WO2016206385A1 - Payment method, device and system, and computer storage medium - Google Patents

Payment method, device and system, and computer storage medium Download PDF

Info

Publication number
WO2016206385A1
WO2016206385A1 PCT/CN2016/073748 CN2016073748W WO2016206385A1 WO 2016206385 A1 WO2016206385 A1 WO 2016206385A1 CN 2016073748 W CN2016073748 W CN 2016073748W WO 2016206385 A1 WO2016206385 A1 WO 2016206385A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
information
terminal
payment terminal
temporary account
Prior art date
Application number
PCT/CN2016/073748
Other languages
French (fr)
Chinese (zh)
Inventor
孙奥
童龙仓
陈天明
Original Assignee
深圳市中兴微电子技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市中兴微电子技术有限公司 filed Critical 深圳市中兴微电子技术有限公司
Publication of WO2016206385A1 publication Critical patent/WO2016206385A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Definitions

  • the present invention relates to information security technologies, and in particular, to a payment method, device, system, and computer storage medium.
  • QR code payment has been rapidly popularized by its fashionable and convenient user experience.
  • the QR code itself is easy to capture, easy to intercept and easy to spread, the terminal device for payment is running in the background.
  • the virus program can obtain the two-dimensional code information through screen capture and other technical means, and send the payment request in advance, thereby causing losses to the customer and having a large security risk.
  • biometric information-based confirmation means such as fingerprints
  • the specific process may include: first, the authentication server pre-stores the user's fingerprint template.
  • the user mobile terminal initiates an authentication request to the authentication server; then, the identity scanning device scans the user fingerprint information to extract the fingerprint feature; and then, the identity scanning device scans The user's two-dimensional code extracts the machine fingerprint of the device; then, the user's two-dimensional code and fingerprint feature are encrypted and protected by the machine fingerprint of the device, and transmitted to the remote authentication server for authentication; finally, the authentication server decrypts with the pre-stored device machine fingerprint If the user authentication request is the same as the user's QR code and the fingerprint feature, the authentication succeeds. If the authentication is inconsistent, the authentication fails.
  • the virus program in the user terminal can acquire the fingerprint feature when the user inputs the fingerprint, and generate the forged transaction information to be sent to the authentication server for authentication; further, the transmission process of the fingerprint feature on the network and Fingerprint feature directly Saving on the server side will lead to the leakage of fingerprint features.
  • the fingerprint information of the user is irrevocable. It cannot be modified as if the password was changed. Once it is leaked, the user side fingerprint image can be reversed through the fingerprint information template. To make more serious losses, therefore, the above scheme still has a large security risk.
  • embodiments of the present invention are directed to providing a method, device, system, and computer storage medium for payment, avoiding leakage of biometric information, and improving security in a mobile payment process.
  • an embodiment of the present invention provides a payment terminal, where the payment terminal includes: an acquisition unit and a payment information processing unit connected through an encrypted channel, and a payment application processing unit and the payment information processing unit Connected terminal devices;
  • the terminal device is configured to receive transaction information sent by the payment server, where the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
  • the acquiring unit is configured to acquire biometric information, and transmit the biometric information to the payment information processing unit,
  • the payment information processing unit is configured to compare the biometric information with pre-stored biometric collation information
  • the payment information is digitally signed by the first private key associated with the biometric collation information; and the signed payment information is transmitted to The terminal device; wherein the payment information is used to confirm payment of the transaction information;
  • the terminal device is further configured to send the signed payment information to the payment server; wherein the signed payment information is used by the payment server by using the biometric comparison information a public key for digital signature verification, and when the verification is successful
  • the payment information transfers the amount to be paid in the user account corresponding to the payment terminal to the payment end.
  • the acquiring unit may be further configured to acquire biometric collation information; and transmit biometric collation information to the payment information processing unit;
  • the payment information processing unit is further configured to generate a key pair associated with the biometric collation information according to a preset key generation policy; and transmit the first public key in the key pair to the terminal device;
  • the key pair includes a first public key and a first private key;
  • the terminal device is further configured to send the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to the user account corresponding to the payment terminal.
  • the terminal device is further configured to send a temporary account request to the payment server; wherein the temporary account request is used by the payment server to generate a temporary account associated with the user account; Receiving a temporary account sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and is only used for a preset number of times of payment; the two-dimensional code is used to send a transaction request to the payment server after the cashier scans; the transaction request includes the temporary information obtained by the payment terminal by parsing the two-dimensional code Account number and amount to be paid.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server.
  • the first private key corresponding to the biometric collation information and the biometric collation information stored by the payment information processing unit cannot be acquired by the terminal device.
  • an embodiment of the present invention provides a payment server, where the payment server includes: a sending unit, a receiving unit, a verifying unit, and a dialing unit;
  • the sending unit is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the receiving unit is configured to receive, by the payment terminal, a payment message that is digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
  • the verification unit is configured to verify the signed payment message by using the first public key of the payment terminal, and trigger the transfer unit after the verification succeeds;
  • the allocating unit is configured to allocate the to-be-paid amount in the user account corresponding to the payment terminal to the receiving end.
  • the receiving unit is further configured to receive the first public key sent by the payment terminal;
  • the payment server further includes a binding unit configured to bind the first public key to a user account corresponding to the payment terminal.
  • the receiving unit is further configured to receive a temporary account request sent by the payment terminal;
  • the payment server further includes a generating unit configured to generate a temporary account associated with the user account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and only used Payment for a preset number of times;
  • the sending unit is further configured to send the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
  • the receiving unit is further configured to receive a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the payment end by parsing the second The temporary account number and the amount to be paid obtained by the dimension code.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the generating unit.
  • an embodiment of the present invention provides a method for payment, where the method is applied to a payment terminal, and the method includes:
  • the acquired biometric information is compared with the pre-stored biometric comparison information; wherein the transaction information includes the user account information corresponding to the payment terminal and the amount to be paid ;
  • the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information;
  • the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and When the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
  • the method before the receiving the transaction information sent by the payment server, the method further includes:
  • the key pair includes a first public key and a first private key
  • the first public key is used by the payment server to bind the first public key to a user account corresponding to the payment terminal.
  • the method when the payment terminal initiates the payment, the method further includes:
  • the payment terminal sends a temporary account request to the payment server; wherein the temporary An account request for the payment server to generate a temporary account associated with the user account;
  • the temporary account number sent by the payment server Receiving, by the payment terminal, the temporary account number sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have a user account with a preset validity period The same payment function and only for a preset number of payments; the two-dimensional code is used for sending a transaction request to the payment server after the payment end scan; the transaction request includes the payment end by parsing the second The temporary account number and the amount to be paid obtained by the dimension code.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server.
  • the first private key corresponding to the biometric matching information and the biometric matching information stored by the payment terminal cannot be acquired.
  • an embodiment of the present invention provides a method for payment, where the method is applied to a payment server, and the method includes:
  • the payment server sends a transaction message to the payment terminal; wherein the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the payment server receives a payment message sent by the payment terminal and digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
  • the payment server verifies the signed payment message by using the first public key of the payment terminal
  • the payment server transfers the to-be-paid amount in the user account corresponding to the payment terminal to the payment terminal.
  • the method before the payment server sends the transaction message to the payment terminal, the method further includes:
  • the payment server receives the first public key sent by the payment terminal; and binds the first public key to a user account corresponding to the payment terminal.
  • the method when the payment terminal initiates the payment, the method further includes:
  • the payment server sends the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
  • the method further includes:
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server.
  • an embodiment of the present invention provides a payment system, where the system includes a payment terminal, a payment terminal, and a payment server;
  • the payment terminal is configured to: after receiving the transaction information sent by the payment server, compare the acquired biometric information with the pre-stored biometric collation information; the transaction information includes a user corresponding to the payment terminal Account information and amount to be paid; and,
  • the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information, and the payment is final
  • the biometric control information stored in the end and the first private key corresponding to the biometric collation information cannot be acquired;
  • the payment server is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the to-be-paid amount in the user account corresponding to the payment terminal is allocated to the collection terminal.
  • the embodiment of the invention provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program is used to execute the payment method described above.
  • the embodiment of the invention provides a method, a device and a system for payment, which perform a verification process in a payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user and avoiding the real account of the user. Leakage improves security in the mobile payment process.
  • FIG. 1 is a schematic structural diagram of a payment terminal according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a payment method applied to a payment terminal according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a biometric comparison information and a corresponding key pair generation process according to an embodiment of the present disclosure
  • FIG. 4 is a schematic flowchart of generating a two-dimensional code associated with a temporary account corresponding to a user account according to an embodiment of the present disclosure
  • FIG. 5 is a schematic structural diagram of a payment server according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of another payment server according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic flowchart of a payment method applied to a payment server according to an embodiment of the present disclosure
  • FIG. 8 is a schematic flowchart diagram of a payment method according to an embodiment of the present invention.
  • FIG. 1 shows a structure of a payment terminal 10 according to an embodiment of the present invention.
  • the terminal 10 may include an obtaining unit 110 and a payment information processing unit 120 connected through an encrypted channel, and a payment application installed.
  • a terminal device 130 connected to the payment information processing unit 120; the terminal device 130 can implement the function of the payment process according to the embodiment of the present invention according to the indication of the payment application;
  • the terminal device 130 is configured to receive transaction information sent by the payment server, where the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
  • the obtaining unit 110 is configured to acquire the biometric information and transmit the biometric information to the payment information processing unit 120.
  • the biometric information is described by taking the fingerprint information as an example.
  • a person skilled in the art can apply the technical solutions of the embodiments of the present invention to other biometric information, such as eye lines, voice prints, and the like. This embodiment of the present invention does not describe this;
  • the payment information processing unit 120 is configured to compare the biometric information with the pre-stored biometric collation information
  • the payment information is digitally signed by the first private key associated with the biometric collation information; and the signed payment information is transmitted to The terminal device 130; wherein the payment information is used to confirm payment of the transaction information;
  • the terminal device 130 is further configured to send the signed payment information to the payment server, wherein the signed payment information is used by the payment server by using the first public key associated with the biometric collation information
  • the digital signature verification is performed, and when the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
  • the terminal device 130 described in this embodiment may be any terminal device having a payment application, such as a mobile phone, a tablet computer, or the like.
  • the payment information processing unit 120 may be a device with hardware protection performance including a storage area and a processor, which may have the ability to store, calculate, and decrypt, and have the ability to securely store the stored data, so that Securely stored data can be exported and retrieved.
  • the specific structure of the obtaining unit 110 may correspond to a processor, and the specific structure of the processor may be a Central Processing Unit (CPU), a Micro Controller Unit (MCU), and a Digital Signal Processor (DSP). Digital Signal Processing) or a collection of electronic components or electronic components having processing functions such as a programmable logic device (PLC).
  • the obtaining unit 110 and the payment information processing unit 120 may be connected to the terminal device 130 through a peripheral interface such as a USB, or may be designed as a part of the terminal device 130 through a bus connection, which is not specifically described in this embodiment.
  • the acquiring unit 110 may be further configured to acquire biometric collation information; and transmit the biometric collation information to the payment information processing unit 120;
  • the payment information processing unit 120 is further configured to generate a key pair associated with the biometric collation information according to a preset key generation policy; and transmit the first public key in the key pair to the terminal device 130;
  • the key pair includes a first public key and a first private key;
