WO2017016037A1 - Payment data safety verification method, third-party payment platform and commercial platform - Google Patents

Payment data safety verification method, third-party payment platform and commercial platform Download PDF

Info

Publication number
WO2017016037A1
WO2017016037A1 PCT/CN2015/088496 CN2015088496W WO2017016037A1 WO 2017016037 A1 WO2017016037 A1 WO 2017016037A1 CN 2015088496 W CN2015088496 W CN 2015088496W WO 2017016037 A1 WO2017016037 A1 WO 2017016037A1
Authority
WO
WIPO (PCT)
Prior art keywords
platform
address
domain name
payment
commercial
Prior art date
Application number
PCT/CN2015/088496
Other languages
French (fr)
Chinese (zh)
Inventor
陈历伟
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017016037A1 publication Critical patent/WO2017016037A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway

Definitions

  • the invention relates to the field of internet, in particular to a payment data security verification method, a third party payment platform and a commercial platform.
  • the prior art provides a payment system.
  • the payment system includes: a commercial platform 210, a fishing platform 220, and a third-party payment platform 230.
  • the commercial platform 210 is connected to the third party payment platform 230.
  • the phishing platform 220 connects the commercial platform 210 and the third-party payment platform 230, respectively.
  • commercial platforms 210 can display various commodities for selection.
  • the commercial platform 210 In the normal shopping, after the consumer selects the appropriate commodity on the commercial platform 210 and confirms the payment, the commercial platform 210 generates the payment data and the order record according to the consumer's shopping, wherein the payment platform records the commercial platform.
  • the information and the order number the information of the commercial platform is used to determine which commercial platform the platform that generates the payment data is, the order number is used to indicate the behavior of the consumer to purchase the goods, the order number and the shipping address are recorded in the order record, and the like.
  • the consumer pays the payment to the third-party payment platform 230, such as a bank, by electronic transfer, to complete the payment of the order number.
  • the third-party payment platform 230 After receiving the payment, the third-party payment platform 230 obtains the corresponding commercial platform according to the order number, and sends a message to the commercial platform 210 that the consumer has completed the payment for the order number. After receiving the notification, the commercial platform 210 will find the corresponding shipping address according to the order number in the order record, thereby sending the goods to the corresponding shipping address.
  • Step 1 The angler will first select the target item on the commercial platform 210. After the phishers select the target merchandise on the commercial platform 210 and confirm the payment, the phishing platform 220 intercepts the payment data sent by the commercial platform 210 to the third-party payment platform 230.
  • Step 2 The angler sets and displays a number of commodities on the fishing platform 220, wherein the goods The price is set to be the same as the price of the target item purchased by the angler on the commercial platform 210, so the angler can bind the payment data to the corresponding item.
  • Step 3 The fisherman purchases goods on the fishing platform 220 and determines the payment.
  • Step 4 After the fisherman purchases the product on the fishing platform 220 and determines the payment, the fishing platform 220 sends the intercepted payment data to the third-party payment platform 230.
  • Step 5 The fisherman sends the payment to the third party payment platform 230 by electronic transfer.
  • Step 6 After receiving the payment, the third-party payment platform 230 obtains the corresponding commercial platform according to the order number, and sends a message to the commercial platform 210 that the consumer has completed the payment for the order number.
  • Step 7 After receiving the notification, the commercial platform 210 will find the corresponding shipping address according to the order number in the order record, thereby sending the goods to the corresponding shipping address.
  • the shipping address here is the address of the angler, so the item will be sent to the angler. That is, the fisherman pays for the angler and causes economic loss to the fisherman.
  • the technical problem to be solved by the embodiments of the present invention is to provide a payment data security verification method, a third-party payment platform, and a commercial platform, which can prevent the phishing platform from using the payment data to deceive the phishers to pay for the phishers.
  • a first aspect of the present invention provides a payment data security verification method, including: a third-party payment platform receives payment data sent by a first platform, where the first platform has a first domain name and a first IP address, The payment data includes information and an order number of the commercial platform that generates the payment data; and the third-party payment platform determines whether the first domain name and the first IP address are a record domain name and a record IP address, and the record domain name and The filing IP address is pre-stored in the third-party payment platform; if the first domain name and the first IP address are the filing domain name and the filing IP address, the payment is normally completed according to the payment data. If the first domain name and the first IP address are not the filing domain name and the filing IP address, then the first domain name, the first IP address, and the The order number is sent to the commercial platform for verification.
  • the method further includes: if the commercial platform verifies that the first domain name and/or the first IP address is the modified domain name and IP address of the commercial platform, accepting the sending by the commercial platform Confirming the message and storing the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform.
  • the method further includes: accepting a negative message sent by the commercial platform if the commercial platform verifies that the first domain name and/or the first IP address is not a domain name and an IP address of the commercial platform And sending a prompt message to the paying party, the prompt message prompting that the first platform is an illegal platform.
  • a second aspect of the present invention provides a payment data security verification method, including: a commercial platform receiving order information sent by a payer, and generating payment data according to the order information, wherein the payment data includes a domain name of a commercial platform and The IP address, the payment data further includes an order number of the current payment; and the payment data is sent to the third-party payment platform for verification by the third-party payment platform.
  • the method further includes: receiving a first domain name, a first IP address, and an order number sent by the third-party payment platform; determining whether the first domain name and the first IP address are domain names of the platform and The IP address; if yes, sending a determination message to the third-party payment platform, and if not, sending a negative message to the third-party payment platform, and stopping the processing flow of the order number.
  • a third aspect of the present invention provides a third-party payment platform, including: a receiving module, a determining module, and an executing module,
  • the receiving module is configured to receive payment data sent by the first platform, where the first platform has a first domain name and a first IP address, and the payment data includes information of a commercial platform that generates the payment data. And the order number;
  • the determining module is configured to obtain the first domain name and the first IP address of the first platform, and determine whether the first domain name and the first IP address are a record domain name and a record IP address.
  • the record domain name and the filing IP address are pre-stored in the third-party payment platform;
  • the executing module is configured to normally complete payment according to the payment data when the first domain name and the first IP address are the filing domain name and the filing IP address, in the first domain name and the The first IP address is not the filing domain name and the filing IP address, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. verification.
  • the platform further includes a filing module, where the filing module is configured to: when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, Accepting the confirmation message sent by the commercial platform, and storing the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform.
  • the filing module is configured to: when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, Accepting the confirmation message sent by the commercial platform, and storing the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform.
  • the platform further includes a prompting module, where the prompting module is configured to accept the first domain name and/or the first IP address is not the domain name and IP address of the commercial platform when the commercial platform is verified Determining a negative message sent by the commercial platform, and sending a prompt message to the paying party, the prompt message
  • the first platform is shown as an illegal platform.
  • a fourth aspect of the present invention provides a commercial platform, where the platform includes a receiving module and a sending module, where the receiving module is configured to receive order information sent by a paying party, and generate payment data according to the order information, where The payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes an order number of the current payment; the sending module is configured to send the payment data to the third-party payment platform for the third party The payment platform is verified.
  • the platform further includes a determining module, where the receiving module is further configured to receive a first domain name, a first IP address, and an order number sent by the third-party payment platform, where the determining module is configured to determine the first Whether the domain name and the first IP address are the domain name and the IP address of the platform, and when the determination result is yes, sending a determination message to the third-party payment platform, and when the determination result is no, the The three-party payment platform sends a negative message and stops the processing flow of the order number.
  • the receiving module is further configured to receive a first domain name, a first IP address, and an order number sent by the third-party payment platform
  • the determining module is configured to determine the first Whether the domain name and the first IP address are the domain name and the IP address of the platform, and when the determination result is yes, sending a determination message to the third-party payment platform, and when the determination result is no, the The three-party payment platform sends a negative message and stops the processing flow of the order number.
  • the third-party payment platform Since the formal business platform pre-registers the domain name and IP address of the platform in the third-party payment platform before the operation, after receiving the payment data, the third-party payment platform will obtain the first domain name of the first platform that sends the payment data. And the first IP address, and determining whether the first domain name and the first IP address of the first platform that sends the payment data are the record domain name and the record IP address, and if so, the first platform is a formal commercial platform, and the third party payment platform The payment is completed normally. If not, the first platform is an illegal commercial platform.
