WO2016131252A1 - Password verification method, apparatus and system - Google Patents

Password verification method, apparatus and system Download PDF

Info

Publication number
WO2016131252A1
WO2016131252A1 PCT/CN2015/089672 CN2015089672W WO2016131252A1 WO 2016131252 A1 WO2016131252 A1 WO 2016131252A1 CN 2015089672 W CN2015089672 W CN 2015089672W WO 2016131252 A1 WO2016131252 A1 WO 2016131252A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
password
information
vibration
terminal
Prior art date
Application number
PCT/CN2015/089672
Other languages
French (fr)
Chinese (zh)
Inventor
顾金存
邵炳军
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016131252A1 publication Critical patent/WO2016131252A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to the field of communications, and in particular to a method, device and system for verifying a password.
  • FIG. 1 is a schematic diagram of a method for verifying a password in the related art.
  • the user uses the payment application payment on the payment terminal, in addition to the payment interface,
  • the user is also required to enter a password, which is generally referred to as a payment password.
  • the payment password and the login password have different functions. For security reasons, users are usually required to set different values. Among the three passwords, the payment password is used most frequently and is also the most vulnerable to theft.
  • the terminal detecting device After the terminal detecting device sends the payment information of the payment terminal, for example, the total price of the product to the mobile phone, the mobile phone pops up the payment confirmation interface, and the user inputs the payment password (may also need to input the short message verification code), and after the payment password verification is passed, the payment is completed.
  • the user may be peeked by others, or captured by the Trojan horse program, causing the payment password to be leaked, and the payment means such as password input and SMS verification confirmation in the related art are complicated and easily cracked, and acquired.
  • User information and passwords make the security of user property not guaranteed.
  • the invention provides a password verification method, device and system, so as to at least solve the related art, such as password input, SMS verification confirmation and other payment means are complicated and easy to be cracked, and obtain user information and password, so that user property security cannot be obtained. The issue of security.
  • a method for verifying a password including: inductive payment terminal a motor vibration, generating a payment password to be verified; transmitting payment information and a payment password of the payment terminal to the payment server; and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result includes: verifying the payment password
  • the payment server In the case of passing, the payment server generates payment success information based on the payment information completing the payment function.
  • generating a payment password to be verified by inducing a motor vibration of the payment terminal comprising: inducing the motor of the payment terminal to vibrate according to the preset vibration control information, generating vibration information; and converting the induced vibration information into a binary Information, generating a payment password to be verified.
  • the method before the generating the payment password by inducing the motor vibration of the payment terminal, the method further includes: the payment terminal receiving the input data payment password; the payment terminal converting the input data payment password to generate vibration control information; and the payment terminal The vibration control information and the preset random code are encrypted to generate encrypted data; the payment terminal saves the encrypted data to the payment server.
  • the feedback result generated by the payment server according to the payment information and the payment password includes: the payment server decrypts the pre-stored encrypted data, and obtains the vibration control information; the vibration control information obtained by the payment server after decryption
  • the payment password to be verified is matched; if the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information.
  • the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
  • the converted vibration control information is encrypted by using any of the following encryption methods: MD5, RC2, DES, and AES.
  • a password verification apparatus comprising: a processing module configured to generate a payment password to be verified by sensing a motor vibration of the payment terminal; and a sending module configured to send payment information of the payment terminal And a payment password to the payment server; and a receiving module, configured to receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: in case the payment password verification is passed, the payment server completes the payment according to the payment information The function generates payment success information.
  • the processing module includes: a sensing module, configured to sense that the motor of the payment terminal vibrates according to preset vibration control information to generate vibration information; and the conversion module is configured to convert the induced vibration information into binary information to generate The payment password to be verified.
  • the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
  • a password verification system comprising: a payment terminal configured to control a motor to vibrate according to preset vibration control information; and a verification terminal configured to inductively compensate a motor vibration of the terminal, Generating a payment password to be verified; and a payment server configured to receive the payment information of the payment terminal and the payment password to be verified, and generate a feedback result according to the payment information and the payment password, wherein The feedback result includes: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
  • the invention by inducting the motor vibration of the payment terminal, generating a payment password to be verified, transmitting payment information and payment password of the payment terminal to the payment server, and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback
  • the result includes: in the case that the payment password verification is passed, the payment server generates a payment success information according to the payment information to complete the payment function, and solves the related art that the payment means such as password input and short message verification confirmation are complicated and easy to be cracked, and Obtaining user information and passwords, so that the security of the user's property cannot be guaranteed, and realizing the user to convert the payment password into a vibration payment password, that is, when the user needs to pay, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input. It is done by the vibration of the mobile phone motor, which eliminates the user's frequent input of the payment password, and also ensures the technical effect of the security of the payment password.
  • FIG. 1 is a schematic diagram of a method for verifying a password in the related art
  • FIG. 2 is a flowchart of a method for verifying a password according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a method for verifying a password according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of an optional password verification method according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a password verification apparatus according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a password verification system according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a method for verifying a password according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
  • Step S102 Generate a payment password to be verified by inducing motor vibration of the payment terminal.
  • the terminal detecting device may be used to sense the motor vibration of the payment terminal, and generate a payment password to be verified.
  • the user establishes a connection between the payment terminal and the terminal detection device, wherein the connection can be implemented in the following manner: WI-FI (Wireless-Fidelity), NFC (Near Field Communication), mobile Network, etc.
  • WI-FI Wireless-Fidelity
  • NFC Near Field Communication
  • mobile Network etc.
  • the user places the payment terminal at the vibration receiving end of the terminal detecting device.
  • the terminal detecting device generates a payment password to be verified by sensing the motor vibration of the payment terminal.
  • Step S104 Send payment information and a payment password of the payment terminal to the payment server.
  • the terminal detecting device may send the payment information and the payment password of the payment terminal to the payment server, where the payment information of the payment terminal may be the total price of the goods obtained by the terminal detecting device by scanning the products purchased by the user one by one. At this time, the terminal detecting device transmits the total commodity price and the payment password to be verified generated in the above step S102 to the payment server.
  • Step S106 Receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
  • step S106 of the present application in the case that the payment password verification to be verified is passed, the payment program in the payment server deducts the total commodity price from the user account, and generates payment success information.
  • the terminal detecting device and the user receive the payment server. The feedback result of the payment success generated based on the payment information and the payment password.
  • the method for verifying the password provided by the embodiment generates a payment password to be verified by inducing the motor vibration of the payment terminal, and sends the payment information and the payment password of the payment terminal to the payment server, and the receiving payment server generates the payment information according to the payment information and the payment password.
  • the feedback result includes: in the case that the payment password verification is passed, the payment server generates a payment success information according to the payment information completion function, and the user converts the payment password into a vibration payment password, that is, the user is When payment is required, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input, but is completed by the vibration of the mobile phone motor, thereby eliminating the trouble that the user frequently inputs the payment password, and also ensures the security of the payment password. effect.
  • FIG. 3 is a schematic diagram of a method for verifying a password according to an embodiment of the present invention. As shown in FIG. 3, the process of implementing payment by a user through the method for verifying a password of the present invention may include the following steps:
  • the user establishes a connection between the payment terminal and the terminal detecting device, for example, by using a connection mode such as WI-FI, NFC, or mobile network.
  • a connection mode such as WI-FI, NFC, or mobile network.
  • the terminal detecting device herein may be a cash register;
  • the terminal detecting device scans the commodities one by one to obtain payment information of the payment terminal, such as the total price of the commodity;
  • the terminal detecting device sends the total price of the commodity to the payment terminal;
  • the user places the payment terminal on the vibration receiving device of the terminal detecting device, and the payment terminal completes the payment password input by shaking;
  • the payment server's payment program deducts the total price of the product from the user's account and the payment is completed.
  • generating a payment password to be verified by inducing a motor vibration of the payment terminal including:
  • Step S1021 The motor of the inductive payment terminal vibrates according to the preset vibration control information to generate vibration information.
