WO2018166359A1 - Mobile payment sublicensing method and payment system implemented by using same - Google Patents

Mobile payment sublicensing method and payment system implemented by using same Download PDF

Info

Publication number
WO2018166359A1
WO2018166359A1 PCT/CN2018/077845 CN2018077845W WO2018166359A1 WO 2018166359 A1 WO2018166359 A1 WO 2018166359A1 CN 2018077845 W CN2018077845 W CN 2018077845W WO 2018166359 A1 WO2018166359 A1 WO 2018166359A1
Authority
WO
WIPO (PCT)
Prior art keywords
transaction
user terminal
token
server
payment
Prior art date
Application number
PCT/CN2018/077845
Other languages
French (fr)
Chinese (zh)
Inventor
孙权
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to CN201710160386.6 priority Critical
Priority to CN201710160386.6A priority patent/CN107256484B/en
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2018166359A1 publication Critical patent/WO2018166359A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The present invention relates to a mobile payment licensing method and a system thereof. The method comprises the following steps: a main user terminal is bound with a payment account; the main user terminal and a slave user terminal respectively log into a server, and the main user terminal sends a sublicensing request to the server; the server verifies the sublicensing request and issues a Token and a transaction secret key to the slave user terminal after the sublicensing request passes the verification; and the slave user terminal carries out payment according to the Token and the transaction secret key. According to the present invention, mobile payment sublicensing between family members and friends may be achieved on the basis of trust, and using the Token and the transaction secret key may ensure security of the transaction. Additionally, when a user is paying, the user does not need to input a password, thus making payment quick and convenient and providing a good user experience. Furthermore, a user end mobile phone may achieve the payment transaction without needing to connect to the Internet.

Description

移动支付转授权方法、及利用该方法实现的支付系统Mobile payment transfer authorization method and payment system realized by the same 技术领域Technical field
本发明涉及计算机通信技术,具体地涉及基于支付标记(Token)实现的移动支付转授权方法、利用该移动支付转授权方法实现的支付系统、移动终端以及服务器。The present invention relates to computer communication technologies, and in particular, to a mobile payment transfer authorization method based on a payment token (Token), a payment system implemented by the mobile payment transfer authorization method, a mobile terminal, and a server.
背景技术Background technique
现有的主流的支付方式都需要密码来验证用户身份实现支付。这具有以下缺点,Existing mainstream payment methods require a password to verify the identity of the user to achieve payment. This has the following disadvantages,
第一、用户需要输入密码才能支付,支付过程麻烦,用户体验较差。First, the user needs to input a password to pay, the payment process is troublesome, and the user experience is poor.
第二、移动支付需要绑定自己的银行卡,无法实现家庭或者朋友之间的共享银行卡支付。Second, mobile payment needs to be bound to its own bank card, and it is impossible to realize shared bank card payment between family or friends.
第三、用户账户密码可能被窃取,带来安全隐患。Third, the user account password may be stolen, posing a security risk.
发明内容Summary of the invention
鉴于上述问题,本发明的目的在于,旨在提出了一种在保证支付安全的前提下能够实现家庭成员或者朋友之间基于信任的移动支付转授权方法以及利用该方法实现的移动支付转授权系统。In view of the above problems, an object of the present invention is to provide a trust-based mobile payment transfer authorization method between family members or friends and a mobile payment transfer authorization system realized by the method under the premise of ensuring payment security. .
本发明的移动支付授权方法,由主用户终端、从用户终端、服务器以及商户终端实现,该方法包括下述步骤:The mobile payment authorization method of the present invention is implemented by a primary user terminal, a user terminal, a server, and a merchant terminal, and the method includes the following steps:
绑定步骤,主用户终端绑定支付账户;Binding step, the primary user terminal is bound to the payment account;
转授权请求提出步骤,主用户终端、从用户终端分别登陆服务器,主用户终端向服务器发出转授权请求;The authorization request requesting step, the main user terminal and the user terminal respectively log in to the server, and the main user terminal sends a transfer authorization request to the server;
转授权请求核实步骤,服务器对于转授权请求进行核实,在通过核实后,颁发Token给从用户终端;以及Transfer the authorization request verification step, the server verifies the transfer authorization request, and after verification, issues a token to the slave user terminal;
转授权支付步骤,从用户终端根据所述Token和交易密钥实现支付。In the transfer authorization process, payment is implemented from the user terminal based on the Token and the transaction key.
