WO2017152818A1 - 一种支付方法及系统 - Google Patents

一种支付方法及系统 Download PDF

Info

Publication number
WO2017152818A1
WO2017152818A1 PCT/CN2017/075741 CN2017075741W WO2017152818A1 WO 2017152818 A1 WO2017152818 A1 WO 2017152818A1 CN 2017075741 W CN2017075741 W CN 2017075741W WO 2017152818 A1 WO2017152818 A1 WO 2017152818A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication
payee
payee device
user
Prior art date
Application number
PCT/CN2017/075741
Other languages
English (en)
French (fr)
Inventor
李明
Original Assignee
李明
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 李明 filed Critical 李明
Priority to US16/082,697 priority Critical patent/US10872337B2/en
Priority to EP17762504.3A priority patent/EP3428867A4/en
Priority to KR1020187024987A priority patent/KR102089201B1/ko
Publication of WO2017152818A1 publication Critical patent/WO2017152818A1/zh

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/102Bill distribution or payments
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/204Point-of-sale [POS] network systems comprising interface for record bearing medium or carrier for electronic funds transfer or payment credit
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/321Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/001Interfacing with vending machines using mobile or wearable devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B13/00Transmission systems characterised by the medium used for transmission, not provided for in groups H04B3/00 - H04B11/00
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B13/00Transmission systems characterised by the medium used for transmission, not provided for in groups H04B3/00 - H04B11/00
    • H04B13/005Transmission systems in which the medium consists of the human body