  • the terminal device 130 is further configured to send the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to the user account corresponding to the payment terminal.
  • the terminal device 130 is further configured to send a temporary account request to the payment server;
  • the temporary account request is used by the payment server to generate a temporary account associated with the user account; and, the temporary account sent by the payment server is received, and a two-dimensional code associated with the temporary account is generated; wherein the temporary account is used for the preset
  • the validity period has the same payment function as the user account and is only used for the preset number of payments;
  • the two-dimensional code is used for the payment terminal to scan and send a transaction request to the payment server;
  • the transaction request includes the receipt The temporary account and the amount to be paid obtained by parsing the two-dimensional code by the payment end.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server; understandably, the terminal device 130 can resend the temporary account to the payment server at this time. Request to obtain a temporary account regenerated by the payment server.
  • the first private key corresponding to the biometric collation information and the biometric collation information stored by the payment information processing unit 120 cannot be performed by the terminal device 130, because the payment information processing unit 120 has hardware protection performance. Obtain.
  • the embodiment provides a structure of the payment terminal 10, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of biometric information of the user, and avoiding leakage of the real account of the user and improving The security in the mobile payment process.
  • the payment terminal according to the first embodiment shows a flow of a payment method applied to the payment terminal according to the foregoing embodiment, which may include:
  • the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
  • the payment information is used to confirm payment of the transaction information
  • the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and corresponding to the payment terminal according to the payment information when the verification is successful.
  • the amount to be paid in the user account is transferred to the receiving end.
  • the first private key corresponding to the biometric matching information and the biometric matching information stored by the payment terminal cannot be obtained by the terminal.
  • the method before receiving the transaction information sent by the payment server, the method further includes biometric comparison information and a corresponding key pair generation process:
  • S201 Generate a key pair associated with the biometric comparison information according to a preset key generation policy; the key pair includes a first public key and a first private key;
  • S202 Send the first public key in the key pair to the payment server, where the first public key is used by the payment server to bind the first public key to a user account corresponding to the payment terminal.
  • the method when the payment terminal initiates the payment, the method further includes a process of generating a two-dimensional code associated with the temporary account corresponding to the user account, specifically:
  • S203 The payment terminal sends a temporary account request to the payment server.
  • the temporary account request is used by the payment server to generate a temporary account associated with the user account
  • S204 The payment terminal receives the temporary account sent by the payment server, and generates a temporary account. Associated two-dimensional code;
  • the temporary account is used to have the same payment function as the user account in the preset validity period and is used only for the preset number of times of payment; the two-dimensional code is used for the payment by the payment terminal to the payment.
  • the server sends a transaction request; the transaction request includes the temporary account number and the to-be-paid amount obtained by the payment terminal by parsing the two-dimensional code.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server. It can be understood that the payment terminal can resend the temporary account request to the payment server. In order to obtain a temporary account regenerated by the payment server.
  • the embodiment provides a payment method applied to a payment terminal, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user, and avoiding leakage of the real account of the user. , improve the security of the mobile payment process.
  • the payment server 50 may include: a sending unit 510, a receiving unit 520, a verification unit 530, and a dialing unit 540; wherein
  • the sending unit 510 is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the receiving unit 520 is configured to receive, by the payment terminal, a payment message that is digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
  • the verification unit 530 is configured to verify the signed payment message by using the first public key of the payment terminal; and trigger the transfer unit 540 after the verification is successful;
  • the dialing unit 540 is configured to allocate the to-be-paid amount in the user account corresponding to the payment terminal to the payment end.
  • the receiving unit 520 is further configured to receive the first public key sent by the payment terminal; referring to FIG. 6, the payment server 50 further includes a binding unit 550 configured to associate the first public key with the Bind the user account corresponding to the payment terminal.
  • the receiving unit 520 is further configured to receive a temporary account request sent by the payment terminal;
  • the payment server 50 further includes a generating unit 560 configured to generate a temporary account associated with the user account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and Only for a preset number of payments;
  • the sending unit 510 is further configured to send a temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
  • the receiving unit 520 is further configured to receive a transaction request sent by the payment terminal after scanning the two-dimensional code, where the transaction request includes the payment end acquiring by analyzing the two-dimensional code The temporary account number and the amount to be paid.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the generating unit 560. It can be understood that the receiving unit 520 can accept the temporary resend by the payment terminal. The account request, thereby generating a temporary account that unit 560 can regenerate.
  • the specific structures of the sending unit 510, the receiving unit 520, the verifying unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560 may all correspond to a processor.
  • the specific structure of the processor may be a collection of electronic components or electronic components having processing functions such as a CPU, an MCU, a DSP, or a PLC.
  • the processor includes executable code
  • the executable code is stored in a storage medium, and the processor may be connected to the storage medium through a communication interface such as a bus, and when the corresponding function of each module is executed, the storage medium is read and operated from the storage medium.
  • Executable code The portion of the storage medium used to store the executable code is preferably a non-transitory storage medium.
  • the foregoing sending unit 510, the receiving unit 520, the verifying unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560 may be integrated corresponding to the same processor, or respectively corresponding to different processors; when the integration corresponds to the same processor
  • the processor adopts a function corresponding to the connection sending unit 510, the receiving unit 520, the verification unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560.
  • the embodiment provides a structure of the payment server 50, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding the leakage of the biometric information of the user, and avoiding the leakage of the real account of the user. Security in the mobile payment process.
  • the payment server according to the third embodiment shows a flow of a payment method applied to the payment server described in the foregoing embodiment, which may include:
  • the payment server sends a transaction message to the payment terminal.
  • the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the payment server receives the payment message that is sent by the payment terminal and is digitally signed by the first private key of the payment terminal.
  • the payment message is used to confirm payment of the transaction information
  • S730 The payment server verifies the signed payment message by using the first public key of the payment terminal.
  • the method may further include:
  • the payment server receives the first public key sent by the payment terminal; and binds the first public key to a user account corresponding to the payment terminal.
  • the method may further include:
  • the payment server sends the temporary account to the payment terminal to cause the payment terminal to generate a two-dimensional code associated with the temporary account.
  • the temporary account is used to have the same payment function as the user account within a preset validity period and is used only for a preset number of payments.
  • the user account information included in the transaction information is the temporary account
  • the user account information included in the transaction information is a temporary account regenerated by the payment server. It can be understood that the payment server can accept the temporary account request resent by the payment terminal. , thereby paying the temporary account that the server can regenerate.
  • the payment server may further include:
  • the embodiment provides a payment method applied to the payment server, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user, and avoiding leakage of the real account of the user. Improve security in the mobile payment process.
  • FIG. 8 a detailed process of a payment method according to an embodiment of the present invention is shown.
  • the biometric information is illustrated by using a fingerprint as an example.
  • Can include:
  • the payment server sends a fingerprint binding instruction to the payment terminal.
  • the payment terminal acquires the comparison fingerprint, and generates a key pair associated with the comparison fingerprint according to the preset key generation policy.
  • the key pair includes a first public key and a first private key
  • the comparison fingerprint may be acquired by the acquiring unit in the payment terminal, and the key pair associated with the comparison fingerprint may be generated and stored by the payment information processing unit;
  • S804 The payment terminal sends the first public key in the key pair to the payment server.
  • the payment server binds the first public key to a user account corresponding to the payment terminal.
  • S801 to S805 implement the acquisition of the collation fingerprint and the generation of the key pair corresponding to the fingerprint, so that the payment verification can be performed by verifying the key pair instead of verifying the fingerprint information in the subsequent payment verification process. Thereby, the risk of leakage of fingerprint information can be reduced.
  • the process can continue to include:
  • S806 The payment terminal sends a temporary account request to the payment server.
  • the temporary account request is used by the payment server to generate a temporary account associated with the user account
  • the payment server generates a temporary account associated with the user account
  • the temporary account is consistent with the composition of the user account. Therefore, the temporary account can be used to have the same payment function as the user account within the preset validity period and only used for the preset number of payments; A temporary account is used to replace the payment function of the user account. Therefore, in the specific payment process, the payment terminal and the merchant receiving end cannot obtain the real user account.
  • the number information ensures the security of the real user account, and since the temporary account is only used for the preset number of payments, the security of the funds in the user account can also be guaranteed.
  • S808 The payment server sends the temporary account to the payment terminal.
  • the payment terminal generates a two-dimensional code associated with the temporary account.
  • S810 The payment end scans the two-dimensional code, and parses out the temporary account according to the two-dimensional code
  • the payee end can be a merchant that conducts a transaction, and the two-dimensional code associated with the temporary account is scanned by the two-dimensional code scanner.
  • the payment terminal encapsulates the parsed temporary account number and the to-be-paid amount into a transaction request and sends the transaction request to the payment server;
  • the payment server sends the transaction information to the payment terminal according to the transaction request;
  • the transaction information includes user account information corresponding to the payment terminal and the amount to be paid;
  • the user account information included in the transaction information is the temporary account; and when the temporary account is not within the validity period, the user account information included in the transaction information is the payment.
  • Temporary account regenerated by the server;
  • S813 The payment terminal acquires the fingerprint of the user, and compares the obtained fingerprint with the comparison fingerprint.
  • the payment information is used to confirm payment of the transaction information
  • the payment terminal can acquire the fingerprint of the user through the obtaining unit, and can perform fingerprint matching and digital signature on the payment information through the payment information processing unit.
  • S816 The payment server verifies the signed payment message by using the first public key of the payment terminal.
  • the payment server can notify the payment terminal and the payment terminal.
  • the embodiment provides a detailed process of the payment method, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding the leakage of the biometric information of the user, and avoiding the leakage of the real account of the user. Security in the mobile payment process.
  • the embodiment further provides a payment system, and the system can Including a payment terminal, a payment terminal, and a payment server;
  • the payment terminal is configured to: after receiving the transaction information sent by the payment server, compare the acquired biometric information with the pre-stored biometric comparison information; the transaction information includes the user account information corresponding to the payment terminal The amount paid; and,
  • the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying the transaction information, and the first private key corresponding to the biometric matching information and the biometric collation information stored by the payment terminal cannot be obtained by the terminal;
  • the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and When the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the collection end according to the payment information;
  • a payment server configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
  • the payment message is used to confirm payment of the transaction information
  • the payment terminal involved in the embodiment may be the payment terminal described in the foregoing embodiment; the payment server involved in this embodiment may be the payment server described in the foregoing embodiment.
  • the embodiment of the invention further describes a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used in the payment method described in the foregoing embodiments.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the computer is readable and stored
  • the instructions in the reservoir produce an article of manufacture comprising an instruction device that implements the functions specified in one or more blocks of the flow or in a flow or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the verification process in the payment is performed by the key pair corresponding to the biometric information, the leakage of the biometric information of the user is avoided, the leakage of the real account of the user is avoided, and the security in the mobile payment process is improved. Sex.

Abstract

A payment method, device and system, and a computer storage medium. The method comprises: after transaction information sent by a payment server is received, comparing acquired biological characteristic information with pre-stored biological characteristic reference information (S210); when the acquired biological characteristic information is consistent with the biological characteristic reference information, signing a digital signature on payment information by means of a first private key associated with the biological characteristic reference information (S220); and sending, to the payment server, the payment information on which the digital signature is signed (S230).