  • Step S1023 Convert the induced vibration information into binary information, and generate a payment password to be verified.
  • the vibration control information may include any one or more of the following data: the order in which the motor vibrates and does not vibrate, the number of times the vibration occurs, the number of times of no vibration, the period of the vibration of each vibration, and the duration of the vibration period. .
  • the vibration receiving device of the terminal detecting device senses the vibration information
  • the induced vibration information can be converted into binary information that can be recognized, for example, 1 represents a period of vibration, and 0 represents a period of not shaking.
  • the vibration control information is: vibration 2 times, no vibration 3 times, the vibration period is 1 s, and the period when no vibration is 1 s, the order is: vibration, vibration, no vibration, no vibration, no vibration
  • the vibration receiving information of the terminal detecting device senses the vibration control information to vibrate, and generates vibration information.
  • the converted binary information is: 11000, that is, the payment password to be verified. Is 0.
  • the method before generating the payment password by inductively paying the motor vibration of the terminal, the method further includes:
  • Step S1001 The payment terminal receives the input data payment password.
  • Step S1003 The payment terminal performs format conversion on the input data payment password to generate vibration control information.
  • Step S1005 The payment terminal encrypts the vibration control information and the preset random code to generate encrypted data.
  • Step S1007 The terminal saves the encrypted data to the payment server.
  • the feedback result generated by the payment server according to the payment information and the payment password includes:
  • Step S1051 The payment server decrypts the pre-stored encrypted data to obtain the vibration control information.
  • Step S1053 The payment server matches the vibration control information obtained after decryption with the payment password to be verified.
  • Step S1055 In the case that the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information.
  • the payment server decrypts the pre-stored encrypted vibration control information, and performs the decrypted vibration control information and the payment password to be verified.
  • Matching in the case that the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information.
  • the relevant fee is deducted from the user account, and the terminal is notified to the detection device and the user completes the payment. .
  • the vibration control information includes: the motor vibrates or does not vibrate in any one of the vibration periods.
  • the converted vibration control information is encrypted by using any of the following encryption methods: MD5 (Message-Digest Algorithm 5, information-digest algorithm), RC2 (symmetric packet encryption algorithm), DES (Data Encryption Standard, Data Encryption Standard) and AES (Advanced Encryption Standard).
  • MD5 Message-Digest Algorithm 5, information-digest algorithm
  • RC2 symmetric packet encryption algorithm
  • DES Data Encryption Standard
  • Data Encryption Standard Data Encryption Standard
  • AES Advanced Encryption Standard
  • FIG. 4 is a schematic diagram of an optional password verification method according to an embodiment of the present invention. As shown in FIG. 4, the process of implementing payment by the user through the password verification method of the present invention may include the following steps:
  • the payment terminal receives the input data payment password, and the payment terminal formats the input data payment password to generate vibration control information. Further, the payment terminal may adopt The MD5, RC2, DES and the like encrypt the vibration control information, and the payment terminal saves the encrypted vibration control information to the payment server.
  • the user places the payment terminal at the vibration receiving end of the terminal detecting device, and the payment program controls the motor to generate a corresponding vibration according to the vibration control information and the transaction random code preset by the user.
  • the terminal detecting device converts the vibration information into binary according to the received vibration information, and sends it to the payment server in the background of the payment program, and the payment server decrypts and generates the payment password according to the transaction random code and the vibration control information.
  • the payment server matches the decrypted payment password with the payment password to be verified. If the matching is successful, the payment password verification to be verified is passed, and after the verification is passed, the related fee is deducted from the user account, and the terminal detecting device is notified. And the user pays for the completion.
  • the user in the process of inputting a payment password by a user, the user may be peeked by the user, or the user is captured by the Trojan horse program, causing the leakage of the payment password.
  • the present invention proposes a motor vibration by the inductive payment terminal.
  • the payment server generates a payment success information according to the payment information to complete the payment function, and realizes that the user converts the payment password into a vibration payment password, that is, when the user needs to pay, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input. It is done by the vibration of the mobile phone motor, which eliminates the user's frequent input of the payment password, and also ensures the technical effect of the security of the payment password.
  • the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation.
  • the technical solution of the present invention which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods of various embodiments of the present invention.
  • a password verification device is further provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again.
  • the term “module” may implement a combination of software and/or hardware of a predetermined function.
  • the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • the device includes: a processing module 51 configured to generate a payment password to be verified by sensing motor vibration of the payment terminal; and sending module 53 And sending the payment information and the payment password of the payment terminal to the payment server; and the receiving module 55 is configured to receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: In the case, the payment server generates payment success information based on the payment information completing the payment function.
  • the processing module includes: a sensing module, wherein the motor of the inductive payment terminal is configured to vibrate according to preset vibration control information to generate vibration information; and the conversion module is configured to sense The vibration information that should be obtained is converted into binary information, and a payment password to be verified is generated.
  • the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
  • each of the above modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
  • a password verification system is also provided in this embodiment.
  • 6 is a schematic structural diagram of a password verification system according to an embodiment of the present invention.
  • the system includes: a payment terminal 61 configured to control a motor to vibrate according to preset vibration control information; and verifying the terminal 63, Is configured to generate a payment password to be verified by sensing a motor vibration of the payment terminal; and a payment server 65 configured to receive the payment information of the payment terminal and the payment password to be verified, and generate a feedback result according to the payment information and the payment password,
  • the feedback result includes: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
  • Embodiments of the present invention also provide a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the S3. Receive a feedback result generated by the payment server according to the payment information and the payment password.
  • the feedback result includes: when the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
  • the storage medium is further arranged to store program code for performing the following steps:
  • the S3. Receive a feedback result generated by the payment server according to the payment information and the payment password.
  • the feedback result includes: when the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
  • the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM).
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • the processor performs the sensing by using the stored program code in the storage medium.
  • the motor of the payment terminal vibrates to generate a payment password to be verified, including: the motor of the inductive payment terminal vibrates according to the preset vibration control information, generates vibration information; converts the induced vibration information into binary information, and generates a to-be-verified Pay the password.
  • the processor performs, before generating the payment password by the motor vibration of the inductive payment terminal according to the stored program code in the storage medium, the method further includes: the payment terminal receiving the input data payment password; The terminal converts the input data payment password into a format to generate vibration control information; the payment terminal encrypts the vibration control information and the preset random code to generate encrypted data; and the payment terminal saves the encrypted data to the payment server.
  • the processor executes the feedback result generated by the payment server according to the payment information and the payment password according to the stored program code in the storage medium, including: the payment server decrypts the pre-stored encrypted data, and obtains To the vibration control information; the payment server matches the vibration control information obtained after the decryption with the payment password to be verified; if the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates a payment. Success information.
  • the processor performing the vibration control information according to the stored program code in the storage medium includes: the motor vibrates or does not vibrate in any one of the vibration periods.
  • the processor performs encryption on the converted vibration control information by using any one of the following encryption methods according to the stored program code in the storage medium: MD5, RC2, DES, and AES.
  • modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the method, device, and system for verifying a password provided by the embodiments of the present invention have the following beneficial effects: the payment means such as password input and SMS verification confirmation are complicated and easily cracked, and user information is obtained. And passwords that make the security of the user's property unsafe.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

A password verification method, apparatus and system. The method comprises: generating a payment password to be verified by sensing the vibration of a motor of a payment terminal (S102); sending payment information about the payment terminal and the payment password to a payment server (S104); and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: in the case where the verification of the payment password passes, the payment server completing a payment function according to the payment information and generating payment success information (S104). By means of the present solution, the problem in the related art that property safety of a user cannot be guaranteed due to the fact that payment means, such as password input and short message check and confirmation, are complex and can be easily cracked to acquire user information and a password.