  • the third-party payment platform sends the first domain name, the first IP address, and the order number to the commercial platform that generates the payment data for verification. It can prevent the phishing platform from using the payment data to deceive the phishers to pay for the phishers.
  • FIG. 1 is a schematic structural diagram of an embodiment of a prior art payment system
  • FIG. 2 is a schematic diagram of a fisherman using a fishing platform to trick a fisherman into paying;
  • FIG. 3 is a flow chart of an embodiment of a payment data security verification method according to the present invention.
  • FIG. 4 is a flowchart of another embodiment of a payment data security verification method according to the present invention.
  • FIG. 5 is a schematic structural diagram of an implementation manner of a third-party payment platform according to the present invention.
  • FIG. 6 is a schematic structural diagram of another embodiment of a third-party payment platform according to the present invention.
  • FIG. 7 is a schematic structural view of an embodiment of a commercial platform of the present invention.
  • FIG. 3 is a flowchart of an embodiment of a payment data security verification method according to the present invention.
  • the present embodiment is described from the perspective of a third-party payment platform.
  • the payment data security verification method of this embodiment includes:
  • S310 The third-party payment platform receives the payment data sent by the first platform.
  • the payment data includes information and an order number of the commercial platform that generated the payment data.
  • the first platform may be a commercial platform or a phishing platform. If it is a commercial platform, the business platform will send the payment data generated by the consumer's shopping to the third-party payment platform. If it is a fishing platform, the phishing platform will send the payment data previously intercepted from the commercial platform to the third-party payment. platform. Since each platform has its own domain name and IP address, the first platform has a first platform with a first domain name and a first IP address.
  • the third-party payment platform obtains the first domain name and the first IP address of the first platform, and determines whether the first domain name and the first IP address are the record domain name and the record IP address, and the record domain name and the record IP address are pre-stored in the third party. In the payment platform.
  • the commercial platform Before the commercial platform is officially launched, the commercial platform will record its domain name and IP address on a third-party payment platform. Since the third-party payment platform is directly connected to the first platform, the third-party payment platform can acquire the first domain name and the first IP address of the first platform. The third-party payment platform obtains the first domain name and the first IP address of the first platform, and queries the local registered domain name and the filed IP address to determine whether the first domain name and the first IP address are the record domain name and the record IP address. . If the first domain name and the first IP address are the record domain name and the record IP address, proceed to step S330; if the first domain name and the first IP address are not the record domain name and the record IP address, proceed to step S340.
  • the first domain name and the first IP address are the filing domain name and the filing IP address, it can be known that the first platform is a commercial platform, and the payment is normally completed according to the payment data.
  • S340 Send the first domain name, the first IP address, and the order number to the commercial platform for verification according to the information of the commercial platform.
  • first domain name and the first IP address are not the record domain name and the record IP address, it is not determined that the first platform is a commercial platform, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. verification.
  • the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the phishing platform can be prevented from using the payment data to deceive the hunter to pay for the phishers.
  • the third party is paid.
  • the platform sends a confirmation message.
  • the third-party payment platform stores the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform. If the commercial platform verifies that the first domain name and/or the first IP address is not the domain name and IP address of the commercial platform, the commercial platform sends a negative message to the third party payment platform. After receiving the negative message sent by the commercial platform, the third-party payment platform sends a prompt message to the paying party, prompting the first platform that the payer to purchase is an illegal platform.
  • FIG. 4 is a flowchart of another embodiment of the payment data security verification method of the present invention.
  • the present embodiment is described from the perspective of a commercial platform.
  • the payment data security verification method of this embodiment includes:
  • the commercial platform receives the order information sent by the paying party, and generates the order information according to the order information.
  • Payment data wherein the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes an order number of the payment.
  • the commercial platform can be Taobao, Jingdong and other platforms.
  • the paying party makes a purchase on the commercial platform
  • the corresponding order information such as the price of the purchased product, the number of pieces, and the like
  • the commercial platform generates the payment data according to the order information after receiving the order information sent by the paying party.
  • the domain name of the commercial platform, the IP address, and the order number of this payment are encapsulated into the payment data.
  • S420 Send the payment data to the third-party payment platform for verification by the third-party payment platform.
  • the third party payment platform can be a bank or the like.
  • the commercial platform sends the payment data including the domain name of the commercial platform, the IP address, and the order number of the payment to the third-party payment platform for payment.
  • the payment data can be sent to the third-party payment platform, so that the third-party payment platform verifies whether the platform that sends the payment data is the filing platform. If the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the fishing platform can be avoided. Using payment data to trick the phisher into paying for the phishers.
  • FIG. 5 is a schematic structural diagram of an implementation manner of a third-party payment platform according to the present invention.
  • the third-party payment platform 500 of the present embodiment includes a receiving module 510, a determining module 520, and an executing module 530.
  • the receiving module 510 is configured to receive payment data sent by the first platform, where the first platform has a first domain name and a first IP address, where the payment data includes a commercial platform that generates the payment data.
  • Information and order number ;
  • the determining module 520 is configured to obtain the first domain name and the first IP address of the first platform, and determine whether the first domain name and the first IP address are a record domain name and a record IP address.
  • the record domain name and the filing IP address are pre-stored in the third-party payment platform;
  • the executing module 530 is configured to normally complete payment according to the payment data when the first domain name and the first IP address are the filing domain name and the filing IP address, in the first domain name and the The first IP address is not the record domain name and the record IP address, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. authenticating.
  • the branch cannot be completed. Pay, can avoid the phishing platform using the payment data to deceive the phishers to pay for the phishers.
  • the third-party payment platform 500 further includes a filing module 540 and a prompting module 550 .
  • the filing module 540 is configured to accept a confirmation message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, And storing the first domain name and the first IP address locally as a filing domain name and a filing IP address of the commercial platform.
  • the prompting module 550 is configured to accept a negative message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is not a domain name and an IP address of the commercial platform, and The payer sends a prompt message, and the prompt message prompts that the first platform is an illegal platform.
  • FIG. 7 is a schematic structural diagram of an embodiment of a commercial platform of the present invention.
  • the commercial platform 700 of the present embodiment includes a receiving module 710, a sending module 720, and a determining module 730.
  • the receiving module 710 is configured to receive order information sent by the paying party, and generate payment data according to the order information, where the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes the current payment. Order number;
  • the sending module 720 is configured to send the payment data to the third-party payment platform for verification by the third-party payment platform.
  • the business platform 700 further includes a determining module 730, the receiving module 710 is further configured to receive a first domain name, a first IP address, and an order number sent by the third-party payment platform, where the determining module 730 is configured to determine the first Whether the domain name and the first IP address are the domain name and the IP address of the platform, and when the determination result is yes, sending a determination message to the third-party payment platform, and when the determination result is no, the The third party payment platform sends a negative message and stops the processing process of the order number.
  • the payment data can be sent to the third-party payment platform, so that the third-party payment platform verifies whether the platform that sends the payment data is the filing platform. If the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the fishing platform can be avoided. Using payment data to trick the phisher into paying for the phishers.
  • the machine can be read into a storage medium, and when executed, the program can include the flow of an embodiment of the methods as described above.
  • the storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Disclosed are a payment data safety verification method, a third-party payment platform and a commercial platform. The method discloses: a third-party payment platform receiving payment data sent by a first platform, wherein the first platform has a first domain name and a first IP address and the payment data contains information about a commercial platform generating the payment data and an order number; the third-party payment platform judging whether the first domain name and the first IP address are a recorded domain name and a recorded IP address, wherein the recorded domain name and the recorded IP address are pre-stored in the third-party payment platform; if the first domain name and the first IP address are the recorded domain name and the recorded IP address, normally completing payment according to the payment data; and if the first domain name and the first IP address are not the recorded domain name and the recorded IP address, sending the first domain name, the first IP address and the order number to the commercial platform for verification according to the information about the commercial platform. In the present application, the problem that a phishing platform cheats a "fish" to pay the bill for a phisher using payment data can be avoided.