Description

一种支付的方法、设备、系统及计算机存储介质Method, device, system and computer storage medium for payment 技术领域Technical field
本发明涉及信息安全技术,尤其涉及一种支付的方法、设备、系统及计算机存储介质。The present invention relates to information security technologies, and in particular, to a payment method, device, system, and computer storage medium.
背景技术Background technique
二维码支付作为一种新型便捷的支付手段凭借其时尚、便捷的用户体验得到迅速普及,但由于二维码本身具有易捕获、易截取、易传播的特点,用于支付的终端设备后台运行的病毒程序可以通过截屏等技术手段获取二维码信息,抢先发送支付请求,从而给客户造成损失,具有较大的安全隐患。As a new and convenient payment method, QR code payment has been rapidly popularized by its fashionable and convenient user experience. However, since the QR code itself is easy to capture, easy to intercept and easy to spread, the terminal device for payment is running in the background. The virus program can obtain the two-dimensional code information through screen capture and other technical means, and send the payment request in advance, thereby causing losses to the customer and having a large security risk.
目前,为了提高二维码支付的安全性,一些基于生物特征信息的确认手段,如指纹等被加入到二维码支付过程中,具体的过程可以包括:首先,认证服务器预存用户的指纹模板一枚,身份扫描设备的机器指纹一份,用户二维码一份;然后,用户移动终端向认证服务器发起认证请求;接着,身份扫描设备扫描用户指纹信息,提取指纹特征;随后,身份扫描设备扫描用户二维码,提取设备的机器指纹;接着,通过设备的机器指纹对用户二维码、指纹特征进行加密保护,传输至远端认证服务器进行认证;最后,认证服务器用预存的设备机器指纹解密用户认证请求,比对用户二维码与指纹特征,一致,则认证通过,不一致,则认证失败。At present, in order to improve the security of the two-dimensional code payment, some biometric information-based confirmation means, such as fingerprints, are added to the two-dimensional code payment process. The specific process may include: first, the authentication server pre-stores the user's fingerprint template. a machine fingerprint of the identity scanning device, and a user QR code; then, the user mobile terminal initiates an authentication request to the authentication server; then, the identity scanning device scans the user fingerprint information to extract the fingerprint feature; and then, the identity scanning device scans The user's two-dimensional code extracts the machine fingerprint of the device; then, the user's two-dimensional code and fingerprint feature are encrypted and protected by the machine fingerprint of the device, and transmitted to the remote authentication server for authentication; finally, the authentication server decrypts with the pre-stored device machine fingerprint If the user authentication request is the same as the user's QR code and the fingerprint feature, the authentication succeeds. If the authentication is inconsistent, the authentication fails.
上述方案可以保证用户身份凭据的唯一性,也能够满足用户无需记忆密钥的需求。但是上述方案在具体实现过程中,用户终端内的病毒程序可以在用户输入指纹时获取指纹特征,并生成伪造的交易信息采取发给认证服务器认证;进一步地,指纹特征在网络上的传输过程以及指纹特征直接 保存在服务器侧均会导致指纹特征的泄露,再加上用户的指纹信息具有不可撤销性,无法像改密码一样随意修改,一旦泄露则可以通过指纹信息模板反推出用户侧指纹图像,给用户带来更严重的损失,因此,上述方案仍然具有较大的安全隐患。The above solution can ensure the uniqueness of the user's identity credentials, and can also meet the needs of the user without having to memorize the key. However, in the specific implementation process, the virus program in the user terminal can acquire the fingerprint feature when the user inputs the fingerprint, and generate the forged transaction information to be sent to the authentication server for authentication; further, the transmission process of the fingerprint feature on the network and Fingerprint feature directly Saving on the server side will lead to the leakage of fingerprint features. In addition, the fingerprint information of the user is irrevocable. It cannot be modified as if the password was changed. Once it is leaked, the user side fingerprint image can be reversed through the fingerprint information template. To make more serious losses, therefore, the above scheme still has a large security risk.
发明内容Summary of the invention
为解决上述技术问题,本发明实施例期望提供一种支付的方法、设备、系统及计算机存储介质,避免生物特征信息的泄露,提高了移动支付过程中的安全性。In order to solve the above technical problem, embodiments of the present invention are directed to providing a method, device, system, and computer storage medium for payment, avoiding leakage of biometric information, and improving security in a mobile payment process.
本发明的技术方案是这样实现的:The technical solution of the present invention is implemented as follows:
第一方面,本发明实施例提供了一种支付终端,所述支付终端包括:通过加密通道进行连接的获取单元和支付信息处理单元、以及安装有支付应用程序的且与所述支付信息处理单元相连接的终端设备;其中,In a first aspect, an embodiment of the present invention provides a payment terminal, where the payment terminal includes: an acquisition unit and a payment information processing unit connected through an encrypted channel, and a payment application processing unit and the payment information processing unit Connected terminal devices;
所述终端设备,配置为接收由支付服务器发送的交易信息;其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;The terminal device is configured to receive transaction information sent by the payment server, where the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
所述获取单元,配置为获取生物特征信息,并将所述生物特征信息传输至所述支付信息处理单元,The acquiring unit is configured to acquire biometric information, and transmit the biometric information to the payment information processing unit,
所述支付信息处理单元,配置为将所述生物特征信息与预存的生物特征对照信息进行比对;以及,The payment information processing unit is configured to compare the biometric information with pre-stored biometric collation information; and
当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;并将签名后的支付信息传输至所述终端设备;其中,所述支付信息用于确认对所述交易信息进行支付;When the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; and the signed payment information is transmitted to The terminal device; wherein the payment information is used to confirm payment of the transaction information;
所述终端设备,还配置为将所述签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照 支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。The terminal device is further configured to send the signed payment information to the payment server; wherein the signed payment information is used by the payment server by using the biometric comparison information a public key for digital signature verification, and when the verification is successful The payment information transfers the amount to be paid in the user account corresponding to the payment terminal to the payment end.
在上述方案中,所述获取单元,还可以配置为获取生物特征对照信息;并将生物特征对照信息传输至所述支付信息处理单元;In the above solution, the acquiring unit may be further configured to acquire biometric collation information; and transmit biometric collation information to the payment information processing unit;
所述支付信息处理单元,还配置为按照预设的密钥生成策略生成与生物特征对照信息相关联的密钥对;并将密钥对中的第一公钥传输至所述终端设备;其中,密钥对包括第一公钥和第一私钥;The payment information processing unit is further configured to generate a key pair associated with the biometric collation information according to a preset key generation policy; and transmit the first public key in the key pair to the terminal device; The key pair includes a first public key and a first private key;
所述终端设备,还配置为将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于支付服务器将第一公钥与支付终端对应的用户账号进行绑定。The terminal device is further configured to send the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to the user account corresponding to the payment terminal.
在上述方案中,所述终端设备,还配置为向所述支付服务器发送临时账号请求;其中,所述临时账号请求用于所述支付服务器生成与所述用户账号相关联的临时账号;以及,接收所述支付服务器发送的临时账号,并生成与所述临时账号相关联的二维码;其中,所述临时账号用于在预设的有效期内具有与用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。In the above solution, the terminal device is further configured to send a temporary account request to the payment server; wherein the temporary account request is used by the payment server to generate a temporary account associated with the user account; Receiving a temporary account sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and is only used for a preset number of times of payment; the two-dimensional code is used to send a transaction request to the payment server after the cashier scans; the transaction request includes the temporary information obtained by the payment terminal by parsing the two-dimensional code Account number and amount to be paid.
在上述方案中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;In the above solution, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
在上述方案中,所述支付信息处理单元存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法通过所述终端设备进行获取。 In the above solution, the first private key corresponding to the biometric collation information and the biometric collation information stored by the payment information processing unit cannot be acquired by the terminal device.
第二方面,本发明实施例提供了一种支付服务器,所述支付服务器包括:发送单元、接收单元、验证单元和划拨单元;其中,In a second aspect, an embodiment of the present invention provides a payment server, where the payment server includes: a sending unit, a receiving unit, a verifying unit, and a dialing unit;
所述发送单元,配置为向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;The sending unit is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
所述接收单元,配置为接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;The receiving unit is configured to receive, by the payment terminal, a payment message that is digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
所述验证单元,配置为通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;并在验证成功后触发所述划拨单元;The verification unit is configured to verify the signed payment message by using the first public key of the payment terminal, and trigger the transfer unit after the verification succeeds;
所述划拨单元,配置为将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。The allocating unit is configured to allocate the to-be-paid amount in the user account corresponding to the payment terminal to the receiving end.
在上述方案中,所述接收单元,还配置为接收由所述支付终端发送的第一公钥;In the above solution, the receiving unit is further configured to receive the first public key sent by the payment terminal;
所述支付服务器还包括绑定单元,配置为将所述第一公钥与所述支付终端对应的用户账号进行绑定。The payment server further includes a binding unit configured to bind the first public key to a user account corresponding to the payment terminal.
在上述方案中,所述接收单元,还配置为接收由所述支付终端发送的临时账号请求;In the above solution, the receiving unit is further configured to receive a temporary account request sent by the payment terminal;
所述支付服务器还包括生成单元,配置为生成与所述用户账号相关联的临时账号;其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;The payment server further includes a generating unit configured to generate a temporary account associated with the user account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and only used Payment for a preset number of times;
发送单元,还配置为向支付终端发送临时账号,以使得支付终端生成与临时账号相关联的二维码。The sending unit is further configured to send the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
在上述方案中,所述接收单元,还配置为接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。 In the above solution, the receiving unit is further configured to receive a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the payment end by parsing the second The temporary account number and the amount to be paid obtained by the dimension code.
在上述方案中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;In the above solution, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述生成单元重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the generating unit.
第三方面,本发明实施例提供了一种支付的方法,所述方法应用于一支付终端,所述方法包括:In a third aspect, an embodiment of the present invention provides a method for payment, where the method is applied to a payment terminal, and the method includes:
接收到由支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;After receiving the transaction information sent by the payment server, the acquired biometric information is compared with the pre-stored biometric comparison information; wherein the transaction information includes the user account information corresponding to the payment terminal and the amount to be paid ;
当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;其中,所述支付信息用于确认对所述交易信息进行支付;And when the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information;
将签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。Sending the signed payment information to the payment server; wherein the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and When the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
在上述方案中,所述接收到由支付服务器发送的交易信息之前,所述方法还包括:In the above solution, before the receiving the transaction information sent by the payment server, the method further includes:
获取生物特征对照信息;Obtaining biometric control information;
按照预设的密钥生成策略生成与所述生物特征对照信息相关联的密钥对;所述密钥对包括第一公钥和第一私钥;Generating a key pair associated with the biometric collation information according to a preset key generation policy; the key pair includes a first public key and a first private key;
将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于所述支付服务器将所述第一公钥与所述支付终端对应的用户账号进行绑定。Sending the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to a user account corresponding to the payment terminal.
在上述方案中,所述支付终端发起支付时,所述方法还包括:In the above solution, when the payment terminal initiates the payment, the method further includes:
所述支付终端向所述支付服务器发送临时账号请求;其中,所述临时 账号请求用于所述支付服务器生成与所述用户账号相关联的临时账号;The payment terminal sends a temporary account request to the payment server; wherein the temporary An account request for the payment server to generate a temporary account associated with the user account;