Definitions

  • the present invention relates to the field of electronic technologies, and in particular, to a payment method and system.
  • POS machines are widely used in electronic payment. Some existing POS machines read the cardholder's magnetic stripe information through the card reader, and the POS operator inputs the transaction amount. The cardholder swipes the bank card on the POS machine, and then enters the password, and the POS machine puts these The information is uploaded to the bank back office to complete the online transaction. It can be seen that in the existing electronic payment process, the user needs to perform two operations. The first time the bank card is placed on the POS machine to establish a connection with the POS machine, the second time the user needs to input a password, and the operation process is complicated.
  • the present invention is directed to solving one of the above problems.
  • the main object of the present invention is to provide a payment method.
  • Another object of the present invention is to provide a payment system.
  • An aspect of the present invention provides a payment method, comprising: after a biological limb enters a preset range of a payee device, the payee device establishes a communication connection with the payer device through the biological limb; the payee device Transmitting, by the communication connection, transaction information to the payer device; the payer device receiving the transaction information; the payer device extracting key information from the transaction information; the payer device prompting the key Information, and waiting for user confirmation; after receiving the confirmation instruction of the user, the payment party device sends the authentication information to the payee device through the communication connection; the payee device receives the communication through the communication connection
  • the authentication information transmitted by the paying party device, the authentication information includes: digital authentication information; collecting biometric information of the biological limb during a duration of the preset range of the biological limb entering the payee device; Receiving, by the payee device, an authentication result of authenticating the digital authentication information and the biometric information; In the authentication device is the result of the implementation of payment transactions through certification of the case.
  • the biometric information includes: fingerprint information and/or vein information;
  • the collecting biometric information of the biological limb includes: contacting the biological limb with the payee device In the case of the biometric information of the contact portion of the biological limb with the payee device.
  • the digital authentication information includes at least one of the following: electronic signature information, ciphertext information, and a dynamic password.
  • a payment system including: a payee device and a payer device, wherein: the payee device is configured to pass a biological body after entering a preset range of the payee device The limb establishes a communication connection with the payer device, and sends transaction information to the payer device through the communication connection; the payer device is configured to receive the transaction information, extract key information from the transaction information, and prompt The key information is waiting for the user to confirm, and after receiving the confirmation instruction of the user, sending the authentication information to the payee device through the communication connection; the payee device is further configured to receive through the communication connection
  • the authentication information transmitted by the payer device the authentication information includes: digital authentication information; collecting biometrics of the biological limb during a duration of the preset range of the biological limb entering the payee device Information; obtaining an authentication result of authenticating the digital authentication information and the biometric information; and the authentication result is an authentication pass Carrying out a payment default.
  • the biometric information includes: fingerprint information and/or vein information; and the payee device is further configured to collect biometric information of the biological limb, including: the biological limb and the receipt In the case where the party device is in contact, the payee device collects the biometric information of the contact portion of the biological limb with the payee device.
  • the digital authentication information includes at least one of the following: electronic signature information, ciphertext information, and a dynamic password.
  • the present invention provides a payment method and system for transmitting transaction information and information to be authenticated by using human body communication, and completing payment after the information to be authenticated is authenticated, for the user. Only one operation is performed, and the payee device obtains the digital authentication information and the biometric information at the same time, which is quick and convenient, and the double authentication of the digital authentication information and the biometric information can be more secure and reliable, and the real legality is reduced. The probability that the user is identified as failed increases the user experience.
  • FIG. 1 is a flowchart of a payment method according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic structural diagram of a payment system according to Embodiment 2 of the present invention.
  • Human body communication is an emerging short-distance communication technology that has emerged in recent years. It is mainly used to solve the communication problem of the body area network with human body as the carrier. It uses the human body as a transmission medium for electrical signals to realize information interaction between the body surface, the body and the surrounding health care equipment (3 to 5 meters). Compared with traditional wireless communication technologies such as Bluetooth, WIFI, RF and infrared, signals are transmitted through the human body during human communication, so electromagnetic noise has little influence on them, and has low power consumption and high confidentiality. And lower body damage and other advantages. In addition, since there is no problem of reduced efficiency when multi-person communication occurs, the redundant connection problem of the wired communication method can be eliminated.
  • the present invention provides a payment method for transmitting transaction information and information to be authenticated by human body communication, and the payment is completed after the authentication of the information to be authenticated, and only one operation is performed for the user, and the payee device simultaneously It is quick and convenient to obtain digital authentication information and biometric information, and through the dual authentication of digital authentication information and biometric information, it can be more secure and reliable, and reduces the probability that real and legitimate users are recognized and failed, and improves the user experience.
  • This embodiment provides a payment method. As shown in FIG. 1, the payment method includes the following steps S101 to S108:
  • the biological limb generally refers to the human body
  • the payee device can be a POS machine, an Alipay application, etc., a scanning terminal, a mobile terminal, a PDA, a desktop, a notebook, etc., and a payment terminal that can be networked with the background, and the paying party device can
  • the device implanted in the human body worn on the human body or placed in the worn clothes
  • the device implanted in the human body can be, for example, a blood flow sensor, a pulse sensor, a body temperature sensor or the like implanted in the human body, and worn on the human body.
  • the device may be, for example, a wristband, a wristwatch, a necklace, a ring, a waistband, or the like that can be worn on the user's electronic device. If it is a device worn on a human body, although it is not in direct contact with the surface of the human body, the distance from the surface of the human body (such as the skin) cannot exceed a preset distance, for example, a few millimeters, so that communication can be performed through the human body within the preset distance. Guarantee the quality of communication.
  • the Body Area Network is a human body-centered network element (including personal terminals, distributed on the human body, clothing, and a certain distance around the human body, such as 3 to 5 meters, Even a communication network composed of sensors, networking devices, etc. inside the human body, therefore, only when the network element related to the human body enters the preset range of the payee device, the human body communication connection of the body area network can be established.
  • the payee device establishes a communication connection between the biological limb and the payer device by using a wired manner and a wireless manner.
  • a wired manner and a wireless manner.
  • Both the payee device and the payer device are provided with electrodes, and the payee device contacts the biological limb (human body) implanted in the human body or the payer device worn on the human body (for example, a user wearing the wristwatch has a finger
  • the human body is used as a conductor, and the electrodes of both sides are connected to form a passage in the human body, that is, a so-called wired communication connection.
  • the payee device needs to be in contact with a human body wearing the payer device.
  • the payee device and the payer device can detect whether the surrounding electric field changes, and if the other party enters the range allowed by the human body communication, the field strength can be detected to be changed. Establish a communication connection with the other party.
  • the payer device is worn or built in the human body, and the vibration of the transmitter of the payer device generates an electric field, and the distance between the payer device and the payee device is in the human body communication.
  • the receiver of the payee device detects a change in the electric field and establishes a communication connection with the payer device. In this manner, the payee device does not need to be in contact with a human body wearing the payer device.
  • the human body is used as a transmission medium of an electrical signal to realize information interaction between the body surface, the body, and the device around the human body (3 to 5 meters).
  • traditional wireless communication technologies such as Bluetooth, WIFI, radio frequency and infrared
  • the signal is transmitted through the human body during human communication, so electromagnetic noise has little influence on it, and has low power consumption, high confidentiality and lower human damage. advantage.
  • the redundant connection problem of the wired communication method can be eliminated.
  • the transaction information may include: a transaction amount, a payee account information, and a payer account information.
  • the payee device When a large transaction occurs, the payee device must send the transaction information to the payer device to prompt the user. The subsequent payment process can only be performed after the user confirms.
  • the payer device may be a device, such as a wristwatch, or two devices, such as a wristwatch and an electronic signature device (such as U-Shield, ABC Key, or a smart card with a signature function).
  • a device such as a wristwatch
  • an electronic signature device such as U-Shield, ABC Key, or a smart card with a signature function.
  • S103 the payer device receives the transaction information, and the payer device extracts the key information from the transaction information;
  • the paying party device may extract key information, such as the transaction amount, or the name of the payee, the name of the payer, and the like from the transaction information, without prompting the entire content of the transaction information, specifically, It can be prompted by means of display display or voice playback.
  • key information such as the transaction amount, or the name of the payee, the name of the payer, and the like from the transaction information, without prompting the entire content of the transaction information, specifically, It can be prompted by means of display display or voice playback.
  • it can meet small devices with small display screens.
  • the display of the watch is small and cannot display the entire contents of the transaction information, but as long as the key content is displayed, Can play a role in prompting the user.
  • S104 the paying party device prompts the key information, and waits for the user to confirm;
  • the step of user confirmation is added to improve the security of the transaction, and the subsequent operations can be performed only after the user confirms and presses the confirmation key.
  • the payer device is two devices, then when prompted to the user, it can be prompted on any of the devices, of course, preferably on the electronic signature device.
  • the authentication information includes: digital authentication information; and the digital authentication information includes at least one of the following: electronic signature information, ciphertext information, and dynamic password.
  • the electronic signature information is signature data obtained by the payment device device by using the private key of the payment device to sign the signature data, and the data to be signed includes: single authentication data and authentication identification information, etc., when the electronic signature information is authenticated, the electronic signature information is obtained.
  • the public key of the payer device uses the public key to check the electronic signature information. If the check is passed, the authentication passes, which is an asymmetric authentication method; the ciphertext information is used by the payer device and the payee device.
  • the negotiated symmetric key is used to calculate the MAC value of the encrypted data.
  • the symmetric MAC address is also used to calculate the verified MAC value, and the ciphertext information is compared with the verified MAC value.
  • the authentication is passed, which is a symmetric authentication method; the dynamic password is a ciphertext generated by a dynamic port token (OTP) based on a seed key, and when the dynamic password is authenticated, the seed key is also used to calculate a verification value, and the comparison is performed. If the dynamic password and the verification value are the same, the authentication is passed. This is the token authentication mode.
  • the authentication of the digital authentication information can be implemented by any of the above three methods to ensure the legitimacy of the payer device.
  • the authentication information may further include: authentication identifier information, where the authentication identifier information may be, for example, a device identifier of the payer device, a user ID, and the like, which can uniquely identify the identity of the user, and pass the authentication.
  • the identification information may be uniquely associated with an authentication factor used by the paying party user to authenticate the digital authentication information and the biometric information, so as to perform dual authentication on the digital authentication information and the biometric information by using the authentication factor, thereby being able to It is determined that the biometric information and the digital authentication information are all from the same user, and the legitimacy of the user is guaranteed.
  • the payee device receives the authentication information transmitted by the payer device through the communication connection; and collects the biometric information of the biological limb during the duration of the preset range of the biological limb entering the payee device;
  • the biometric information includes at least one of the following: fingerprint information, iris information, face information, and vein information.
  • the payee device collects the biometric information of the human body while receiving the authentication information sent by the payer device, for example, in a short time (eg, 3 seconds) when the user's finger touches the touch component of the POS device,
  • the POS machine establishes a communication connection with the wristwatch worn by the user through the human body, and transmits the authentication information through the communication connection, and the touch component of the POS machine collects the fingerprint information, for example, on the user's wristwatch and the Alipay payment terminal (the payment terminal has The photographing function can be used to collect face information.
  • the face information is collected by the payment terminal, whereby the payee device can obtain the authentication information and the biometric information in one time, and the operation is convenient and quick.
  • the biometric information may be collected before or after the communication connection is established.
  • the biometric information includes: fingerprint information and/or vein information;
  • the biometric information of the biological limb includes: collecting biometric information of the contact portion of the biological limb and the payee device in the case where the biological limb is in contact with the payee device.
  • the POS machine Compared with the input fingerprint and PIN code on the POS machine in the prior art, the POS machine first prompts the user to input fingerprint information, collects the fingerprint, and then prompts the user to input the PIN code.
  • the user needs to interact with the POS machine twice to complete the fingerprint and PIN.
  • the input of the code is troublesome, and in the present invention, the user can complete the input of the authentication information and the collection of the biometric information in one time with one action, which is convenient and quick.
  • S107 Acquire an authentication result for authenticating the digital authentication information and the biometric information
  • the authentication result of authenticating the digital authentication information and the biometric information is obtaining the authentication factor and the biometric verification information according to the authentication identification information, and authenticating the digital authentication information by using the authentication factor and using the biometric verification information to the biometric
  • the authentication result of the authentication of the feature information, the authentication factor mainly includes the verification information for verifying the digital authentication information, and the authentication factor and the biometric verification information are uniquely associated with the authentication identification information, so that the authentication corresponding to the user can be uniquely queried according to the authentication identification information.
  • Factor and biometric verification information so that the two-factor authentication of digital authentication information and biometric information can ensure the legitimacy of the user.
  • the authentication of the digital authentication information by using the authentication factor includes at least one of the following ways:
  • Method 1 Asymmetric authentication method.
  • the digital authentication information includes: electronic signature information; the authentication factor includes a public key for verifying the electronic signature information; or
  • Method 2 Symmetric authentication method.
  • the digital authentication information includes: ciphertext information calculated by using a symmetric key; the authentication factor includes a symmetric key; or
  • Method 3 Token authentication method.
  • the digital authentication information includes: a dynamic password; the authentication factor includes a seed key that verifies the dynamic password.
  • the authentication information is used to authenticate the biometric information by using the digital authentication information and the biometric verification information, including: authenticating the digital authentication information by using the authentication factor, and determining the matching rate between the biometric verification information and the biometric information. Whether it is greater than the first preset value, when the authentication of the digital authentication information is passed and the matching rate between the biometrics verification information and the biometric information is greater than the first preset value, the authentication of the authentication information and the biometric information is confirmed to pass.
  • the second preset value is used to indicate that the two biometric information is the matching rate of the same biometric information.
  • the second preset value may be theoretically The two biometric information completely match the similarity to be achieved, for example, 99%, and the first preset value may be smaller than the second preset value, thereby reducing the true rate of the biometric information authentication technology by reducing the matching rate. Identify the probability of failure.
  • biometric information authentication technology there is a probability that a real legal user is recognized to be failed and an illegal user is recognized successfully.