Description

支付数据安全验证方法、第三方支付平台以及商业平台Payment data security verification method, third-party payment platform, and commercial platform 技术领域Technical field
本发明涉及互联网领域,特别涉及支付数据安全验证方法、第三方支付平台以及商业平台。The invention relates to the field of internet, in particular to a payment data security verification method, a third party payment platform and a commercial platform.
背景技术Background technique
为了实现在线网络购物,现有技术提供了一种支付系统,如图1所示,所述支付系统包括:商业平台210、钓鱼平台220以及第三方支付平台230。其中,商业平台210连接第三方支付平台230。钓鱼平台220为了能够从商业平台210获取支付数据和将支付数据发送给第三方支付平台230,钓鱼平台220会分别连接商业平台210以及第三方支付平台230。In order to realize online shopping, the prior art provides a payment system. As shown in FIG. 1 , the payment system includes: a commercial platform 210, a fishing platform 220, and a third-party payment platform 230. The commercial platform 210 is connected to the third party payment platform 230. In order to be able to obtain payment data from the commercial platform 210 and send the payment data to the third-party payment platform 230, the phishing platform 220 connects the commercial platform 210 and the third-party payment platform 230, respectively.
在正常状态下,商业平台210,例如:淘宝和京东等等上可以展示各种商品以供选择。在正常的购物中,消费者在商业平台210上选择了合适的商品后,确认支付,则商业平台210会根据消费者的购物,生成支付数据和下单记录,其中,支付数据中记载商业平台的信息以及订单号,商业平台的信息用于确定产生支付数据的平台是哪个商业平台,订单号用于表示消费者本次购买商品的行为,下单记录中记载订单号以及发货地址等等,然后,消费者再通过电子转账将货款支付到第三方支付平台230,例如:银行等,以完成对该订单号的支付。第三方支付平台230收到货款后,根据订单号获得对应的商业平台,并向商业平台210发送消费者已经对该订单号完成了支付的消息。商业平台210收到通知后,会在下单记录中根据订单号找到对应的发货地址,从而将商品发送到对应的发货地址。Under normal conditions, commercial platforms 210, such as Taobao and Jingdong, etc., can display various commodities for selection. In the normal shopping, after the consumer selects the appropriate commodity on the commercial platform 210 and confirms the payment, the commercial platform 210 generates the payment data and the order record according to the consumer's shopping, wherein the payment platform records the commercial platform. The information and the order number, the information of the commercial platform is used to determine which commercial platform the platform that generates the payment data is, the order number is used to indicate the behavior of the consumer to purchase the goods, the order number and the shipping address are recorded in the order record, and the like. Then, the consumer then pays the payment to the third-party payment platform 230, such as a bank, by electronic transfer, to complete the payment of the order number. After receiving the payment, the third-party payment platform 230 obtains the corresponding commercial platform according to the order number, and sends a message to the commercial platform 210 that the consumer has completed the payment for the order number. After receiving the notification, the commercial platform 210 will find the corresponding shipping address according to the order number in the order record, thereby sending the goods to the corresponding shipping address.
但是,参阅图2,在非正常状态下,钓鱼者进行钓鱼,However, referring to Figure 2, in an abnormal state, the angler is fishing,
步骤1:钓鱼者会先在商业平台210上选择目标商品。钓鱼者在商业平台210上选择了目标商品并确认支付后,钓鱼平台220会截取商业平台210发送给第三方支付平台230的支付数据。Step 1: The angler will first select the target item on the commercial platform 210. After the phishers select the target merchandise on the commercial platform 210 and confirm the payment, the phishing platform 220 intercepts the payment data sent by the commercial platform 210 to the third-party payment platform 230.
步骤2:钓鱼者在钓鱼平台220上设置并展示了许多商品,其中,这些商品 的价格设置为和钓鱼者在商业平台210购买的目标商品的价格相同,所以,钓鱼者可以将支付数据对应绑定到相应的商品上。Step 2: The angler sets and displays a number of commodities on the fishing platform 220, wherein the goods The price is set to be the same as the price of the target item purchased by the angler on the commercial platform 210, so the angler can bind the payment data to the corresponding item.
步骤3:被钓鱼者在钓鱼平台220上选购商品,并确定支付。Step 3: The fisherman purchases goods on the fishing platform 220 and determines the payment.
步骤4:被钓鱼者在钓鱼平台220上选购商品,并确定支付后,钓鱼平台220会将截取的支付数据发送给第三方支付平台230。Step 4: After the fisherman purchases the product on the fishing platform 220 and determines the payment, the fishing platform 220 sends the intercepted payment data to the third-party payment platform 230.
步骤5:被钓鱼者将货款通过电子转账发送至第三方支付平台230。Step 5: The fisherman sends the payment to the third party payment platform 230 by electronic transfer.
步骤6:第三方支付平台230收到货款后,根据订单号获得对应的商业平台,并向商业平台210发送消费者已经对该订单号完成了支付的消息。Step 6: After receiving the payment, the third-party payment platform 230 obtains the corresponding commercial platform according to the order number, and sends a message to the commercial platform 210 that the consumer has completed the payment for the order number.
步骤7:商业平台210收到通知后,会在下单记录中根据订单号找到对应的发货地址,从而将商品发送到对应的发货地址。Step 7: After receiving the notification, the commercial platform 210 will find the corresponding shipping address according to the order number in the order record, thereby sending the goods to the corresponding shipping address.
明显地,这里的发货地址是钓鱼者的地址,所以,商品将会被发送到钓鱼者手中。即被钓鱼者替钓鱼者买单,给被钓鱼者造成经济损失。Obviously, the shipping address here is the address of the angler, so the item will be sent to the angler. That is, the fisherman pays for the angler and causes economic loss to the fisherman.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种支付数据安全验证方法、第三方支付平台以及商业平台,实现了防止钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。The technical problem to be solved by the embodiments of the present invention is to provide a payment data security verification method, a third-party payment platform, and a commercial platform, which can prevent the phishing platform from using the payment data to deceive the phishers to pay for the phishers.
本发明第一方面提供了一种支付数据安全验证方法,包括:第三方支付平台接收第一平台所发送的支付数据,其中,所述第一平台具有第一域名和第一IP地址,所述支付数据中包含了产生所述支付数据的商业平台的信息和订单号;第三方支付平台判断所述第一域名和所述第一IP地址是否为备案域名和备案IP地址,所述备案域名和所述备案IP地址预先存储在所述第三方支付平台中;如果所述第一域名和所述第一IP地址是所述备案域名和所述备案IP地址,则根据所述支付数据正常完成支付,如果所述第一域名和所述第一IP地址不是所述备案域名和所述备案IP地址,则根据所述商业平台的信息将所述第一域名、所述第一IP地址和所述订单号发送给所述商业平台以进行验证。A first aspect of the present invention provides a payment data security verification method, including: a third-party payment platform receives payment data sent by a first platform, where the first platform has a first domain name and a first IP address, The payment data includes information and an order number of the commercial platform that generates the payment data; and the third-party payment platform determines whether the first domain name and the first IP address are a record domain name and a record IP address, and the record domain name and The filing IP address is pre-stored in the third-party payment platform; if the first domain name and the first IP address are the filing domain name and the filing IP address, the payment is normally completed according to the payment data. If the first domain name and the first IP address are not the filing domain name and the filing IP address, then the first domain name, the first IP address, and the The order number is sent to the commercial platform for verification.
可选地,所述方法还包括:如果商业平台验证所述第一域名和/或所述第一IP地址为所述商业平台修改后的域名和IP地址,则接受所述商业平台所发送的确认消息,并将所述第一域名和所述第一IP地址存储在本地以作为所述商业平台的备案域名和备案IP地址。 Optionally, the method further includes: if the commercial platform verifies that the first domain name and/or the first IP address is the modified domain name and IP address of the commercial platform, accepting the sending by the commercial platform Confirming the message and storing the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform.
