WO2016188281A1 - 信息交互方法、装置及系统 - Google Patents
信息交互方法、装置及系统 Download PDFInfo
- Publication number
- WO2016188281A1 WO2016188281A1 PCT/CN2016/080017 CN2016080017W WO2016188281A1 WO 2016188281 A1 WO2016188281 A1 WO 2016188281A1 CN 2016080017 W CN2016080017 W CN 2016080017W WO 2016188281 A1 WO2016188281 A1 WO 2016188281A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- server
- terminal
- information
- service operation
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/20—Point-of-sale [POS] network systems
- G06Q20/206—Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3274—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being displayed on the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3276—Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the present application relates to the field of network information interaction technologies, and in particular, to an information interaction method, apparatus, and system.
- a terminal device that cannot connect to the network for example, a wearable device (such as a smart watch), etc.
- communication interaction cannot be performed with the payment server, and the user cannot perform information interaction through the terminal device to implement payment.
- the terminal device such as a mobile phone
- the payment server cannot communicate with the payment server, and the user cannot perform information exchange through such offline terminal device to implement payment.
- the user cannot perform information exchange through such an offline terminal device to realize payment.
- the purpose of the application is to provide a method, device and system for information interaction, which can also realize safe and convenient payment when the terminal device is in an offline state.
- the application provides an information interaction method, and the method includes:
- the terminal receives an authentication factor that is sent by the first server, where the authentication factor carries the user's authentication key, account information, and dynamic time factor, and the first server requests the first service at the terminal.
- the server that performs the first service operation after authenticating the terminal during operation;
- the information includes an authentication key of the user, device account information, and a dynamic password.
- the dynamic password is generated according to the dynamic time factor
- the device account information is generated according to the account information of the user and the device information of the terminal. .
- the application further provides an information interaction method, where the method includes:
- the second server obtains the authentication information of the first service operation carried in the graphic identifier displayed on the terminal, and the authentication information of the first service operation includes the user's authentication key, device account information, and dynamic password;
- the authentication information of the first service operation is authenticated, and the first service operation is completed when the authentication is passed;
- the application further provides an information interaction method, where the method includes:
- the first server receives the first service operation request sent by the second server, where the first service operation request is obtained by the second server by acquiring the first service operation carried in the graphic identifier displayed on the terminal.
- the first information operation request carries the authentication information and the service data of the first service operation, and the authentication information of the first service operation includes the user's authentication secret. Key, device account information and dynamic password;
- the authentication is performed according to the authentication information carried in the first service operation request, and when the authentication is passed, the first server completes the first service operation.
- the application further provides a terminal, where the terminal includes:
- the receiving unit receives an authentication factor that is sent by the first server, where the authentication factor carries the user's authentication key, account information, and a dynamic time factor, and the first server requests the terminal The server that completes the first service operation after authenticating the terminal during a service operation;
- a binding unit configured to generate binding authentication information by using the authentication factor received by the receiving unit and device information of the terminal;
- a sending unit which returns the binding authentication information generated by the binding unit to the first server, so that the first server is authorized by the first service operation according to the binding authentication information;
- the processing unit generates, according to the authentication factor received by the receiving unit, a graphic identifier for performing the first service operation offline, where the graphic identifier carries the authentication information of the first service operation, where the The authentication information of a service operation includes an authentication key, device account information and a dynamic password of the user, the dynamic password is generated according to the dynamic time factor, and the device account information is based on the account information and the user of the user.
- the device information of the terminal is generated.
- the application further provides a server, where the server includes:
- An obtaining unit which acquires authentication information of a first service operation carried in a graphic identifier displayed on the terminal, where the authentication information of the first service operation includes an authentication key, a device account information, and a dynamic password of the user;
- the processing unit generates a first service operation request by using the authentication information of the first service operation and the service data acquired by the acquiring unit;
- a sending unit where the first service operation request generated by the processing unit is sent to the first server, so that the first server is configured according to the first service carried in the first service operation request
- the authentication information of the operation is authenticated, and the first service operation is completed when the authentication is passed;
- the receiving unit receives the result of the first service operation returned by the first server.
- the application further provides a server, where the server includes:
- a first service operation request sent by the second server where the first service operation request is obtained by the second server to obtain the authentication of the first service operation carried in the graphic identifier displayed on the terminal
- the information generated by the information and the service data, the first service operation request carrying the authentication information and the service data of the first service operation, and the authentication information of the first service operation includes the authentication key of the user , device account information and dynamic password;
- the processing unit performs authentication according to the authentication information of the first service operation carried in the first service operation request received by the receiving unit, and when the authentication is passed, the first server completes the first service. operating.
- the application further provides an electronic device, where the electronic device includes:
- the memory stores an authentication factor sent by the first server and a program for generating a graphic identifier for performing the first service operation offline according to the authentication factor, when the program is executed by the processor,
- the display area of the display displays the graphic identifier for performing the first service operation offline, the graphic identifier carries the authentication information of the first service operation, and the authentication information of the first service operation includes the The user's authentication key, the device account information, and the dynamic password are generated, and the dynamic password is generated according to the dynamic time factor, and the device account information is generated according to the account information of the user and the device information of the terminal.
- the application further provides an information interaction system, where the system includes: a terminal, a first server, and a second server;
- the terminal When the terminal is offline, the terminal displays a graphic identifier for completing the first service operation, where the graphic identifier carries the authentication information of the first service operation, and the authentication information of the first service operation includes the user's Right key, device account information and dynamic password;
- the second server generates a first service operation request by using the authentication information of the first service operation and the service data, and sends the first service operation request to the first server;
- the first server performs authentication according to the authentication information of the first service operation carried in the first service operation request, and when the authentication is performed, the first server completes the first service operation. .
- the information interaction method, device and system provided by the embodiment of the present invention generate a dynamic graphic identifier for offline service operation by using the binding authentication information and the dynamic time factor, and can use the graphic identifier to perform information when the terminal is offline.
- the interaction, the implementation of the secure payment, or the terminal device that cannot make the network connection can also use the graphic identifier to perform information interaction and realize secure payment.
- the application can realize safe and convenient payment when the terminal device is in an offline state.
- FIG. 1 is a schematic structural diagram of an information interaction system according to an embodiment of the present application.
- FIG. 2 is a schematic structural diagram of still another information interaction system according to an embodiment of the present application.
- FIG. 3 is a flowchart of a terminal side of an information interaction method according to an embodiment of the present application.
- FIG. 3b is a flowchart of a method for a terminal side to perform offline payment according to an embodiment of the present application
- FIG. 4 is a flowchart of a second server side of an information interaction method according to an embodiment of the present application.
- FIG. 5 is a flowchart of a first server side of an information interaction method according to an embodiment of the present application
- FIG. 5b is a flowchart of a method for a first server side to perform offline payment authorization according to an embodiment of the present application
- FIG. 5 is a flowchart of still another method for the first server side to perform offline payment authorization according to an embodiment of the present application
- FIG. 6 is an interaction diagram of an information interaction method according to an embodiment of the present application.
- FIG. 7 is an interaction diagram of an offline payment authorization of a mobile phone according to an embodiment of the present application.
- FIG. 8 is an interaction diagram of another offline smart payment (smart watch) according to an embodiment of the present application.
- FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present application.
- FIG. 10 is a schematic structural diagram of a second server according to an embodiment of the present application.
- FIG. 11 is a schematic structural diagram of a first server according to an embodiment of the present application.
- FIG. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
- the information interaction method and device provided by the embodiments of the present application are applicable to various types of smart mobile terminal devices, for example, terminal devices such as smart phones and tablet computers, and are particularly suitable for smart wearable devices that do not have network connection functions, for example, smart watches. , smart bracelets and other equipment.
- FIG. 1 is a schematic structural diagram of an information interaction system according to an embodiment of the present application.
- a terminal 1 a terminal 1, a merchant server 2 (second server), and a payment server 3 (first server).
- the terminal 1 in the figure is a terminal having a network connection function, such as a smartphone, a tablet, etc., and the terminal 1 can have a network connection with the payment server 3.
- the dotted line in the figure indicates that the terminal 1 failed to make a network connection with the payment server 3 in the actual use scenario.
- the terminal 1 When the terminal 1 is in the online state, the terminal 1 can make a network connection with the payment server 3, and the terminal 1 requests the payment server 3 to perform offline payment authorization.
- the authentication server 3 issues an authentication factor to the terminal 1.
- the terminal 1 is in an offline state, and displays a payment authentication graphic identifier generated according to the authentication factor delivered by the payment server 3 on the screen, and the merchant server 2 obtains the payment authentication by scanning the graphic identifier.
