-02-08 2021-11-30 上海链庄数据技术有限公司 一种无人超市的断网结算方法
WO2019165572A1 (fr) * 2018-02-27 2019-09-06 福建联迪商用设备有限公司 Procédé et système de transmission de données

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243739A (zh) * 2011-07-04 2011-11-16 中国建设银行股份有限公司 基于二维码的手机银行支付方法、系统及客户端
TW201329882A (zh) * 2011-09-09 2013-07-16 Naxos Finance Sa 用於認證一電子交易之方法及其系統
CN103268548A (zh) * 2013-04-25 2013-08-28 广州闪购软件服务有限公司 基于二维码的线上线下支付系统
US20130339233A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Electronic wallet based payment
CN103903141A (zh) * 2014-03-14 2014-07-02 福建联迪商用设备有限公司 一种o2o安全支付方法、系统和一种pos终端

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001344545A (ja) * 2000-03-29 2001-12-14 Ibm Japan Ltd 処理システム、サーバ、処理端末、通信端末、処理方法、データ管理方法、処理実行方法、プログラム
JP2002298046A (ja) * 2001-04-02 2002-10-11 Hitachi Ltd 携帯電話を用いた決済方法
JP2003150885A (ja) * 2001-11-15 2003-05-23 Hitachi Ltd 決済システムおよび決済装置
JP2004062771A (ja) * 2002-07-31 2004-02-26 Show Engineering:Kk インターネットバンクの口座を用いた決済システム
JP2004214994A (ja) * 2002-12-27 2004-07-29 Matsushita Electric Ind Co Ltd 情報処理装置及びその機器及び通信機器
CN1941009A (zh) * 2005-09-29 2007-04-04 普天信息技术研究院 一种用移动通信终端进行费用支付的实现方法
CN1804889A (zh) * 2005-12-30 2006-07-19 中国工商银行股份有限公司 一种利用手机进行支付的pos支付系统及其方法
US7802719B2 (en) * 2006-09-29 2010-09-28 Sony Ericsson Mobile Communications Ab System and method for presenting multiple transaction options in a portable device
JP2008158638A (ja) * 2006-12-21 2008-07-10 Mastercard Internatl Japan Inc 支払い処理支援システム及び支払い処理支援方法並びに支払い処理支援装置及びクレジットカードのバックエンドシステム
CN101034449A (zh) * 2007-04-17 2007-09-12 华中科技大学 实现电子支付的方法、系统及移动终端
US20090254479A1 (en) * 2008-04-02 2009-10-08 Pharris Dennis J Transaction server configured to authorize payment transactions using mobile telephone devices
US10839384B2 (en) * 2008-12-02 2020-11-17 Paypal, Inc. Mobile barcode generation and payment
CN102831734A (zh) * 2011-06-15 2012-12-19 上海博路信息技术有限公司 一种移动终端客户端的支付方法
JP2013114291A (ja) * 2011-11-25 2013-06-10 Seiko Epson Corp 決済システム、店舗用端末、決済システムの決済方法およびプログラム

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102243739A (zh) * 2011-07-04 2011-11-16 中国建设银行股份有限公司 基于二维码的手机银行支付方法、系统及客户端
TW201329882A (zh) * 2011-09-09 2013-07-16 Naxos Finance Sa 用於認證一電子交易之方法及其系統
US20130339233A1 (en) * 2012-06-15 2013-12-19 Kt Corporation Electronic wallet based payment
CN103268548A (zh) * 2013-04-25 2013-08-28 广州闪购软件服务有限公司 基于二维码的线上线下支付系统
CN103903141A (zh) * 2014-03-14 2014-07-02 福建联迪商用设备有限公司 一种o2o安全支付方法、系统和一种pos终端

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020507877A (ja) * 2017-02-13 2020-03-12 モビドゥ シーオー.,エルティーディー 音波を用いた識別情報と購入者の動的コードをマッピングするモバイル決済システム
US11037130B2 (en) 2017-02-13 2021-06-15 Mobidoo Co., Ltd. Mobile payment system for mapping identification information to dynamic code of buyer using sound wave
CN107862524A (zh) * 2017-12-12 2018-03-30 江苏国光信息产业股份有限公司 一种快速生成并传递支付密码的加密装置及其实现方法
CN111861451A (zh) * 2019-04-25 2020-10-30 刘永乐 离线交易的方法、客户端设备及pos机

Also Published As

Publication number Publication date
JP6370407B2 (ja) 2018-08-08
CN103903141A (zh) 2014-07-02
JP2017514242A (ja) 2017-06-01
CN103903141B (zh) 2018-05-08

Similar Documents

Publication Publication Date Title
WO2015135384A1 (fr) Procédé et système de paiement sécurisé o2o et terminal de point de vente
CN107609866B (zh) 基于虚拟货币的电子支付、电子收款方法及装置
WO2015135393A1 (fr) Procédé et système de paiement sécurisé o2o, et arrière-plan de paiement sécurisé
CN102789607B (zh) 一种网络交易方法和系统
CN102202300B (zh) 一种基于双通道的动态密码认证系统及方法
CN103914774B (zh) 一种o2o安全支付方法和系统
WO2015161699A1 (fr) Procédé et système d'interaction de données sécurisés
EP1758053A1 (fr) Portefeuille informatique sans fil pour les transactions physiques dans les points de vente (PDV)
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
CN102722816B (zh) 一种移动支付的方法、系统及装置
JP2015508541A (ja) ポータブルコンピューティングデバイスを使用して安全なオフライン支払いトランザクションを行うためのシステムおよび方法
US20140114846A1 (en) Transaction system and method for use with a mobile device
TWI591553B (zh) Systems and methods for mobile devices to trade financial documents
WO2016118087A1 (fr) Système et procédé de paiement en ligne sécurisé au moyen d'une carte à circuit intégré
CN104363199A (zh) 基于时间同步码的安全认证方法及时间同步码模块
CN104463576A (zh) 一种基于线上支付的nfc移动支付的通信方法
CN103093341A (zh) 一种基于rfid智能支付系统的安全支付方法
CN105809417A (zh) 一种安全可信的实时电子支付结算商户终端、用户终端、银行前端系统及系统与方法
CN108694580A (zh) 一种基于量子加密的支付系统及方法
CN103955820A (zh) 一种无卡支付方法及装置
CN103268436A (zh) 移动支付中一种基于触摸屏的图形化密码验证方法与系统
CN104574049A (zh) 基于安全电子交易协议的实时电子支付结算系统
CN108416400A (zh) 一种基于动态二维码的支付方法及支付系统
WO2017193836A1 (fr) Procédé et système de paiement sécurisé associés à un terminal de point de vente et fondé sur un réseau de signalisation
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15761673

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: IDP00201605938

Country of ref document: ID

ENP Entry into the national phase

Ref document number: 2016574321

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15761673

Country of ref document: EP

Kind code of ref document: A1