可选地,所述方法还包括:如果商业平台验证所述第一域名和/或所述第一IP地址不是所述商业平台的域名和IP地址,则接受所述商业平台所发送的否定消息,并向支付方发送提示消息,所述提示消息提示所述第一平台为非法平台。Optionally, the method further includes: accepting a negative message sent by the commercial platform if the commercial platform verifies that the first domain name and/or the first IP address is not a domain name and an IP address of the commercial platform And sending a prompt message to the paying party, the prompt message prompting that the first platform is an illegal platform.
本发明第二方面提供了一种支付数据安全验证方法,包括:商业平台接收支付方所发送的订单信息,并根据所述订单信息生成支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号;向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。A second aspect of the present invention provides a payment data security verification method, including: a commercial platform receiving order information sent by a payer, and generating payment data according to the order information, wherein the payment data includes a domain name of a commercial platform and The IP address, the payment data further includes an order number of the current payment; and the payment data is sent to the third-party payment platform for verification by the third-party payment platform.
可选地,所述方法还包括:接收第三方支付平台所发送的第一域名、第一IP地址和订单号;判断所述第一域名和所述第一IP地址是否为本平台的域名和IP地址;如果是,则向所述第三方支付平台发送确定消息,如果否,则向所述第三方支付平台发送否定消息,并停止所述订单号的处理流程。Optionally, the method further includes: receiving a first domain name, a first IP address, and an order number sent by the third-party payment platform; determining whether the first domain name and the first IP address are domain names of the platform and The IP address; if yes, sending a determination message to the third-party payment platform, and if not, sending a negative message to the third-party payment platform, and stopping the processing flow of the order number.
本发明第三方面提供了一种第三方支付平台,包括:接收模块、判断模块以及执行模块,A third aspect of the present invention provides a third-party payment platform, including: a receiving module, a determining module, and an executing module,
所述接收模块用于接收第一平台所发送的支付数据,其中,所述第一平台具有第一域名和第一IP地址,所述支付数据中包含了产生所述支付数据的商业平台的信息和订单号;The receiving module is configured to receive payment data sent by the first platform, where the first platform has a first domain name and a first IP address, and the payment data includes information of a commercial platform that generates the payment data. And the order number;
所述判断模块用于获取所述第一平台的所述第一域名和所述第一IP地址,并判断所述第一域名和所述第一IP地址是否为备案域名和备案IP地址,所述备案域名和所述备案IP地址预先存储在所述第三方支付平台中;The determining module is configured to obtain the first domain name and the first IP address of the first platform, and determine whether the first domain name and the first IP address are a record domain name and a record IP address. The record domain name and the filing IP address are pre-stored in the third-party payment platform;
所述执行模块用于在所述第一域名和所述第一IP地址是所述备案域名和所述备案IP地址时,根据所述支付数据正常完成支付,在所述第一域名和所述第一IP地址不是所述备案域名和所述备案IP地址是,根据所述商业平台的信息将所述第一域名、所述第一IP地址和所述订单号发送给所述商业平台以进行验证。The executing module is configured to normally complete payment according to the payment data when the first domain name and the first IP address are the filing domain name and the filing IP address, in the first domain name and the The first IP address is not the filing domain name and the filing IP address, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. verification.
可选地,所述平台还包括备案模块,所述备案模块用于在商业平台验证所述第一域名和/或所述第一IP地址为所述商业平台修改后的域名和IP地址时,接受所述商业平台所发送的确认消息,并将所述第一域名和所述第一IP地址存储在本地以作为所述商业平台的备案域名和备案IP地址。Optionally, the platform further includes a filing module, where the filing module is configured to: when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, Accepting the confirmation message sent by the commercial platform, and storing the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform.
可选地,所述平台还包括提示模块,所述提示模块用于在商业平台验证所述第一域名和/或所述第一IP地址不是所述商业平台的域名和IP地址时,接受所述商业平台所发送的否定消息,并向支付方发送提示消息,所述提示消息提 示所述第一平台为非法平台。Optionally, the platform further includes a prompting module, where the prompting module is configured to accept the first domain name and/or the first IP address is not the domain name and IP address of the commercial platform when the commercial platform is verified Determining a negative message sent by the commercial platform, and sending a prompt message to the paying party, the prompt message The first platform is shown as an illegal platform.
本发明第四方面提供了一种商业平台,所述平台包括接收模块以及发送模块,所述接收模块用于接收支付方所发送的订单信息,并根据所述订单信息生成支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号;所述发送模块用于向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。A fourth aspect of the present invention provides a commercial platform, where the platform includes a receiving module and a sending module, where the receiving module is configured to receive order information sent by a paying party, and generate payment data according to the order information, where The payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes an order number of the current payment; the sending module is configured to send the payment data to the third-party payment platform for the third party The payment platform is verified.
可选地,所述平台还包括判断模块,所述接收模块还用于接收第三方支付平台所发送的第一域名、第一IP地址和订单号;所述判断模块用于判断所述第一域名和所述第一IP地址是否为本平台的域名和IP地址,并在判断结果为是时,向所述第三方支付平台发送确定消息,在所述判断结果为否时,向所述第三方支付平台发送否定消息,并停止所述订单号的处理流程。Optionally, the platform further includes a determining module, where the receiving module is further configured to receive a first domain name, a first IP address, and an order number sent by the third-party payment platform, where the determining module is configured to determine the first Whether the domain name and the first IP address are the domain name and the IP address of the platform, and when the determination result is yes, sending a determination message to the third-party payment platform, and when the determination result is no, the The three-party payment platform sends a negative message and stops the processing flow of the order number.
由于正规的商业平台在运营前会预先在第三方支付平台备案本平台的域名和IP地址,所以,在接收到支付数据后,第三方支付平台会获取发送支付数据的第一平台的第一域名和第一IP地址,并判断发送支付数据的第一平台的第一域名和第一IP地址是否为备案域名和备案IP地址,如果是,则第一平台是正规的商业平台,第三方支付平台正常完成支付,如果否,则第一平台是非法的商业平台,第三方支付平台将第一域名、第一IP地址和订单号发送给产生支付数据的商业平台以进行验证,通过上面的方式,能够避免钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。Since the formal business platform pre-registers the domain name and IP address of the platform in the third-party payment platform before the operation, after receiving the payment data, the third-party payment platform will obtain the first domain name of the first platform that sends the payment data. And the first IP address, and determining whether the first domain name and the first IP address of the first platform that sends the payment data are the record domain name and the record IP address, and if so, the first platform is a formal commercial platform, and the third party payment platform The payment is completed normally. If not, the first platform is an illegal commercial platform. The third-party payment platform sends the first domain name, the first IP address, and the order number to the commercial platform that generates the payment data for verification. It can prevent the phishing platform from using the payment data to deceive the phishers to pay for the phishers.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是现有技术支付系统一实施方式的结构示意图;1 is a schematic structural diagram of an embodiment of a prior art payment system;
图2是钓鱼者利用钓鱼平台诱骗被钓鱼者进行支付的示意图;2 is a schematic diagram of a fisherman using a fishing platform to trick a fisherman into paying;
图3是本发明支付数据安全验证方法一实施方式的流程图;3 is a flow chart of an embodiment of a payment data security verification method according to the present invention;
图4是本发明支付数据安全验证方法另一实施方式的流程图; 4 is a flowchart of another embodiment of a payment data security verification method according to the present invention;
图5是本发明第三方支付平台一实施方式的结构示意图;5 is a schematic structural diagram of an implementation manner of a third-party payment platform according to the present invention;