所述支付终端接收所述支付服务器发送的所述临时账号,并生成与所述临时账号相关联的二维码;其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Receiving, by the payment terminal, the temporary account number sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have a user account with a preset validity period The same payment function and only for a preset number of payments; the two-dimensional code is used for sending a transaction request to the payment server after the payment end scan; the transaction request includes the payment end by parsing the second The temporary account number and the amount to be paid obtained by the dimension code.
在上述方案中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;In the above solution, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
在上述方案中,所述支付终端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法进行获取。In the above solution, the first private key corresponding to the biometric matching information and the biometric matching information stored by the payment terminal cannot be acquired.
第四方面,本发明实施例提供了一种支付的方法,所述方法应用于一支付服务器,所述方法包括:In a fourth aspect, an embodiment of the present invention provides a method for payment, where the method is applied to a payment server, and the method includes:
所述支付服务器向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;The payment server sends a transaction message to the payment terminal; wherein the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
所述支付服务器接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;The payment server receives a payment message sent by the payment terminal and digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
所述支付服务器通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;The payment server verifies the signed payment message by using the first public key of the payment terminal;
当验证成功时,所述支付服务器将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。When the verification is successful, the payment server transfers the to-be-paid amount in the user account corresponding to the payment terminal to the payment terminal.
在上述方案中,所述支付服务器向支付终端发送交易消息之前,所述方法还包括: In the above solution, before the payment server sends the transaction message to the payment terminal, the method further includes:
所述支付服务器接收由所述支付终端发送的第一公钥;并将所述第一公钥与所述支付终端对应的用户账号进行绑定。The payment server receives the first public key sent by the payment terminal; and binds the first public key to a user account corresponding to the payment terminal.
在上述方案中,所述支付终端发起支付时,所述方法还包括:In the above solution, when the payment terminal initiates the payment, the method further includes:
所述支付服务器接收由所述支付终端发送的临时账号请求;并生成与所述用户账号相关联的临时账号,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;Receiving, by the payment server, a temporary account request sent by the payment terminal; and generating a temporary account associated with the user account, the temporary account being used to have the same payment as the user account within a preset validity period Function and only for a preset number of payments;
所述支付服务器向所述支付终端发送所述临时账号,以使得所述支付终端生成与所述临时账号相关联的二维码。The payment server sends the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
在上述方案中,所述支付服务器向所述支付终端发送所述临时账号之后,且所述支付服务器向支付终端发送交易消息之前,所述方法还包括:In the above solution, after the payment server sends the temporary account to the payment terminal, and the payment server sends a transaction message to the payment terminal, the method further includes:
所述支付服务器接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Receiving, by the payment server, a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the temporary account obtained by the payment terminal by parsing the two-dimensional code And the amount to be paid.
在上述方案中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;In the above solution, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
第五方面,本发明实施例提供了一种支付系统,所述系统包括支付终端、收款端和支付服务器;其中,In a fifth aspect, an embodiment of the present invention provides a payment system, where the system includes a payment terminal, a payment terminal, and a payment server;
所述支付终端,配置为接收到由所述支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;以及,The payment terminal is configured to: after receiving the transaction information sent by the payment server, compare the acquired biometric information with the pre-stored biometric collation information; the transaction information includes a user corresponding to the payment terminal Account information and amount to be paid; and,
当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;其中,所述支付信息用于确认对所述交易信息进行支付,并且,所述支付终 端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法进行获取;以及,And when the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information, and the payment is final The biometric control information stored in the end and the first private key corresponding to the biometric collation information cannot be acquired; and,
将签名后的支付信息发送至所述支付服务器;Sending the signed payment information to the payment server;
所述支付服务器,配置为向所述支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;以及,The payment server is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;以及,Receiving, by the payment terminal, a payment message digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;以及,Verifying the signed payment message by the first public key of the payment terminal; and
当验证成功时,将所述支付终端对应的用户账号中的所述待支付金额划拨至所述收款端。When the verification is successful, the to-be-paid amount in the user account corresponding to the payment terminal is allocated to the collection terminal.
本发明实施例提供了一种计算机存储介质,所述计算机存储介质中存储有计算机程序,所述计算机程序用于执行以上所述的支付方法。The embodiment of the invention provides a computer storage medium, wherein the computer storage medium stores a computer program, and the computer program is used to execute the payment method described above.
本发明实施例提供了一种支付的方法、设备和系统,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露,提高了移动支付过程中的安全性。The embodiment of the invention provides a method, a device and a system for payment, which perform a verification process in a payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user and avoiding the real account of the user. Leakage improves security in the mobile payment process.
附图说明DRAWINGS
图1为本发明实施例提供的一种支付终端的结构示意图;FIG. 1 is a schematic structural diagram of a payment terminal according to an embodiment of the present invention;
图2为本发明实施例提供的一种应用于支付终端的支付方法流程示意图;2 is a schematic flowchart of a payment method applied to a payment terminal according to an embodiment of the present invention;
图3为本发明实施例提供的一种生物特征对照信息及对应的密钥对的生成流程示意图;FIG. 3 is a schematic diagram of a biometric comparison information and a corresponding key pair generation process according to an embodiment of the present disclosure;
图4为本发明实施例提供的一种生成与用户账号对应的临时账号相关联的二维码的流程示意图;FIG. 4 is a schematic flowchart of generating a two-dimensional code associated with a temporary account corresponding to a user account according to an embodiment of the present disclosure;
图5为本发明实施例提供的一种支付服务器的结构示意图; FIG. 5 is a schematic structural diagram of a payment server according to an embodiment of the present disclosure;
图6为本发明实施例提供的另一种支付服务器的结构示意图;FIG. 6 is a schematic structural diagram of another payment server according to an embodiment of the present disclosure;
图7为本实施例提供的一种应用于支付服务器的支付方法流程示意图;FIG. 7 is a schematic flowchart of a payment method applied to a payment server according to an embodiment of the present disclosure;
图8为本发明实施例提供的一种支付方法的详细流程示意图。FIG. 8 is a schematic flowchart diagram of a payment method according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述。The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings.
实施例一Embodiment 1
如图1,其示出了本发明实施例提供的一种支付终端10的结构,该终端10可以包括通过加密通道进行连接的获取单元110和支付信息处理单元120、以及安装有支付应用程序的与支付信息处理单元120相连接的终端设备130;终端设备130可以按照支付应用程序的指示实现本发明实施例所述的支付过程的功能;其中,FIG. 1 shows a structure of a payment terminal 10 according to an embodiment of the present invention. The terminal 10 may include an obtaining unit 110 and a payment information processing unit 120 connected through an encrypted channel, and a payment application installed. a terminal device 130 connected to the payment information processing unit 120; the terminal device 130 can implement the function of the payment process according to the embodiment of the present invention according to the indication of the payment application;
终端设备130,配置为接收由支付服务器发送的交易信息;其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;The terminal device 130 is configured to receive transaction information sent by the payment server, where the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
获取单元110,配置为获取生物特征信息,并将该生物特征信息传输至支付信息处理单元120;在本发明实施例中,生物特征信息以指纹信息为例对技术方案进行说明,可以理解地,本领域技术人员可以将本发明实施例的技术方案应用于其他生物特征信息,例如眼纹、声纹等。本发明实施例对此不做赘述;The obtaining unit 110 is configured to acquire the biometric information and transmit the biometric information to the payment information processing unit 120. In the embodiment of the present invention, the biometric information is described by taking the fingerprint information as an example. A person skilled in the art can apply the technical solutions of the embodiments of the present invention to other biometric information, such as eye lines, voice prints, and the like. This embodiment of the present invention does not describe this;
支付信息处理单元120,配置为将生物特征信息与预存的生物特征对照信息进行比对;以及,The payment information processing unit 120 is configured to compare the biometric information with the pre-stored biometric collation information; and
当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;并将签名后的支付信息传输至终端设备130;其中,所述支付信息用于确认对所述交易信息进行支付; When the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; and the signed payment information is transmitted to The terminal device 130; wherein the payment information is used to confirm payment of the transaction information;
终端设备130,还配置为将签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。The terminal device 130 is further configured to send the signed payment information to the payment server, wherein the signed payment information is used by the payment server by using the first public key associated with the biometric collation information The digital signature verification is performed, and when the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
需要说明的是,本实施例中所述的终端设备130可以是任一种具有支付应用的终端设备,例如手机、平板电脑等。支付信息处理单元120可以是一种包括存储区域和处理器的具有硬件保护性能的装置,该装置可以具有存储、运算及加解密的能力,并且具有对存储的数据进行安全存储的能力,使得被安全存储的数据能够不被导出和获取。获取单元110的具体结构可对应于处理器,所述处理器具体的结构可以为中央处理器(CPU,Central Processing Unit)、微处理器(MCU,Micro Controller Unit)、数字信号处理器(DSP,Digital Signal Processing)或可编程逻辑器件(PLC,Programmable Logic Controller)等具有处理功能的电子元器件或电子元器件的集合。获取单元110和支付信息处理单元120可以通过USB等外设接口与终端设备130相连,也可以通过总线连接设计成为终端设备130的一部分,本实施例对此不做具体赘述。It should be noted that the terminal device 130 described in this embodiment may be any terminal device having a payment application, such as a mobile phone, a tablet computer, or the like. The payment information processing unit 120 may be a device with hardware protection performance including a storage area and a processor, which may have the ability to store, calculate, and decrypt, and have the ability to securely store the stored data, so that Securely stored data can be exported and retrieved. The specific structure of the obtaining unit 110 may correspond to a processor, and the specific structure of the processor may be a Central Processing Unit (CPU), a Micro Controller Unit (MCU), and a Digital Signal Processor (DSP). Digital Signal Processing) or a collection of electronic components or electronic components having processing functions such as a programmable logic device (PLC). The obtaining unit 110 and the payment information processing unit 120 may be connected to the terminal device 130 through a peripheral interface such as a USB, or may be designed as a part of the terminal device 130 through a bus connection, which is not specifically described in this embodiment.
示例性地,获取单元110,还可以配置为获取生物特征对照信息;并将生物特征对照信息传输至支付信息处理单元120;Exemplarily, the acquiring unit 110 may be further configured to acquire biometric collation information; and transmit the biometric collation information to the payment information processing unit 120;
支付信息处理单元120,还配置为按照预设的密钥生成策略生成与生物特征对照信息相关联的密钥对;并将密钥对中的第一公钥传输至终端设备130;其中,密钥对包括第一公钥和第一私钥;The payment information processing unit 120 is further configured to generate a key pair associated with the biometric collation information according to a preset key generation policy; and transmit the first public key in the key pair to the terminal device 130; The key pair includes a first public key and a first private key;
终端设备130,还配置为将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于支付服务器将第一公钥与支付终端对应的用户账号进行绑定。The terminal device 130 is further configured to send the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to the user account corresponding to the payment terminal.
示例性地,终端设备130,还配置为向支付服务器发送临时账号请求; 其中,临时账号请求用于支付服务器生成与用户账号相关联的临时账号;以及,接收支付服务器发送的临时账号,并生成与临时账号相关联的二维码;其中,临时账号用于在预设的有效期内具有与用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Exemplarily, the terminal device 130 is further configured to send a temporary account request to the payment server; The temporary account request is used by the payment server to generate a temporary account associated with the user account; and, the temporary account sent by the payment server is received, and a two-dimensional code associated with the temporary account is generated; wherein the temporary account is used for the preset The validity period has the same payment function as the user account and is only used for the preset number of payments; the two-dimensional code is used for the payment terminal to scan and send a transaction request to the payment server; the transaction request includes the receipt The temporary account and the amount to be paid obtained by parsing the two-dimensional code by the payment end.