优选地,在所述转授权请求中,主用户终端预先设定授权限定金额、授权限定时间、授权限定地点、授权限定商户以及是否需要交易确认中的一项或者多项。Preferably, in the transfer authorization request, the primary user terminal presets one or more of an authorization limited amount, an authorization limited time, an authorized limited place, an authorized limited merchant, and whether a transaction confirmation is required.
优选地,所述转授权请求核实步骤包括下述子步骤:Preferably, the transfer authorization request verification step comprises the following sub-steps:
服务器对于转授权请求进行核对;The server checks the transfer authorization request;
在通过核对后,一次性颁发Token和交易密钥给从用户终端;After passing the verification, the token and the transaction key are issued to the slave user terminal at one time;
从用户终端将Token和交易密钥保存在安全元件里或者保存在在云端。The Token and transaction keys are saved from the user terminal in a secure element or saved in the cloud.
优选地,所述转授权支付步骤包括下述子步骤:Preferably, the transfer authorization payment step comprises the following sub-steps:
从用户终端进行支付交易时,使用在云端或者本地安全元件生成一个Token代替PAN,利用该Token,每次交易使用一个交易密钥,将交易要素(包括Token、交易金额、商户号、终端号等信息)进行加密形成交易密文,在交易终端进行消费交易;;When a payment transaction is made from a user terminal, a Token is generated in the cloud or a local security element instead of a PAN. With the Token, a transaction key is used for each transaction, and the transaction elements (including Token, transaction amount, merchant number, terminal number, etc.) are used. Information) is encrypted to form a transaction ciphertext, and a consumer transaction is performed at the transaction terminal;
商户终端将包括当前消费位置、商户号、交易金额以及交易Token、交易密文的交易信息发送到服务器;The merchant terminal sends the transaction information including the current consumption location, the merchant number, the transaction amount, and the transaction token and the transaction ciphertext to the server;
服务器验证交易Token,对交易密文信息进行解密,验证确认交易身份合法性;在验证成功的情况,服务器向商户终端返回验证成功并完成支付。The server verifies the transaction token, decrypts the transaction ciphertext information, and verifies the validity of the transaction identity; in the case of successful verification, the server returns the verification success to the merchant terminal and completes the payment.
优选地,在服务器验证交易Token的子步骤中,服务器验证交易Token并根据需要判断交易金额、交易时间、交易地点、交易商户中的一项或多项是否在所述转授权请求中的预先设定。Preferably, in a sub-step of the server verifying the transaction token, the server verifies the transaction token and determines, according to the need, whether one or more of the transaction amount, the transaction time, the transaction location, and the transaction merchant are pre-set in the transfer authorization request. set.
优选地,在服务器验证交易Token的子步骤中,进一步包括:服务器发送交易信息给主用户终端进行交易确认,在主用户终端确认交易可执行的情况下服务器向商户终端返回验证成功。Preferably, in the sub-step of the server verifying the transaction token, the method further comprises: the server sending the transaction information to the main user terminal for confirming the transaction, and in the case that the main user terminal confirms that the transaction is executable, the server returns the verification success to the merchant terminal.
本发明的移动支付转授权系统,其特征在于,具备:The mobile payment transfer authorization system of the present invention is characterized by comprising:
主用户终端,用于与支付账户进行绑定并且用于向下述的服务器提交转授权请求;a primary user terminal for binding with a payment account and for submitting a delegation authorization request to a server described below;
从用户终端,用于接受下述服务器发送来的Token和交易密钥,将其储存在安全单元中或者储存在云端,并且利用该Token结合交易密钥进行交易;From the user terminal, for accepting the Token and transaction key sent by the following server, storing it in the security unit or storing it in the cloud, and using the Token to combine the transaction key for transaction;
服务器,用于对来自主用户终端的所述转授权请求进行核对并且在通过核对的情况下生成Token和交易密钥并下发给所述从用户终端,在进行交易支付时用于验证从所述从用户终端发送来的交易Token和交易密文并且在验证通过情况下完成交易;以及a server, configured to check the transfer authorization request from the primary user terminal and generate a Token and a transaction key in the case of verification and deliver the token and the transaction key to the slave user terminal, and use it to verify the transaction when performing transaction payment Describe the transaction token and transaction ciphertext sent from the user terminal and complete the transaction if the verification passes;
商户终端,在所述从用户终端在商户终端进行消费时,用于将来自从所述用户终 端包含交易Token、商户号、交易金额、交易密文的交易信息提交到服务器。The merchant terminal is configured to submit transaction information from the user terminal including the transaction token, the merchant number, the transaction amount, and the transaction ciphertext to the server when the slave user terminal consumes at the merchant terminal.