图6是本发明第三方支付平台另一实施方式的结构示意图;6 is a schematic structural diagram of another embodiment of a third-party payment platform according to the present invention;
图7是本发明商业平台一实施方式的结构示意图。7 is a schematic structural view of an embodiment of a commercial platform of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
需要说明的是,在本发明实施例中使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本发明。在本发明实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。It is to be understood that the terminology used in the embodiments of the present invention is for the purpose of describing the particular embodiments, and is not intended to limit the invention. The singular forms "a", "the" and "the" It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
请参阅图3,图3是本发明支付数据安全验证方法一实施方式的流程图。本实施方式从第三方支付平台的角度出发进行描述,本实施方式的支付数据安全验证方法包括:Please refer to FIG. 3. FIG. 3 is a flowchart of an embodiment of a payment data security verification method according to the present invention. The present embodiment is described from the perspective of a third-party payment platform. The payment data security verification method of this embodiment includes:
S310:第三方支付平台接收第一平台所发送的支付数据。S310: The third-party payment platform receives the payment data sent by the first platform.
支付数据时消费者或钓鱼者在商业平台进行购物时所产生的数据。其中,支付数据包含了产生支付数据的商业平台的信息和订单号。第一平台可能是商业平台,也可能是钓鱼平台。如果是商业平台,则商业平台会将根据消费者的购物所产生的支付数据发送给第三方支付平台,如果是钓鱼平台,则钓鱼平台会将之前从商业平台截取的支付数据发送给第三方支付平台。由于每个平台都有属于自己的域名和IP地址,所以,第一平台具有第一平台具有第一域名和第一IP地址。The data generated by consumers or phishers when making a purchase on a commercial platform when paying for data. The payment data includes information and an order number of the commercial platform that generated the payment data. The first platform may be a commercial platform or a phishing platform. If it is a commercial platform, the business platform will send the payment data generated by the consumer's shopping to the third-party payment platform. If it is a fishing platform, the phishing platform will send the payment data previously intercepted from the commercial platform to the third-party payment. platform. Since each platform has its own domain name and IP address, the first platform has a first platform with a first domain name and a first IP address.
S320:第三方支付平台获取第一平台的第一域名和第一IP地址,并判断第一域名和第一IP地址是否为备案域名和备案IP地址,备案域名和备案IP地址预先存储在第三方支付平台中。 S320: The third-party payment platform obtains the first domain name and the first IP address of the first platform, and determines whether the first domain name and the first IP address are the record domain name and the record IP address, and the record domain name and the record IP address are pre-stored in the third party. In the payment platform.
在商业平台正式运营前,商业平台会将自己的域名和IP地址在第三方支付平台上进行备案。由于第三方支付平台是直接连接第一平台的,所以,第三方支付平台能够获取第一平台的第一域名和第一IP地址。第三方支付平台在获取到第一平台的第一域名和第一IP地址,查询存储在本地的备案域名和备案IP地址,从而判断第一域名和第一IP地址是否为备案域名和备案IP地址。如果第一域名和第一IP地址是备案域名和备案IP地址,进入步骤S330;如果第一域名和第一IP地址不是备案域名和备案IP地址,进入步骤S340。Before the commercial platform is officially launched, the commercial platform will record its domain name and IP address on a third-party payment platform. Since the third-party payment platform is directly connected to the first platform, the third-party payment platform can acquire the first domain name and the first IP address of the first platform. The third-party payment platform obtains the first domain name and the first IP address of the first platform, and queries the local registered domain name and the filed IP address to determine whether the first domain name and the first IP address are the record domain name and the record IP address. . If the first domain name and the first IP address are the record domain name and the record IP address, proceed to step S330; if the first domain name and the first IP address are not the record domain name and the record IP address, proceed to step S340.
S330:根据支付数据正常完成支付。S330: The payment is normally completed according to the payment data.
如果第一域名和第一IP地址是备案域名和备案IP地址,则可以知道第一平台是商业平台,根据支付数据正常完成支付。If the first domain name and the first IP address are the filing domain name and the filing IP address, it can be known that the first platform is a commercial platform, and the payment is normally completed according to the payment data.
S340:根据商业平台的信息将第一域名、第一IP地址和订单号发送给商业平台以进行验证。S340: Send the first domain name, the first IP address, and the order number to the commercial platform for verification according to the information of the commercial platform.
如果第一域名和第一IP地址不是备案域名和备案IP地址,则不能确定第一平台是商业平台,根据商业平台的信息将第一域名、第一IP地址和订单号发送给商业平台以进行验证。If the first domain name and the first IP address are not the record domain name and the record IP address, it is not determined that the first platform is a commercial platform, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. verification.
通过上面的方式,如果发送支付数据的平台不是备案平台,则不能完成支付,能够避免钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。In the above manner, if the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the phishing platform can be prevented from using the payment data to deceive the hunter to pay for the phishers.
在另一种可能的实施方式中,如果商业平台根据第一域名和第一IP地址进行验证,发现第一域名和第一IP地址是本平台修改后的域名和IP地址,则向第三方支付平台发送确定消息。第三方支付平台接收到商业平台所发送的确认消息后,将第一域名和第一IP地址存储在本地以作为此商业平台的备案域名和备案IP地址。如果商业平台验证第一域名和/或第一IP地址不是商业平台的域名和IP地址,则商业平台向第三方支付平台发送否定消息。第三方支付平台接受商业平台所发送的否定消息后,向支付方发送提示消息,提示支付方所购物的第一平台为非法平台。In another possible implementation manner, if the commercial platform performs verification according to the first domain name and the first IP address, and finds that the first domain name and the first IP address are the modified domain name and IP address of the platform, the third party is paid. The platform sends a confirmation message. After receiving the confirmation message sent by the commercial platform, the third-party payment platform stores the first domain name and the first IP address locally as the filing domain name and the filing IP address of the commercial platform. If the commercial platform verifies that the first domain name and/or the first IP address is not the domain name and IP address of the commercial platform, the commercial platform sends a negative message to the third party payment platform. After receiving the negative message sent by the commercial platform, the third-party payment platform sends a prompt message to the paying party, prompting the first platform that the payer to purchase is an illegal platform.
参阅图4,图4是本发明支付数据安全验证方法另一实施方式的流程图。本实施方式从商业平台的角度出发进行描述,本实施方式的支付数据安全验证方法包括:Referring to FIG. 4, FIG. 4 is a flowchart of another embodiment of the payment data security verification method of the present invention. The present embodiment is described from the perspective of a commercial platform. The payment data security verification method of this embodiment includes:
S410:商业平台接收支付方所发送的订单信息,并根据所述订单信息生成 支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号。S410: The commercial platform receives the order information sent by the paying party, and generates the order information according to the order information. Payment data, wherein the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes an order number of the payment.
商业平台可以是淘宝、京东等平台。支付方在商业平台进行购物时,会产生相应的订单信息,例如购买商品的价格,件数等等,商业平台接收支付方所发送的订单信息后,根据订单信息生成支付数据。在生产支付数据时,商业平台的域名、IP地址和本次支付的订单号都会被封装到支付数据中。The commercial platform can be Taobao, Jingdong and other platforms. When the paying party makes a purchase on the commercial platform, the corresponding order information, such as the price of the purchased product, the number of pieces, and the like, is generated, and the commercial platform generates the payment data according to the order information after receiving the order information sent by the paying party. When producing payment data, the domain name of the commercial platform, the IP address, and the order number of this payment are encapsulated into the payment data.