Description

密码的验证方法、装置及系统Password verification method, device and system 技术领域Technical field
本发明涉及通信领域,具体而言,涉及一种密码的验证方法、装置及系统。The present invention relates to the field of communications, and in particular to a method, device and system for verifying a password.
背景技术Background technique
随着智能移动终端的普及,智能移动终端的用户数量也在逐年增加。根据Canalys(易观国际)统计报告,作为全球领先的智能手机市场,中国市场客户忠诚度竞争日益激烈,各大智能手机厂商寻找创新的解决方案来为用户提供更智能和更便利的用户体验,提高竞争优势。同时,随着移动互联网的蓬勃发展,智能手机与网络、金融的进一步融合,手机在线支付宝、微信钱包、手机银行等手机支付客户端由于其方便、简洁和快速性逐渐成为了移动互联网金融的新宠。手机在线支付通过绑定银行卡,第三方账户等方式进行费用扣除支付业务,然而由于手机系统漏洞、钓鱼短信、木马病毒等诱骗手段的存在,已经严重威胁到手机在线支付安全。With the popularity of smart mobile terminals, the number of users of smart mobile terminals is also increasing year by year. According to the statistics of Canalys, as the world's leading smartphone market, customer loyalty competition in the Chinese market is increasingly fierce, and major smartphone manufacturers are looking for innovative solutions to provide users with smarter and more convenient user experiences. Improve your competitive advantage. At the same time, with the rapid development of mobile Internet, the further integration of smart phones with the Internet and finance, mobile payment clients such as mobile online Alipay, WeChat wallet and mobile banking have gradually become the new favorite of mobile internet finance due to their convenience, simplicity and speed. . The online payment of mobile phones is carried out by deducting payment services by binding bank cards and third-party accounts. However, due to the existence of mobile phone system vulnerabilities, phishing messages, and Trojan horses, the online payment security of mobile phones has been seriously threatened.
然而,在相关技术中进行密码的验证时,如图1所示,图1是相关技术中的密码的验证方法的示意图,在用户使用支付终端上的支付应用支付时,在支付界面,除了必要的付款额、收款人、付款账户等信息外,还需要用户输入密码,这个密码一般称为支付密码。支付密码和登录密码,查询密码分别具有不同的功能,为了安全考虑,一般会要求用户设置不同的值。在这三个密码中,支付密码使用最频繁,也最容易被盗。当终端检测设备把支付终端的支付信息,例如商品总价发送给手机后,手机弹出支付确认界面,用户输入支付密码(可能还需要输入短信验证码),在支付密码验证通过后,支付完成,然而在用户输入支付密码过程中,可能会被他人偷看,或者被木马程序捕获用户,造成支付密码泄露,以及相关技术中密码输入、短信校验确认等支付手段复杂且容易被破解,并获取用户信息和密码,使用户财产安全无法得到保障。However, when the password is verified in the related art, as shown in FIG. 1, FIG. 1 is a schematic diagram of a method for verifying a password in the related art. When the user uses the payment application payment on the payment terminal, in addition to the payment interface, In addition to the payment amount, payee, payment account and other information, the user is also required to enter a password, which is generally referred to as a payment password. The payment password and the login password have different functions. For security reasons, users are usually required to set different values. Among the three passwords, the payment password is used most frequently and is also the most vulnerable to theft. After the terminal detecting device sends the payment information of the payment terminal, for example, the total price of the product to the mobile phone, the mobile phone pops up the payment confirmation interface, and the user inputs the payment password (may also need to input the short message verification code), and after the payment password verification is passed, the payment is completed. However, in the process of inputting the payment password, the user may be peeked by others, or captured by the Trojan horse program, causing the payment password to be leaked, and the payment means such as password input and SMS verification confirmation in the related art are complicated and easily cracked, and acquired. User information and passwords make the security of user property not guaranteed.
针对上述的问题,目前尚未提出有效的解决方案。In response to the above problems, no effective solution has been proposed yet.
发明内容Summary of the invention
本发明提供了一种密码的验证方法、装置及系统,以至少解决相关技术中密码输入、短信校验确认等支付手段复杂且容易被破解,并获取用户信息和密码,使用户财产安全无法得到保障的问题。The invention provides a password verification method, device and system, so as to at least solve the related art, such as password input, SMS verification confirmation and other payment means are complicated and easy to be cracked, and obtain user information and password, so that user property security cannot be obtained. The issue of security.
根据本发明的一个方面,提供了一种密码的验证方法,包括:通过感应支付终端 的马达震动,生成待验证的支付密码;发送支付终端的支付信息和支付密码至支付服务器;以及接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。According to an aspect of the present invention, a method for verifying a password is provided, including: inductive payment terminal a motor vibration, generating a payment password to be verified; transmitting payment information and a payment password of the payment terminal to the payment server; and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result includes: verifying the payment password In the case of passing, the payment server generates payment success information based on the payment information completing the payment function.
可选地,通过感应支付终端的马达震动,生成待验证的支付密码,包括:感应支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;将感应得到的震动信息转换为二进制信息,生成待验证的支付密码。Optionally, generating a payment password to be verified by inducing a motor vibration of the payment terminal, comprising: inducing the motor of the payment terminal to vibrate according to the preset vibration control information, generating vibration information; and converting the induced vibration information into a binary Information, generating a payment password to be verified.
可选地,在通过感应支付终端的马达震动而生成支付密码之前,方法还包括:支付终端接收输入的数据支付密码;支付终端将输入的数据支付密码进行格式转换,生成震动控制信息;支付终端将震动控制信息和预设的随机码进行加密,生成加密数据;支付终端将加密数据保存至支付服务器。Optionally, before the generating the payment password by inducing the motor vibration of the payment terminal, the method further includes: the payment terminal receiving the input data payment password; the payment terminal converting the input data payment password to generate vibration control information; and the payment terminal The vibration control information and the preset random code are encrypted to generate encrypted data; the payment terminal saves the encrypted data to the payment server.
可选地,支付服务器根据支付信息和支付密码而生成的反馈结果,包括:支付服务器将预先保存的加密数据进行解密,获取到所述震动控制信息;支付服务器将解密后得到的震动控制信息与待验证的支付密码进行匹配;在匹配成功的情况下,待验证的支付密码验证通过,支付服务器根据支付信息完成支付功能,生成支付成功信息。Optionally, the feedback result generated by the payment server according to the payment information and the payment password includes: the payment server decrypts the pre-stored encrypted data, and obtains the vibration control information; the vibration control information obtained by the payment server after decryption The payment password to be verified is matched; if the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information.
可选地,震动控制信息包括:马达在任意一个震动周期内进行震动或不震动。Optionally, the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
可选地,采用如下任意一种加密方式对转换后的震动控制信息进行加密:MD5、RC2、DES和AES。Optionally, the converted vibration control information is encrypted by using any of the following encryption methods: MD5, RC2, DES, and AES.
根据本发明的另一方面,提供了一种密码的验证装置,包括:处理模块,设置为通过感应支付终端的马达震动,生成待验证的支付密码;发送模块,设置为发送支付终端的支付信息和支付密码至支付服务器;以及接收模块,设置为接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。According to another aspect of the present invention, a password verification apparatus is provided, comprising: a processing module configured to generate a payment password to be verified by sensing a motor vibration of the payment terminal; and a sending module configured to send payment information of the payment terminal And a payment password to the payment server; and a receiving module, configured to receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: in case the payment password verification is passed, the payment server completes the payment according to the payment information The function generates payment success information.
可选地,处理模块包括:感应模块,设置为感应支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;转换模块,设置为将感应得到的震动信息转换为二进制信息,生成待验证的支付密码。Optionally, the processing module includes: a sensing module, configured to sense that the motor of the payment terminal vibrates according to preset vibration control information to generate vibration information; and the conversion module is configured to convert the induced vibration information into binary information to generate The payment password to be verified.
可选地,震动控制信息包括:马达在任意一个震动周期内进行震动或不震动。Optionally, the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
根据本发明的另一方面,提供了一种密码的验证系统,包括:支付终端,设置为控制马达按照预先设定的震动控制信息进行震动;验证终端,设置为通过感应支付终端的马达震动,生成待验证的支付密码;以及支付服务器,设置为接收支付终端的支付信息和待验证的支付密码,并根据支付信息和支付密码而生成的反馈结果,其中, 反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。According to another aspect of the present invention, a password verification system is provided, comprising: a payment terminal configured to control a motor to vibrate according to preset vibration control information; and a verification terminal configured to inductively compensate a motor vibration of the terminal, Generating a payment password to be verified; and a payment server configured to receive the payment information of the payment terminal and the payment password to be verified, and generate a feedback result according to the payment information and the payment password, wherein The feedback result includes: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