优选地,所述主用户终端在转授权请求中设定授权限定金额、授权限定时间、授权限定地点、授权限定商户等中的一项或多项。Preferably, the primary user terminal sets one or more of an authorized limited amount, an authorized limited time, an authorized limited place, an authorized limited merchant, and the like in the transfer authorization request.
优选地,所述商户终端具备:Preferably, the merchant terminal has:
LBS模块,用于获取产生交易的交易地点;以及LBS module for obtaining the trading location where the transaction is generated;
通讯模块,用于将交易产生的交易地点和交易信息上传到所述服务器。a communication module, configured to upload a transaction place and transaction information generated by the transaction to the server.
优选地,所述服务器具备:Token授权模块,用于生成Token和交易密钥,将该Token和交易密钥下发给所述从用户终端;以及位置计算模块,用于计算交易地点与授权限制地点之间的距离,比对是否符合在所述转授权请求中设定的有关授权限定地点的条件。Preferably, the server is provided with: a Token authorization module, configured to generate a Token and a transaction key, and send the Token and the transaction key to the slave user terminal; and a location calculation module, configured to calculate a transaction location and an authorization limit The distance between the locations, whether the comparison meets the conditions for the authorized location defined in the transfer authorization request.
优选地,所述Token授权模块进一步用于对该Token设定一定的生命周期。Preferably, the Token authorization module is further configured to set a certain life cycle for the Token.
优选地,所述主用户终端在转授权请求中设置是否需要交易确认,在设置为需要交易确认的情况下,所述服务器将有关的交易的信息转发到主用户终端并由主用户终端进行确认,仅在通过主用户终端确认后才允许交易。Preferably, the primary user terminal sets whether a transaction confirmation is required in the transfer authorization request, and if the transaction confirmation is required, the server forwards the information about the transaction to the primary user terminal and confirms by the primary user terminal. The transaction is allowed only after confirmation by the primary user terminal.
本发明的移动终端,其特征在于,The mobile terminal of the present invention is characterized in that
所述移动终端用于接受服务器发送来的Token和交易密钥,将Token和交易密钥储存在安全单元中或者储存在云端,并且利用该Token结合交易密钥进行交易。The mobile terminal is configured to accept the Token and the transaction key sent by the server, store the Token and the transaction key in the security unit or store in the cloud, and use the Token to combine the transaction key for the transaction.
本发明的服务器用于实现主用户终端向用户终端进行转支付授权,其特征在于,The server of the present invention is used to implement the transfer authorization of the primary user terminal to the user terminal, wherein
用于对来自主用户终端的转授权请求进行核对并且在通过核对的情况下生成Used to check the transfer authorization request from the primary user terminal and generate it by checking
Token和交易密钥并下发给从用户终端,在进行交易支付时用于验证从所述从用户终端发送来的交易Token和交易密文并且在验证通过情况下完成交易支付。The Token and the transaction key are sent to the slave user terminal for verifying the transaction token and the transaction ciphertext sent from the slave user terminal when the transaction payment is made and completing the transaction payment if the verification is passed.
优选地,本发明的服务器具备:Preferably, the server of the present invention is provided with:
Token授权模块,用于生成Token和交易密钥,将该Token和交易密钥下发给从用户终端;以及a Token authorization module, configured to generate a Token and a transaction key, and send the Token and the transaction key to the slave user terminal;
位置计算模块,用于计算交易地点与授权限制地点之间的距离,比对是否符合在所述转授权请求中设定的有关授权限定地点的条件。And a location calculation module, configured to calculate a distance between the transaction location and the authorized restriction location, and whether the comparison meets the condition for the authorized authorized location set in the transfer authorization request.
根据本发明,能够从主用户终端向从用户终端进行移动支付转授权,由此能够实现家庭成员以及朋友之间基于信任的移动支付转授权。其中,能够利用 Token和交易密钥来实现交易,由此能够保证交易的安全性。而且,用户在支付时,无需输入密码,快捷方便,用户体验良好。另一方面,由于在从用户终端可以预先接收和存储多个Token和多个交易密钥,因此,从用户终端无需联网即可进行支付交易。According to the present invention, it is possible to perform mobile payment transfer authorization from the primary user terminal to the secondary user terminal, thereby enabling trust-based mobile payment transfer authorization between family members and friends. Among them, the Token and the transaction key can be used to implement the transaction, thereby ensuring the security of the transaction. Moreover, the user does not need to input a password when paying, which is quick and convenient, and the user experience is good. On the other hand, since a plurality of Tokens and a plurality of transaction keys can be received and stored in advance from the user terminal, the payment transaction can be performed from the user terminal without networking.