  • fingerprint recognition as an example, in many cases, the user's fingerprint is real, but the authentication device Identifying the error, mistakenly identifying the fingerprint of the user as a fake fingerprint, and thus failing to pass the authentication, and failing to implement the payment transaction; sometimes, the fingerprint of the illegal user is clearly false, but the authentication device is also authenticated and passed to the legitimate user.
  • the economic losses, the probability of these occurrences is very high.
  • the double authentication of the digital authentication information and the biometric information can circumvent the situation that the “illegal user is successfully identified”, and can reduce the situation in which the real legitimate user is identified as failed.
  • the authentication device can reduce the similarity of the matching of the two biometric information to reduce the probability that the real legitimate user is recognized, for example, the theory
  • the upper two biometric information should be completely matched, and the similarity should be at least 99% (the second preset value). If the authentication device finds that its similarity is only 90%, it will be identified as a mismatch and the authentication will not pass.
  • the similarity of the exact match can be reduced to 80% (the first preset value). That is to say, as long as the similarity reaches 80% (the first preset value), the match is considered, so when the similarity of the two biometric information is 90% Can also be certified, thus, would not be the true legitimate user is identified failure occurred, thereby reducing the probability of biometric authentication technology information in real legitimate user is identified failures.
  • S108 The payee device performs the payment transaction if the authentication result is that the authentication is passed.
  • the payment method provided in this embodiment uses the human body communication to transmit transaction information and information to be authenticated, and is treated After the authentication of the information of the certificate is completed, the payment is completed, and only one operation is performed for the user, and the receiving device simultaneously acquires the digital authentication information and the biometric information at the same time, which is quick and convenient, and passes the digital authentication information and the biometric information. Dual authentication can be more secure and reliable, and reduces the probability that a real legitimate user will be identified and failed, improving the user experience.
  • the payment system includes: a payer device 10 and a payer device 20, wherein:
  • the payee device 10 is configured to establish a communication connection with the payer device 20 through the biological limb after the biological limb enters the preset range of the payee device 10, and send the transaction information to the payer device 20 through the communication connection; the payer device 20, for receiving transaction information, extracting key information from the transaction information, and prompting key information, waiting for user confirmation; after receiving the user's confirmation instruction, transmitting the authentication information to the payee device 10 through the communication connection; the payee The device 10 is further configured to receive the authentication information transmitted by the payer device 20 through the communication connection; collect the biometric information of the biological limb during the duration of the preset range of the biological limb entering the payee device 10; and obtain the digital authentication information And the authentication result of the biometric information to be authenticated; and the payment transaction is executed if the authentication result is the authentication pass.
  • the transaction information and the information to be authenticated are transmitted by using the human body communication, and the payment is completed after the authentication of the information to be authenticated is passed, and only one operation is performed for the user, and the payee device is simultaneously disabled.
  • Obtaining digital authentication information and biometric information is quick and convenient, and through the dual authentication of digital authentication information and biometric information, it can be more secure and reliable, and reduces the probability that a real legitimate user is recognized and fails, and improves the user experience.
  • the biological limb generally refers to the human body
  • the payee device can be a POS machine, an Alipay application, etc., a scanning terminal, a mobile terminal, a PDA, a desktop, a notebook, etc., and a payment terminal that can be networked with the background, and the paying party device can
  • the device implanted in the human body worn on the human body or placed in the worn clothes
  • the device implanted in the human body can be, for example, a blood flow sensor, a pulse sensor, a body temperature sensor or the like implanted in the human body, and worn on the human body.
  • the device may be, for example, a wristband, a wristwatch, a necklace, a ring, a waistband, or the like that can be worn on the user's electronic device. If it is a device worn on a human body, although it is not in direct contact with the surface of the human body, the distance from the surface of the human body (such as the skin) cannot exceed a preset distance, for example, a few millimeters, so that communication can be performed through the human body within the preset distance. Guarantee the quality of communication.
  • the Body Area Network is a human body-centered network element (including personal terminals, distributed on the human body, clothing, and a certain distance around the human body, such as 3 to 5 meters, Even a communication network composed of sensors, networking devices, etc. inside the human body, therefore, only when the network element related to the human body enters the preset range of the payee device, the human body communication connection of the body area network can be established.
  • the payee device 10 establishes a communication connection between the biological limb and the payer device 20 through a wired manner and a wireless manner, and specifically, at least by one of the following two methods. :
  • Both the payee device 10 and the payer device 20 are provided with electrodes, and the payee device 10 is in contact with a biological limb (human body) implanted in the human body or the payer device 20 worn on the human body (for example, wearing a wristwatch)
  • a biological limb human body
  • the payer device 20 worn on the human body (for example, wearing a wristwatch)
  • the human body is used as a conductor, and the electrodes of both sides are connected to form a passage in the human body, that is, a so-called wired communication connection.
  • the payee device 10 needs to be in contact with a human body wearing the payer device 20.
  • the payee device 10 and the payer device can detect whether the surrounding electric field changes, and if the other party enters the range allowed by the human body communication, the field strength can be detected to change. , establish a communication connection with the other party.
  • the payer device 20 is worn or built in the human body, and the oscillation of the transmitter of the payer device 20 causes the body to generate an electric field, when the payer device 20 and the payee device 10 are separated.
  • the receiver of the payee device 10 detects a change in the electric field and establishes a communication connection with the payer device 20. In this manner, the payee device 10 does not need to be in contact with the human body wearing the payer device 20.
  • the human body is used as a transmission medium of an electrical signal to realize information interaction between the body surface, the body, and the device around the human body (3 to 5 meters).
  • traditional wireless communication technologies such as Bluetooth, WIFI, radio frequency and infrared
  • the signal is transmitted through the human body during human communication, so electromagnetic noise has little influence on it, and has low power consumption, high confidentiality and lower human damage. advantage.
  • the redundant connection problem of the wired communication method can be eliminated.
  • the transaction information may include: a transaction amount, a payee account information, and a payer account information.
  • the payee device 10 must send the transaction information to the payer device 20 to prompt The user can perform the subsequent payment process after the user confirms.
  • the payer device may be a device, such as a wristwatch, or two devices, such as a wristwatch and an electronic signature device (such as U-Shield, ABC Key, or a smart card with a signature function).
  • the payer device 20 may extract key information, such as the transaction amount, or the name of the payee, the name of the payer, and the like from the transaction information, without prompting the entire content of the transaction information, specifically, It can be prompted by display screen display or voice playback.
  • key information such as the transaction amount, or the name of the payee, the name of the payer, and the like from the transaction information, without prompting the entire content of the transaction information, specifically, It can be prompted by display screen display or voice playback.
  • it can meet small devices with small display screens.
  • the display of the watch is small and cannot display the entire contents of the transaction information, but only the key content is displayed. It can serve as a reminder to the user.
  • the payer device 20 is also used to prompt key information, and the step of confirming the user is added to improve the security of the transaction. Only after the user confirms and presses the confirm button, the subsequent operations can be performed. In particular, if the payer device is two devices, then when prompted to the user, it can be prompted on any of the devices, of course, preferably on the electronic signature device.
  • the authentication information includes: digital authentication information; and the digital authentication information includes at least one of the following: electronic signature information, ciphertext information, and dynamic password.
  • the electronic signature information is signature data obtained by the payer device 20 by using the private key of the paying party to sign the signature data.
  • the data to be signed includes: single authentication data and authentication identification information, etc., when the electronic signature information is authenticated, Obtaining the public key of the payer device 20, using the public key to the electronic signature letter If the verification is passed, the authentication is passed, which is an asymmetric authentication mode; the ciphertext information is the MAC value calculated by the payer device 20 using the symmetric key negotiated with the payee device 10 to treat the encrypted data.
  • the symmetric MAC address is also used to calculate the verified MAC value, and the ciphertext information is compared with the verified MAC value. If they are consistent, the authentication is passed, which is a symmetric authentication method; For the ciphertext generated by the dynamic key token (OTP) based on the seed key, when the dynamic password is authenticated, the verification value is also calculated by using the seed key, and the dynamic password and the verification value are compared. If they are consistent, the authentication is passed. This is the token authentication method.
  • the authentication of the digital authentication information can be implemented by any of the above three methods to ensure the legitimacy of the payer device 20.
  • the authentication information may further include: authentication identifier information, where the authentication identifier information may be, for example, a device identifier of the payer device 20, a user ID, and the like, which can uniquely identify the identity of the user.
  • the authentication identifier information may be uniquely associated with an authentication factor used by the paying party user to authenticate the digital authentication information and the biometric information, so as to perform dual authentication on the digital authentication information and the biometric information by using the authentication factor, thereby, after the dual authentication is passed It can be determined that the biometric information and the digital authentication information are all from the same user, and the legitimacy of the user is guaranteed.
  • the payee device 10 is further configured to collect biometric information of the biological limb during the duration of the preset range of the biological limb entering the payee device 10; wherein the biometric information includes at least one of the following: Fingerprint information, iris information, face information, and vein information.
  • the payee device 10 collects the biometric information of the human body while receiving the authentication information sent by the payer device 20, for example, within a short time (for example, 3 seconds) when the user's finger touches the touch component of the POS machine.
  • the POS machine establishes a communication connection with the wristwatch worn by the user through the human body, and transmits the authentication information through the communication connection, and the touch component of the POS machine collects the fingerprint information, for example, in the user's wristwatch and the Alipay payment terminal (the payment)
  • the terminal has a photographing function, which can be used for collecting face information.
  • the face information is collected by the payment terminal, whereby the payee device 10 can obtain the authentication information and the biometric information in one operation. Convenient.
  • biometric information may be collected before or after the communication connection is established.
  • the biometric information includes: fingerprint information and/or vein information;
  • the payee device 10 Also used for collecting biometric information of the biological limb includes: in the case where the biological limb is in contact with the payee device 10, the payee device 10 collects biometric information of the contact portion of the biological limb and the payee device 10.
  • the POS machine Compared with the input fingerprint and PIN code on the POS machine in the prior art, the POS machine first prompts the user to input fingerprint information, collects the fingerprint, and then prompts the user to input the PIN code.
  • the user needs to interact with the POS machine twice to complete the fingerprint and PIN.
  • the input of the code is troublesome, and in the present invention, the user can complete the input of the authentication information and the collection of the biometric information in one time with one action, which is convenient and quick.
  • the authentication result of authenticating the digital authentication information and the biometric information is an authentication result obtained by acquiring an authentication factor according to the authentication identification information, and authenticating the digital authentication information and the biometric information by using the authentication factor.
  • the authentication factor mainly includes the biometric verification information and the verification information for verifying the digital authentication information, and the authentication factor is uniquely associated with the authentication identification information, so that the authentication factor corresponding to the user can be uniquely queried according to the authentication identification information, so as to utilize the digital authentication. After the two-factor authentication of information and biometric information is passed, the legitimacy of the user can be guaranteed.
  • the authentication of the digital authentication information by using the authentication factor includes at least one of the following ways:
  • Method 1 Asymmetric authentication method.
  • the digital authentication information includes: electronic signature information; the authentication factor includes a public key for verifying the electronic signature information; or
  • Method 2 Symmetric authentication method.
  • the digital authentication information includes: ciphertext information calculated by using a symmetric key; the authentication factor includes a symmetric key; or
  • Method 3 Token authentication method.
  • the digital authentication information includes: a dynamic password; the authentication factor includes a seed key that verifies the dynamic password.
  • the authentication information is used to authenticate the digital authentication information, and the biometric information is authenticated by using the biometric verification information, including: authenticating the digital authentication information by using the authentication factor, and determining the biometric verification. Whether the matching rate of the information and the biometric information is greater than the first preset value, and confirming the authentication information and the biometric feature when the digital authentication information is authenticated and the matching rate between the biometric verification information and the biometric information is greater than the first preset value The certification of information is passed.
  • the authentication information is used to authenticate the digital authentication information and the biometric information, including: authenticating the digital authentication information by using the authentication factor, and determining the biometric verification information and the biometric information after the authentication is passed. Whether the matching rate is greater than the first preset value; when the matching rate of the biometrics verification information and the biometric information is greater than the first preset value, the authentication of the digital authentication information and the biometric information is confirmed to pass.
  • the second preset value is used to indicate that the two biometric information is the matching rate of the same biometric information.
  • the second preset value may be theoretically The two biometric information completely match the similarity to be achieved, for example, 99%, and the first preset value may be smaller than the second preset value, thereby reducing the probability that the real legal user in the biometric information authentication technology is recognized and failed.
  • biometric information authentication technology there is a probability that a real legal user is recognized to be failed and an illegal user is recognized successfully.
  • fingerprint recognition as an example, in many cases, the user's fingerprint is real, but the authentication device Identifying the error, mistakenly identifying the fingerprint of the user as a fake fingerprint, and thus failing to pass the authentication, and failing to implement the payment transaction; sometimes, the fingerprint of the illegal user is clearly false, but the authentication device is also authenticated and passed to the legitimate user.
  • the economic losses, the probability of these occurrences is very high.
  • the double authentication of the digital authentication information and the biometric information can circumvent the situation that the “illegal user is successfully identified”, and can reduce the situation in which the real legitimate user is identified as failed.
  • the authentication device can reduce the similarity of the matching of the two biometric information to reduce the true legal user.
  • the probability of failure for example, theoretically the two biometric information should be completely matched, and the similarity should be at least 99% (second preset value), and if the authentication device finds that its similarity is only 90%, it will If the identification is not matched, the authentication fails, and the real fingerprint is recognized as a fake fingerprint.
  • the similarity of the exact match can be reduced to 80%. (the first preset value), that is, as long as the similarity reaches 80% (the first preset value), the match is considered. Therefore, when the similarity of the two biometric information is 90%, the authentication can also be performed. As a result, the real and legitimate users are not recognized to be failed, thereby reducing the probability that the authentic and legitimate users in the biometric information authentication technology are recognized.
  • the payment system provided by the embodiment uses the human body communication to transmit the transaction information and the information to be authenticated, and completes the payment after the authentication of the information to be authenticated is passed, and only one operation is performed for the user, and the payee device simultaneously acquires at one time.
  • Digital authentication information and biometric information are fast and convenient, and through the dual authentication of digital authentication information and biometric information, it can be more secure and reliable, and reduces the probability that a real and legitimate user is recognized and fails, and improves the user experience.
  • Embodiments of the present invention provide a computer program that, when run on a processor, performs the payment authentication method described above.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