S420:向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。S420: Send the payment data to the third-party payment platform for verification by the third-party payment platform.
第三方支付平台可以是银行等等。商业平台将包含商业平台的域名、IP地址和本次支付的订单号的支付数据发送给第三方支付平台以进行支付。The third party payment platform can be a bank or the like. The commercial platform sends the payment data including the domain name of the commercial platform, the IP address, and the order number of the payment to the third-party payment platform for payment.
通过上面的方式,能够将支付数据发送给第三方支付平台,使得第三方支付平台验证发送支付数据的平台是否备案平台,如果发送支付数据的平台不是备案平台,则不能完成支付,能够避免钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。In the above manner, the payment data can be sent to the third-party payment platform, so that the third-party payment platform verifies whether the platform that sends the payment data is the filing platform. If the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the fishing platform can be avoided. Using payment data to trick the phisher into paying for the phishers.
参阅图5,图5是本发明第三方支付平台一实施方式的结构示意图。本实施方式的第三方支付平台500包括:接收模块510、判断模块520以及执行模块530。Referring to FIG. 5, FIG. 5 is a schematic structural diagram of an implementation manner of a third-party payment platform according to the present invention. The third-party payment platform 500 of the present embodiment includes a receiving module 510, a determining module 520, and an executing module 530.
所述接收模块510用于接收第一平台所发送的支付数据,其中,所述第一平台具有第一域名和第一IP地址,所述支付数据中包含了产生所述支付数据的商业平台的信息和订单号;The receiving module 510 is configured to receive payment data sent by the first platform, where the first platform has a first domain name and a first IP address, where the payment data includes a commercial platform that generates the payment data. Information and order number;
所述判断模块520用于获取所述第一平台的所述第一域名和所述第一IP地址,并判断所述第一域名和所述第一IP地址是否为备案域名和备案IP地址,所述备案域名和所述备案IP地址预先存储在所述第三方支付平台中;The determining module 520 is configured to obtain the first domain name and the first IP address of the first platform, and determine whether the first domain name and the first IP address are a record domain name and a record IP address. The record domain name and the filing IP address are pre-stored in the third-party payment platform;
所述执行模块530用于在所述第一域名和所述第一IP地址是所述备案域名和所述备案IP地址时,根据所述支付数据正常完成支付,在所述第一域名和所述第一IP地址不是所述备案域名和所述备案IP地址是,根据所述商业平台的信息将所述第一域名、所述第一IP地址和所述订单号发送给所述商业平台以进行验证。The executing module 530 is configured to normally complete payment according to the payment data when the first domain name and the first IP address are the filing domain name and the filing IP address, in the first domain name and the The first IP address is not the record domain name and the record IP address, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. authenticating.
通过上面的方式,如果发送支付数据的平台不是备案平台,则不能完成支 付,能够避免钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。In the above manner, if the platform that sends the payment data is not the filing platform, the branch cannot be completed. Pay, can avoid the phishing platform using the payment data to deceive the phishers to pay for the phishers.
参阅图6,在另一实施方式中,所述第三方支付平台500还包括备案模块540以及提示模块550。Referring to FIG. 6 , in another embodiment, the third-party payment platform 500 further includes a filing module 540 and a prompting module 550 .
所述备案模块540用于在商业平台验证所述第一域名和/或所述第一IP地址为所述商业平台修改后的域名和IP地址时,接受所述商业平台所发送的确认消息,并将所述第一域名和所述第一IP地址存储在本地以作为所述商业平台的备案域名和备案IP地址。The filing module 540 is configured to accept a confirmation message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, And storing the first domain name and the first IP address locally as a filing domain name and a filing IP address of the commercial platform.
所述提示模块550用于在商业平台验证所述第一域名和/或所述第一IP地址不是所述商业平台的域名和IP地址时,接受所述商业平台所发送的否定消息,并向支付方发送提示消息,所述提示消息提示所述第一平台为非法平台。The prompting module 550 is configured to accept a negative message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is not a domain name and an IP address of the commercial platform, and The payer sends a prompt message, and the prompt message prompts that the first platform is an illegal platform.
参阅图7,图7是本发明商业平台一实施方式的结构示意图。本实施方式的商业平台700包括:接收模块710、发送模块720以及判断模块730。Referring to FIG. 7, FIG. 7 is a schematic structural diagram of an embodiment of a commercial platform of the present invention. The commercial platform 700 of the present embodiment includes a receiving module 710, a sending module 720, and a determining module 730.
所述接收模块710用于接收支付方所发送的订单信息,并根据所述订单信息生成支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号;The receiving module 710 is configured to receive order information sent by the paying party, and generate payment data according to the order information, where the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes the current payment. Order number;
所述发送模块720用于向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。The sending module 720 is configured to send the payment data to the third-party payment platform for verification by the third-party payment platform.
所述商业平台700还包括判断模块730,所述接收模块710还用于接收第三方支付平台所发送的第一域名、第一IP地址和订单号;所述判断模块730用于判断所述第一域名和所述第一IP地址是否为本平台的域名和IP地址,并在判断结果为是时,向所述第三方支付平台发送确定消息,在所述判断结果为否时,向所述第三方支付平台发送否定消息,并停止所述订单号的处理流程。The business platform 700 further includes a determining module 730, the receiving module 710 is further configured to receive a first domain name, a first IP address, and an order number sent by the third-party payment platform, where the determining module 730 is configured to determine the first Whether the domain name and the first IP address are the domain name and the IP address of the platform, and when the determination result is yes, sending a determination message to the third-party payment platform, and when the determination result is no, the The third party payment platform sends a negative message and stops the processing process of the order number.
通过上面的方式,能够将支付数据发送给第三方支付平台,使得第三方支付平台验证发送支付数据的平台是否备案平台,如果发送支付数据的平台不是备案平台,则不能完成支付,能够避免钓鱼平台利用支付数据欺骗被钓鱼者替钓鱼者进行买单。In the above manner, the payment data can be sent to the third-party payment platform, so that the third-party payment platform verifies whether the platform that sends the payment data is the filing platform. If the platform that sends the payment data is not the filing platform, the payment cannot be completed, and the fishing platform can be avoided. Using payment data to trick the phisher into paying for the phishers.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的程序可存储于一计算 机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)或随机存储记忆体(Random Access Memory,RAM)等。One of ordinary skill in the art can understand that all or part of the process of implementing the above embodiment method can be completed by a computer program to instruct related hardware, and the program can be stored in a calculation. The machine can be read into a storage medium, and when executed, the program can include the flow of an embodiment of the methods as described above. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM), or a random access memory (RAM).
以上所揭露的仅为本发明一种较佳实施例而已,当然不能以此来限定本发明之权利范围,本领域普通技术人员可以理解实现上述实施例的全部或部分流程,并依本发明权利要求所作的等同变化,仍属于发明所涵盖的范围。 The above disclosure is only a preferred embodiment of the present invention, and of course, the scope of the present invention is not limited thereto, and those skilled in the art can understand all or part of the process of implementing the above embodiments, and according to the present invention. The equivalent changes required are still within the scope of the invention.