进一步地,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;Further, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号;可以理解地,此时终端设备130可以重新向支付服务器发送临时账号请求,从而获得支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server; understandably, the terminal device 130 can resend the temporary account to the payment server at this time. Request to obtain a temporary account regenerated by the payment server.
示例性地,由于支付信息处理单元120具有硬件保护性能,因此,支付信息处理单元120所存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法通过终端设备130进行获取。Illustratively, the first private key corresponding to the biometric collation information and the biometric collation information stored by the payment information processing unit 120 cannot be performed by the terminal device 130, because the payment information processing unit 120 has hardware protection performance. Obtain.
本实施例提供了一种支付终端10的结构,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露,提高了移动支付过程中的安全性。The embodiment provides a structure of the payment terminal 10, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of biometric information of the user, and avoiding leakage of the real account of the user and improving The security in the mobile payment process.
实施例二Embodiment 2
基于实施例一所述的支付终端,参见图2,其示出了本实施例提供的一种应用于前述实施例中所述的支付终端的支付方法流程,该方法可以包括:The payment terminal according to the first embodiment, referring to FIG. 2, shows a flow of a payment method applied to the payment terminal according to the foregoing embodiment, which may include:
S210:接收到由支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;S210: After receiving the transaction information sent by the payment server, comparing the acquired biometric information with the pre-stored biometric comparison information;
其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额; The transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
S220:当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;S220: When the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information;
其中,所述支付信息用于确认对所述交易信息进行支付;Wherein the payment information is used to confirm payment of the transaction information;
S230:将签名后的支付信息发送至所述支付服务器;S230: Send the signed payment information to the payment server;
其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。The signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and corresponding to the payment terminal according to the payment information when the verification is successful. The amount to be paid in the user account is transferred to the receiving end.
需要说明的是,所述支付终端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法通过终端进行获取。It should be noted that the first private key corresponding to the biometric matching information and the biometric matching information stored by the payment terminal cannot be obtained by the terminal.
示例性地,参见图3,在接收到由支付服务器发送的交易信息之前,该方法还包括生物特征对照信息及对应的密钥对的生成过程:Illustratively, referring to FIG. 3, before receiving the transaction information sent by the payment server, the method further includes biometric comparison information and a corresponding key pair generation process:
S200:获取生物特征对照信息;S200: Obtain biometric comparison information;
S201:按照预设的密钥生成策略生成与所述生物特征对照信息相关联的密钥对;所述密钥对包括第一公钥和第一私钥;S201: Generate a key pair associated with the biometric comparison information according to a preset key generation policy; the key pair includes a first public key and a first private key;
S202:将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于所述支付服务器将所述第一公钥与所述支付终端对应的用户账号进行绑定。S202: Send the first public key in the key pair to the payment server, where the first public key is used by the payment server to bind the first public key to a user account corresponding to the payment terminal.
示例性地,参见图4,支付终端发起支付时,该方法还包括生成与用户账号对应的临时账号相关联的二维码的过程,具体包括:Illustratively, referring to FIG. 4, when the payment terminal initiates the payment, the method further includes a process of generating a two-dimensional code associated with the temporary account corresponding to the user account, specifically:
S203:支付终端向支付服务器发送临时账号请求;S203: The payment terminal sends a temporary account request to the payment server.
其中,所述临时账号请求用于所述支付服务器生成与所述用户账号相关联的临时账号;The temporary account request is used by the payment server to generate a temporary account associated with the user account;
S204:支付终端接收支付服务器发送的临时账号,并生成与临时账号 相关联的二维码;S204: The payment terminal receives the temporary account sent by the payment server, and generates a temporary account. Associated two-dimensional code;
其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。The temporary account is used to have the same payment function as the user account in the preset validity period and is used only for the preset number of times of payment; the two-dimensional code is used for the payment by the payment terminal to the payment. The server sends a transaction request; the transaction request includes the temporary account number and the to-be-paid amount obtained by the payment terminal by parsing the two-dimensional code.
进一步地,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;Further, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号,可以理解地,此时支付终端可以重新向支付服务器发送临时账号请求,从而获得支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server. It can be understood that the payment terminal can resend the temporary account request to the payment server. In order to obtain a temporary account regenerated by the payment server.
本实施例提供了一种应用于支付终端的支付方法,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露,提高了移动支付过程中的安全性。The embodiment provides a payment method applied to a payment terminal, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user, and avoiding leakage of the real account of the user. , improve the security of the mobile payment process.
实施例三Embodiment 3
基于前述实施例相同的技术构思,参见图5,其示出了本发明实施例提供的一种支付服务器50的结构,该支付服务器50可以包括:发送单元510、接收单元520、验证单元530和划拨单元540;其中,Based on the same technical concept of the foregoing embodiment, referring to FIG. 5, a structure of a payment server 50 according to an embodiment of the present invention is shown. The payment server 50 may include: a sending unit 510, a receiving unit 520, a verification unit 530, and a dialing unit 540; wherein
发送单元510,配置为向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;The sending unit 510 is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
接收单元520,配置为接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;The receiving unit 520 is configured to receive, by the payment terminal, a payment message that is digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
验证单元530,配置为通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;并在验证成功后触发划拨单元540; The verification unit 530 is configured to verify the signed payment message by using the first public key of the payment terminal; and trigger the transfer unit 540 after the verification is successful;
划拨单元540,配置为将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。The dialing unit 540 is configured to allocate the to-be-paid amount in the user account corresponding to the payment terminal to the payment end.
示例性地,接收单元520,还配置为接收由所述支付终端发送的第一公钥;参见图6,支付服务器50还包括绑定单元550,配置为将所述第一公钥与所述支付终端对应的用户账号进行绑定。Exemplarily, the receiving unit 520 is further configured to receive the first public key sent by the payment terminal; referring to FIG. 6, the payment server 50 further includes a binding unit 550 configured to associate the first public key with the Bind the user account corresponding to the payment terminal.
示例性地,接收单元520,还配置为接收由支付终端发送的临时账号请求;Exemplarily, the receiving unit 520 is further configured to receive a temporary account request sent by the payment terminal;
参见图6,支付服务器50还包括生成单元560,配置为生成与用户账号相关联的临时账号;其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;Referring to FIG. 6, the payment server 50 further includes a generating unit 560 configured to generate a temporary account associated with the user account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and Only for a preset number of payments;
发送单元510,还配置为向支付终端发送临时账号,以使得支付终端生成与临时账号相关联的二维码。The sending unit 510 is further configured to send a temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
进一步地,接收单元520,还配置为接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Further, the receiving unit 520 is further configured to receive a transaction request sent by the payment terminal after scanning the two-dimensional code, where the transaction request includes the payment end acquiring by analyzing the two-dimensional code The temporary account number and the amount to be paid.
进一步地,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;Further, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为生成单元560重新生成的临时账号,可以理解地,此时接收单元520可以接受由支付终端重新发送的临时账号请求,从而生成单元560能够重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the generating unit 560. It can be understood that the receiving unit 520 can accept the temporary resend by the payment terminal. The account request, thereby generating a temporary account that unit 560 can regenerate.
实际应用中,所述接发送单元510、接收单元520、验证单元530、划拨单元540、绑定单元550、生成单元560的具体结构均可对应于处理器。所述处理器具体的结构可以为CPU、MCU、DSP或PLC等具有处理功能的电子元器件或电子元器件的集合。其中,所述处理器包括可执行代码,所 述可执行代码存储在存储介质中,所述处理器可以通过总线等通信接口与所述存储介质中相连,在执行具体的各模块的对应功能时,从所述存储介质中读取并运行所述可执行代码。所述存储介质用于存储所述可执行代码的部分优选为非瞬间存储介质。In a practical application, the specific structures of the sending unit 510, the receiving unit 520, the verifying unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560 may all correspond to a processor. The specific structure of the processor may be a collection of electronic components or electronic components having processing functions such as a CPU, an MCU, a DSP, or a PLC. Wherein the processor includes executable code, The executable code is stored in a storage medium, and the processor may be connected to the storage medium through a communication interface such as a bus, and when the corresponding function of each module is executed, the storage medium is read and operated from the storage medium. Executable code. The portion of the storage medium used to store the executable code is preferably a non-transitory storage medium.
上述接发送单元510、接收单元520、验证单元530、划拨单元540、绑定单元550、生成单元560可以集成对应于同一处理器,或分别对应不同的处理器;当集成对应于同一处理器时,所述处理器采用时分处理所所述接发送单元510、接收单元520、验证单元530、划拨单元540、绑定单元550、生成单元560对应的功能。The foregoing sending unit 510, the receiving unit 520, the verifying unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560 may be integrated corresponding to the same processor, or respectively corresponding to different processors; when the integration corresponds to the same processor The processor adopts a function corresponding to the connection sending unit 510, the receiving unit 520, the verification unit 530, the dialing unit 540, the binding unit 550, and the generating unit 560.
本实施例提供了一种支付服务器50的结构,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露提高了移动支付过程中的安全性。The embodiment provides a structure of the payment server 50, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding the leakage of the biometric information of the user, and avoiding the leakage of the real account of the user. Security in the mobile payment process.
实施例四Embodiment 4
基于实施例三所述的支付服务器,参见图7,其示出了本实施例提供的一种应用于前述实施例中所述的支付服务器的支付方法流程,该方法可以包括:The payment server according to the third embodiment, referring to FIG. 7, shows a flow of a payment method applied to the payment server described in the foregoing embodiment, which may include:
S710:支付服务器向支付终端发送交易消息;S710: The payment server sends a transaction message to the payment terminal.
其中,所述交易消息包括支付终端对应的用户账号信息和待支付的金额;The transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
S720:支付服务器接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;S720: The payment server receives the payment message that is sent by the payment terminal and is digitally signed by the first private key of the payment terminal.
其中,所述支付消息用于确认对所述交易信息进行支付;Wherein the payment message is used to confirm payment of the transaction information;
S730:支付服务器通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;S730: The payment server verifies the signed payment message by using the first public key of the payment terminal.
S740:当验证成功时,支付服务器将所述支付终端对应的用户账号中 的所述待支付金额划拨至收款端。S740: When the verification is successful, the payment server will be in the user account corresponding to the payment terminal. The amount to be paid is allocated to the receiving end.
示例性地,在支付服务器向支付终端发送交易消息之前,还可以包括:Exemplarily, before the payment server sends the transaction message to the payment terminal, the method may further include:
支付服务器接收由所述支付终端发送的第一公钥;并将所述第一公钥与所述支付终端对应的用户账号进行绑定。The payment server receives the first public key sent by the payment terminal; and binds the first public key to a user account corresponding to the payment terminal.