通过本发明,通过感应支付终端的马达震动,生成待验证的支付密码,发送支付终端的支付信息和支付密码至支付服务器,接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息的方法,解决了相关技术中密码输入、短信校验确认等支付手段复杂且容易被破解,并获取用户信息和密码,使用户财产安全无法得到保障的问题,实现了用户将支付密码转换为震动支付密码,即用户在需要支付时,把支付终端和接受机紧密接触,不需要用户手动输入,而是通过手机马达震动来完成,免去了用户频繁输入支付密码的烦恼,同时也保证了支付密码的安全性的技术效果。Through the invention, by inducting the motor vibration of the payment terminal, generating a payment password to be verified, transmitting payment information and payment password of the payment terminal to the payment server, and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback The result includes: in the case that the payment password verification is passed, the payment server generates a payment success information according to the payment information to complete the payment function, and solves the related art that the payment means such as password input and short message verification confirmation are complicated and easy to be cracked, and Obtaining user information and passwords, so that the security of the user's property cannot be guaranteed, and realizing the user to convert the payment password into a vibration payment password, that is, when the user needs to pay, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input. It is done by the vibration of the mobile phone motor, which eliminates the user's frequent input of the payment password, and also ensures the technical effect of the security of the payment password.
附图说明DRAWINGS
此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the invention, and are intended to be a part of the invention. In the drawing:
图1是相关技术中的密码的验证方法的示意图;1 is a schematic diagram of a method for verifying a password in the related art;
图2是根据本发明实施例的密码的验证方法的流程图;2 is a flowchart of a method for verifying a password according to an embodiment of the present invention;
图3是根据本发明实施例的密码的验证方法的示意图;3 is a schematic diagram of a method for verifying a password according to an embodiment of the present invention;
图4是根据本发明实施例的一种可选的密码的验证方法的示意图;4 is a schematic diagram of an optional password verification method according to an embodiment of the present invention;
图5是根据本发明实施例的密码的验证装置的结构示意图;FIG. 5 is a schematic structural diagram of a password verification apparatus according to an embodiment of the present invention; FIG.
图6是根据本发明实施例的密码的验证系统的结构示意图。FIG. 6 is a schematic structural diagram of a password verification system according to an embodiment of the present invention.
具体实施方式detailed description
下文中将参考附图并结合实施例来详细说明本发明。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict.
需要说明的是,本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。It is to be understood that the terms "first", "second" and the like in the specification and claims of the present invention are used to distinguish similar objects, and are not necessarily used to describe a particular order or order.
在本实施例中提供了一种密码的验证方法,图2是根据本发明实施例的密码的验证方法的流程图,如图2所示,该流程包括如下步骤: A method for verifying a password is provided in this embodiment. FIG. 2 is a flowchart of a method for verifying a password according to an embodiment of the present invention. As shown in FIG. 2, the process includes the following steps:
步骤S102:通过感应支付终端的马达震动,生成待验证的支付密码。Step S102: Generate a payment password to be verified by inducing motor vibration of the payment terminal.
本申请上述步骤S102中,可以采用终端检测设备来感应支付终端的马达震动,生成待验证的支付密码。首先,用户将支付终端和终端检测设备建立连接,其中,上述连接可以通过以下方式实现:WI-FI(Wireless-Fidelity,无线保真)、NFC(Near Field Communication,近距离无线通讯技术)、移动网络等。其次,在要求输入支付密码时,用户把支付终端置于终端检测设备的震动接受处,此时,终端检测设备通过感应支付终端的马达震动,生成待验证的支付密码。In the above step S102 of the present application, the terminal detecting device may be used to sense the motor vibration of the payment terminal, and generate a payment password to be verified. First, the user establishes a connection between the payment terminal and the terminal detection device, wherein the connection can be implemented in the following manner: WI-FI (Wireless-Fidelity), NFC (Near Field Communication), mobile Network, etc. Secondly, when the payment password is required, the user places the payment terminal at the vibration receiving end of the terminal detecting device. At this time, the terminal detecting device generates a payment password to be verified by sensing the motor vibration of the payment terminal.
步骤S104:发送支付终端的支付信息和支付密码至支付服务器。Step S104: Send payment information and a payment password of the payment terminal to the payment server.
本申请上述步骤S104中,可以通过终端检测设备发送支付终端的支付信息和支付密码至支付服务器,其中,支付终端的支付信息可以是终端检测设备通过逐个扫描用户购买的商品,得到的商品总价,此时,终端检测设备将商品总价和上述步骤S102生成的待验证的支付密码发送至支付服务器。In the above step S104, the terminal detecting device may send the payment information and the payment password of the payment terminal to the payment server, where the payment information of the payment terminal may be the total price of the goods obtained by the terminal detecting device by scanning the products purchased by the user one by one. At this time, the terminal detecting device transmits the total commodity price and the payment password to be verified generated in the above step S102 to the payment server.
步骤S106:接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。Step S106: Receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
本申请上述步骤S106中,在待验证的支付密码验证通过的情况下,支付服务器中的支付程序从用户账户中扣除商品总价,生成支付成功信息,此时终端检测设备和用户接收到支付服务器根据支付信息和支付密码而生成的支付成功的反馈结果。In the above step S106 of the present application, in the case that the payment password verification to be verified is passed, the payment program in the payment server deducts the total commodity price from the user account, and generates payment success information. At this time, the terminal detecting device and the user receive the payment server. The feedback result of the payment success generated based on the payment information and the payment password.
本实施例所提供的密码的验证方法,通过感应支付终端的马达震动,生成待验证的支付密码,发送支付终端的支付信息和支付密码至支付服务器,接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息的方法,实现了用户将支付密码转换为震动支付密码,即用户在需要支付时,把支付终端和接受机紧密接触,不需要用户手动输入,而是通过手机马达震动来完成,免去了用户频繁输入支付密码的烦恼,同时也保证了支付密码的安全性的技术效果。The method for verifying the password provided by the embodiment generates a payment password to be verified by inducing the motor vibration of the payment terminal, and sends the payment information and the payment password of the payment terminal to the payment server, and the receiving payment server generates the payment information according to the payment information and the payment password. The feedback result includes: in the case that the payment password verification is passed, the payment server generates a payment success information according to the payment information completion function, and the user converts the payment password into a vibration payment password, that is, the user is When payment is required, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input, but is completed by the vibration of the mobile phone motor, thereby eliminating the trouble that the user frequently inputs the payment password, and also ensures the security of the payment password. effect.
下面结合具体实例,对本发明实施例的密码的验证方法进行进一步说明。已经进行过详细说明的不再赘述。图3是根据本发明实施例的密码的验证方法的示意图,如图3所示,当用户通过本发明的密码的验证方法实现支付的过程可以包括如下步骤:The method for verifying the password of the embodiment of the present invention is further described below with reference to specific examples. The detailed description has been omitted and will not be described again. FIG. 3 is a schematic diagram of a method for verifying a password according to an embodiment of the present invention. As shown in FIG. 3, the process of implementing payment by a user through the method for verifying a password of the present invention may include the following steps:
首先,用户把支付终端和终端检测设备建立连接,例如通过:WI-FI、NFC、移动网络等连接方式,具体的,此处的终端检测设备可以是收银台;First, the user establishes a connection between the payment terminal and the terminal detecting device, for example, by using a connection mode such as WI-FI, NFC, or mobile network. Specifically, the terminal detecting device herein may be a cash register;
然后,终端检测设备逐个扫描商品,得到支付终端的支付信息,例如商品总价; Then, the terminal detecting device scans the commodities one by one to obtain payment information of the payment terminal, such as the total price of the commodity;
接着,终端检测设备把商品总价发送给支付终端;Then, the terminal detecting device sends the total price of the commodity to the payment terminal;
此时,用户将支付终端置于终端检测设备的震动接受装置,支付终端通过震动完成支付密码输入;At this time, the user places the payment terminal on the vibration receiving device of the terminal detecting device, and the payment terminal completes the payment password input by shaking;
最后,支付服务器的支付程序从用户账户中扣除商品总价,支付完成。Finally, the payment server's payment program deducts the total price of the product from the user's account and the payment is completed.
可选地,在本实施例中,通过感应支付终端的马达震动,生成待验证的支付密码,包括:Optionally, in this embodiment, generating a payment password to be verified by inducing a motor vibration of the payment terminal, including:
步骤S1021:感应支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息。Step S1021: The motor of the inductive payment terminal vibrates according to the preset vibration control information to generate vibration information.
步骤S1023:将感应得到的震动信息转换为二进制信息,生成待验证的支付密码。Step S1023: Convert the induced vibration information into binary information, and generate a payment password to be verified.