- the information is sent to the payment server 3 by the payment server 3 and the payment server 3, and the payment server 3 verifies the payment authentication information. When the verification is passed, the payment server 3 performs the payment.
- the merchant server 2 includes a front scan code end 21 and a background service end 22.
- the front scan code end 21 is mainly equipped with a scan code gun, and is transmitted to the background server 22 by scanning the graphic identifier displayed on the terminal 1.
- the background server 22 mainly completes the parameter verification of the foreground scanning code terminal 21, and extracts the payment authentication information in the graphic identification. After the background server 22 preprocesses the merchant order parameters, it submits an order creation and payment request to the payment server 3.
- FIG. 2 is a schematic structural diagram of another information interaction system according to an embodiment of the present application.
- the terminal 1 in the figure is a terminal that does not have a network connection function, such as a smart watch, a smart bracelet, and the like.
- the terminal 1 cannot establish a network connection with the payment server 3, but the terminal 1 can be built by other communication modules (such as Bluetooth) and the second terminal 4 having the network connection function.
- the connection is established, and the authentication factor delivered by the payment server 3 is obtained by the second terminal 4.
- the dotted line in the figure indicates that after the offline payment authorization, the second terminal 4 having the network connection function may not be required in the actual use scenario.
- the specific information interaction process is described below.
- FIG. 3 is a flowchart of a terminal of an information interaction method according to an embodiment of the present disclosure. As shown in FIG. 3 a , the information interaction method in the embodiment of the present application includes:
- the terminal receives an authentication factor sent by the first server.
- the authentication factor carries the user's authentication key, account information, and dynamic time factor.
- the first service operation includes a network exchange operation of the virtual resource, for example, a payment amount, a verification voucher, and the like.
- the first server is a server that completes the first service operation after authenticating the terminal when the terminal requests the first service operation.
- the first service operation is the payment
- the offline first service operation is the offline payment
- the first service operation request is the payment request
- the first server is the payment server
- the second server is the merchant server.
- the network switching operation of other virtual resources is similar.
- the terminal When the terminal is in the online state, the terminal establishes a network connection with the first server, and requests the first server to perform offline payment authentication, and the first server sends the authentication factor to the terminal after authenticating the authentication. .
- the method may include the following steps: the terminal sends an account authentication request to the first server; receives the verification result sent by the first server after the identity verification succeeds; and sends an verification request of the offline payment authorization to the first service. Receiving an authentication factor that is sent by the first server after being authenticated by the authorization.
- S102 Generate binding authentication information by using the authentication factor and device information of the terminal, and return the binding authentication information to the first server, so that the first server is configured according to the binding.
- the authentication information is authorized by the first service operation.
- the terminal In order to be able to securely and quickly pay when the user is offline, the terminal needs to bind the device information and the authentication factor sent by the first server to the first server when the online state is online. Verify authentication to obtain payment authorization for offline payments.
- the authentication information of the first service operation includes an authentication key, a device account information, and a dynamic password of the user, where the dynamic password is generated according to the dynamic time factor, and the device account
- the information is generated according to the account information of the user and the device information of the terminal.
- the graphic identifier is a two-dimensional code or a barcode.
- the dynamic password remains unchanged in the same time window, and is regenerated according to the dynamic time factor to dynamically change in the next time window. This can ensure the security of payment authentication information and achieve the purpose of anti-counterfeiting.
- the dynamic password is specifically calculated by using a method for calculating a one-time password by using an authentication key of the user, the dynamic time factor, the device account information, and a preset password length.
- the display mode of the graphic identifier is a two-dimensional code, the amount of information that can be carried is large, and the preset password length of the one-time password can be increased to improve security.
- a graphic identifier for offline payment is generated, so that the merchant side scan code obtains the payment authentication information carried in the graphic identifier, so that the offline payment is completed by the second server.
- S103 may include the following steps:
- S1031 Receive a display instruction that displays the graphic identifier for offline payment.
- S1032 Generate a graphic identifier for offline payment according to an authentication factor.
- the terminal displays the graphic identifier to perform payment by using the graphic identifier in an offline state.
- the display manner of the graphic identifier includes one or a combination listed below: a barcode and a two-dimensional code.
- the method further includes: S1034: When receiving the switching instruction of the graphic identifier display mode, switching the display manner of the graphic identifier.
- the display mode of the barcode is switched; otherwise, if the display mode of the current graphic identifier is a barcode, the display mode of the two-dimensional code is switched.
- the second terminal For a terminal (such as a smart watch) that cannot directly establish a network connection with the first server, the second terminal (for example, a smart phone) that can establish a network connection with the first server can receive the delivery by the first server. An authentication factor; and returning, by the second terminal, the binding authentication information to the first server.
- a terminal such as a smart watch
- the second terminal for example, a smart phone
- the second terminal in the online state sends an account authentication request to the first server; the second terminal receives the verification result sent by the first server after the identity verification succeeds; the second terminal in the online state Sending an authentication request for the offline payment authorization to the first server; the second terminal receiving an authentication factor sent by the first server after being authenticated by the authorization.
- the second terminal After obtaining the authentication factor, the second terminal sends an authentication factor to the terminal. Similarly, after acquiring the authentication factor, the terminal is bound to the terminal device information, and sends the binding authentication information by the second terminal, so that the first server passes the terminal according to the binding authentication information. Payment authorization to implement offline payment of the terminal.
- a management program of the terminal is installed on the second terminal.
- a smart watch management application (management APP) is installed on the smart phone, and the mobile phone's APP integrates the payment account login verification and the like, and the mobile terminal's login, payment authentication and the like functions.
- the mobile phone terminal can realize the watch.
- Bluetooth communication sending authentication parameters (authentication factors) to the watch end, and handling functions such as secure communication with the first server and the watch.
- the watch end completes the secure communication with the mobile terminal, stores and updates the generation parameters of the payment authentication information, and then generates the payment authentication information according to the generation parameter of the payment authentication information, and displays it in the form of a two-dimensional code or a bar code.
- FIG. 4 is a flowchart of a second server side of an information interaction method according to an embodiment of the present disclosure. As shown in FIG. 4, the information interaction method in the embodiment of the present application includes:
- the second server obtains payment authentication information carried in the graphic identifier displayed on the terminal.
- the payment authentication information includes an authentication key, device account information, and a dynamic password.
- the second server includes a front-end scan code end and a background service end.
- the front scan code end is mainly equipped with a scan code gun, and is transmitted to the background server by scanning the two-dimensional code displayed on the terminal or the graphic identifier of the barcode.
- the background server mainly completes the parameter verification of the front scan code end, and extracts the payment authentication information in the graphic identifier.
- S202 Generate a payment request by using the payment authentication information and the service data, and send the payment request to the first server, so that the first server performs payment according to the payment authentication information carried in the payment request. Authentication, and payment is made when the payment is authenticated.
- the background server of the second server preprocesses the service data (the merchant order parameter), and then generates the order and payment request by the payment authentication information and the service data, and sends the request and the payment request to the first server.
- the second server receives the payment result returned by the first server.
- FIG. 5 is a flowchart of a first server side of an information interaction method according to an embodiment of the present application. As shown in FIG. 5a, the information interaction method in the embodiment of the present application includes:
- the first server receives a payment request sent by the second server, where the payment request carries payment authentication information and service data.
- the payment authentication information includes an authentication key, device account information, and a dynamic password.
- the first server receives the payment request sent by the second server, where the request carries the payment authentication information of the terminal.
- S302 Perform payment authentication according to the payment authentication information carried in the payment request, and when the payment is authenticated, the first server performs payment.
- the performing the payment authentication according to the payment authentication information carried in the payment request specifically: verifying the device account information and the authentication key carried in the payment authentication information Whether the binding relationship is correct, and whether the dynamic password is valid according to the dynamic time factor in the authentication factor; if yes, the payment is authenticated by the payment.
- the method further includes:
- the first server performs online account binding on the terminal.
- the first server performs online account binding on the terminal, and specifically includes:
- the first server receives an account identity verification request sent by the terminal.
- the account authentication request carries the account information of the user.
- S402. Determine whether the account identity verification request passes the verification. If the verification is successful, send the result of the verification success to the terminal.
- S404 Determine whether the verification request is successful. If the verification is successful, generate an authentication key of the user, and calculate a dynamic time factor of the first server.
- S407. Receive binding authentication information submitted by the terminal, where the binding authentication information is generated by binding the authentication factor with device account information.
- S408 Perform authorization verification on the binding authentication information, and when the authorization is passed, complete the offline payment authorization verification.
- the method further includes: generating the compressed string by using the authentication key and the account information of the user, and the compressed string and the authentication key and The user's account information forms a one-to-one mapping relationship.
- the one-to-one corresponding authentication key and the user's account information may also be found through the compressed string.