附图说明DRAWINGS
图1是表示本发明的移动支付转授权方法的流程图。1 is a flow chart showing a mobile payment transfer authorization method of the present invention.
图2是表示本发明的移动支付转授权方法的一实施方式的流程图。2 is a flow chart showing an embodiment of a mobile payment transfer authorization method of the present invention.
图3是表示本发明的移动支付转授权系统的一实施方式的构造框图。Fig. 3 is a block diagram showing the construction of an embodiment of the mobile payment transfer authorization system of the present invention.
具体实施方式detailed description
下面介绍的是本发明的多个实施例中的一些,旨在提供对本发明的基本了解。并不旨在确认本发明的关键或决定性的要素或限定所要保护的范围。The following are some of the various embodiments of the invention, which are intended to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or the scope of the invention.
首先,对于本发明中会出现的一些名词进行说明。First, some terms that will appear in the present invention will be described.
卡模拟技术是将NFC终端整体上模拟成为一张卡片并接受读卡器访问的一种技术。Card emulation technology is a technology that simulates an NFC terminal as a card as a whole and is accessed by a card reader.
Token技术是指Token SP根据Token Requestor提供的PAN(主帐号)生成Token后,将Token作为PAN的替代值流转在支付的各个环节,使得在支付流程中,独一无二的PAN只在Token SP、转接方、发卡方间传递,由于三者专线连接且彼此互信,且当Token被检测到风险或到期时,将再次生成新Token替代,从而大幅降低支付过程中PAN泄漏的可能性,极大地提高了PAN的安全性。Token technology means that the Token SP generates a Token according to the PAN (primary account) provided by the Token Requestor, and then transfers the Token as a substitute value of the PAN to each part of the payment, so that in the payment process, the unique PAN is only in the Token SP, and the transfer is performed. The transfer between the party and the card issuer, because the three private lines are connected and mutual trust, and when the Token is detected to be risky or expires, a new Token replacement will be generated again, thereby greatly reducing the possibility of PAN leakage during the payment process, greatly improving The security of the PAN.
LBS定位服务又叫做移动位置服务(Location Based Service,LBS),它是通过电信移动运营商的网络(如GSM网、CDMA网)获取移动终端用户的位置信息(经纬度坐标)。The LBS location service is also called a Location Based Service (LBS), which acquires location information (latitude and longitude coordinates) of a mobile terminal user through a telecommunication mobile operator's network (eg, GSM network, CDMA network).
PAN是指银行发行的银行卡主账号,一般是由发卡机构标识、个人账户标识和校验位组成。PAN refers to the bank card master account issued by the bank, which is generally composed of the card issuer identity, personal account identifier and check digit.
HCE(host-based card emulation)是指基于主机的卡模拟,是在配备NFC功能的移动终端上实现卡模拟。HCE (host-based card emulation) refers to host-based card emulation, which implements card emulation on a mobile terminal equipped with an NFC function.
首先,对于本发明的移动支付转授权方法进行说明。First, the mobile payment transfer authorization method of the present invention will be described.
图1是表示本发明的移动支付转授权方法的流程图。1 is a flow chart showing a mobile payment transfer authorization method of the present invention.
如图1所示,本发明的移动支付授权方法由主用户终端、从用户终端、服 务器以及商户终端实现,该方法包括下述步骤:As shown in FIG. 1, the mobile payment authorization method of the present invention is implemented by a primary user terminal, a secondary user terminal, a server, and a merchant terminal, and the method includes the following steps:
绑定步骤S100:主用户终端绑定支付账户;Binding step S100: the primary user terminal is bound to the payment account;
转授权请求提出步骤S200:主用户终端、从用户终端分别登陆服务器,主用户终端向服务器发出转授权请求,其中,在转授权请求中,主用户终端可以根据需要设定授权限定金额、授权限定时间、授权限定地点、授权限定商户等,也可以根据需要设置是否需要交易确认;The transfer authorization request is submitted to step S200: the primary user terminal and the secondary user terminal respectively log in to the server, and the primary user terminal sends a transfer authorization request to the server, wherein in the transfer authorization request, the primary user terminal can set the authorized limit amount and the authorization limit according to the need. Time, authorized limited location, authorized qualified merchants, etc., can also set whether to require transaction confirmation according to needs;
转授权请求核实步骤S300:服务器对于转授权请求进行核实,在通过核实后,一次性颁发Token和交易密钥给从用户终端;以及Transfer authorization request verification step S300: the server verifies the transfer authorization request, and after verification, issues the token and the transaction key to the slave user terminal at one time;
转授权支付步骤S400:从用户终端利用该Token和交易密钥实现支付,其中,从用户终端将Token和交易密钥保存在其安全元件(SE)里或者保存在在云端,从用户终端进行支付交易时,云端或者本地安全元件(SE)生成一个Token,利用该Token在商户侧支持云闪付的交易终端进行消费交易,商户终端将包括当前消费位置、商户号、交易金额以及交易Token、交易密文等在内的相关消费信息传送至服务器,服务器验证交易Token和交易密文,在验证成功的情况下完成支付。Transfer Authorization Payment Step S400: Implementing payment from the user terminal using the Token and the transaction key, wherein the Token and the transaction key are saved from the user terminal in their secure element (SE) or saved in the cloud, and the payment is made from the user terminal During the transaction, the cloud or local security element (SE) generates a Token, which uses the Token to support the cloud flash payment transaction terminal on the merchant side for the consumer transaction. The merchant terminal will include the current consumption location, the merchant number, the transaction amount, and the transaction token, transaction. The relevant consumer information, such as ciphertext, is transmitted to the server, and the server verifies the transaction token and the transaction ciphertext, and completes the payment if the verification is successful.