这里需要说明的是,上述震动控制信息可以包括如下任意一个或多个数据:马达进行震动和不震动的顺序,发生震动的次数、不震动的次数,每次震动的震动周期和震动周期的时长。其中,在终端检测设备的震动接受装置感应到震动信息之后,可以将感应得到的震动信息转换为及其可以识别的二进制信息,例如,1代表震动一个周期,0代表不震动一个周期。It should be noted that the vibration control information may include any one or more of the following data: the order in which the motor vibrates and does not vibrate, the number of times the vibration occurs, the number of times of no vibration, the period of the vibration of each vibration, and the duration of the vibration period. . After the vibration receiving device of the terminal detecting device senses the vibration information, the induced vibration information can be converted into binary information that can be recognized, for example, 1 represents a period of vibration, and 0 represents a period of not shaking.
可选地,在震动控制信息为:震动2次,不震动3次,震动周期为1s,不震动时的周期为1s,顺序依次为:震动、震动、不震动、不震动、不震动的情况下,移动终端按照该震动控制信息进行震动之后,终端检测设备的震动接受处感应到该震动控制信息进行震动,生成震动信息,此时转换后的二进制信息为:11000,即待验证的支付密码为0。Optionally, the vibration control information is: vibration 2 times, no vibration 3 times, the vibration period is 1 s, and the period when no vibration is 1 s, the order is: vibration, vibration, no vibration, no vibration, no vibration After the mobile terminal vibrates according to the vibration control information, the vibration receiving information of the terminal detecting device senses the vibration control information to vibrate, and generates vibration information. At this time, the converted binary information is: 11000, that is, the payment password to be verified. Is 0.
可选地,在本实施例中,在通过感应支付终端的马达震动而生成支付密码之前,方法还包括:Optionally, in this embodiment, before generating the payment password by inductively paying the motor vibration of the terminal, the method further includes:
步骤S1001:支付终端接收输入的数据支付密码。Step S1001: The payment terminal receives the input data payment password.
步骤S1003:支付终端将输入的数据支付密码进行格式转换,生成震动控制信息。Step S1003: The payment terminal performs format conversion on the input data payment password to generate vibration control information.
步骤S1005:支付终端将震动控制信息和预设的随机码进行加密,生成加密数据。Step S1005: The payment terminal encrypts the vibration control information and the preset random code to generate encrypted data.
步骤S1007:终端将加密后数据保存至支付服务器。Step S1007: The terminal saves the encrypted data to the payment server.
可选地,在本实施例中,支付服务器根据支付信息和支付密码而生成的反馈结果,包括:Optionally, in this embodiment, the feedback result generated by the payment server according to the payment information and the payment password includes:
步骤S1051:支付服务器将预先保存的加密数据进行解密,获取到所述震动控制信息。 Step S1051: The payment server decrypts the pre-stored encrypted data to obtain the vibration control information.
步骤S1053:支付服务器将解密后得到的震动控制信息与待验证的支付密码进行匹配。Step S1053: The payment server matches the vibration control information obtained after decryption with the payment password to be verified.
步骤S1055:在匹配成功的情况下,待验证的支付密码验证通过,支付服务器根据支付信息完成支付功能,生成支付成功信息。Step S1055: In the case that the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information.
本申请上述支付服务器根据支付信息和支付密码而生成的反馈结果的步骤中,支付服务器将预先保存的加密后的震动控制信息进行解密,并将解密后的震动控制信息与待验证的支付密码进行匹配,在匹配成功的情况下,待验证的支付密码验证通过,支付服务器根据支付信息完成支付功能,生成支付成功信息,此时从用户账户中扣除相关费用,并通知终端检测设备和用户支付完成。In the step of the feedback result generated by the payment server according to the payment information and the payment password, the payment server decrypts the pre-stored encrypted vibration control information, and performs the decrypted vibration control information and the payment password to be verified. Matching, in the case that the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates payment success information. At this time, the relevant fee is deducted from the user account, and the terminal is notified to the detection device and the user completes the payment. .
可选地,在本实施例中,震动控制信息包括:马达在任意一个震动周期内进行震动或不震动。Optionally, in the embodiment, the vibration control information includes: the motor vibrates or does not vibrate in any one of the vibration periods.
可选地,在本实施例中,采用如下任意一种加密方式对转换后的震动控制信息进行加密:MD5(Message-Digest Algorithm 5,信息-摘要算法)、RC2(对称分组加密算法)、DES(Data Encryption Standard,数据加密标准)和AES(Advanced Encryption Standard,高级加密标准)。Optionally, in this embodiment, the converted vibration control information is encrypted by using any of the following encryption methods: MD5 (Message-Digest Algorithm 5, information-digest algorithm), RC2 (symmetric packet encryption algorithm), DES (Data Encryption Standard, Data Encryption Standard) and AES (Advanced Encryption Standard).
下面结合具体实施例,对本发明实施例的密码的验证方法进行进一步说明。已经进行过详细说明的不再赘述。图4是根据本发明实施例的一种可选的密码的验证方法的示意图,如图4所示,当用户通过本发明的密码的验证方法实现支付的过程可以包括如下步骤:The method for verifying the password of the embodiment of the present invention is further described below with reference to specific embodiments. The detailed description has been omitted and will not be described again. FIG. 4 is a schematic diagram of an optional password verification method according to an embodiment of the present invention. As shown in FIG. 4, the process of implementing payment by the user through the password verification method of the present invention may include the following steps:
首先,在通过感应支付终端的马达震动而生成支付密码之前,支付终端接收输入的数据支付密码,支付终端将输入的数据支付密码进行格式装换,生成震动控制信息,进一步的,支付终端可以采用MD5,RC2,DES等方法将震动控制信息进行加密,支付终端将加密后的震动控制信息保存至支付服务器。First, before generating the payment password by sensing the motor vibration of the payment terminal, the payment terminal receives the input data payment password, and the payment terminal formats the input data payment password to generate vibration control information. Further, the payment terminal may adopt The MD5, RC2, DES and the like encrypt the vibration control information, and the payment terminal saves the encrypted vibration control information to the payment server.
其次,在要求用户输入支付密码时,用户将支付终端置于终端检测设备的震动接受处,支付程序根据用户预先设置的震动控制信息和交易随机码,控制马达产生相应震动。Secondly, when the user is required to input the payment password, the user places the payment terminal at the vibration receiving end of the terminal detecting device, and the payment program controls the motor to generate a corresponding vibration according to the vibration control information and the transaction random code preset by the user.
然后,终端检测设备根据接受到的震动信息,将震动信息转换为二进制,发送给支付程序后台的支付服务器,支付服务器根据交易随机码和震动控制信息,解密生成支付密码。支付服务器将解密后的支付密码与待验证的支付密码进行匹配,在匹配成功的情况下,待验证的支付密码验证通过,在验证通过后,从用户账户中扣除相关费用,并通知终端检测设备和用户支付完成。 Then, the terminal detecting device converts the vibration information into binary according to the received vibration information, and sends it to the payment server in the background of the payment program, and the payment server decrypts and generates the payment password according to the transaction random code and the vibration control information. The payment server matches the decrypted payment password with the payment password to be verified. If the matching is successful, the payment password verification to be verified is passed, and after the verification is passed, the related fee is deducted from the user account, and the terminal detecting device is notified. And the user pays for the completion.
由此可知,针对相关技术中在用户输入支付密码过程中,可能会被他人偷看,或者被木马程序捕获用户,造成支付密码泄露的问题,本发明提出一种通过感应支付终端的马达震动,生成待验证的支付密码,发送支付终端的支付信息和支付密码至支付服务器,接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息的方法,实现了用户将支付密码转换为震动支付密码,即用户在需要支付时,把支付终端和接受机紧密接触,不需要用户手动输入,而是通过手机马达震动来完成,免去了用户频繁输入支付密码的烦恼,同时也保证了支付密码的安全性的技术效果。It can be seen that, in the related art, in the process of inputting a payment password by a user, the user may be peeked by the user, or the user is captured by the Trojan horse program, causing the leakage of the payment password. The present invention proposes a motor vibration by the inductive payment terminal. Generating a payment password to be verified, sending payment information and a payment password of the payment terminal to the payment server, and receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result includes: in the case that the payment password is verified, The payment server generates a payment success information according to the payment information to complete the payment function, and realizes that the user converts the payment password into a vibration payment password, that is, when the user needs to pay, the payment terminal and the receiving machine are in close contact, and the user does not need to manually input. It is done by the vibration of the mobile phone motor, which eliminates the user's frequent input of the payment password, and also ensures the technical effect of the security of the payment password.
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present invention is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present invention. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到根据上述实施例的方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware, but in many cases, the former is A better implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods of various embodiments of the present invention.
在本实施例中还提供了一种密码的验证装置,该装置用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。如以下所使用的,术语“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a password verification device is further provided, which is used to implement the foregoing embodiments and preferred embodiments, and has not been described again. As used below, the term "module" may implement a combination of software and/or hardware of a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