- the authentication factor is generated by using the authentication key, the compressed string, and the dynamic time factor. Specifically, if SN is used to represent the authentication factor, key represents the user's authentication key, Seq represents the compressed string of the device account information, UserId represents the account identification information, Did represents the device identification information, timestamp represents the dynamic time factor, and N represents the pre- Set the password length, Zip represents the one-to-one mapping relationship, OTP represents the dynamic password, and Tag represents the authentication information identifier, then the authentication factor can pass Use the following formula to get:
- OTP HOTP(Key,Tag+Seq+timestamp,N)
- the online account is bound by a second terminal that can establish a network connection with the first server.
- the first server performs online account binding on the terminal, and similarly to FIG. 5b, specifically includes:
- the first server receives an account identity verification request sent by the second terminal.
- the account authentication request carries the account information of the user.
- S503. Receive an authentication request for offline payment authorization verification sent by the second terminal.
- S504. Determine whether the verification request is successful. If the verification is successful, generate an authentication key of the user, and calculate a dynamic time factor of the first server.
- S505. Generate an authentication factor by using the authentication key, a dynamic time factor, and the account information of the user.
- S507. Receive the binding authentication information that is sent by the terminal and is returned by the terminal, where the binding authentication information is generated by binding the authentication factor with device account information.
- the second terminal After receiving the result of the authorization by the first server, the second terminal sends the result to the terminal.
- FIG. 6 is an interaction diagram of an information interaction method according to an embodiment of the present application. As shown in FIG. 6, the method includes:
- the terminal receives a display instruction for displaying the graphic identifier, and switches to a display interface of the graphic identifier.
- the user After the user determines the order content and the amount with the merchant, the user operates the terminal to display the graphic identifier for offline payment, and the terminal receives the display instruction of the user and switches to the display interface of the graphic identifier.
- the terminal generates payment authentication information according to the authentication factor.
- the payment authentication information may be payment authentication information in a two-dimensional code presentation form, or may be payment authentication information in a barcode presentation form.
- the terminal displays the graphic identifier according to the interface and the type of the scanning code gun for scanning the code.
- the terminal displays the graphic identifier according to the required presentation manner under the operation instruction of the user.
- the front scan code end of the second server obtains the payment authentication information.
- the front scan code end performs local data processing on the order information.
- the foreground scan code end sends the order information and the payment authentication information to generate a payment request of the foreground scan code end to the background server of the second server, so that the background server verifies the payment request of the front scan code end.
- the background server extracts payment authentication information and order service information, generates a payment request, and sends the payment request to the first server.
- the first server extracts, from the payment request, the payment authentication information and the merchant information in the order service information.
- the first server authenticates the payment authentication information.
- the first server returns a payment result to the second server.
- the terminal in Figure 6 is a terminal that has been bound by an online account.
- the interaction process of online account binding is introduced below through FIG. 7 and FIG. 8.
- the terminal in FIG. 7 is a terminal that can directly establish a connection with the first server
- the terminal in FIG. 8 is a terminal that cannot directly establish a connection with the first server.
- the terminal in FIG. 7 is a mobile phone
- the terminal in FIG. 8 is a watch
- the second terminal is a mobile phone.
- FIG. 7 is an interaction diagram of an offline payment authorization (mobile phone) provided by an embodiment of the present application. As shown in FIG. 7, the method includes:
- the account authentication request carries the account information of the user.
- the first server determines whether the account identity verification request passes the verification. If the verification succeeds, the result of the verification success is sent to the terminal. Otherwise, the process ends.
- the terminal sends an verification request for the offline payment authorization to the first server.
- the first server determines whether the verification request is successful. If the verification is successful, the process proceeds to S705. Otherwise, the process ends.
- the first server generates an authentication key of the user.
- the first server generates a compression string by using an authentication key and account information.
- the first server calculates a dynamic time factor of the first server.
- the first server generates an authentication factor by using the authentication key, a dynamic time factor, and the account information of the user.
- the first server performs communication encryption processing on the authentication factor.
- the first server returns the authentication factor to the terminal.
- the terminal receives the authentication factor sent by the first server after being authenticated by the authorization, and uses the authentication factor to generate binding authentication information with the device information of the terminal, and submits binding authentication. Information to the first server.
- S712 The first server parses the binding authentication information, and verifies whether the authorization is passed according to the account, the authentication key, and the dynamic time factor. If yes, the process proceeds to S713; otherwise, the process ends.
- S713 The first server payment authorization is successful, and the payment is performed.
- FIG. 8 is an interaction diagram of another offline smart payment (smart watch) provided by the embodiment of the present application. As shown in FIG. 8 , the method includes:
- the account authentication request carries the account information of the user.
- the first server determines whether the account identity verification request passes the verification. If the verification succeeds, the result of the verification success is sent to the second terminal. Otherwise, the process ends.
- the second terminal sends an verification request for the offline payment authorization to the first server.
- the first server determines whether the verification request is successful. If the verification is successful, the process proceeds to S805. Otherwise, the process ends.
- the first server generates an authentication key of the user.
- the first server calculates a dynamic time factor of the first server.
- the first server generates an authentication factor by using the authentication key, a dynamic time factor, and the account information of the user.
- the first server performs communication encryption processing on the authentication factor.
- the first server returns the authentication factor to the second terminal, and the second terminal parses the authentication factor.
- the second terminal writes an authentication factor into the terminal (watch), and the terminal receives the authentication factor.
- the terminal encrypts and saves the authentication factor.
- the terminal generates binding authentication information by using an authentication factor and device information of the terminal.
- the terminal sends the binding authentication information to the second terminal.
- the second terminal submits payment account binding authentication information to the first server.
- S815 The first server parses the binding authentication information, and verifies whether the authorization is passed according to the account, the authentication key, and the dynamic time factor. If yes, the process proceeds to S816; otherwise, the process ends.
- S816 The first server end payment authorization is successful, and the payment is performed.
- the information interaction method provided by the embodiment of the present invention generates a dynamic graphic identifier for offline payment by using the bundled payment authentication information and the dynamic time factor, so that the graphic identifier can also be used for secure payment when the terminal device is offline. , can achieve safe and convenient payment.
- the graphic identifier barcode/two-dimensional code
- the first server may be based on the binding relationship of the account, the device, and the authentication key, and
- the HOTP signature result verifies the validity of the One-Time Password to determine whether payment verification is completed for secure and convenient offline payment.
- FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present disclosure.
- the terminal of the present application includes: a receiving unit 901, a binding unit 902, a sending unit 903, and a processing unit 904.
- the receiving unit 901 receives the authentication factor delivered by the first server.
- the authentication factor carries the user's authentication key, account information, and dynamic time factor.
- the binding unit 902 generates binding authentication information by using the authentication factor received by the receiving unit 901 and the device information of the terminal.
- the sending unit 903 returns the binding authentication information generated by the binding unit 902 to the first server, so that the first server passes the payment authorization according to the binding authentication information.
- the processing unit 904 generates a graphic identifier for offline payment according to the authentication factor received by the receiving unit 901, where the graphic identifier carries payment authentication information.
- the payment authentication information includes an authentication key, device account information, and a dynamic password of the user, the dynamic password is generated according to the dynamic time factor, and the device account information is according to the account information of the user and the Device information generation of the terminal.
- the receiving unit 901 before the processing unit 904 generates the graphical identification, the receiving unit 901 further receives a display instruction to display the graphical identification.
- the processing unit 904 after receiving the display instruction by the receiving unit 901, generates a graphic identifier for offline payment according to the authentication factor.
- the terminal further includes: a display unit (not shown) that displays the graphic identifier generated by the processing unit 904 to perform payment using the graphic identifier in an offline state.
- the display manner of the graphic identifier displayed by the display unit includes one or a combination listed below: a barcode, a two-dimensional code.
- the receiving unit 901 further receives a switching instruction of the graphic identifier display mode.
- the processing unit 904 switches the display manner of the graphic identifier displayed by the display unit.
- the receiving unit 901 receives the authentication factor that is sent by the first server by using the second terminal, and the sending unit 903 returns the binding authentication information to the first server by using the second terminal.
- the sending unit 903 further sends an account identity verification request to the first server; the receiving unit 901 receives the payment authorization sent by the first server after the identity verification succeeds; and the sending unit 903 sends the verification of the offline payment authorization.
- the request is sent to the first server; the receiving unit 901 receives an authentication factor that is sent by the first server after being authenticated by the authorization.
- the functions of the above units may correspond to the processing steps of the above information interaction method described in detail in FIGS. 3a to 3b, and details are not described herein again.