一种支付方法及系统,该方法包括:在生物肢体进入收款方设备的预设范围后,收款方设备通过生物肢体与支付方设备建立通信连接(S101),并通过通信连接向支付方设备发送交易信息(S102);支付方设备接收交易信息,从交易信息中提取关键信息(S103),并提示关键信息,等待用户确认(S104),在接收用户的确认指令后,将认证信息通过通信连接发送给收款方设备(S105);收款方设备通过通信连接接收支付方设备传输的认证信息,认证信息包括:数字认证信息;在生物肢体进入收款方设备的预设范围的持续期间,采集生物肢体的生物特征信息(S106);收款方设备获取对数字认证信息以及生物特征信息进行认证的认证结果(S107),在认证结果为认证通过的情况下执行支付交易(S108)。

Description

一种支付方法及系统
相关申请的交叉引用
本申请基于申请号为201610127251.5,申请日为2016年3月7日的中国专利申请,并要求上述中国专利申请的优先权,上述中国专利申请的全部内容在此引入本申请作为参考。
技术领域
本发明涉及一种电子技术领域,尤其涉及一种支付方法及系统。
背景技术
电子支付相比现金支付,具有安全、快捷、可靠等优势。POS机作为一种支付终端,被广泛地运用于电子支付中。现有的POS机有的是通过读卡器读取银行卡的持卡人磁条信息,由POS机操作人员输入交易金额,持卡人在POS机上刷银行卡,然后再输入密码,POS机把这些信息上传给银行后台,完成联机交易。由此可见,在现有的电子支付流程中,用户需要执行两次操作,第一次将银行卡放到POS机上与POS机建立连接,第二次用户需要输入密码,操作流程复杂。
发明内容
本发明旨在解决上述问题之一。
本发明的主要目的在于提供一种支付方法。
本发明的另一目的在于提供一种支付系统。
为达到上述目的,本发明的技术方案具体是这样实现的:
本发明一方面提供了一种支付方法,包括:在生物肢体进入收款方设备的预设范围后,所述收款方设备通过生物肢体与支付方设备建立通信连接;所述收款方设备通过所述通信连接向所述支付方设备发送交易信息;所述支付方设备接收所述交易信息;所述支付方设备从所述交易信息中提取关键信息;所述支付方设备提示所述关键信息,并等待用户确认;所述支付方设备接收用户的确认指令后,将认证信息通过所述通信连接发送给所述收款方设备;所述收款方设备通过所述通信连接接收所述支付方设备传输的所述认证信息,所述认证信息包括:数字认证信息;在所述生物肢体进入所述收款方设备的预设范围的持续期间,采集所述生物肢体的生物特征信息;所述收款方设备获取对所述数字认证信息以及所述生物特征信息进行认证的认证结果;所述收款方设备在所述认证结果为认证通过的情况下执行支付交易。
可选的,所述生物特征信息包括:指纹信息和/或静脉信息;
所述采集所述生物肢体的生物特征信息包括:在所述生物肢体与所述收款方设备接触 的情况下,采集所述生物肢体与所述收款方设备的接触部位的所述生物特征信息。
可选的,所述数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。
本发明另一方面提供了一种支付系统,包括:收款方设备和支付方设备,其中:所述收款方设备,用于在生物肢体进入收款方设备的预设范围后,通过生物肢体与支付方设备建立通信连接,通过所述通信连接向所述支付方设备发送交易信息;所述支付方设备,用于接收所述交易信息,从所述交易信息中提取关键信息,并提示所述关键信息,等待用户确认,在接收用户的确认指令后,将认证信息通过所述通信连接发送给所述收款方设备;所述收款方设备,还用于通过所述通信连接接收所述支付方设备传输的所述认证信息,所述认证信息包括:数字认证信息;在所述生物肢体进入所述收款方设备的预设范围的持续期间,采集所述生物肢体的生物特征信息;获取对所述数字认证信息以及所述生物特征信息进行认证的认证结果;在所述认证结果为认证通过的情况下执行支付交易。
可选的,所述生物特征信息包括:指纹信息和/或静脉信息;所述收款方设备,还用于采集所述生物肢体的生物特征信息包括:在所述生物肢体与所述收款方设备接触的情况下,所述收款方设备采集所述生物肢体与所述收款方设备的接触部位的所述生物特征信息。
可选的,所述数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。
由上述本发明提供的技术方案可以看出,本发明提供了一种支付方法及系统,利用人体通信传输交易信息以及待认证的信息,待对待认证的信息认证通过后完成支付,对于用户而言只进行了一次操作,收款方设备同时一次性获取数字认证信息和生物特征信息,快捷方便,而且通过对数字认证信息和生物特征信息的双重认证,可以更安全可靠,并且降低了真实合法的用户被识别失败的概率,提高了用户体验。
根据下文结合附图对本发明具体实施例的详细描述,本领域技术人员将会更加明了本发明的上述以及其他目的、优点和特征。
附图说明
后文将参照附图以示例性而非限制性的方式详细描述本发明的一些具体实施例。附图中相同的附图标记标示了相同或类似的部件或部分。本领域技术人员应该理解,这些附图未必是按比例绘制的。附图中:
图1为本发明实施例1提供的支付方法的流程图;
图2为本发明实施例2提供的支付系统结构示意图。
具体实施方式
人体通信是近年来兴起的一门新兴短距离通信技术,主要用以解决以人体为载体的体域网的通信问题。其利用人体作为电信号的传输介质,实现体表、体内及人体周围(3~5米)医疗保健设备的信息交互。与传统的蓝牙、WIFI、射频和红外等无线通信技术相比,人体通信过程中信号经过人体传输,因而电磁噪声对其影响很小,具有低功耗、高保密性 以及更低的人体损害等优点。此外由于不存在多人通信时效率降低的问题,也可免除有线通讯方式冗余的连线困扰。基于此,本发明提出一种支付方法,利用人体通信传输交易信息以及待认证的信息,待对待认证的信息认证通过后完成支付,对于用户而言只进行了一次操作,收款方设备同时一次性获取数字认证信息和生物特征信息,快捷方便,而且通过对数字认证信息和生物特征信息的双重认证,可以更安全可靠,并且降低了真实合法的用户被识别失败的概率,提高了用户体验。
下面将结合附图对本发明实施例作进一步地详细描述。
实施例1
本实施例提供了一种支付方法,如图1所示,该支付方法包括以下步骤S101~S108:
S101:在生物肢体进入收款方设备的预设范围后,收款方设备通过生物肢体与支付方设备建立通信连接;
在本实施例中,生物肢体一般指人体,收款方设备可以为POS机、支付宝应用等扫码终端、移动终端、PDA、台式机、笔记本等可以与后台联网的支付终端,支付方设备可以为植入人体内、佩戴在人体身上或者放置于穿着的衣物中的装置,植入人体内的装置例如可以为植入人体内的血流传感器、脉搏传感器、体温传感器等传感器,佩戴在人体身上的装置例如可以是手环、腕表、项链、戒指、腰带等可穿戴在用户身上的电子设备。如果是佩戴在人体身上的装置,其与人体表面虽然没有直接接触,但与人体表面(如皮肤)的距离不能超过预设距离,例如几毫米,以便在该预设距离内通过人体进行通信,保证通信质量。由于体域网(Body Area Network,简称BAN)就是以人体为中心,由和人体相关的网络元素(包括个人终端,分布在人身体上、衣物上、人体周围一定距离范围如3~5米内、甚至人身体内部的传感器、组网设备)等组成的通信网络,因此,只有和人体相关的网络元素进入收款方设备的这个预设范围内,才能建立体域网的人体通信连接。
作为本实施例中的一种可选实施方式,收款方设备通过生物肢体与支付方设备建立通信连接可以通过有线方式和无线方式,具体地,至少可以通过以下两种方式之一实现:
有线方式:
收款方设备与支付方设备均设有电极,在收款方设备与植入人体内或者佩戴在人体身上的支付方设备的生物肢体(人体)接触(例如,佩戴有腕表的用户将手指接触POS机)时,将人体作为导体,双方的电极连通形成人体内的通路,即所谓的有线方式的通信连接。在该方式中,收款方设备需要与佩戴有支付方设备的人体接触。
无线方式:
在无线方式中,收款方设备和付款方设备(如POS机和腕表)均可以检测周围的电场是否发生变化,如果对方进入人体通信允许的范围内,就能检测到场强发生变化,与对方建立通信连接。具体地,以支付方设备为例,支付方设备佩戴或内置在人体内,利用支付方设备的发射器的振荡让人体产生电场,当支付方设备与收款方设备的距离处于人体通信 允许的范围内时,收款方设备的接收器检测到电场的变化,与支付方设备建立通信连接。在该方式中,收款方设备不需要与佩戴有支付方设备的人体接触。
上述方式利用人体作为电信号的传输介质,实现体表、体内及人体周围(3~5米)的设备的信息交互。与传统的蓝牙、WIFI、射频和红外等无线通信技术相比,人体通信过程中信号经过人体传输,因而电磁噪声对其影响很小,具有低功耗、高保密性以及更低的人体损害等优点。此外由于不存在多人通信时效率降低的问题,也可免除有线通讯方式冗余的连线困扰。
S102:收款方设备通过通信连接向支付方设备发送交易信息;
在本实施例中,交易信息可以包括:交易金额、收款方账户信息以及付款方账号信息,当出现大额交易时,收款方设备必须将交易信息发送至支付方设备,以便提示用户,在用户确认后,才能执行后续的支付流程。
此外,在实际实施时,支付方设备可以为一个设备,例如腕表,也可以为两个设备,例如腕表和电子签名设备(如U盾、农行Key宝或者具有签名功能的智能卡)。
S103:支付方设备接收交易信息,支付方设备从交易信息中提取关键信息;
本实施例中,支付方设备可以从交易信息中提取关键信息,如交易金额,或者,收款方的名称、付款方的名称等等,而无需将交易信息的全部内容提示,具体地,可以通过显示屏显示或者语音播放等方式进行提示,特别地,可以满足具有小型显示屏的小型设备,如腕表的显示屏就很小,不能显示交易信息的全部内容,但只要显示关键内容,便可起到提示用户的作用。
S104:支付方设备提示关键信息,并等待用户确认;
在本实施例中,增加用户确认的步骤,以提高交易的安全性,只有在用户确认,按下确认键后,才能执行后续的操作。特别地,如果支付方设备为两个设备,则在给用户提示时,可以在其中的任一个设备上提示,当然,最好是在电子签名设备上提示。
S105:支付方设备接收用户的确认指令后,将认证信息通过通信连接发送给收款方设备;