示例性地,支付终端发起支付时,还可以包括:Illustratively, when the payment terminal initiates the payment, the method may further include:
支付服务器接收由所述支付终端发送的临时账号请求;并生成与所述用户账号相关联的临时账号;以及,Receiving, by the payment server, a temporary account request sent by the payment terminal; and generating a temporary account associated with the user account;
支付服务器向所述支付终端发送所述临时账号,以使得所述支付终端生成与所述临时账号相关联的二维码。The payment server sends the temporary account to the payment terminal to cause the payment terminal to generate a two-dimensional code associated with the temporary account.
其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付。The temporary account is used to have the same payment function as the user account within a preset validity period and is used only for a preset number of payments.
需要说明的是,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;It should be noted that, when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为支付服务器重新生成的临时账号,可以理解地,此时支付服务器可以接受由支付终端重新发送的临时账号请求,从而支付服务器能够重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server. It can be understood that the payment server can accept the temporary account request resent by the payment terminal. , thereby paying the temporary account that the server can regenerate.
进一步地,在支付服务器向所述支付终端发送所述临时账号之后,且所述支付服务器向支付终端发送交易消息之前,还可以包括:Further, after the payment server sends the temporary account to the payment terminal, and the payment server sends the transaction message to the payment terminal, the payment server may further include:
所述支付服务器接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Receiving, by the payment server, a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the temporary account obtained by the payment terminal by parsing the two-dimensional code And the amount to be paid.
本实施例提供了一种应用于支付服务器的支付方法,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露提高了移动支付过程中的安全性。 The embodiment provides a payment method applied to the payment server, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding leakage of the biometric information of the user, and avoiding leakage of the real account of the user. Improve security in the mobile payment process.
实施例五Embodiment 5
基于前述实施例相同的技术构思,参见图8,其示出了本发明实施例提供的一种支付方法的详细流程,该流程中,生物特征信息以指纹为例进行技术方案的说明,该流程可以包括:Based on the same technical concept of the foregoing embodiment, referring to FIG. 8 , a detailed process of a payment method according to an embodiment of the present invention is shown. In the process, the biometric information is illustrated by using a fingerprint as an example. Can include:
S801:支付终端通过鉴权之后,向支付服务器发送指纹绑定请求;S801: After the payment terminal authenticates, send a fingerprint binding request to the payment server.
S802:支付服务器向支付终端发送指纹绑定指令;S802: The payment server sends a fingerprint binding instruction to the payment terminal.
S803:支付终端获取对照指纹,并按照预设的密钥生成策略生成与对照指纹相关联的密钥对;S803: The payment terminal acquires the comparison fingerprint, and generates a key pair associated with the comparison fingerprint according to the preset key generation policy.
其中,密钥对包括第一公钥和第一私钥;The key pair includes a first public key and a first private key;
具体地,可以由支付终端中的获取单元来获取对照指纹,可以由支付信息处理单元生成并存储与对照指纹相关联的密钥对;Specifically, the comparison fingerprint may be acquired by the acquiring unit in the payment terminal, and the key pair associated with the comparison fingerprint may be generated and stored by the payment information processing unit;
S804:支付终端将密钥对中的第一公钥发送至支付服务器;S804: The payment terminal sends the first public key in the key pair to the payment server.
S805:支付服务器将第一公钥与支付终端对应的用户账号进行绑定;S805: The payment server binds the first public key to a user account corresponding to the payment terminal.
可以理解地,S801至S805实现了对照指纹的获取以及对照指纹对应的密钥对的生成,从而可以使得在后续的支付验证过程中,通过验证密钥对而非验证指纹信息来进行支付验证,从而可以降低指纹信息的泄露风险。It can be understood that S801 to S805 implement the acquisition of the collation fingerprint and the generation of the key pair corresponding to the fingerprint, so that the payment verification can be performed by verifying the key pair instead of verifying the fingerprint information in the subsequent payment verification process. Thereby, the risk of leakage of fingerprint information can be reduced.
当需要发起支付交易时,该流程继续可以包括:When a payment transaction needs to be initiated, the process can continue to include:
S806:支付终端向支付服务器发送临时账号请求;S806: The payment terminal sends a temporary account request to the payment server.
其中,所述临时账号请求用于所述支付服务器生成与用户账号相关联的临时账号;The temporary account request is used by the payment server to generate a temporary account associated with the user account;
S807:支付服务器生成与用户账号相关联的临时账号;S807: The payment server generates a temporary account associated with the user account;
需要说明的是,临时账号与用户账号的组成结构一致,因此,临时账号可以用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;由于使用了临时账号来替代用户账号的支付功能,因此,在具体支付过程中,支付终端和商户收款端均无法获取真实的用户账 号信息,从而保证了真实的用户账号的安全,而且,由于临时账号仅用于预设次数的支付,因此,还能保证了用户账号中的资金安全。It should be noted that the temporary account is consistent with the composition of the user account. Therefore, the temporary account can be used to have the same payment function as the user account within the preset validity period and only used for the preset number of payments; A temporary account is used to replace the payment function of the user account. Therefore, in the specific payment process, the payment terminal and the merchant receiving end cannot obtain the real user account. The number information ensures the security of the real user account, and since the temporary account is only used for the preset number of payments, the security of the funds in the user account can also be guaranteed.
S808:支付服务器向支付终端发送所述临时账号;S808: The payment server sends the temporary account to the payment terminal.
S809:支付终端生成与临时账号相关联的二维码;S809: The payment terminal generates a two-dimensional code associated with the temporary account.
S810:收款端扫描二维码,并根据二维码解析出临时账号;S810: The payment end scans the two-dimensional code, and parses out the temporary account according to the two-dimensional code;
可以理解地,收款端可以是进行交易的商户,通过二维码扫描器对临时账号相关联的二维码进行扫描。It can be understood that the payee end can be a merchant that conducts a transaction, and the two-dimensional code associated with the temporary account is scanned by the two-dimensional code scanner.
S811:收款端将解析出的临时账号和待支付金额封装成交易请求发送至支付服务器;S811: The payment terminal encapsulates the parsed temporary account number and the to-be-paid amount into a transaction request and sends the transaction request to the payment server;
S812:支付服务器根据交易请求向支付终端发送交易信息;S812: The payment server sends the transaction information to the payment terminal according to the transaction request;
其中,交易信息包括支付终端对应的用户账号信息和待支付的金额;The transaction information includes user account information corresponding to the payment terminal and the amount to be paid;
需要说明的是,当临时账号处于有效期内,则交易信息中所包括的用户账号信息为所述临时账号;当临时账号不处于有效期内,则交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号;It should be noted that, when the temporary account is within the validity period, the user account information included in the transaction information is the temporary account; and when the temporary account is not within the validity period, the user account information included in the transaction information is the payment. Temporary account regenerated by the server;
S813:支付终端获取用户的指纹,并将获取到的指纹与对照指纹进行比对;S813: The payment terminal acquires the fingerprint of the user, and compares the obtained fingerprint with the comparison fingerprint.
S814:当获取到的指纹与对照指纹一致时,支付终端通过与对照指纹相关联的第一私钥对支付信息进行数字签名;S814: when the obtained fingerprint is consistent with the comparison fingerprint, the payment terminal digitally signs the payment information by using the first private key associated with the comparison fingerprint;
其中,支付信息用于确认对所述交易信息进行支付;Wherein the payment information is used to confirm payment of the transaction information;
可以理解地,支付终端可以通过获取单元来获取用户的指纹,可以通过支付信息处理单元进行指纹比对以及对支付信息的数字签名。It can be understood that the payment terminal can acquire the fingerprint of the user through the obtaining unit, and can perform fingerprint matching and digital signature on the payment information through the payment information processing unit.
S815:支付终端将签名后的支付信息发送至支付服务器;S815: the payment terminal sends the signed payment information to the payment server;
S816:支付服务器通过支付终端的第一公钥对签名后的支付消息进行验证;S816: The payment server verifies the signed payment message by using the first public key of the payment terminal.
S817:当验证成功时,支付服务器将所述支付终端对应的用户账号中 的所述待支付金额划拨至收款端。S817: When the verification is successful, the payment server will be in the user account corresponding to the payment terminal. The amount to be paid is allocated to the receiving end.
可以理解地,当资金划拨完毕后,支付服务器可以通知收款端和支付终端。Understandably, after the funds transfer is completed, the payment server can notify the payment terminal and the payment terminal.
本实施例提供了一种支付方法的详细流程,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露提高了移动支付过程中的安全性。The embodiment provides a detailed process of the payment method, and performs a verification process in the payment by using a key pair corresponding to the biometric information, thereby avoiding the leakage of the biometric information of the user, and avoiding the leakage of the real account of the user. Security in the mobile payment process.
实施例六Embodiment 6
前述实施例对本发明实施例的技术方案中的两个重要的执行主体,即支付终端和支付服务器的结构进行了描述,在此基础上本实施例还提出了一种支付的系统,该系统可以包括支付终端、收款端和支付服务器;其中,The foregoing embodiment describes the two important execution entities in the technical solutions of the embodiments of the present invention, namely, the structure of the payment terminal and the payment server. On the basis of this, the embodiment further provides a payment system, and the system can Including a payment terminal, a payment terminal, and a payment server;
支付终端,配置为接收到由支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;以及,The payment terminal is configured to: after receiving the transaction information sent by the payment server, compare the acquired biometric information with the pre-stored biometric comparison information; the transaction information includes the user account information corresponding to the payment terminal The amount paid; and,
当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;其中,所述支付信息用于确认对所述交易信息进行支付,并且,所述支付终端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法通过终端进行获取;以及,And when the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying the transaction information, and the first private key corresponding to the biometric matching information and the biometric collation information stored by the payment terminal cannot be obtained by the terminal;
将签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端;Sending the signed payment information to the payment server; wherein the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and When the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the collection end according to the payment information;
支付服务器,配置为向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;以及,a payment server, configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后 的支付消息;所述支付消息用于确认对所述交易信息进行支付;以及,Receiving, after being digitally signed by the payment terminal, the first private key of the payment terminal Payment message; the payment message is used to confirm payment of the transaction information;
通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;当验证成功时,将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。And verifying, by the first public key of the payment terminal, the signed payment message; when the verification is successful, transferring the to-be-paid amount in the user account corresponding to the payment terminal to the payment end.
可以理解地,本实施例中所涉及的支付终端可以为前述实施例中所述的支付终端;本实施例中所涉及的支付服务器可以为前述实施例中所述的支付服务器。It is to be understood that the payment terminal involved in the embodiment may be the payment terminal described in the foregoing embodiment; the payment server involved in this embodiment may be the payment server described in the foregoing embodiment.
本发明实施例还记载了一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于前述各实施例所述的支付的方法。The embodiment of the invention further describes a computer storage medium, wherein the computer storage medium stores computer executable instructions, and the computer executable instructions are used in the payment method described in the foregoing embodiments.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存 储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the computer is readable and stored The instructions in the reservoir produce an article of manufacture comprising an instruction device that implements the functions specified in one or more blocks of the flow or in a flow or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性Industrial applicability
本发明实施例中,通过与生物特征信息对应的密钥对来执行支付中的验证过程,避免用户的生物特征信息的泄露,也避免了用户真实账号的泄露,提高了移动支付过程中的安全性。 In the embodiment of the present invention, the verification process in the payment is performed by the key pair corresponding to the biometric information, the leakage of the biometric information of the user is avoided, the leakage of the real account of the user is avoided, and the security in the mobile payment process is improved. Sex.