- FIG. 10 is a schematic structural diagram of a server provided by an embodiment of the present disclosure. As shown in FIG. 10, the server includes: an obtaining unit 1001, a processing unit 1002, a sending unit 1003, and a receiving unit 1004.
- the obtaining unit 1001 acquires payment authentication information carried in the graphic identifier displayed on the terminal.
- the payment authentication information includes an authentication key, device account information, and a dynamic password.
- the processing unit 1002 generates a payment request by using the payment authentication information acquired by the obtaining unit 1001 and the service data.
- the sending unit 1003 sends the payment request generated by the processing unit 1002 to the first server, so that the first server performs payment authentication according to the payment authentication information carried in the payment request, and passes The payment is made when the payment is authenticated.
- the receiving unit 1004 receives the payment result returned by the first server 3.
- FIG. 11 is a schematic structural diagram of a server provided by an embodiment of the present application. As shown in FIG. 11, the server includes: a receiving unit 1101, a processing unit 1102, and a sending unit 1103.
- the receiving unit 1101 receives a payment request sent by the second server, where the payment request carries payment authentication information and service data.
- the payment authentication information includes an authentication key, device account information, and a dynamic password.
- the processing unit 1102 performs payment authentication according to the payment authentication information carried in the payment request received by the receiving unit 1101, and when the payment is authenticated, the server performs payment.
- the processing unit 1102 also performs account binding on the terminal.
- the first case is a first case:
- the receiving unit 1101 receives an account identity verification request sent by the terminal, where the account identity verification request carries account information of the user.
- the processing unit 1102 determines whether the account identity verification request passes the verification. If the verification is successful, the sending unit 1103 sends the result of the verification success to the terminal.
- the receiving unit 1101 receives an authentication request for offline payment authorization verification sent by the terminal.
- the processing unit 1102 determines whether the verification request is successful, and if the verification is successful, generates an authentication key of the user, and calculates a dynamic time factor of the server; and uses the authentication key, a dynamic time factor, and The account information of the user generates an authentication factor.
- the sending unit 1103 sends the authentication factor generated by the processing unit 1102 to the terminal.
- the receiving unit 1101 receives the binding authentication information submitted by the terminal, and the binding authentication information is generated by binding the authentication factor with the device account information.
- the processing unit 1102 performs authorization verification on the binding authentication information, and when authorized, completes The offline payment authorization verification.
- the second case is a first case
- the receiving unit 1101 receives an account identity verification request sent by the second terminal, where the account identity verification request carries the account information of the user.
- the processing unit 1102 determines whether the account identity verification request passes the verification. If the verification is successful, the sending unit 1103 sends the result of the verification success to the second terminal.
- the receiving unit 1101 receives the verification request of the offline payment authorization verification sent by the second terminal.
- the processing unit 1102 determines whether the verification request is successful, and if the verification is successful, generates an authentication key of the user, and calculates a dynamic time factor of the server; and uses the authentication key, a dynamic time factor, and The account information of the user generates an authentication factor.
- the sending unit 1103 sends the authentication factor to the second terminal, so that the second terminal sends the authentication factor to the terminal.
- the receiving unit 1101 receives the binding authentication information that is returned by the terminal and is returned by the terminal, where the binding authentication information is generated by the terminal binding with the device account information by using the authentication factor.
- the processing unit 1102 performs authorization verification on the binding authentication information, and when authorized, completes the offline payment authorization verification.
- the processing unit 1102 after generating the authentication key of the user, further generates a compressed string by using the authentication key and the account information of the user, where the compressed string and the authentication key are The user's account information forms a one-to-one mapping relationship.
- the processing unit 1102 generates an authentication factor by using the authentication key, the dynamic time factor, and the account information of the user, specifically, by using the authentication key, the compressed string, and the dynamic time factor to generate the Authentication factor.
- the processing unit 1102 is configured to verify whether the binding relationship between the device account information and the authentication key carried in the payment authentication information is correct, and according to the dynamic time factor check in the authentication factor. Whether the dynamic password is valid; if yes, the payment is authenticated.
- the functions of the above units may correspond to the processing steps of the above information interaction method described in detail in FIGS. 5a to 5c, and details are not described herein again.
- FIG. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in FIG. 12, the electronic device includes: a display 1201, a processor 1202, a memory 1203, and a communication module 1204.
- the memory 1203 stores an authentication factor delivered by the first server and a program for generating a graphic identifier for offline payment according to the authentication factor, and when the program is executed by the processor, displaying in a display area of the display
- the graphic identifier for offline payment where the graphic identifier carries payment authentication information, where the payment authentication information includes an authentication key, device account information, and a dynamic password of the user, where the dynamic password is based on
- the dynamic time factor is generated, and the device account information is generated according to the account information of the user and the device information of the terminal.
- the communication module 1204 communicates with the second electronic device, and receives an authentication factor sent by the first server that is sent by the second electronic device, and sends the binding authentication information to the The second electronic device forwards to the first server.
- the communication module 1204 is a Bluetooth module or a WiFi module.
- the dynamic password remains unchanged in the same time window, and in the next time window, is regenerated according to the dynamic time factor to dynamically change.
- the dynamic password is specifically calculated by using a method for calculating a one-time password by using an authentication key of the user, the dynamic time factor, the device account information, and a preset password length.
- the device account information is a compressed string obtained by using the account information of the user and the device information of the terminal that displays the graphic identifier.
- the graphic identifier is a two-dimensional code or a barcode.
- the application further provides an information interaction system, including: a terminal, a first server, and a second server;
- the shape identifier carries the authentication information of the first service operation, and the authentication information of the first service operation includes the user's authentication key, device account information, and dynamic password;
- the second server generates a first service operation request by using the authentication information of the first service operation and the service data, and sends the first service operation request to the first server;
- the first server performs authentication according to the authentication information of the first service operation carried in the first service operation request, and when the authentication is performed, the first server completes the first service operation. .
- the method further includes:
- the terminal generates, according to the authentication factor sent by the first server, the graphic identifier that carries the authentication information of the first service operation.
- the method before the generating, by the terminal, the graphic identifier that carries the authentication information of the first service operation according to the authentication factor that is sent by the first server, the method further includes:
- the terminal When the terminal is in an online state, the terminal sends an authorization verification request to the first server to complete the first service operation offline;
- the first server verifies the authorization verification request, and after the verification succeeds, the first server sends an authentication factor to the terminal, where the authentication factor includes the user's authentication key and account information. And server time;
- the terminal uses the authentication factor to bind the device account information to generate a binding authentication code, and sends the binding authentication code to the first server.
- the first server performs authorization verification on the binding authentication code, and when the authorization is passed, the authorization verification is completed.
- the terminal generates the bearer according to the authentication factor sent by the first server.
- the method further includes:
- the second terminal in the online state sends an authorization verification request to the first server to complete the first service operation offline;
- the first server verifies the authorization verification request, and after the verification succeeds, the first server sends an authentication factor to the second terminal, where the authentication factor includes an authentication key of the user, Account information and server time;
- the terminal uses the authentication factor to be bound to the device account information to generate a binding authentication code, and sends the binding authentication code to the second terminal;
- the second terminal submits the binding authentication code to the first server
- the first server performs authorization verification on the binding authentication code, and when the authorization is passed, the authorization verification is completed.
- the method further includes:
- the second terminal sends an account authentication request to the first server, where the account identity verification request carries account information of the user;
- the first server verifies the account identity verification request, and when the verification is passed, sends a result of the verification success to the second terminal.
- the method before the verifying that the first server sends the authentication factor, the method further includes:
- the first server After the verification is successful, the first server generates an authentication key of the user, and calculates a dynamic time factor
- the first server generates an authentication factor by using the authentication key, a dynamic time factor, and the account information of the user.
- the first server performs authorization verification on the binding authentication code, and specifically includes:
- the verification is performed according to the authentication key, the device account information, and the server time obtained by the parsing.
- the method further includes:
- the first server returns a result of the first service operation to the second server, so that the second server confirms the result of the first service operation.
- the information interaction method, device and system provided by the embodiment of the present invention generate a dynamic graphic identifier for offline payment by using the bundled payment authentication information and the dynamic time factor, so that the graphic can also be adopted when the terminal device is offline.
- the logo is securely paid for safe and convenient payment.
- the steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented in hardware, a software module executed by a processor, or a combination of both.