Claims (10)

  1. 一种支付数据安全验证方法,其特征在于,包括:A payment data security verification method, comprising:
    第三方支付平台接收第一平台所发送的支付数据,其中,所述第一平台具有第一域名和第一IP地址,所述支付数据中包含了产生所述支付数据的商业平台的信息和订单号;The third-party payment platform receives the payment data sent by the first platform, where the first platform has a first domain name and a first IP address, and the payment data includes information and an order of the commercial platform that generates the payment data. number;
    第三方支付平台获取所述第一平台的所述第一域名和所述第一IP地址,并判断所述第一域名和所述第一IP地址是否为备案域名和备案IP地址,所述备案域名和所述备案IP地址预先存储在所述第三方支付平台中;Obtaining, by the third-party payment platform, the first domain name and the first IP address of the first platform, and determining whether the first domain name and the first IP address are a record domain name and a record IP address, and the filing The domain name and the filing IP address are pre-stored in the third-party payment platform;
    如果所述第一域名和所述第一IP地址是所述备案域名和所述备案IP地址,则根据所述支付数据正常完成支付,如果所述第一域名和所述第一IP地址不是所述备案域名和所述备案IP地址,则根据所述商业平台的信息将所述第一域名、所述第一IP地址和所述订单号发送给所述商业平台以进行验证。If the first domain name and the first IP address are the filing domain name and the filing IP address, the payment is normally completed according to the payment data, if the first domain name and the first IP address are not Describe the domain name and the filing IP address, and send the first domain name, the first IP address, and the order number to the commercial platform for verification according to the information of the commercial platform.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    如果商业平台验证所述第一域名和/或所述第一IP地址为所述商业平台修改后的域名和IP地址,则接受所述商业平台所发送的确认消息,并将所述第一域名和所述第一IP地址存储在本地以作为所述商业平台的备案域名和备案IP地址。If the commercial platform verifies that the first domain name and/or the first IP address is the modified domain name and IP address of the commercial platform, accepting a confirmation message sent by the commercial platform, and the first domain name is And the first IP address is stored locally as a filing domain name and a filing IP address of the business platform.
  3. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    如果商业平台验证所述第一域名和/或所述第一IP地址不是所述商业平台的域名和IP地址,则接受所述商业平台所发送的否定消息,并向支付方发送提示消息,所述提示消息提示所述第一平台为非法平台。If the commercial platform verifies that the first domain name and/or the first IP address is not the domain name and IP address of the commercial platform, accepting a negative message sent by the commercial platform, and sending a prompt message to the paying party, The prompt message prompts that the first platform is an illegal platform.
  4. 一种支付数据安全验证方法,其特征在于,包括:A payment data security verification method, comprising:
    商业平台接收支付方所发送的订单信息,并根据所述订单信息生成支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号;The business platform receives the order information sent by the paying party, and generates payment data according to the order information, wherein the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes an order number of the payment;
    向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。The payment data is sent to the third party payment platform for verification by the third party payment platform.
  5. 根据权利要求4所述的方法,其特征在于,所述方法还包括:The method of claim 4, wherein the method further comprises:
    接收第三方支付平台所发送的第一域名、第一IP地址和订单号;Receiving a first domain name, a first IP address, and an order number sent by the third-party payment platform;
    判断所述第一域名和所述第一IP地址是否为本平台的域名和IP地址;Determining whether the first domain name and the first IP address are domain names and IP addresses of the platform;
    如果是,则向所述第三方支付平台发送确定消息,如果否,则向所述第三 方支付平台发送否定消息,并停止所述订单号的处理流程。If yes, send a determination message to the third-party payment platform, and if not, to the third The party payment platform sends a negative message and stops the processing flow of the order number.
  6. 一种第三方支付平台,其特征在于,包括:接收模块、判断模块以及执行模块,A third-party payment platform, comprising: a receiving module, a determining module, and an executing module,
    所述接收模块用于接收第一平台所发送的支付数据,其中,所述第一平台具有第一域名和第一IP地址,所述支付数据中包含了产生所述支付数据的商业平台的信息和订单号;The receiving module is configured to receive payment data sent by the first platform, where the first platform has a first domain name and a first IP address, and the payment data includes information of a commercial platform that generates the payment data. And the order number;
    所述判断模块用于获取所述第一平台的所述第一域名和所述第一IP地址,并判断所述第一域名和所述第一IP地址是否为备案域名和备案IP地址,所述备案域名和所述备案IP地址预先存储在所述第三方支付平台中;The determining module is configured to obtain the first domain name and the first IP address of the first platform, and determine whether the first domain name and the first IP address are a record domain name and a record IP address. The record domain name and the filing IP address are pre-stored in the third-party payment platform;
    所述执行模块用于在所述第一域名和所述第一IP地址是所述备案域名和所述备案IP地址时,根据所述支付数据正常完成支付,在所述第一域名和所述第一IP地址不是所述备案域名和所述备案IP地址是,根据所述商业平台的信息将所述第一域名、所述第一IP地址和所述订单号发送给所述商业平台以进行验证。The executing module is configured to normally complete payment according to the payment data when the first domain name and the first IP address are the filing domain name and the filing IP address, in the first domain name and the The first IP address is not the filing domain name and the filing IP address, and the first domain name, the first IP address, and the order number are sent to the commercial platform according to the information of the commercial platform. verification.
  7. 根据权利要求6所述的平台,其特征在于,所述平台还包括备案模块,The platform of claim 6 wherein said platform further comprises a filing module.
    所述备案模块用于在商业平台验证所述第一域名和/或所述第一IP地址为所述商业平台修改后的域名和IP地址时,接受所述商业平台所发送的确认消息,并将所述第一域名和所述第一IP地址存储在本地以作为所述商业平台的备案域名和备案IP地址。The filing module is configured to accept a confirmation message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is a modified domain name and an IP address of the commercial platform, and The first domain name and the first IP address are stored locally as a filing domain name and a filing IP address of the business platform.
  8. 根据权利要求6所述的平台,其特征在于,所述平台还包括提示模块,The platform according to claim 6, wherein the platform further comprises a prompting module,
    所述提示模块用于在商业平台验证所述第一域名和/或所述第一IP地址不是所述商业平台的域名和IP地址时,接受所述商业平台所发送的否定消息,并向支付方发送提示消息,所述提示消息提示所述第一平台为非法平台。The prompting module is configured to accept a negative message sent by the commercial platform when the commercial platform verifies that the first domain name and/or the first IP address is not a domain name and an IP address of the commercial platform, and pays The party sends a prompt message, and the prompt message prompts that the first platform is an illegal platform.
  9. 一种商业平台,其特征在于,所述平台包括接收模块以及发送模块,A commercial platform, characterized in that the platform comprises a receiving module and a sending module,
    所述接收模块用于接收支付方所发送的订单信息,并根据所述订单信息生成支付数据,其中,所述支付数据包括商业平台的域名和IP地址,所述支付数据还包括本次支付的订单号;The receiving module is configured to receive order information sent by the paying party, and generate payment data according to the order information, where the payment data includes a domain name and an IP address of the commercial platform, and the payment data further includes the current payment order number;
    所述发送模块用于向所述第三方支付平台发送所述支付数据,以供所述第三方支付平台进行验证。The sending module is configured to send the payment data to the third-party payment platform for verification by the third-party payment platform.
  10. 根据权利要求9所述的平台,其特征在于,所述平台还包括判断模块,The platform according to claim 9, wherein the platform further comprises a judging module,
    所述接收模块还用于接收第三方支付平台所发送的第一域名、第一IP地址 和订单号;The receiving module is further configured to receive a first domain name and a first IP address sent by a third-party payment platform. And the order number;
    所述判断模块用于判断所述第一域名和所述第一IP地址是否为本平台的域名和IP地址,并在判断结果为是时,向所述第三方支付平台发送确定消息,在所述判断结果为否时,向所述第三方支付平台发送否定消息,并停止所述订单号的处理流程。 The determining module is configured to determine whether the first domain name and the first IP address are domain names and IP addresses of the platform, and send a determination message to the third-party payment platform when the determination result is yes. When the determination result is negative, a negative message is sent to the third-party payment platform, and the processing flow of the order number is stopped.
PCT/CN2015/088496 2015-07-29 2015-08-30 Payment data safety verification method, third-party payment platform and commercial platform WO2017016037A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510456242.6 2015-07-29
CN201510456242.6A CN105574726A (en) 2015-07-29 2015-07-29 Safe payment data verification method, third party payment platform and commercial platform