Claims (22)

  1. 一种支付终端,所述支付终端包括:通过加密通道进行连接的获取单元和支付信息处理单元、以及安装有支付应用程序的且与所述支付信息处理单元相连接的终端设备;其中,A payment terminal, comprising: an acquisition unit and a payment information processing unit connected through an encrypted channel; and a terminal device installed with a payment application and connected to the payment information processing unit;
    所述终端设备,配置为接收由支付服务器发送的交易信息;其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;The terminal device is configured to receive transaction information sent by the payment server, where the transaction information includes user account information corresponding to the payment terminal and an amount to be paid;
    所述获取单元,配置为获取生物特征信息,并将所述生物特征信息传输至所述支付信息处理单元;The acquiring unit is configured to acquire biometric information, and transmit the biometric information to the payment information processing unit;
    所述支付信息处理单元,配置为将所述生物特征信息与预存的生物特征对照信息进行比对;以及,The payment information processing unit is configured to compare the biometric information with pre-stored biometric collation information; and
    当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;并将签名后的支付信息传输至所述终端设备;其中,所述支付信息用于确认对所述交易信息进行支付;When the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; and the signed payment information is transmitted to The terminal device; wherein the payment information is used to confirm payment of the transaction information;
    所述终端设备,还配置为将所述签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。The terminal device is further configured to send the signed payment information to the payment server; wherein the signed payment information is used by the payment server by using the biometric comparison information A public key performs digital signature verification, and when the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
  2. 根据权利要求1所述的支付终端,其中,所述获取单元,还可以配置为获取生物特征对照信息;并将生物特征对照信息传输至所述支付信息处理单元;The payment terminal according to claim 1, wherein the obtaining unit is further configured to acquire biometric collation information; and transmit the biometric collation information to the payment information processing unit;
    所述支付信息处理单元,还配置为按照预设的密钥生成策略生成与生物特征对照信息相关联的密钥对;并将密钥对中的第一公钥传输至所述终端设备;其中,密钥对包括第一公钥和第一私钥; The payment information processing unit is further configured to generate a key pair associated with the biometric collation information according to a preset key generation policy; and transmit the first public key in the key pair to the terminal device; The key pair includes a first public key and a first private key;
    所述终端设备,还配置为将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于支付服务器将第一公钥与支付终端对应的用户账号进行绑定。The terminal device is further configured to send the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to the user account corresponding to the payment terminal.
  3. 根据权利要求1所述的支付终端,其中,所述终端设备,还配置为向所述支付服务器发送临时账号请求;其中,所述临时账号请求用于所述支付服务器生成与所述用户账号相关联的临时账号;以及,接收所述支付服务器发送的临时账号,并生成与所述临时账号相关联的二维码;其中,所述临时账号用于在预设的有效期内具有与用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。The payment terminal according to claim 1, wherein the terminal device is further configured to send a temporary account request to the payment server; wherein the temporary account request is used by the payment server to generate and associate with the user account a temporary account; and receiving a temporary account sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have the same user account within a preset validity period Payment function and only for a preset number of payments; the two-dimensional code is used for sending a transaction request to the payment server after the payment end scan; the transaction request includes the payment end by parsing the two-dimensional The temporary account number and the amount to be paid obtained by the code.
  4. 根据权利要求3所述的支付终端,其中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;The payment terminal according to claim 3, wherein when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
    当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
  5. 根据权利要求1所述的支付终端,其中,所述支付信息处理单元存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法通过所述终端设备进行获取。The payment terminal according to claim 1, wherein the first private key corresponding to the biometric collation information and the biometric collation information stored by the payment information processing unit cannot be acquired by the terminal device.
  6. 一种支付服务器,其中,所述支付服务器包括:发送单元、接收单元、验证单元和划拨单元;其中,A payment server, wherein the payment server comprises: a sending unit, a receiving unit, a verifying unit, and a dialing unit; wherein
    所述发送单元,配置为向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;The sending unit is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
    所述接收单元,配置为接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付; The receiving unit is configured to receive, by the payment terminal, a payment message that is digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
    所述验证单元,配置为通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;并在验证成功后触发所述划拨单元;The verification unit is configured to verify the signed payment message by using the first public key of the payment terminal, and trigger the transfer unit after the verification succeeds;
    所述划拨单元,配置为将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。The allocating unit is configured to allocate the to-be-paid amount in the user account corresponding to the payment terminal to the receiving end.
  7. 根据权利要求6所述的支付服务器,其中,所述接收单元,还配置为接收由所述支付终端发送的第一公钥;The payment server according to claim 6, wherein the receiving unit is further configured to receive a first public key sent by the payment terminal;
    所述支付服务器还包括绑定单元,配置为将所述第一公钥与所述支付终端对应的用户账号进行绑定。The payment server further includes a binding unit configured to bind the first public key to a user account corresponding to the payment terminal.
  8. 根据权利要求6所述的支付服务器,其中,所述接收单元,还配置为接收由所述支付终端发送的临时账号请求;The payment server according to claim 6, wherein the receiving unit is further configured to receive a temporary account request sent by the payment terminal;
    所述支付服务器还包括生成单元,配置为生成与所述用户账号相关联的临时账号;其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;The payment server further includes a generating unit configured to generate a temporary account associated with the user account; wherein the temporary account is used to have the same payment function as the user account within a preset validity period and only used Payment for a preset number of times;
    发送单元,还配置为向支付终端发送临时账号,以使得支付终端生成与临时账号相关联的二维码。The sending unit is further configured to send the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
  9. 根据权利要求8所述的支付服务器,其中,所述接收单元,还配置为接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。The payment server according to claim 8, wherein the receiving unit is further configured to receive a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the receipt The temporary account and the amount to be paid obtained by parsing the two-dimensional code by the payment end.
  10. 根据权利要求8所述的支付服务器,其中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;The payment server according to claim 8, wherein when the temporary account is within the validity period, the user account information included in the transaction information is the temporary account;
    当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述生成单元重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the generating unit.
  11. 一种支付的方法,其中,所述方法应用于一支付终端,所述方法包括: A method of payment, wherein the method is applied to a payment terminal, the method comprising:
    接收到由支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;其中,所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;After receiving the transaction information sent by the payment server, the acquired biometric information is compared with the pre-stored biometric comparison information; wherein the transaction information includes the user account information corresponding to the payment terminal and the amount to be paid ;
    当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;其中,所述支付信息用于确认对所述交易信息进行支付;And when the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information;
    将签名后的支付信息发送至所述支付服务器;其中,所述签名后的支付信息用于所述支付服务器通过与所述生物特征对照信息相关联的第一公钥进行数字签名验证,且当验证成功时按照支付信息将所述支付终端对应的用户账号中的所述待支付的金额划拨至收款端。Sending the signed payment information to the payment server; wherein the signed payment information is used by the payment server to perform digital signature verification by using a first public key associated with the biometric collation information, and When the verification is successful, the amount to be paid in the user account corresponding to the payment terminal is allocated to the payment end according to the payment information.
  12. 根据权利要求11所述的方法,其中,所述接收到由支付服务器发送的交易信息之前,所述方法还包括:The method of claim 11, wherein the method further comprises: before the receiving the transaction information sent by the payment server, the method further comprising:
    获取生物特征对照信息;Obtaining biometric control information;
    按照预设的密钥生成策略生成与所述生物特征对照信息相关联的密钥对;所述密钥对包括第一公钥和第一私钥;Generating a key pair associated with the biometric collation information according to a preset key generation policy; the key pair includes a first public key and a first private key;
    将密钥对中的第一公钥发送至支付服务器;所述第一公钥用于所述支付服务器将所述第一公钥与所述支付终端对应的用户账号进行绑定。Sending the first public key in the key pair to the payment server; the first public key is used by the payment server to bind the first public key to a user account corresponding to the payment terminal.
  13. 根据权利要求11所述的方法,其中,所述支付终端发起支付时,所述方法还包括:The method of claim 11, wherein when the payment terminal initiates payment, the method further comprises:
    所述支付终端向所述支付服务器发送临时账号请求;其中,所述临时账号请求用于所述支付服务器生成与所述用户账号相关联的临时账号;The payment terminal sends a temporary account request to the payment server; wherein the temporary account request is used by the payment server to generate a temporary account associated with the user account;
    所述支付终端接收所述支付服务器发送的所述临时账号,并生成与所述临时账号相关联的二维码;其中,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;所述二维码用于收款端扫描后向所述支付服务器发送交易请求;所述交易请求包括 所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Receiving, by the payment terminal, the temporary account number sent by the payment server, and generating a two-dimensional code associated with the temporary account; wherein the temporary account is used to have a user account with a preset validity period The same payment function and only for a preset number of payments; the two-dimensional code is used for the payment terminal to send a transaction request to the payment server; the transaction request includes The payment end obtains the temporary account number and the amount to be paid by parsing the two-dimensional code.
  14. 根据权利要求13所述的方法,其中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;The method according to claim 13, wherein when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
    当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
  15. 根据权利要求11所述的方法,其中,所述支付终端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法进行获取。The method according to claim 11, wherein the biometric collation information stored by the payment terminal and the first private key corresponding to the biometric collation information cannot be acquired.
  16. 一种支付的方法,其中,所述方法应用于一支付服务器,所述方法包括:A method of payment, wherein the method is applied to a payment server, the method comprising:
    所述支付服务器向支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;The payment server sends a transaction message to the payment terminal; wherein the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
    所述支付服务器接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;The payment server receives a payment message sent by the payment terminal and digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
    所述支付服务器通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;The payment server verifies the signed payment message by using the first public key of the payment terminal;
    当验证成功时,所述支付服务器将所述支付终端对应的用户账号中的所述待支付金额划拨至收款端。When the verification is successful, the payment server transfers the to-be-paid amount in the user account corresponding to the payment terminal to the payment terminal.
  17. 根据权利要求16所述的方法,其中,所述支付服务器向支付终端发送交易消息之前,所述方法还包括:The method of claim 16, wherein before the payment server sends the transaction message to the payment terminal, the method further comprises:
    所述支付服务器接收由所述支付终端发送的第一公钥;并将所述第一公钥与所述支付终端对应的用户账号进行绑定。The payment server receives the first public key sent by the payment terminal; and binds the first public key to a user account corresponding to the payment terminal.
  18. 根据权利要求16所述的方法,其中,所述支付终端发起支付时,所述方法还包括:The method of claim 16, wherein when the payment terminal initiates a payment, the method further comprises:
    所述支付服务器接收由所述支付终端发送的临时账号请求;并生成与 所述用户账号相关联的临时账号,所述临时账号用于在预设的有效期内具有与所述用户账号相同的支付功能且仅用于预设次数的支付;Receiving, by the payment server, a temporary account request sent by the payment terminal; a temporary account associated with the user account, wherein the temporary account is used to have the same payment function as the user account within a preset validity period and is used only for a preset number of payments;
    所述支付服务器向所述支付终端发送所述临时账号,以使得所述支付终端生成与所述临时账号相关联的二维码。The payment server sends the temporary account to the payment terminal, so that the payment terminal generates a two-dimensional code associated with the temporary account.
  19. 根据权利要求18所述的方法,其中,所述支付服务器向所述支付终端发送所述临时账号之后,且所述支付服务器向支付终端发送交易消息之前,所述方法还包括:The method according to claim 18, wherein after the payment server sends the temporary account to the payment terminal, and the payment server sends a transaction message to the payment terminal, the method further includes:
    所述支付服务器接收由所述收款端通过扫描所述二维码后发送的交易请求;其中,所述交易请求包括所述收款端通过解析所述二维码获取到的所述临时账号和待支付金额。Receiving, by the payment server, a transaction request sent by the payment terminal after scanning the two-dimensional code; wherein the transaction request includes the temporary account obtained by the payment terminal by parsing the two-dimensional code And the amount to be paid.
  20. 根据权利要求18所述的方法,其中,当所述临时账号处于有效期内,则所述交易信息中所包括的用户账号信息为所述临时账号;The method according to claim 18, wherein when the temporary account is in the validity period, the user account information included in the transaction information is the temporary account;
    当所述临时账号不处于有效期内,则所述交易信息中所包括的用户账号信息为所述支付服务器重新生成的临时账号。When the temporary account is not in the validity period, the user account information included in the transaction information is a temporary account regenerated by the payment server.
  21. 一种支付系统,其中,所述系统包括支付终端、收款端和支付服务器;其中,A payment system, wherein the system includes a payment terminal, a payment terminal, and a payment server; wherein
    所述支付终端,配置为接收到由所述支付服务器发送的交易信息之后,将获取到的生物特征信息与预存的生物特征对照信息进行比对;所述交易信息包括所述支付终端对应的用户账号信息和待支付的金额;以及,The payment terminal is configured to: after receiving the transaction information sent by the payment server, compare the acquired biometric information with the pre-stored biometric collation information; the transaction information includes a user corresponding to the payment terminal Account information and amount to be paid; and,
    当所述获取到的生物特征信息与所述生物特征对照信息一致时,通过与所述生物特征对照信息相关联的第一私钥对支付信息进行数字签名;其中,所述支付信息用于确认对所述交易信息进行支付,并且,所述支付终端存储的所述生物特征对照信息及所述生物特征对照信息对应的第一私钥无法进行获取;以及,And when the acquired biometric information is consistent with the biometric collation information, the payment information is digitally signed by the first private key associated with the biometric collation information; wherein the payment information is used for confirmation Paying for the transaction information, and the first private key corresponding to the biometric comparison information and the biometric collation information stored by the payment terminal cannot be acquired;
    将签名后的支付信息发送至所述支付服务器; Sending the signed payment information to the payment server;
    所述支付服务器,配置为向所述支付终端发送交易消息;其中,所述交易消息包括所述支付终端对应的用户账号信息和待支付的金额;以及,The payment server is configured to send a transaction message to the payment terminal, where the transaction message includes user account information corresponding to the payment terminal and an amount to be paid;
    接收由所述支付终端发送的经过所述支付终端的第一私钥数字签名后的支付消息;所述支付消息用于确认对所述交易信息进行支付;以及,Receiving, by the payment terminal, a payment message digitally signed by the first private key of the payment terminal; the payment message is used to confirm payment of the transaction information;
    通过所述支付终端的第一公钥对所述签名后的支付消息进行验证;以及,Verifying the signed payment message by the first public key of the payment terminal; and
    当验证成功时,将所述支付终端对应的用户账号中的所述待支付金额划拨至所述收款端。When the verification is successful, the to-be-paid amount in the user account corresponding to the payment terminal is allocated to the collection terminal.
  22. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求11至15任一项所述的方法、和/或用于执行权利要求16至20任一项所述的方法。 A computer storage medium having stored therein computer executable instructions for performing the method of any one of claims 11 to 15, and/or for performing claim 16. The method of any one of 20.
PCT/CN2016/073748 2015-06-25 2016-02-14 Payment method, device and system, and computer storage medium WO2016206385A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510359713.1 2015-06-25
CN201510359713.1A CN106296197A (en) 2015-06-25 2015-06-25 A kind of method, apparatus and system of payment