- the software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field. Any other form of storage medium known.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephonic Communication Services (AREA)
- User Interface Of Digital Computer (AREA)
Abstract
Description
Claims (32)
- 一种信息交互方法,其特征在于,所述方法包括:终端接收第一服务端下发的鉴权因子,所述鉴权因子中携带有用户的鉴权密钥、账户信息和动态时间因子,所述第一服务端为在所述终端请求第一业务操作时对所述终端进行鉴权后完成所述第一业务操作的服务端;利用所述鉴权因子与所述终端的设备信息生成绑定鉴权信息,返回所述绑定鉴权信息给所述第一服务端,以便所述第一服务端根据所述绑定鉴权信息通过所述第一业务操作授权;根据所述鉴权因子生成用于离线完成所述第一业务操作的图形标识,所述图形标识携带有所述第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括所述用户的鉴权密钥、设备账户信息及动态密码,所述动态密码根据所述动态时间因子生成,所述设备账户信息根据所述用户的账户信息和所述终端的设备信息生成。
- 根据权利要求1所述的方法,其特征在于,所述根据鉴权因子生成用于离线完成所述第一业务操作的图形标识之前,还包括:接收显示所述用于离线完成所述第一业务操作的图形标识的显示指令;在接收到所述显示指令之后,执行根据所述鉴权因子生成用于离线完成所述第一业务操作的图形标识;在根据所述鉴权因子生成用于离线完成所述第一业务操作的图形标识之后,还包括:所述终端显示所述图形标识,以便在离线状态下利用所述图形标识完成所述第一业务操作。
- 根据权利要求2所述的方法,其特征在于,所述图形标识的显示方式包括以下所列的一种或结合:条形码、二维码;在所述终端显示所述图形标识之后,还包括:当接收到所述图形标识显示方式的切换指令时,切换所述图形标识的显 示方式。
- 根据权利要求1所述的方法,其特征在于,所述终端通过第二终端接收所述第一服务端下发的鉴权因子;并通过所述第二终端返回所述绑定鉴权信息给所述第一服务端。
- 根据权利要求1所述的方法,其特征在于,在所述接收第一服务端下发的鉴权因子之前,还包括:所述终端发送账户身份验证请求给所述第一服务端;接收所述第一服务端在身份验证成功后发送的验证结果;发送离线第一业务操作的授权验证请求给所述第一服务端;接收所述第一服务端在通过授权验证后下发的鉴权因子。
- 根据权利要求1所述的方法,其特征在于,所述动态密码在同一时间窗口内保持不变,在下一个时间窗口时,则根据所述动态时间因子重新生成,以进行动态变化。
- 根据权利要求1所述的方法,其特征在于,所述动态密码具体利用所述用户的鉴权密钥、所述动态时间因子、所述设备账户信息以及预设密码长度,根据一次性口令的计算方法计算得到。
- 一种信息交互方法,其特征在于,所述方法包括:第二服务端获取终端上显示的图形标识中所携带的第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括用户的鉴权密钥、设备账户信息及动态密码;利用所述第一业务操作的鉴权信息与业务数据生成第一业务操作请求,并发送给所述第一服务端,以便所述第一服务端根据所述第一业务操作请求中所携带的所述第一业务操作的鉴权信息进行鉴权,并在通过鉴权时完成所述第一业务操作;接收所述第一服务端返回的所述第一业务操作的结果。
- 一种信息交互方法,其特征在于,所述方法包括:第一服务端接收第二服务端发送的第一业务操作请求,所述第一业务操作请求由所述第二服务端通过获取终端上显示的图形标识中携带的所述第一业务操作的鉴权信息与业务数据所生成的请求,所述第一业务操作请求中携带有所述第一业务操作的鉴权信息和业务数据,所述第一业务操作的鉴权信息包括用户的鉴权密钥、设备账户信息及动态密码;根据所述第一业务操作请求中所携带的所述鉴权信息进行鉴权,当通过鉴权时,所述第一服务端完成第一业务操作。
- 根据权利要求9所述的方法,其特征在于,在接收第二服务端发送的第一业务操作请求之前,还包括:所述第一服务端对所述终端进行在线账户绑定。
- 根据权利要求10所述的方法,其特征在于,所述第一服务端对所述终端进行在线账户绑定,具体包括:接收所述终端发送的账户身份验证请求,所述账户身份验证请求中携带有用户的账户信息;判断所述账户身份验证请求是否通过验证,若验证成功,则发送验证成功的验证结果给所述终端;接收所述终端发送的离线完成所述第一业务操作的授权验证请求;判断所述授权验证请求是否验证成功,若验证成功,则生成所述用户的鉴权密钥,并计算所述第一服务端的动态时间因子;利用所述用户的鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子;将所述鉴权因子下发给所述终端;接收所述终端提交的绑定鉴权信息,所述绑定鉴权信息是利用所述鉴权因子与设备账户信息绑定生成的;对所述绑定鉴权信息进行授权验证,当通过授权时,完成所述授权验证。
- 根据权利要求10所述的方法,其特征在于,所述第一服务端对所述 终端进行在线账户绑定,具体包括:接收第二终端发送的账户身份验证请求,所述账户身份验证请求中携带有用户的账户信息;判断所述账户身份验证请求是否通过验证,若验证成功,则发送验证成功的验证结果给所述第二终端;接收第二终端发送的离线完成所述第一业务操作的授权验证请求;判断所述授权验证请求是否验证成功,若验证成功,则生成所述用户的鉴权密钥,并计算所述第一服务端的动态时间因子;利用所述用户的鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子;将所述鉴权因子下发给所述第二终端,以便所述第二终端将所述鉴权因子发送给所述终端;接收所述第二终端提交的由所述终端返回的绑定鉴权信息,所述绑定鉴权信息是所述终端利用所述鉴权因子与所述终端的设备账户信息绑定生成的;对所述绑定鉴权信息进行授权验证,当通过授权时,完成所述授权验证。
- 根据权利要求11或12所述的方法,其特征在于,在生成所述用户的鉴权密钥之后,还包括:将所述用户的鉴权密钥和所述用户的账户信息生成压缩串,所述压缩串与所述鉴权密钥和用户的账户信息形成一一对应的映射关系;利用所述用户的鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子,具体包括:利用所述用户的鉴权密钥、所述压缩串与所述动态时间因子生成所述鉴权因子。
- 根据权利要求9所述的方法,其特征在于,所述根据所述第一业务操作请求中所携带的所述第一业务操作的鉴权信息进行鉴权,具体包括:校验所述第一业务操作的鉴权信息中携带的所述设备账户信息以及鉴权 密钥的绑定关系是否正确,并根据鉴权因子中的所述动态时间因子校验所述动态密码是否有效;若是,则通过鉴权。
- 一种终端,其特征在于,所述终端包括:接收单元,接收第一服务端下发的鉴权因子,所述鉴权因子中携带有用户的鉴权密钥、账户信息和动态时间因子,所述第一服务端为在所述终端请求第一业务操作时对所述终端进行鉴权后完成所述第一业务操作的服务端;绑定单元,利用所述接收单元接收的所述鉴权因子与所述终端的设备信息生成绑定鉴权信息;发送单元,返回所述绑定单元生成的所述绑定鉴权信息给所述第一服务端,以便所述第一服务端根据所述绑定鉴权信息通过所述第一业务操作授权;处理单元,根据所述接收单元接收的所述鉴权因子生成用于离线完成所述第一业务操作的图形标识,所述图形标识携带有所述第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括所述用户的鉴权密钥、设备账户信息及动态密码,所述动态密码根据所述动态时间因子生成,所述设备账户信息根据所述用户的账户信息和所述终端的设备信息生成。
- 根据权利要求15所述的终端,其特征在于,所述接收单元还接收显示所述图形标识的显示指令;所述处理单元在所述接收单元接收到所述显示指令之后,执行根据所述鉴权因子生成用于离线完成所述第一业务操作的图形标识;所述终端还包括:显示单元,所述显示单元显示所述处理单元生成的所述图形标识,以便在离线状态下利用所述图形标识完成所述第一业务操作。
- 根据权利要求16所述的终端,其特征在于,所述显示单元显示的所述图形标识的显示方式包括以下所列的一种或结合:条形码、二维码;所述接收单元还接收所述图形标识显示方式的切换指令;所述处理单元还当所述接收单元接收到所述切换指令时,切换所述显示 单元显示的所述图形标识的显示方式。
- 根据权利要求15所述的终端,其特征在于,所述接收单元通过第二终端接收所述第一服务端下发的鉴权因子;所述发送单元通过所述第二终端返回所述绑定鉴权信息给所述第一服务端。
- 根据权利要求15所述的终端,其特征在于,所述发送单元还发送账户身份验证请求给所述第一服务端;所述接收单元接收所述第一服务端在身份验证成功后发送的验证结果;所述发送单元发送离线第一业务操作的授权验证请求给所述第一服务端;所述接收单元接收所述第一服务端在通过授权验证后下发的鉴权因子。
- 一种服务端,其特征在于,所述服务端包括:获取单元,获取终端上显示的图形标识中所携带的第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括用户的鉴权密钥、设备账户信息及动态密码;处理单元,利用所述获取单元获取的所述第一业务操作的鉴权信息与业务数据生成第一业务操作请求;发送单元,将所述处理单元生成的所述第一业务操作请求发送给所述第一服务端,以便所述第一服务端根据所述第一业务操作请求中所携带的所述第一业务操作的鉴权信息进行鉴权,并在通过所述鉴权时完成所述第一业务操作;接收单元,接收所述第一服务端返回的所述第一业务操作的结果。
- 一种服务端,其特征在于,所述服务端包括:接收单元,接收第二服务端发送的第一业务操作请求,所述第一业务操作请求由所述第二服务端通过获取终端上显示的图形标识中携带的所述第一业务操作的鉴权信息与业务数据所生成的请求,所述第一业务操作请求中携带有所述第一业务操作的鉴权信息和业务数据,所述第一业务操作的鉴权信 息包括用户的鉴权密钥、设备账户信息及动态密码;处理单元,根据所述接收单元接收的所述第一业务操作请求中所携带的所述第一业务操作的鉴权信息进行鉴权,当通过鉴权时,所述第一服务端完成第一业务操作。
- 根据权利要求21所述的服务端,其特征在于,还包括:所述处理单元还对所述终端进行在线账户绑定。
- 根据权利要求22所述的服务端,其特征在于,所述服务端还包括发送单元,所述接收单元还接收所述终端发送的账户身份验证请求,所述账户身份验证请求中携带有用户的账户信息;所述处理单元判断所述账户身份验证请求是否通过验证,若验证成功,则利用所述发送单元发送验证成功的验证结果给所述终端;所述接收单元接收所述终端发送的离线完成所述第一业务操作的授权验证请求;所述处理单元判断所述授权验证请求是否验证成功,若验证成功,则生成所述用户的鉴权密钥,并计算所述服务端的动态时间因子;并利用所述鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子;所述发送单元将所述处理单元生成的所述鉴权因子下发给所述终端;所述接收单元接收所述终端提交的绑定鉴权信息,所述绑定鉴权信息是利用所述鉴权因子与设备账户信息绑定生成的;所述处理单元对所述绑定鉴权信息进行授权验证,当通过授权时,完成所述授权验证。
- 根据权利要求22所述的服务端,其特征在于,所述服务端还包括发送单元,所述接收单元接收第二终端发送的账户身份验证请求,所述账户身份验证请求中携带有用户的账户信息;所述处理单元判断所述账户身份验证请求是否通过验证,若验证成功,则利用发送单元发送验证成功的验证结果给所述第二终端;所述接收单元接收第二终端发送的离线完成所述第一业务操作的授权验证请求;所述处理单元判断所述授权验证请求是否验证成功,若验证成功,则生成所述用户的鉴权密钥,并计算所述服务端的动态时间因子;并利用所述鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子;所述发送单元将所述鉴权因子下发给所述第二终端,以便所述第二终端将所述鉴权因子发送给所述终端;所述接收单元接收所述第二终端提交的由所述终端返回的绑定鉴权信息,所述绑定鉴权信息是所述终端利用所述鉴权因子与所述终端的设备账户信息绑定生成的;所述处理单元对所述绑定鉴权信息进行授权验证,当通过授权时,完成所述授权验证。