图5是根据本发明实施例的密码的验证装置结构示意图,如图5所示,该装置包括:处理模块51,设置为通过感应支付终端的马达震动,生成待验证的支付密码;发送模块53,设置为发送支付终端的支付信息和支付密码至支付服务器;以及接收模块55,设置为接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。5 is a schematic structural diagram of a device for verifying a password according to an embodiment of the present invention. As shown in FIG. 5, the device includes: a processing module 51 configured to generate a payment password to be verified by sensing motor vibration of the payment terminal; and sending module 53 And sending the payment information and the payment password of the payment terminal to the payment server; and the receiving module 55 is configured to receive a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result comprises: In the case, the payment server generates payment success information based on the payment information completing the payment function.
可选地,在本发明实施例中,处理模块包括:感应模块,设置为感应支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;转换模块,设置为将感 应得到的震动信息转换为二进制信息,生成待验证的支付密码。Optionally, in the embodiment of the present invention, the processing module includes: a sensing module, wherein the motor of the inductive payment terminal is configured to vibrate according to preset vibration control information to generate vibration information; and the conversion module is configured to sense The vibration information that should be obtained is converted into binary information, and a payment password to be verified is generated.
可选地,震动控制信息包括:马达在任意一个震动周期内进行震动或不震动。Optionally, the vibration control information includes: the motor vibrates or does not vibrate during any one of the vibration periods.
需要说明的是,上述各个模块是可以通过软件或硬件来实现的,对于后者,可以通过以下方式实现,但不限于此:上述模块均位于同一处理器中;或者,上述模块分别位于多个处理器中。It should be noted that each of the above modules may be implemented by software or hardware. For the latter, the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are located in multiple In the processor.
在本实施例中还提供了一种密码的验证系统。图6是根据本发明实施例的密码的验证系统的结构示意图,如图6所示,该系统包括:支付终端61,设置为控制马达按照预先设定的震动控制信息进行震动;验证终端63,设置为通过感应支付终端的马达震动,生成待验证的支付密码;以及支付服务器65,设置为接收支付终端的支付信息和待验证的支付密码,并根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。A password verification system is also provided in this embodiment. 6 is a schematic structural diagram of a password verification system according to an embodiment of the present invention. As shown in FIG. 6, the system includes: a payment terminal 61 configured to control a motor to vibrate according to preset vibration control information; and verifying the terminal 63, Is configured to generate a payment password to be verified by sensing a motor vibration of the payment terminal; and a payment server 65 configured to receive the payment information of the payment terminal and the payment password to be verified, and generate a feedback result according to the payment information and the payment password, The feedback result includes: in the case that the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
本发明的实施例还提供了一种存储介质。可选地,在本实施例中,上述存储介质可以被设置为存储用于执行以下步骤的程序代码:Embodiments of the present invention also provide a storage medium. Optionally, in the embodiment, the foregoing storage medium may be configured to store program code for performing the following steps:
S1,通过感应支付终端的马达震动,生成待验证的支付密码;S1, generating a payment password to be verified by inducting a motor vibration of the payment terminal;
S2,发送支付终端的支付信息和支付密码至支付服务器;以及S2, sending payment information and a payment password of the payment terminal to the payment server;
S3,接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。S3. Receive a feedback result generated by the payment server according to the payment information and the payment password. The feedback result includes: when the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
可选地,存储介质还被设置为存储用于执行以下步骤的程序代码:Optionally, the storage medium is further arranged to store program code for performing the following steps:
S1,通过感应支付终端的马达震动,生成待验证的支付密码;S1, generating a payment password to be verified by inducting a motor vibration of the payment terminal;
S2,发送支付终端的支付信息和支付密码至支付服务器;以及S2, sending payment information and a payment password of the payment terminal to the payment server;
S3,接收支付服务器根据支付信息和支付密码而生成的反馈结果,其中,反馈结果包括:在支付密码验证通过的情况下,支付服务器根据支付信息完成支付功能而生成支付成功信息。S3. Receive a feedback result generated by the payment server according to the payment information and the payment password. The feedback result includes: when the payment password verification is passed, the payment server generates the payment success information according to the payment information completing the payment function.
可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(Read-Only Memory,简称为ROM)、随机存取存储器(Random Access Memory,简称为RAM)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。Optionally, in the embodiment, the foregoing storage medium may include, but is not limited to, a USB flash drive, a Read-Only Memory (ROM), and a Random Access Memory (RAM). A variety of media that can store program code, such as a hard disk, a disk, or an optical disk.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行通过感应 支付终端的马达震动,生成待验证的支付密码,包括:感应支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;将感应得到的震动信息转换为二进制信息,生成待验证的支付密码。Optionally, in this embodiment, the processor performs the sensing by using the stored program code in the storage medium. The motor of the payment terminal vibrates to generate a payment password to be verified, including: the motor of the inductive payment terminal vibrates according to the preset vibration control information, generates vibration information; converts the induced vibration information into binary information, and generates a to-be-verified Pay the password.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行在通过感应支付终端的马达震动而生成支付密码之前,方法还包括:支付终端接收输入的数据支付密码;支付终端将输入的数据支付密码进行格式转换,生成震动控制信息;支付终端将震动控制信息和预设的随机码进行加密,生成加密数据;支付终端将加密数据保存至支付服务器。Optionally, in this embodiment, the processor performs, before generating the payment password by the motor vibration of the inductive payment terminal according to the stored program code in the storage medium, the method further includes: the payment terminal receiving the input data payment password; The terminal converts the input data payment password into a format to generate vibration control information; the payment terminal encrypts the vibration control information and the preset random code to generate encrypted data; and the payment terminal saves the encrypted data to the payment server.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行支付服务器根据支付信息和支付密码而生成的反馈结果,包括:支付服务器将预先保存的加密数据进行解密,获取到震动控制信息;支付服务器将解密后得到的震动控制信息与待验证的支付密码进行匹配;在匹配成功的情况下,待验证的支付密码验证通过,支付服务器根据支付信息完成支付功能,生成支付成功信息。Optionally, in this embodiment, the processor executes the feedback result generated by the payment server according to the payment information and the payment password according to the stored program code in the storage medium, including: the payment server decrypts the pre-stored encrypted data, and obtains To the vibration control information; the payment server matches the vibration control information obtained after the decryption with the payment password to be verified; if the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates a payment. Success information.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行震动控制信息包括:马达在任意一个震动周期内进行震动或不震动。Optionally, in this embodiment, the processor performing the vibration control information according to the stored program code in the storage medium includes: the motor vibrates or does not vibrate in any one of the vibration periods.
可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行采用如下任意一种加密方式对转换后的震动控制信息进行加密:MD5、RC2、DES和AES。Optionally, in this embodiment, the processor performs encryption on the converted vibration control information by using any one of the following encryption methods according to the stored program code in the storage medium: MD5, RC2, DES, and AES.
可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。For example, the specific examples in this embodiment may refer to the examples described in the foregoing embodiments and the optional embodiments, and details are not described herein again.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。It will be apparent to those skilled in the art that the various modules or steps of the present invention described above can be implemented by a general-purpose computing device that can be centralized on a single computing device or distributed across a network of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software.
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
工业实用性 Industrial applicability
如上所述,本发明实施例提供的一种密码的验证方法、装置及系统具有以下有益效果:解决了相关技术中密码输入、短信校验确认等支付手段复杂且容易被破解,并获取用户信息和密码,使用户财产安全无法得到保障的问题。 As described above, the method, device, and system for verifying a password provided by the embodiments of the present invention have the following beneficial effects: the payment means such as password input and SMS verification confirmation are complicated and easily cracked, and user information is obtained. And passwords that make the security of the user's property unsafe.