本实施例中,认证信息包括:数字认证信息;数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。其中,电子签名信息为支付方设备利用自身的私钥对待签名数据签名得到的签名数据,待签名数据包括:单次认证数据以及认证标识信息等等,在对该电子签名信息进行认证时,获取该支付方设备的公钥,利用该公钥对电子签名信息进行验签,如果验签通过,则认证通过,此为非对称认证方式;密文信息为支付方设备利用与与收款方设备协商的对称密钥对待加密数据计算得到的MAC值,在对该密文信息进行认证时,同样利用该对称密钥对待加密数据计算得到验证MAC值,比较密文信息与验证MAC值,如果一致,则认证通过,此为对称认证方式;动态口令为动态口令牌(OTP)基于种子密钥生成的密文,在对该动态口令进行认证时,同样利用该种子密钥计算得到验证值,比较动态口令与验证值,如果一致,则认证通过,此为令牌认证方式。在本实施例 中,可以通过上述3种方式中的任一种实现对数字认证信息的认证,以保证支付方设备的合法性。
在本实施例一种可选的实施方式中,认证信息还可以包括:认证标识信息;该认证标识信息可以例如为支付方设备的设备标识、用户ID等可以唯一标识用户身份的信息,通过认证标识信息可以唯一关联到支付方用户用于认证数字认证信息以及生物特征信息的认证因子,以便利用该认证因子对数字认证信息以及生物特征信息进行双重认证,由此,在双重认证通过后就可以确定生物特征信息以及数字认证信息都来自于同一用户,保证用户的合法性。
S106:收款方设备通过通信连接接收支付方设备传输的认证信息;在生物肢体进入收款方设备的预设范围的持续期间,采集生物肢体的生物特征信息;
其中,生物特征信息包括以下至少之一:指纹信息、虹膜信息、人脸信息和静脉信息。本实施例中,收款方设备在接收支付方设备发送的认证信息的同时采集了人体的生物特征信息,例如,在用户手指触摸POS机的触摸部件的短暂的时间内(如3秒),POS机与用户佩戴的腕表通过人体建立通信连接,并通过该通信连接传输认证信息,同时POS机的触摸部件采集指纹信息,又例如,在用户的腕表与支付宝支付终端(该支付终端具有拍照功能,可以用于采集人脸信息)建立人体通信连接的期间,通过支付终端采集人脸信息,由此,收款方设备便可以一次性地获取认证信息和生物特征信息,操作方便快捷。
本实施例中,只要在生物肢体进入收款方设备的预设范围的持续期间内采集生物特征信息即可,生物特征信息可以在通信连接建立之前,也可以在通信连接建立时或之后采集。
在本步骤中,特别地,在需要人体肢体与收款方设备接触才能采集到生物特征信息的情况,作为一种可选的实施方式,生物特征信息包括:指纹信息和/或静脉信息;采集生物肢体的生物特征信息包括:在生物肢体与收款方设备接触的情况下,采集生物肢体与收款方设备的接触部位的生物特征信息。
相比于现有技术中POS机上输入指纹加PIN码的方式,POS机先提示用户输入指纹信息,采集指纹,再提示用户输入PIN码,用户需要与POS机通过两次交互才能完成指纹和PIN码的输入,比较麻烦,而本发明中对于用户而言,只要一个动作就可以一次性地完成认证信息的输入和生物特征信息的采集,方便快捷。
S107:获取对数字认证信息以及生物特征信息进行认证的认证结果;
本实施例中,对数字认证信息以及生物特征信息进行认证的认证结果是根据认证标识信息获取认证因子和生物特征验证信息,并利用认证因子对数字认证信息进行认证以及利用生物特征验证信息对生物特征信息进行认证的认证结果,认证因子主要包括对数字认证信息验证的验证信息,该认证因子和生物特征验证信息与认证标识信息唯一关联,因此根据认证标识信息可以唯一查询到该用户对应的认证因子和生物特征验证信息,以便对数字认证信息以及生物特征信息的双重认证通过后,可以保证用户的合法性。
本步骤中,利用认证因子对数字认证信息的认证至少包括以下几种方式之一:
方式一:非对称认证方式。在该方式中,数字认证信息包括:电子签名信息;认证因子包括对电子签名信息进行验签的公钥;或者,
方式二:对称认证方式。在该方式中,数字认证信息包括:利用对称密钥计算得到的密文信息;认证因子包括对称密钥;或者,
方式三:令牌认证方式。在该方式中,数字认证信息包括:动态口令;认证因子包括对动态口令进行验证的种子密钥。
在步骤S105中已经对数字认证信息的三种认证方式做了描述,此处不再赘述。
在本步骤中,利用认证因子对数字认证信息以及利用生物特征验证信息对生物特征信息进行认证,包括:利用认证因子对数字认证信息进行认证,且判断生物特征验证信息与生物特征信息的匹配率是否大于第一预设值,在对数字认证信息认证通过且生物特征验证信息与生物特征信息的匹配率大于第一预设值时,确认对认证信息和生物特征信息的认证通过。
其中,第一预设值小于第二预设值,第二预设值用于指示两个生物特征信息为同一生物特征信息的匹配率;在实际实施时,第二预设值可以为理论上两个生物特征信息完全匹配要达到的相似度,例如99%,而第一预设值可以小于第二预设值,从而通过降低匹配率,来降低生物特征信息认证技术中真实合法的用户被识别失败的概率。
在现有技术的生物特征信息认证技术中存在真实合法的用户被识别失败的概率和非法的用户被识别成功的概率,以指纹识别为例,很多时候,用户的指纹是真实的,但是认证装置识别错误,误将该用户的指纹识别为假指纹,从而不能通过认证,无法实现支付交易;而有的时候,非法用户的指纹明明是假的,但认证装置也认证通过了,给合法用户造成了经济上的损失,这些情况发生的概率都是很高的。而本实施例通过对数字认证信息和生物特征信息的双重认证可以规避“非法的用户被识别成功”的情况,而且可以降低真实合法的用户被识别失败发生的情况。首先,通过上述3种对数字认证信息的认证,可以确定该用户为合法用户,如果是非法用户则无法通过该数字认证,那么就不会出现对假指纹认证的操作,从而规避了“非法的用户被识别成功”的情况;其次,在保证用户为合法用户的情况下,认证装置可以将两个生物特征信息匹配的相似度降低,以降低真实合法的用户被识别失败的概率,例如,理论上两个生物特征信息要完全匹配,其相似度至少要达到99%(第二预设值),而如果认证装置发现其相似度仅为90%时,就会识别为不匹配,认证不通过,而出现将真的指纹识别为假指纹的情况,在本发明中,由于数字认证已经保证用户为合法用户,所以,可以将完全匹配的相似度降低为80%(第一预设值),也就是说,只要相似度达到80%(第一预设值)就认为匹配,因此,当两个生物特征信息的相似度为90%时,也可以通过认证,由此,就不会出现真实合法的用户被识别失败的情况了,从而降低了生物特征信息认证技术中真实合法的用户被识别失败的概率。
S108:收款方设备在认证结果为认证通过的情况下执行支付交易。
本实施例提供的支付方法,利用人体通信传输交易信息以及待认证的信息,在对待认 证的信息的认证通过后完成支付,对于用户而言只进行了一次操作,收款方设备同时一次性获取数字认证信息和生物特征信息,快捷方便,而且通过对数字认证信息和生物特征信息的双重认证,可以更安全可靠,并且降低了真实合法的用户被识别失败的概率,提高了用户体验。
实施例2
本实施例提供了一种支付系统,如图2所示,该支付系统包括:付款方设备10、支付方设备20,其中:
收款方设备10,用于在生物肢体进入收款方设备10的预设范围后,通过生物肢体与支付方设备20建立通信连接,通过通信连接向支付方设备20发送交易信息;支付方设备20,用于接收交易信息,从交易信息中提取关键信息,并提示关键信息,等待用户确认;在接收用户的确认指令后,将认证信息通过通信连接发送给收款方设备10;收款方设备10,还用于通过通信连接接收支付方设备20传输的认证信息;在生物肢体进入收款方设备10的预设范围的持续期间,采集生物肢体的生物特征信息;并获取对数字认证信息以及生物特征信息进行认证的认证结果;在认证结果为认证通过的情况下执行支付交易。
通过本实施例提供的支付系统,利用人体通信传输交易信息以及待认证的信息,在对待认证的信息的认证通过后完成支付,对于用户而言只进行了一次操作,收款方设备同时一次性获取数字认证信息和生物特征信息,快捷方便,而且通过对数字认证信息和生物特征信息的双重认证,可以更安全可靠,并且降低了真实合法的用户被识别失败的概率,提高了用户体验。
在本实施例中,生物肢体一般指人体,收款方设备可以为POS机、支付宝应用等扫码终端、移动终端、PDA、台式机、笔记本等可以与后台联网的支付终端,支付方设备可以为植入人体内、佩戴在人体身上或者放置于穿着的衣物中的装置,植入人体内的装置例如可以为植入人体内的血流传感器、脉搏传感器、体温传感器等传感器,佩戴在人体身上的装置例如可以是手环、腕表、项链、戒指、腰带等可穿戴在用户身上的电子设备。如果是佩戴在人体身上的装置,其与人体表面虽然没有直接接触,但与人体表面(如皮肤)的距离不能超过预设距离,例如几毫米,以便在该预设距离内通过人体进行通信,保证通信质量。由于体域网(Body Area Network,简称BAN)就是以人体为中心,由和人体相关的网络元素(包括个人终端,分布在人身体上、衣物上、人体周围一定距离范围如3~5米内、甚至人身体内部的传感器、组网设备)等组成的通信网络,因此,只有和人体相关的网络元素进入收款方设备的这个预设范围内,才能建立体域网的人体通信连接。
作为本实施例中的一种可选实施方式,收款方设备10通过生物肢体与支付方设备20建立通信连接可以通过有线方式和无线方式,具体地,至少可以通过以下两种方式之一实现:
有线方式:
收款方设备10与支付方设备20均设有电极,在收款方设备10与植入人体内或者佩戴在人体身上的支付方设备20的生物肢体(人体)接触(例如,佩戴有腕表的用户将手指接触POS机)时,将人体作为导体,双方的电极连通形成人体内的通路,即所谓的有线方式的通信连接。在该方式中,收款方设备10需要与佩戴有支付方设备20的人体接触。
无线方式:
在无线方式中,收款方设备10和付款方设备(如POS机和腕表)均可以检测周围的电场是否发生变化,如果对方进入人体通信允许的范围内,就能检测到场强发生变化,与对方建立通信连接。具体地,以支付方设备20为例,支付方设备20佩戴或内置在人体内,利用支付方设备20的发射器的振荡让人体产生电场,当支付方设备20与收款方设备10的距离处于人体通信允许的范围内时,收款方设备10的接收器检测到电场的变化,与支付方设备20建立通信连接。在该方式中,收款方设备10不需要与佩戴有支付方设备20的人体接触。