- 根据权利要求23或24所述的服务端,其特征在于,所述处理单元在生成所述用户的鉴权密钥之后,还将所述鉴权密钥与所述用户的账户信息生成压缩串,所述压缩串与所述鉴权密钥与用户的账户信息形成一一对应的映射关系;所述处理单元利用所述鉴权密钥、动态时间因子与所述用户的账户信息生成鉴权因子,具体包括:利用所述鉴权密钥、所述压缩串与所述动态时间因子生成所述鉴权因子。
- 根据权利要求21所述的服务端,其特征在于,所述处理单元具体校验所述第一业务操作的鉴权信息中携带的所述设备账户信息以及鉴权密钥的绑定关系是否正确,并根据鉴权因子中的所述动态时间因子校验所述动态密码是否有效;若是,则通过鉴权。
- 一种电子设备,其特征在于,所述电子设备包括:显示器;处理器;存储器,所述存储器存储第一服务端下发的鉴权因子以及根据所述鉴权因子生成用于离线完成第一业务操作的图形标识的程序,所述程序被所述处理器执行时,在所述显示器的显示区域显示所述用于离线完成第一业务操作的图形标识,所述图形标识携带有所述第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括所述用户的鉴权密钥、设备账户信息及动态密码,所述动态密码根据所述动态时间因子生成,所述设备账户信息根据所述用户的账户信息和所述终端的设备信息生成。
- 根据权利要求27所述的电子设备,其特征在于,所述动态密码在同一时间窗口内保持不变,在下一个时间窗口时,则根据所述动态时间因子重新生成,以进行动态变化。
- 根据权利要求27所述的电子设备,其特征在于,所述动态密码具体利用所述用户的鉴权密钥、所述动态时间因子、所述设备账户信息以及预设密码长度,根据一次性口令的计算方法计算得到。
- 根据权利要求27所述的电子设备,其特征在于,所述电子设备还包括:通信模块,与第二电子设备进行通信,接收所述第二电子设备发送的所述第一服务端下发的鉴权因子;并在绑定鉴权时,将绑定鉴权信息发送给所述第二电子设备以转发给所述第一服务端。
- 根据权利要求30所述的电子设备,其特征在于,所述通信模块为蓝牙模块或者WiFi模块。
- 一种信息交互系统,其特征在于,所述系统包括:终端、第一服务端和第二服务端;所述终端在离线状态时显示用于完成第一业务操作的图形标识,所述图形标识携带有所述第一业务操作的鉴权信息,所述第一业务操作的鉴权信息包括用户的鉴权密钥、设备账户信息及动态密码;所述第二服务端获取所述图形标识中所携带的所述第一业务操作的鉴权信息;所述第二服务端利用所述第一业务操作的鉴权信息与业务数据生成第一业务操作请求,并发送给所述第一服务端;所述第一服务端根据所述第一业务操作请求中所携带的所述第一业务操作的鉴权信息进行鉴权,当通过鉴权时,所述第一服务端完成所述第一业务操作。
Priority Applications (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG11201709332UA SG11201709332UA (en) | 2015-05-25 | 2016-04-22 | Information interaction method, apparatus, and system |
EP16799170.2A EP3306548B1 (en) | 2015-05-25 | 2016-04-22 | Information interaction method, device and system |
JP2017561362A JP6787932B2 (ja) | 2015-05-25 | 2016-04-22 | 情報インタラクションの方法、装置及びシステム |
KR1020177036727A KR20180011792A (ko) | 2015-05-25 | 2016-04-22 | 정보 상호작용 방법, 장치 및 시스템 |
KR1020217014999A KR102474462B1 (ko) | 2015-05-25 | 2016-04-22 | 정보 상호작용 방법, 장치 및 시스템 |
US15/805,205 US11250404B2 (en) | 2015-05-25 | 2017-11-07 | Transaction scheme for offline payment |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510272052.9A CN106296186B (zh) | 2015-05-25 | 2015-05-25 | 信息交互方法、装置及系统 |
CN201510272052.9 | 2015-05-25 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/805,205 Continuation US11250404B2 (en) | 2015-05-25 | 2017-11-07 | Transaction scheme for offline payment |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016188281A1 true WO2016188281A1 (zh) | 2016-12-01 |
Family
ID=57393789
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/080017 WO2016188281A1 (zh) | 2015-05-25 | 2016-04-22 | 信息交互方法、装置及系统 |
Country Status (7)
Country | Link |
---|---|
US (1) | US11250404B2 (zh) |
EP (1) | EP3306548B1 (zh) |
JP (1) | JP6787932B2 (zh) |
KR (2) | KR20180011792A (zh) |
CN (2) | CN111833043B (zh) |
SG (1) | SG11201709332UA (zh) |
WO (1) | WO2016188281A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109448209A (zh) * | 2019-01-07 | 2019-03-08 | 上海早米网络科技有限公司 | 一种基于离线模式的动态密码按摩控制系统及控制方法 |
JP2020513622A (ja) * | 2017-01-03 | 2020-05-14 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 携帯装置において利用されるスキャンアンドペイ方法と装置 |
EP3553705B1 (en) * | 2016-12-08 | 2020-10-07 | Alibaba Group Holding Limited | Service processing method and device |
US11968592B2 (en) | 2018-10-15 | 2024-04-23 | Paylessgate Corporation | Position determination system, position determination apparatus, position determination method, position determination program, and computer-readable storage medium and storage device |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111833043B (zh) * | 2015-05-25 | 2024-04-19 | 创新先进技术有限公司 | 信息交互方法、设备及服务端 |
CN107180351A (zh) * | 2017-04-13 | 2017-09-19 | 上海动联信息技术股份有限公司 | 一种脱机动态二维码生成方法、支付方法及设备 |
US11855971B2 (en) * | 2018-01-11 | 2023-12-26 | Visa International Service Association | Offline authorization of interactions and controlled tasks |
CN108564359B (zh) * | 2018-02-24 | 2020-10-16 | 创新先进技术有限公司 | 数据处理方法、终端设备和数据处理系统 |
CN108521333B (zh) * | 2018-04-27 | 2020-12-15 | 飞天诚信科技股份有限公司 | 一种基于动态口令进行离线认证的登录方法及系统 |
CN109274726B (zh) * | 2018-08-31 | 2020-07-07 | 阿里巴巴集团控股有限公司 | 绑定、迁移方法和装置、计算设备及存储介质 |
JP2020042610A (ja) * | 2018-09-12 | 2020-03-19 | 株式会社ジェーシービー | 決済システム |
CN110046881A (zh) | 2018-11-19 | 2019-07-23 | 阿里巴巴集团控股有限公司 | 离线场景下的支付处理方法、服务器及可读存储介质 |
TWI687838B (zh) * | 2018-12-10 | 2020-03-11 | 宏碁股份有限公司 | 檔案保護方法及其檔案處理系統 |
US10931778B2 (en) | 2019-01-09 | 2021-02-23 | Margo Networks Pvt. Ltd. | Content delivery network system and method |
US11930439B2 (en) | 2019-01-09 | 2024-03-12 | Margo Networks Private Limited | Network control and optimization (NCO) system and method |
CN110012455B (zh) * | 2019-01-25 | 2021-10-22 | 创新先进技术有限公司 | 一种账号信息的管理方法、装置及电子设备 |
US10909523B2 (en) | 2019-02-25 | 2021-02-02 | Capital One Services, Llc | Generation of a combinatorial payment QR code |
DE102019108049A1 (de) * | 2019-03-28 | 2020-10-01 | Pilz Gmbh & Co. Kg | Zugriffssteuerungssystem zur Steuerung eines Zugriffs eines Nutzers auf eine oder mehrere Betriebsfunktionen einer technischen Anlage |
JP6878486B2 (ja) * | 2019-03-29 | 2021-05-26 | 楽天グループ株式会社 | 情報処理装置、情報処理方法、プログラム |
CN110516776A (zh) * | 2019-07-12 | 2019-11-29 | 北京如易行科技有限公司 | 离线二维码乘车方法和设备 |
CN112187783B (zh) * | 2020-09-25 | 2023-06-30 | 京东方科技集团股份有限公司 | 鉴权方法及装置、电子设备以及存储介质 |
CN112101955B (zh) * | 2020-11-16 | 2021-02-02 | 北京快成科技股份公司 | 并发支付方法、系统及装置 |
US11695855B2 (en) | 2021-05-17 | 2023-07-04 | Margo Networks Pvt. Ltd. | User generated pluggable content delivery network (CDN) system and method |
WO2023224680A1 (en) | 2022-05-18 | 2023-11-23 | Margo Networks Pvt. Ltd. | Peer to peer (p2p) encrypted data transfer/offload system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369547A (zh) * | 2009-03-26 | 2012-03-07 | 诺基亚公司 | 用于以最少数据传递提供离线支付交易的方法和装置 |