Publications (1)

Publication Number Publication Date
WO2016206385A1 true WO2016206385A1 (en) 2016-12-29

Family

ID=57584629

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/073748 WO2016206385A1 (en) 2015-06-25 2016-02-14 Payment method, device and system, and computer storage medium

Country Status (2)

Country Link
CN (1) CN106296197A (en)
WO (1) WO2016206385A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108009822A (en) * 2018-01-02 2018-05-08 中国工商银行股份有限公司 A kind of cloud method of payment, system and payment mechanism, user terminal
US20210201323A1 (en) * 2013-10-30 2021-07-01 Tencent Technology (Shenzhen) Company Limited Information transmission method, apparatus and system
CN113283893A (en) * 2021-05-28 2021-08-20 深圳Tcl新技术有限公司 Resource transfer processing method, device, storage medium and electronic equipment
CN113383356A (en) * 2019-05-08 2021-09-10 深圳市欢太科技有限公司 Offline payment method and device, electronic equipment and storage medium

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106920088A (en) * 2017-01-24 2017-07-04 深圳市广和通无线股份有限公司 Method of payment and device
CN107146079B (en) * 2017-02-15 2020-05-22 中国银联股份有限公司 Transaction payment method and system
CN107274188A (en) * 2017-06-21 2017-10-20 联想(北京)有限公司 The verification method and device of payment data
CN107977839A (en) * 2017-10-10 2018-05-01 捷开通讯(深圳)有限公司 A kind of voice guide method of payment, mobile terminal and the device with store function
CN107733919A (en) * 2017-11-10 2018-02-23 上海易果电子商务有限公司 A kind of method of user identity identification, terminal, server and system
CN108650271A (en) * 2018-05-17 2018-10-12 深圳大普微电子科技有限公司 A kind of method for managing user right and system
CN109447654A (en) * 2018-11-09 2019-03-08 银河水滴科技(北京)有限公司 A kind of payment system based on gait feature, method and device
CN110428544A (en) * 2019-06-21 2019-11-08 深圳通天下公共交通发展有限公司 A kind of public transport method of mobile payment based on recognition of face
CN110290134B (en) * 2019-06-25 2022-05-03 神州融安科技(北京)有限公司 Identity authentication method, identity authentication device, storage medium and processor
CN110443613A (en) * 2019-08-02 2019-11-12 中国工商银行股份有限公司 Transaction security authentication method and device
TWI736280B (en) * 2020-05-22 2021-08-11 國立虎尾科技大學 Identity verification method based on biometrics

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN101692277A (en) * 2009-10-16 2010-04-07 中山大学 Biometric encrypted payment system and method for mobile communication equipment
CN102521744A (en) * 2011-12-26 2012-06-27 中兴通讯股份有限公司 Network payment method and apparatus thereof
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
CN103049850A (en) * 2013-01-05 2013-04-17 深圳市中兴移动通信有限公司 Mobile payment terminal, system and payment method thereof based on NFC (Near Field Communication)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853542B (en) * 2009-04-01 2012-01-18 张子文 IC card consumption system integrating finger vein identification technology
CN203193649U (en) * 2013-04-16 2013-09-11 北京天诚盛业科技有限公司 Electronic signature device
CN104200363B (en) * 2014-08-11 2017-07-04 济南曼维信息科技有限公司 A kind of method of payment of the electronic purse system based on encrypting fingerprint
CN104660412A (en) * 2014-10-22 2015-05-27 南京泽本信息技术有限公司 Password-less security authentication method and system for mobile equipment
CN104616149B (en) * 2015-02-06 2018-05-29 清华大学 Method of payment and system based on Bluetooth technology and living things feature recognition
CN104732388A (en) * 2015-03-26 2015-06-24 深圳市亚略特生物识别科技有限公司 Electronic payment method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN101692277A (en) * 2009-10-16 2010-04-07 中山大学 Biometric encrypted payment system and method for mobile communication equipment
CN102521744A (en) * 2011-12-26 2012-06-27 中兴通讯股份有限公司 Network payment method and apparatus thereof
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
CN103049850A (en) * 2013-01-05 2013-04-17 深圳市中兴移动通信有限公司 Mobile payment terminal, system and payment method thereof based on NFC (Near Field Communication)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210201323A1 (en) * 2013-10-30 2021-07-01 Tencent Technology (Shenzhen) Company Limited Information transmission method, apparatus and system
US11972428B2 (en) * 2013-10-30 2024-04-30 Tencent Technology (Shenzhen) Company Limited Information transmission method, apparatus and system
CN108009822A (en) * 2018-01-02 2018-05-08 中国工商银行股份有限公司 A kind of cloud method of payment, system and payment mechanism, user terminal
CN113383356A (en) * 2019-05-08 2021-09-10 深圳市欢太科技有限公司 Offline payment method and device, electronic equipment and storage medium
CN113383356B (en) * 2019-05-08 2024-04-02 深圳市欢太科技有限公司 Offline payment method and device, electronic equipment and storage medium
CN113283893A (en) * 2021-05-28 2021-08-20 深圳Tcl新技术有限公司 Resource transfer processing method, device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN106296197A (en) 2017-01-04

Similar Documents

Publication Publication Date Title
WO2016206385A1 (en) Payment method, device and system, and computer storage medium
US10937267B2 (en) Systems and methods for provisioning digital identities to authenticate users
TWI719190B (en) Offline payment method and device
KR101666374B1 (en) Method, apparatus and computer program for issuing user certificate and verifying user
US10061912B2 (en) Multi-factor authentication system and method
KR20180061168A (en) Wireless biometric authentication system and method
JP2017530586A (en) System and method for authenticating a client to a device
WO2015101310A1 (en) Service processing method, device and system
TWI548249B (en) Method for verifying secruity data, system, and a computer-readable storage device
CN110278180B (en) Financial information interaction method, device, equipment and storage medium
US20180343247A1 (en) Method, user terminal and authentication service server for authentication
CN110084017A (en) A kind of ID authentication device, system, method, apparatus and storage medium
CN104660412A (en) Password-less security authentication method and system for mobile equipment
CN111742314A (en) Biometric sensor on portable device
KR101503019B1 (en) Biometric authentication method, biometric authentication system associated with the same and storage medium storing the same
JP6657265B2 (en) Method and apparatus for service authentication
CN110034933B (en) Cross-system user mutual trust authentication method and cross-system user mutual trust authentication system
WO2017016039A1 (en) Method and device for transferring business data between accounts
CN113205342A (en) User identity authentication method and device based on multi-terminal payment
KR20180129476A (en) System and method for authentication
KR20180001455A (en) Mobile device of authenticating a purchase transaction and method there-of
KR101625065B1 (en) User authentification method in mobile terminal
WO2016138743A1 (en) Secure payment method, mobile terminal, and payment authentication server
WO2018113508A1 (en) Ciphertext-based identity verification method
US20190303928A1 (en) User authentication in transactions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16813501

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16813501

Country of ref document: EP

Kind code of ref document: A1