上述方式利用人体作为电信号的传输介质,实现体表、体内及人体周围(3~5米)的设备的信息交互。与传统的蓝牙、WIFI、射频和红外等无线通信技术相比,人体通信过程中信号经过人体传输,因而电磁噪声对其影响很小,具有低功耗、高保密性以及更低的人体损害等优点。此外由于不存在多人通信时效率降低的问题,也可免除有线通讯方式冗余的连线困扰。
在本实施例中,交易信息可以包括:交易金额、收款方账户信息以及付款方账号信息,当出现大额交易时,收款方设备10必须将交易信息发送至支付方设备20,以便提示用户,在用户确认后,才能执行后续的支付流程。此外,在实际实施时,支付方设备可以为一个设备,例如腕表,也可以为两个设备,例如腕表和电子签名设备(如U盾、农行Key宝或者具有签名功能的智能卡)。
本实施例中,支付方设备20可以从交易信息中提取关键信息,如交易金额,或者,收款方的名称、付款方的名称等等,而无需将交易信息的全部内容提示,具体地,可以通过显示屏显示或者语音播放等方式进行提示,特别地,可以满足具有小型显示屏的小型设备,如腕表的显示屏就很小,不能显示交易信息的全部内容,但只要显示关键内容,便可起到提示用户的作用。
在本实施例中,支付方设备20还用于提示关键信息,增加用户确认的步骤,以提高交易的安全性,只有在用户确认,按下确认键后,才能执行后续的操作。特别地,如果支付方设备为两个设备,则在给用户提示时,可以在其中的任一个设备上提示,当然,最好是在电子签名设备上提示。
本实施例中,认证信息包括:数字认证信息;数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。其中,电子签名信息为支付方设备20利用自身的私钥对待签名数据签名得到的签名数据,待签名数据包括:单次认证数据以及认证标识信息等等,在对该电子签名信息进行认证时,获取该支付方设备20的公钥,利用该公钥对电子签名信 息进行验签,如果验签通过,则认证通过,此为非对称认证方式;密文信息为支付方设备20利用与与收款方设备10协商的对称密钥对待加密数据计算得到的MAC值,在对该密文信息进行认证时,同样利用该对称密钥对待加密数据计算得到验证MAC值,比较密文信息与验证MAC值,如果一致,则认证通过,此为对称认证方式;动态口令为动态口令牌(OTP)基于种子密钥生成的密文,在对该动态口令进行认证时,同样利用该种子密钥计算得到验证值,比较动态口令与验证值,如果一致,则认证通过,此为令牌认证方式。在本实施例中,可以通过上述3种方式中的任一种实现对数字认证信息的认证,以保证支付方设备20的合法性。
本实施例中,作为一种可选的实施方式,认证信息还可以包括:认证标识信息;该认证标识信息可以例如为支付方设备20的设备标识、用户ID等可以唯一标识用户身份的信息,通过认证标识信息可以唯一关联到支付方用户用于认证数字认证信息以及生物特征信息的认证因子,以便利用该认证因子对数字认证信息以及生物特征信息进行双重认证,由此,在双重认证通过后就可以确定生物特征信息以及数字认证信息都来自于同一用户,保证用户的合法性。
在本实施例中,收款方设备10还用于在生物肢体进入收款方设备10的预设范围的持续期间,采集生物肢体的生物特征信息;其中,生物特征信息包括以下至少之一:指纹信息、虹膜信息、人脸信息和静脉信息。本实施例中,收款方设备10在接收支付方设备20发送的认证信息的同时采集了人体的生物特征信息,例如,在用户手指触摸POS机的触摸部件的短暂的时间内(如3秒),POS机与用户佩戴的腕表通过人体建立通信连接,并通过该通信连接传输认证信息,同时POS机的触摸部件采集指纹信息,又例如,在用户的腕表与支付宝支付终端(该支付终端具有拍照功能,可以用于采集人脸信息)建立人体通信连接的期间,通过支付终端采集人脸信息,由此,收款方设备10便可以一次性地获取认证信息和生物特征信息,操作方便快捷。
本实施例中,只要在生物肢体进入收款方设备10的预设范围的持续期间内采集生物特征信息即可,可以在通信连接建立之前,也可以在通信连接建立时或之后采集。
特别地,在需要人体肢体与收款方设备10接触才能采集到生物特征信息的情况,作为一种可选的实施方式,生物特征信息包括:指纹信息和/或静脉信息;收款方设备10还用于采集生物肢体的生物特征信息包括:在生物肢体与收款方设备10接触的情况下,收款方设备10采集生物肢体与收款方设备10的接触部位的生物特征信息。
相比于现有技术中POS机上输入指纹加PIN码的方式,POS机先提示用户输入指纹信息,采集指纹,再提示用户输入PIN码,用户需要与POS机通过两次交互才能完成指纹和PIN码的输入,比较麻烦,而本发明中对于用户而言,只要一个动作就可以一次性地完成认证信息的输入和生物特征信息的采集,方便快捷。
本实施例中,对数字认证信息以及生物特征信息进行认证的认证结果是根据认证标识信息获取认证因子,并利用认证因子对数字认证信息以及生物特征信息进行认证的认证结 果,认证因子主要包括生物特征验证信息以及对数字认证信息验证的验证信息,该认证因子与认证标识信息唯一关联,因此根据认证标识信息可以唯一查询到该用户对应的认证因子,以便利用数字认证信息以及生物特征信息的双重认证通过后,可以保证用户的合法性。
在本实施例中的一种可选实施方式中,利用认证因子对数字认证信息的认证至少包括以下几种方式之一:
方式一:非对称认证方式。在该方式中,数字认证信息包括:电子签名信息;认证因子包括对电子签名信息进行验签的公钥;或者,
方式二:对称认证方式。在该方式中,数字认证信息包括:利用对称密钥计算得到的密文信息;认证因子包括对称密钥;或者,
方式三:令牌认证方式。在该方式中,数字认证信息包括:动态口令;认证因子包括对动态口令进行验证的种子密钥。
本文前面已经对数字认证信息的三种认证方式做了描述,此处不再赘述。
作为一种可选的实施方式,利用认证因子对数字认证信息进行认证以及利用所述生物特征验证信息对生物特征信息进行认证,包括:利用认证因子对数字认证信息进行认证,且判断生物特征验证信息与生物特征信息的匹配率是否大于第一预设值,在对数字认证信息认证通过且生物特征验证信息与生物特征信息的匹配率大于第一预设值时,确认对认证信息和生物特征信息的认证通过。作为另一种可选的实施方式,利用认证因子对数字认证信息以及生物特征信息进行认证,包括:利用认证因子对数字认证信息进行认证,在认证通过后再判断生物特征验证信息与生物特征信息的匹配率是否大于第一预设值;在生物特征验证信息与生物特征信息的匹配率大于第一预设值时,确认对数字认证信息和生物特征信息的认证通过。
其中,第一预设值小于第二预设值,第二预设值用于指示两个生物特征信息为同一生物特征信息的匹配率;在实际实施时,第二预设值可以为理论上两个生物特征信息完全匹配要达到的相似度,例如99%,而第一预设值可以小于第二预设值,从而可以降低生物特征信息认证技术中真实合法的用户被识别失败的概率。
在现有技术的生物特征信息认证技术中存在真实合法的用户被识别失败的概率和非法的用户被识别成功的概率,以指纹识别为例,很多时候,用户的指纹是真实的,但是认证装置识别错误,误将该用户的指纹识别为假指纹,从而不能通过认证,无法实现支付交易;而有的时候,非法用户的指纹明明是假的,但认证装置也认证通过了,给合法用户造成了经济上的损失,这些情况发生的概率都是很高的。而本实施例通过对数字认证信息和生物特征信息的双重认证可以规避“非法的用户被识别成功”的情况,而且可以降低真实合法的用户被识别失败发生的情况。首先,通过上述3种对数字认证信息的认证,可以确定该用户为合法用户,如果是非法用户则无法通过该数字认证,那么就不会出现对假指纹认证的操作,从而规避了“非法的用户被识别成功”的情况;其次,在保证用户为合法用户的情况下,认证装置可以将两个生物特征信息匹配的相似度降低,以降低真实合法的用户被 识别失败的概率,例如,理论上两个生物特征信息要完全匹配,其相似度至少要达到99%(第二预设值),而如果认证装置发现其相似度仅为90%时,就会识别为不匹配,认证不通过,而出现将真的指纹识别为假指纹的情况,在本发明中,由于数字认证已经保证用户为合法用户,所以,可以将完全匹配的相似度降低为80%(第一预设值),也就是说,只要相似度达到80%(第一预设值)就认为匹配,因此,当两个生物特征信息的相似度为90%时,也可以通过认证,由此,就不会真实合法的用户被识别失败的情况了,从而降低了生物特征信息认证技术中真实合法的用户被识别失败的概率。
本实施例提供的支付系统,利用人体通信传输交易信息以及待认证的信息,在对待认证的信息的认证通过后完成支付,对于用户而言只进行了一次操作,收款方设备同时一次性获取数字认证信息和生物特征信息,快捷方便,而且通过对数字认证信息和生物特征信息的双重认证,可以更安全可靠,并且降低了真实合法的用户被识别失败的概率,提高了用户体验。
本发明的实施例提供了一种计算机程序,当其在处理器上运行时,执行上述的支付认证方法。
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。
应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。
本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。
此外,在本发明各个实施例中的各功能单元可以集成在一个处理模块中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。
上述提到的存储介质可以是只读存储器,磁盘或光盘等。
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。
尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在不脱离本发明的原理和宗旨的情况下在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。本发明的范围由所附权利要求及其等同限定。