Claims (10)

  1. 一种密码的验证方法,包括:A method for verifying a password, comprising:
    通过感应支付终端的马达震动,生成待验证的支付密码;Generating a payment password to be verified by sensing motor vibration of the payment terminal;
    发送所述支付终端的支付信息和所述支付密码至支付服务器;以及Sending payment information of the payment terminal and the payment password to a payment server;
    接收所述支付服务器根据所述支付信息和所述支付密码而生成的反馈结果,其中,所述反馈结果包括:在所述支付密码验证通过的情况下,所述支付服务器根据所述支付信息完成支付功能而生成支付成功信息。Receiving a feedback result generated by the payment server according to the payment information and the payment password, wherein the feedback result includes: when the payment password verification is passed, the payment server completes according to the payment information A payment success message is generated by the payment function.
  2. 根据权利要求1所述的方法,其中,通过感应所述支付终端的马达震动,生成待验证的支付密码,包括:The method according to claim 1, wherein the generating a payment password to be verified is generated by sensing a motor vibration of the payment terminal, comprising:
    感应所述支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;Inducing the motor of the payment terminal to vibrate according to preset vibration control information to generate vibration information;
    将感应得到的所述震动信息转换为二进制信息,生成所述待验证的支付密码。Converting the sensed vibration information into binary information, and generating the payment password to be verified.
  3. 根据权利要求1或2所述的方法,其中,在通过感应所述支付终端的马达震动而生成支付密码之前,所述方法还包括:The method according to claim 1 or 2, wherein the method further comprises: before generating a payment password by sensing motor vibration of the payment terminal, the method further comprising:
    所述支付终端接收输入的数据支付密码;Receiving, by the payment terminal, an input data payment password;
    所述支付终端将输入的所述数据支付密码进行格式转换,生成所述震动控制信息;The payment terminal performs format conversion on the input data payment password to generate the vibration control information;
    所述支付终端将所述震动控制信息和预设的随机码进行加密,生成加密数据;The payment terminal encrypts the vibration control information and the preset random code to generate encrypted data;
    所述支付终端将所述加密数据保存至所述支付服务器。The payment terminal saves the encrypted data to the payment server.
  4. 根据权利要求3所述的方法,其中,所述支付服务器根据所述支付信息和所述支付密码而生成的反馈结果,包括:The method according to claim 3, wherein the feedback result generated by the payment server according to the payment information and the payment password comprises:
    所述支付服务器将预先保存的所述加密数据进行解密,获取到所述震动控制信息;The payment server decrypts the pre-stored encrypted data to obtain the vibration control information;
    所述支付服务器将解密后得到的所述震动控制信息与所述待验证的支付密码进行匹配;The payment server matches the vibration control information obtained after decryption with the payment password to be verified;
    在匹配成功的情况下,所述待验证的支付密码验证通过,所述支付服务器根据所述支付信息完成支付功能,生成所述支付成功信息。If the matching is successful, the payment password verification to be verified is passed, and the payment server completes the payment function according to the payment information, and generates the payment success information.
  5. 根据权利要求3所述的方法,其中,所述震动控制信息包括:所述马达在任意一个震动周期内进行震动或不震动。The method of claim 3 wherein said vibration control information comprises said motor vibrating or not vibrating during any one of the shock periods.
  6. 根据权利要求3所述的方法,其中,采用如下任意一种加密方式对所述转换后的所述震动控制信息进行加密:MD5、RC2、DES和AES。The method according to claim 3, wherein said converted vibration control information is encrypted by any of the following encryption methods: MD5, RC2, DES and AES.
  7. 一种密码的验证装置,包括:A password verification device comprising:
    处理模块,设置为通过感应支付终端的马达震动,生成待验证的支付密码; The processing module is configured to generate a payment password to be verified by sensing motor vibration of the payment terminal;
    发送模块,设置为发送所述支付终端的支付信息和所述支付密码至支付服务器;以及a sending module, configured to send payment information of the payment terminal and the payment password to a payment server;
    接收模块,设置为接收所述支付服务器根据所述支付信息和所述支付密码而生成的反馈结果,其中,所述反馈结果包括:在所述支付密码验证通过的情况下,所述支付服务器根据所述支付信息完成支付功能而生成支付成功信息。a receiving module, configured to receive a feedback result generated by the payment server according to the payment information and the payment password, where the feedback result includes: in case the payment password verification is passed, the payment server is configured according to The payment information completes the payment function to generate payment success information.
  8. 根据权利要求7所述的验证装置,其中,所述处理模块包括:The verification device according to claim 7, wherein the processing module comprises:
    感应模块,设置为感应所述支付终端的马达按照预先设定的震动控制信息进行震动,生成震动信息;The sensing module is configured to sense that the motor of the payment terminal vibrates according to preset vibration control information to generate vibration information;
    转换模块,设置为将感应得到的所述震动信息转换为二进制信息,生成所述待验证的支付密码。The conversion module is configured to convert the sensed vibration information into binary information, and generate the payment password to be verified.
  9. 根据权利要求8所述的验证装置,其中,所述震动控制信息包括:所述马达在任意一个震动周期内进行震动或不震动。The verification device according to claim 8, wherein said vibration control information comprises: said motor vibrating or not vibrating during any one of the vibration periods.
  10. 一种密码的验证系统,包括:A password verification system comprising:
    支付终端,设置为控制马达按照预先设定的震动控制信息进行震动;a payment terminal configured to control the motor to vibrate according to preset vibration control information;
    验证终端,设置为通过感应所述支付终端的马达震动,生成待验证的支付密码;以及a verification terminal configured to generate a payment password to be verified by sensing a motor vibration of the payment terminal;
    支付服务器,设置为接收所述支付终端的支付信息和所述待验证的支付密码,并根据所述支付信息和所述支付密码而生成的反馈结果,其中,所述反馈结果包括:在所述支付密码验证通过的情况下,所述支付服务器根据所述支付信息完成支付功能而生成支付成功信息。 a payment server, configured to receive the payment information of the payment terminal and the payment password to be verified, and generate a feedback result according to the payment information and the payment password, wherein the feedback result includes: In the case where the payment password verification is passed, the payment server generates payment success information by completing the payment function according to the payment information.
PCT/CN2015/089672 2015-07-21 2015-09-15 Password verification method, apparatus and system WO2016131252A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510430318.8A CN106375085B (en) 2015-07-21 2015-07-21 Password verification method, device and system
CN201510430318.8 2015-07-21