CN103139210A (zh) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | 一种安全认证方法 |
US20130179352A1 (en) * | 2011-03-12 | 2013-07-11 | Mocapay, Inc. | Secure wireless transactions when a wireless network is unavailable |
Family Cites Families (50)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001344545A (ja) * | 2000-03-29 | 2001-12-14 | Ibm Japan Ltd | 処理システム、サーバ、処理端末、通信端末、処理方法、データ管理方法、処理実行方法、プログラム |
US8117450B2 (en) * | 2001-10-11 | 2012-02-14 | Hewlett-Packard Development Company, L.P. | System and method for secure data transmission |
US9619794B2 (en) * | 2002-10-01 | 2017-04-11 | Tiger T G Zhou | Systems and methods for providing compensation, rebate, cashback, and reward for using mobile and wearable payment services, digital currency, NFC touch payments, mobile digital card barcode payments, and multimedia haptic capture buying |
US9361616B2 (en) * | 2002-10-01 | 2016-06-07 | Dylan T X Zhou | One-scan and one-touch payment and buying using haptic control via messaging and calling multimedia system on mobile and wearable device, currency token interface, point of sale device, and electronic payment card |
US9208505B1 (en) * | 2002-10-01 | 2015-12-08 | Tiger T G Zhou | Systems and methods for providing compensation, rebate, cashback, and reward for using mobile and wearable payment services |
KR100746030B1 (ko) * | 2006-02-06 | 2007-08-06 | 삼성전자주식회사 | 권리 위임에 의해 권리 객체를 대리하여 생성하는 방법 및장치 |
US8234220B2 (en) * | 2007-02-21 | 2012-07-31 | Weiss Kenneth P | Universal secure registry |
CN101131756B (zh) * | 2006-08-24 | 2015-03-25 | 联想(北京)有限公司 | 移动支付设备电子现金充值安全认证系统、装置及方法 |
US7739197B2 (en) * | 2006-10-05 | 2010-06-15 | International Business Machines Corporation | Guest limited authorization for electronic financial transaction cards |
US20100125516A1 (en) * | 2008-11-14 | 2010-05-20 | Wankmueller John R | Methods and systems for secure mobile device initiated payments |
US8204228B2 (en) * | 2008-12-09 | 2012-06-19 | Cisco Technology, Inc. | Group key management re-registration method |
WO2010093683A2 (en) * | 2009-02-10 | 2010-08-19 | Uniloc Usa, Inc. | Web content access using a client device identifier |
CN101576982A (zh) * | 2009-03-19 | 2009-11-11 | 宇龙计算机通信科技(深圳)有限公司 | 一种网络支付的方法、终端及系统 |
KR20110003105A (ko) * | 2009-07-03 | 2011-01-11 | 주식회사 케이티 | 휴대 단말의 카메라를 이용한 온/오프라인 결제 서비스 제공 시스템 및 그 방법 |
US8806198B1 (en) * | 2010-03-04 | 2014-08-12 | The Directv Group, Inc. | Method and system for authenticating a request |
GB2478712A (en) * | 2010-03-15 | 2011-09-21 | David Jackson | Authorisation system |
CN102468960A (zh) * | 2010-11-16 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | 一种离线模式身份与交易认证方法及终端 |
US20120215700A1 (en) * | 2011-02-18 | 2012-08-23 | Vivonet, Inc. | Payment systems and methods using mobile computing devices |
CN102740341B (zh) | 2011-04-02 | 2014-11-19 | 中国联合网络通信集团有限公司 | 网络业务量的预测方法及设备 |
CN102831514A (zh) * | 2011-06-15 | 2012-12-19 | 上海博路信息技术有限公司 | 一种基于条码的支付凭证 |
KR101280528B1 (ko) * | 2011-06-22 | 2013-07-02 | 주식회사 티모넷 | 블루투스를 이용한 신용카드 결제 시스템 |
US10223710B2 (en) * | 2013-01-04 | 2019-03-05 | Visa International Service Association | Wearable intelligent vision device apparatuses, methods and systems |
WO2013130716A1 (en) * | 2012-02-29 | 2013-09-06 | Patel Upen | System and method to manage information for conducting secure transactions |
WO2013159110A1 (en) * | 2012-04-20 | 2013-10-24 | Conductiv Software, Inc. | Multi-factor mobile transaction authentication |
US9092184B2 (en) * | 2012-06-22 | 2015-07-28 | Harborside Press, LLC | Interactive synchronized multi-screen display |
US9858560B2 (en) * | 2012-06-28 | 2018-01-02 | Maxim Integrated Products, Inc. | Secure payments with untrusted devices |
US20140006273A1 (en) * | 2012-06-29 | 2014-01-02 | Infosys Limited | System and method for bank-hosted payments |
KR101573848B1 (ko) * | 2012-07-31 | 2015-12-02 | 주식회사 케이티 | 결제 서비스 제공 방법 및 그 시스템 |
CA3132960A1 (en) * | 2012-09-11 | 2014-03-11 | First Data Corporation | Systems and methods for facilitating loyalty and reward functionality in mobile commerce |
US10192216B2 (en) * | 2012-09-11 | 2019-01-29 | Visa International Service Association | Cloud-based virtual wallet NFC apparatuses, methods and systems |
US20160019536A1 (en) * | 2012-10-17 | 2016-01-21 | Royal Bank Of Canada | Secure processing of data |
EP2733654A1 (en) * | 2012-11-20 | 2014-05-21 | Nagravision S.A. | Electronic payment method, system and device for securely exchanging payment information |
CN103024762B (zh) | 2012-12-26 | 2015-04-15 | 北京邮电大学 | 基于业务特征的通信业务预测方法 |
US9391782B1 (en) * | 2013-03-14 | 2016-07-12 | Microstrategy Incorporated | Validation of user credentials |
US20150006386A1 (en) * | 2013-06-28 | 2015-01-01 | Sap Ag | Offline mobile payment process |
US8905303B1 (en) * | 2013-09-01 | 2014-12-09 | Mourad Ben Ayed | Method for adaptive wireless payment |
CN104063790B (zh) * | 2013-09-18 | 2017-07-07 | 腾讯科技(深圳)有限公司 | 通过移动终端提供授权的方法及系统 |
US10262268B2 (en) * | 2013-10-04 | 2019-04-16 | Mattersight Corporation | Predictive analytic systems and methods |
FR3012645A1 (fr) * | 2013-10-24 | 2015-05-01 | Orange | Procede d'execution d'une transaction entre un premier terminal et un deuxieme terminal |
CN103856640B (zh) | 2014-01-07 | 2015-07-01 | 腾讯科技(深圳)有限公司 | 一种对用户资源信息进行处理的方法及系统 |
CN103729765B (zh) | 2014-01-15 | 2016-02-17 | 腾讯科技(深圳)有限公司 | 一种验证控制方法、终端、服务器、终端设备及系统 |