Claims (7)

  1. 一种支付方法,其特征在于,包括:
    在生物肢体进入收款方设备的预设范围后,所述收款方设备通过生物肢体与支付方设备建立通信连接;
    所述收款方设备通过所述通信连接向所述支付方设备发送交易信息;
    所述支付方设备接收所述交易信息;
    所述支付方设备从所述交易信息中提取关键信息;
    所述支付方设备提示所述关键信息,并等待用户确认;
    所述支付方设备接收用户的确认指令后,将认证信息通过所述通信连接发送给所述收款方设备,所述认证信息包括:数字认证信息;
    所述收款方设备通过所述通信连接接收所述支付方设备传输的所述认证信息;
    在所述生物肢体进入所述收款方设备的预设范围的持续期间,采集所述生物肢体的生物特征信息;
    所述收款方设备获取对所述数字认证信息以及所述生物特征信息进行认证的认证结果;
    所述收款方设备在所述认证结果为认证通过的情况下执行支付交易。
  2. 根据权利要求1所述的支付方法,其特征在于,
    所述生物特征信息包括:指纹信息和/或静脉信息;
    所述采集所述生物肢体的生物特征信息包括:在所述生物肢体与所述收款方设备接触的情况下,采集所述生物肢体与所述收款方设备的接触部位的所述生物特征信息。
  3. 根据权利要求1或2所述的支付方法,其特征在于,
    所述数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。
  4. 一种支付系统,其特征在于,包括:收款方设备和支付方设备,其中:
    所述收款方设备,用于在生物肢体进入收款方设备的预设范围后,通过生物肢体与支付方设备建立通信连接,通过所述通信连接向所述支付方设备发送交易信息;
    所述支付方设备,用于接收所述交易信息,从所述交易信息中提取关键信息,并提示所述关键信息,等待用户确认,在接收用户的确认指令后,将认证信息通过所述通信连接发送给所述收款方设备;
    所述收款方设备,还用于通过所述通信连接接收所述支付方设备传输的所述认证信息,所述认证信息包括:数字认证信息;在所述生物肢体进入所述收款方设备的预设范围的持续期间,采集所述生物肢体的生物特征信息;获取对所述数字认证信息以及所述生物特征 信息进行认证的认证结果;在所述认证结果为认证通过的情况下执行支付交易。
  5. 根据权利要求4所述的系统,其特征在于,
    所述生物特征信息包括:指纹信息和/或静脉信息;
    所述收款方设备,还用于采集所述生物肢体的生物特征信息包括:在所述生物肢体与所述收款方设备接触的情况下,所述收款方设备采集所述生物肢体与所述收款方设备的接触部位的所述生物特征信息。
  6. 根据权利要求4或5所述的系统,其特征在于,
    所述数字认证信息包括以下至少之一:电子签名信息、密文信息和动态口令。
  7. 一种计算机程序,当其在处理器上运行时,执行如权利要求1-3中任一项所述的支付方法。
PCT/CN2017/075741 2016-03-07 2017-03-06 一种支付方法及系统 WO2017152818A1 (zh)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US16/082,697 US10872337B2 (en) 2016-03-07 2017-03-06 Payment device and system
EP17762504.3A EP3428867A4 (en) 2016-03-07 2017-03-06 PAYMENT METHOD AND SYSTEM
KR1020187024987A KR102089201B1 (ko) 2016-03-07 2017-03-06 지불 방법 및 시스템