Publications (1)

Publication Number Publication Date
WO2016131252A1 true WO2016131252A1 (en) 2016-08-25

Family

ID=56691931

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/089672 WO2016131252A1 (en) 2015-07-21 2015-09-15 Password verification method, apparatus and system

Country Status (2)

Country Link
CN (1) CN106375085B (en)
WO (1) WO2016131252A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10708779B2 (en) * 2017-12-21 2020-07-07 Paypal, Inc. Electronic devices for wave pattern data transfer
CN115086031A (en) * 2022-06-15 2022-09-20 中国银行股份有限公司 Password verification method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814169A (en) * 2010-03-05 2010-08-25 刘辛越 Method and device for realizing secure payment based on payment confirmation terminal and digital certification
CN102254259A (en) * 2010-05-21 2011-11-23 英特尔公司 Method and device for conducting trusted remote payment transactions
CN102638342A (en) * 2012-02-27 2012-08-15 深圳市赛格导航科技股份有限公司 Password authentication method and device based on vibration frequency
CN104715366A (en) * 2015-03-31 2015-06-17 上海斐讯数据通信技术有限公司 Vibration payment system and payment method thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3091443B2 (en) * 1998-10-13 2000-09-25 松下電器産業株式会社 On-board equipment for toll collection facilities

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101814169A (en) * 2010-03-05 2010-08-25 刘辛越 Method and device for realizing secure payment based on payment confirmation terminal and digital certification
CN102254259A (en) * 2010-05-21 2011-11-23 英特尔公司 Method and device for conducting trusted remote payment transactions
CN102638342A (en) * 2012-02-27 2012-08-15 深圳市赛格导航科技股份有限公司 Password authentication method and device based on vibration frequency
CN104715366A (en) * 2015-03-31 2015-06-17 上海斐讯数据通信技术有限公司 Vibration payment system and payment method thereof

Also Published As

Publication number Publication date
CN106375085A (en) 2017-02-01
CN106375085B (en) 2020-06-05

Similar Documents

Publication Publication Date Title
US20230281612A1 (en) Virtual pos terminal method and apparatus
US20210233056A1 (en) Data interaction method, verification terminal, server, and system
US11032243B2 (en) Using individualized APIs to block automated attacks on native apps and/or purposely exposed APIs with forced user interaction
US9836741B2 (en) Authenticating users to ATMs and other secure machines for cardless transactions
US8639619B1 (en) Secure payment method and system
US20130275308A1 (en) System for verifying electronic transactions
JP6704009B2 (en) Mobile payment method using barcodes, device, and server for using the method
US20160014076A1 (en) Using individualized apis to block automated attacks on native apps and/or purposely exposed apis
US20140122344A1 (en) Secure Computing Environment
US20130198078A1 (en) Secure graphical code transactions
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
EP2803023A1 (en) System and method for secure offline payment transactions using a portable computing device
JP7275291B2 (en) Card tap to securely generate card data to copy to clipboard
US20160034990A1 (en) System and method for securely retrieving private data from customer mobile device
US20170195319A1 (en) One time passcode
US20150363774A1 (en) Methods and systems for permissions management with enhanced security
KR20160092017A (en) Multi-factor authentication system and method
US11100511B1 (en) Application-based point of sale system in mobile operating systems
JP6682453B2 (en) data communication
US9246677B2 (en) Method and system for secure data communication between a user device and a server
WO2019199282A1 (en) Deep link authentication
WO2017080755A1 (en) A method, apparatus, system, and computer readable medium for processing an electronic payment transaction with improved security
WO2016131252A1 (en) Password verification method, apparatus and system
KR20110107311A (en) A transaction system and mehod using mobile network, computer program therefor
KR20180001455A (en) Mobile device of authenticating a purchase transaction and method there-of

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15882391

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15882391

Country of ref document: EP

Kind code of ref document: A1