Publications (1)

Publication Number Publication Date
WO2017016037A1 true WO2017016037A1 (en) 2017-02-02

Family

ID=55884827

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/088496 WO2017016037A1 (en) 2015-07-29 2015-08-30 Payment data safety verification method, third-party payment platform and commercial platform

Country Status (2)

Country Link
CN (1) CN105574726A (en)
WO (1) WO2017016037A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110971571A (en) * 2018-09-29 2020-04-07 北京国双科技有限公司 Website domain name verification method and related device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103810432A (en) * 2014-02-24 2014-05-21 珠海市君天电子科技有限公司 Data processing method and device
CN104063788A (en) * 2014-07-16 2014-09-24 武汉大学 Mobile platform credibility payment system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103457913B (en) * 2012-05-30 2017-10-13 阿里巴巴集团控股有限公司 Data processing method, communication terminal, server and system
CN103761644A (en) * 2013-12-30 2014-04-30 北京中科金财电子商务有限公司 Ordering processing method for mobile Internet online payment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103810432A (en) * 2014-02-24 2014-05-21 珠海市君天电子科技有限公司 Data processing method and device
CN104063788A (en) * 2014-07-16 2014-09-24 武汉大学 Mobile platform credibility payment system and method

Also Published As

Publication number Publication date
CN105574726A (en) 2016-05-11

Similar Documents

Publication Publication Date Title
JP6257091B2 (en) Make payments using the payment plugin
US11238443B2 (en) Secure crypto currency point-of-sale (POS) management
US8548872B1 (en) Generating product feeds
US20180121949A1 (en) Incentive method, online transaction platform, and incentive funds platform for safe online transactions
JP2019536134A (en) Method and system for indicating an exchange associated with a token held anonymously on a blockchain
JP5536038B2 (en) Secure web-based transactions
CN105512900A (en) Product anti-counterfeiting authenticating and product quality tracking method
CN102073953A (en) On-line payment method and system
CN109118219A (en) Transaction data processing method and device
WO2018219185A1 (en) Resource processing method and device, server and terminal device
WO2019153765A1 (en) Information reminding method and apparatus, and electronic device
WO2017059789A1 (en) Logistics performance mode information processing method and device
WO2017016037A1 (en) Payment data safety verification method, third-party payment platform and commercial platform
US9058624B1 (en) Message shopping over an electronic marketplace
JP2020017068A (en) Information processing method, information processing apparatus, and program
WO2020224092A1 (en) Zero-knowledge proof-based supply chain data management method and apparatus
WO2017201968A1 (en) Verification method and verification system for merchandise inventory
JP2022053122A (en) Information processing method, information processing device, and program
US20210158372A1 (en) Secure management of ownership of physical objects
CA2995865A1 (en) Electronic-certificate-based transaction method and system
WO2022183913A1 (en) Blockchain-based real right interaction
JP5448209B2 (en) Unauthorized purchase warning system, unauthorized purchase warning method and program
JP2020017069A (en) Information processing method, information processing device, and program
JP7195016B2 (en) Transaction processing method, system and program
Kumar et al. Product Identification System Using Block chain

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15899389

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15899389

Country of ref document: EP

Kind code of ref document: A1