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610127251.5A CN105989495A (zh) 2016-03-07 2016-03-07 一种支付方法及系统
CN201610127251.5 2016-03-07

Publications (1)

Publication Number Publication Date
WO2017152818A1 true WO2017152818A1 (zh) 2017-09-14

Family

ID=57044049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/075741 WO2017152818A1 (zh) 2016-03-07 2017-03-06 一种支付方法及系统

Country Status (5)

Country Link
US (1) US10872337B2 (zh)
EP (1) EP3428867A4 (zh)
KR (1) KR102089201B1 (zh)
CN (1) CN105989495A (zh)
WO (1) WO2017152818A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT201800002681A1 (it) * 2018-02-15 2019-08-15 Archimedetech Srl Processo/metodo di autentificazione di identita’ con invio e scambio di una password personale temporanea fra almeno quattro dispositivi elettronici per successive attivita’ di ricariche, pagamenti, accessi e/o identificazioni del proprietario di un dispositivo mobile quale uno smartphone

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105938526A (zh) * 2016-03-07 2016-09-14 李明 一种身份认证方法及系统
JP2019512786A (ja) * 2016-03-07 2019-05-16 天地融科技股▲ふん▼有限公司 権限付与認証方法、権限付与装置及び権限付与システム
CN105989495A (zh) 2016-03-07 2016-10-05 李明 一种支付方法及系统
CN106529940A (zh) * 2016-10-25 2017-03-22 天地融科技股份有限公司 一种智能卡的操作执行方法、智能卡读写系统和智能卡
CN109564604A (zh) * 2018-11-02 2019-04-02 深圳市汇顶科技股份有限公司 指纹认证方法、装置、设备及存储介质
EP3661148B1 (en) * 2018-11-28 2023-05-24 Nxp B.V. Location- and identity-referenced authentication method and communication system
US11151542B2 (en) * 2019-05-07 2021-10-19 Paypal, Inc. Wearable payment device
FR3096481A1 (fr) * 2019-06-20 2020-11-27 Orange Procédé et dispositif d'authentification d'un utilisateur.
US10733601B1 (en) * 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
CN111275446A (zh) * 2020-01-17 2020-06-12 北京意锐新创科技有限公司 集成半导体指纹模块的支付方法和装置
CN115187262A (zh) * 2020-08-03 2022-10-14 支付宝(杭州)信息技术有限公司 一种支付校验方法及系统
CN113139811A (zh) * 2021-04-26 2021-07-20 中国工商银行股份有限公司 复合认证支付方法、装置及服务器

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100042835A1 (en) * 2008-08-18 2010-02-18 Keep Security Inc. System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device
CN102930436A (zh) * 2012-10-23 2013-02-13 江苏乐买到网络科技有限公司 一种移动支付的方法和装置
CN103679453A (zh) * 2013-12-06 2014-03-26 金硕澳门离岸商业服务有限公司 基于生物认证的支付系统及支付方法
CN103731273A (zh) * 2014-01-13 2014-04-16 天地融科技股份有限公司 一种数据传输方法和系统
CN104484804A (zh) * 2014-12-24 2015-04-01 福建联迪商用设备有限公司 一种安全指纹交易支付的方法及系统
CN105989495A (zh) * 2016-03-07 2016-10-05 李明 一种支付方法及系统

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040075126A (ko) * 2003-02-20 2004-08-27 김이남 인체인식을 이용한 금융결제에 따른 보안 방법 및 시스템
EP1914656A4 (en) * 2005-08-05 2012-06-13 Sharp Kk COMMUNICATION DEVICE AND COMMUNICATION SYSTEM
JP2007206991A (ja) * 2006-02-02 2007-08-16 Hitachi Ltd 生体情報処理装置及び生体情報処理プログラム
US20100242102A1 (en) * 2006-06-27 2010-09-23 Microsoft Corporation Biometric credential verification framework
CN101296080B (zh) * 2007-04-29 2013-03-13 晨星半导体股份有限公司 授权使用者确认方法及其相关装置
JP5365955B2 (ja) * 2009-01-29 2013-12-11 株式会社日本コンラックス 人体通信制御システム
KR101504500B1 (ko) * 2009-10-01 2015-03-23 한국전자통신연구원 동기된 클럭신호를 이용하는 통신 장치
JP2012039370A (ja) * 2010-08-06 2012-02-23 Sony Corp 通信システム並びに通信装置
EP2626807B8 (en) * 2010-10-05 2018-02-07 CSE Co., Ltd. Two- factor user authentication system, and method therefor
US20130006859A1 (en) * 2011-06-29 2013-01-03 Hyundai Motor Company Payment system and method using human body communication
CN103873244B (zh) * 2012-12-13 2017-05-10 航天信息股份有限公司 基于指纹识别的移动支付中的身份认证方法和系统
EP3075085B1 (en) * 2013-11-27 2020-01-08 Shenzhen Goodix Technology Co., Ltd. Wearable communication devices for secured transaction and communication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100042835A1 (en) * 2008-08-18 2010-02-18 Keep Security Inc. System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device
CN102930436A (zh) * 2012-10-23 2013-02-13 江苏乐买到网络科技有限公司 一种移动支付的方法和装置
CN103679453A (zh) * 2013-12-06 2014-03-26 金硕澳门离岸商业服务有限公司 基于生物认证的支付系统及支付方法
CN103731273A (zh) * 2014-01-13 2014-04-16 天地融科技股份有限公司 一种数据传输方法和系统
CN104484804A (zh) * 2014-12-24 2015-04-01 福建联迪商用设备有限公司 一种安全指纹交易支付的方法及系统
CN105989495A (zh) * 2016-03-07 2016-10-05 李明 一种支付方法及系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3428867A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IT201800002681A1 (it) * 2018-02-15 2019-08-15 Archimedetech Srl Processo/metodo di autentificazione di identita’ con invio e scambio di una password personale temporanea fra almeno quattro dispositivi elettronici per successive attivita’ di ricariche, pagamenti, accessi e/o identificazioni del proprietario di un dispositivo mobile quale uno smartphone
WO2019159206A1 (en) * 2018-02-15 2019-08-22 Archimedetech Srl Identity authentication process/method by sending and exchanging a temporary personal password among at least four electronic devices for recharges, payments, accesses and/or ids of the owner of a mobile device, such as a smartphone

Also Published As

Publication number Publication date
US10872337B2 (en) 2020-12-22
EP3428867A1 (en) 2019-01-16
KR20180108758A (ko) 2018-10-04
EP3428867A4 (en) 2019-11-06
US20190095926A1 (en) 2019-03-28
CN105989495A (zh) 2016-10-05
KR102089201B1 (ko) 2020-03-16

Similar Documents

Publication Publication Date Title
WO2017152818A1 (zh) 一种支付方法及系统
WO2017152815A1 (zh) 一种身份认证方法及系统
US11012438B2 (en) Biometric device pairing
CN105956844B (zh) 一种支付方法及系统
WO2016150154A1 (zh) 一种用于认证的方法、装置、设备与系统
EP3138265B1 (en) Enhanced security for registration of authentication devices
US20150379255A1 (en) Systems and methods for granting access to a computing device using a wearable device
WO2006049191A1 (ja) 情報処理システム及び情報処理装置
CN105991654A (zh) 一种授权认证方法、装置和系统
CN105989488B (zh) 一种支付方法及系统
CN105991652A (zh) 一种身份认证方法及系统
WO2017152819A1 (zh) 一种授权认证方法、装置和系统
CN105913252A (zh) 一种指纹加密eid金融卡及实现方法
CN105989497A (zh) 一种支付方法及系统
US20240119455A1 (en) Piezoelectric biometric card security
CN105939195A (zh) 一种交易方法及系统
EP2908262B1 (en) Security Token, Transaction Execution Method, and Computer Program Product
US11809539B1 (en) Capacitive through-body communication
WO2017101584A1 (zh) 实现线上线下交易安全的设备和方法
CN105989498A (zh) 一种支付方法及系统
KR101801851B1 (ko) 음파 신호를 이용한 2채널 otp 인증 서비스 제공 방법 및 이를 구현하기 위한 인증 시스템
CN108665267A (zh) 安全认证装置及系统
KR101693271B1 (ko) 생체정보를 이용한 지정 서비스 제공 방법

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 20187024987

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2017762504

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2017762504

Country of ref document: EP

Effective date: 20181008

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17762504

Country of ref document: EP

Kind code of ref document: A1