CN109951435B (zh) * | 2014-08-04 | 2021-03-30 | 创新先进技术有限公司 | 一种设备标识提供方法及装置和风险控制方法及装置 |
BR102014023229B1 (pt) * | 2014-09-18 | 2020-02-27 | Samsung Eletrônica da Amazônia Ltda. | Método para autenticação de transação de vários fatores utilizando dispositivos vestíveis |
CN106161525B (zh) | 2015-04-03 | 2019-09-17 | 阿里巴巴集团控股有限公司 | 一种多集群管理方法与设备 |
CN111833043B (zh) * | 2015-05-25 | 2024-04-19 | 创新先进技术有限公司 | 信息交互方法、设备及服务端 |
CN106527673B (zh) * | 2015-09-11 | 2019-09-06 | 阿里巴巴集团控股有限公司 | 绑定可穿戴设备的方法和装置、电子支付方法和装置 |
CN107220828B (zh) * | 2016-03-22 | 2020-09-08 | 阿里巴巴集团控股有限公司 | 通过穿戴式设备进行支付授权与支付的方法、系统及装置 |
US10762481B2 (en) * | 2017-03-21 | 2020-09-01 | The Toronto-Dominion Bank | Secure offline approval of initiated data exchanges |
US10269017B1 (en) * | 2017-11-21 | 2019-04-23 | Capital One Services, Llc | Transaction confirmation and authentication based on device sensor data |
TWI660308B (zh) * | 2018-09-03 | 2019-05-21 | 優仕達資訊股份有限公司 | 電子門票入場驗證防偽系統與方法 |
-
2015
- 2015-05-25 CN CN202010505604.7A patent/CN111833043B/zh active Active
- 2015-05-25 CN CN201510272052.9A patent/CN106296186B/zh active Active
-
2016
- 2016-04-22 KR KR1020177036727A patent/KR20180011792A/ko active Application Filing
- 2016-04-22 EP EP16799170.2A patent/EP3306548B1/en active Active
- 2016-04-22 JP JP2017561362A patent/JP6787932B2/ja active Active
- 2016-04-22 WO PCT/CN2016/080017 patent/WO2016188281A1/zh active Application Filing
- 2016-04-22 KR KR1020217014999A patent/KR102474462B1/ko active IP Right Grant
- 2016-04-22 SG SG11201709332UA patent/SG11201709332UA/en unknown
-
2017
- 2017-11-07 US US15/805,205 patent/US11250404B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102369547A (zh) * | 2009-03-26 | 2012-03-07 | 诺基亚公司 | 用于以最少数据传递提供离线支付交易的方法和装置 |
US20130179352A1 (en) * | 2011-03-12 | 2013-07-11 | Mocapay, Inc. | Secure wireless transactions when a wireless network is unavailable |
CN103139210A (zh) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | 一种安全认证方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3306548A4 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3553705B1 (en) * | 2016-12-08 | 2020-10-07 | Alibaba Group Holding Limited | Service processing method and device |
US10902233B2 (en) | 2016-12-08 | 2021-01-26 | Advanced New Technologies Co., Ltd. | Service processing using a digital object identifier |
US10977465B2 (en) | 2016-12-08 | 2021-04-13 | Advanced New Technologies Co., Ltd. | Service processing using a digital object identifier |
US10977464B2 (en) | 2016-12-08 | 2021-04-13 | Advanced New Technologies Co., Ltd. | Service processing using a digital object identifier |
JP2020513622A (ja) * | 2017-01-03 | 2020-05-14 | アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited | 携帯装置において利用されるスキャンアンドペイ方法と装置 |
EP3567534A4 (en) * | 2017-01-03 | 2020-05-27 | Alibaba Group Holding Limited | SCAN AND NUMBER METHOD AND DEVICE USED IN MOBILE DEVICE |
US10990957B2 (en) | 2017-01-03 | 2021-04-27 | Advanced New Technologies Co., Ltd. | Scan and pay method and device utilized in mobile apparatus |
US11968592B2 (en) | 2018-10-15 | 2024-04-23 | Paylessgate Corporation | Position determination system, position determination apparatus, position determination method, position determination program, and computer-readable storage medium and storage device |
CN109448209A (zh) * | 2019-01-07 | 2019-03-08 | 上海早米网络科技有限公司 | 一种基于离线模式的动态密码按摩控制系统及控制方法 |
Also Published As
Publication number | Publication date |
---|---|
EP3306548B1 (en) | 2022-03-30 |
US11250404B2 (en) | 2022-02-15 |
US20180068290A1 (en) | 2018-03-08 |
CN106296186A (zh) | 2017-01-04 |
EP3306548A4 (en) | 2018-11-14 |
KR102474462B1 (ko) | 2022-12-05 |
CN111833043A (zh) | 2020-10-27 |
CN106296186B (zh) | 2020-07-03 |
CN111833043B (zh) | 2024-04-19 |
JP6787932B2 (ja) | 2020-11-18 |
JP2018522333A (ja) | 2018-08-09 |
SG11201709332UA (en) | 2017-12-28 |
KR20180011792A (ko) | 2018-02-02 |
KR20210061469A (ko) | 2021-05-27 |
EP3306548A1 (en) | 2018-04-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016188281A1 (zh) | 信息交互方法、装置及系统 | |
JP6712328B2 (ja) | セキュアデバイス機能へのオンラインアクセスの妥当性検査 | |
KR101957840B1 (ko) | 신뢰된 실행 환경을 갖춘 이동 결제 단말 및 방법 | |
US20130311382A1 (en) | Obtaining information for a payment transaction | |
CN110073387A (zh) | 证实通信设备与用户之间的关联 | |
CN103685311A (zh) | 一种登录验证方法及设备 | |
JP2019106199A (ja) | 電子デバイスとサービスプロバイダの間のセキュリティ保護された取引の管理 | |
WO2018040651A1 (zh) | 一种基于安全认证机制的支付方法及支付系统 | |
KR20160121231A (ko) | 이중 암호화를 이용한 사용자 인증 방법과 시스템 및 기록매체 | |
CN103793819B (zh) | 交易系统及方法 | |
US10565582B2 (en) | Method and apparatus for service authentication | |
TW201525895A (zh) | 身份驗證、基於終端進行支付的方法、終端及伺服器 | |
CN104835038A (zh) | 一种联网支付装置及方法 | |
CN110071907A (zh) | 二维码的生成方法及装置 | |
KR101407737B1 (ko) | Qr 코드를 이용한 스마트 기기의 금융 정보 처리 장치 및 그 방법 | |
US20200311725A1 (en) | Secure communication | |
EP3188104A1 (en) | Peer-to-peer transaction authorization | |
CN106713225B (zh) | 基于二维码认证的二维码装置、系统及其操作方法 | |
WO2017024188A1 (en) | Method and apparatus for service authentication cross-reference to related applications | |
WO2015032248A1 (zh) | 令牌、动态口令生成方法、动态口令认证方法及系统 | |
TWM575158U (zh) | Financial system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16799170 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201709332U Country of ref document: SG |
|
ENP | Entry into the national phase |
Ref document number: 2017561362 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20177036727 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016799170 Country of ref document: EP |