接着,对于本发明的移动支付转授权方法的具体应用的实施方式进行说明。Next, an embodiment of a specific application of the mobile payment transfer authorization method of the present invention will be described.
图2是表示本发明的移动支付转授权方法的一实施方式的流程图。2 is a flow chart showing an embodiment of a mobile payment transfer authorization method of the present invention.
该实施方式的移动支付转授权方法由主用户终端100、从用户终端200、服务器300以及商户终端400实现。The mobile payment transfer authorization method of this embodiment is implemented by the primary user terminal 100, the user terminal 200, the server 300, and the merchant terminal 400.
如图2所示,本发明的一实施方式的移动支付转授权方法包括下述具体步骤:As shown in FIG. 2, the mobile payment transfer authorization method according to an embodiment of the present invention includes the following specific steps:
①主用户终端100通过例如移动支付应用等绑定支付账户(例如,银行卡、支付卡、消费卡等)。1 The main user terminal 100 binds a payment account (for example, a bank card, a payment card, a consumer card, etc.) by, for example, a mobile payment application.
②主用户终端100、从用户终端200分别登陆到服务器300。2 The main user terminal 100 and the user terminal 200 respectively log in to the server 300.
③主用户终端100向服务器300发出转授权请求,以允许从用户终端200通过能够使用主用户终端100的支付功能,其中,在转授权请求中,主用户终端100可以根据需要设定授权限定金额、授权限定时间、授权限定地点、授权限定商户等,也可以根据需要设置是否需要交易确认。3 The main user terminal 100 issues a transfer authorization request to the server 300 to allow the payment function from the user terminal 200 to be able to use the main user terminal 100, wherein in the transfer authorization request, the main user terminal 100 can set the authorization limit amount as needed. Authorized time limit, authorized limited location, authorized limited merchants, etc., or you can set whether you need transaction confirmation as needed.
④服务器300对于转授权请求的相关信息进行核对,在通过核对后,一 次性颁发Token和交易密钥给从用户终端200(该临时Token对应于主用户终端100所绑定的支付帐号),从用户终端200将Token和交易密钥保存在其安全元件(SE)里或者保存在在云端,此时从用户终端200具有支付功能。根据主用户终端100的设置,具有Token的从用户终端100的支付交易具有授权限定金额、授权限定时间、授权限定地点、授权限定商户等的各类限制范围,如果超越限制范围,从用户终端200将失去支付功能。4 The server 300 checks the related information of the transfer authorization request, and after the verification, the Token and the transaction key are issued to the slave user terminal 200 (the temporary Token corresponds to the payment account bound to the main user terminal 100). The user terminal 200 saves the Token and the transaction key in its secure element (SE) or in the cloud, at which time the user terminal 200 has a payment function. According to the setting of the main user terminal 100, the payment transaction from the user terminal 100 having the Token has various restrictions ranging from the authorized limited amount, the authorized limited time, the authorized limited place, the authorized limited merchant, etc., if the limit is exceeded, the user terminal 200 The payment function will be lost.
⑤从用户终端200进行支付交易时,云端或者本地安全元件(SE)生成一个Token,通过HCE(host-based cardemulation)或者SE(Secure Element),在商户侧支持云闪付的交易终端400进行消费交易。另外,通常云端会提前生成一个以上Token,以便用户在设备未联网时仍可使用HCE支付。5 When the payment transaction is performed from the user terminal 200, the cloud or the local security element (SE) generates a Token, and the transaction terminal 400 supporting the cloud flash payment on the merchant side is consumed by the HCE (host-based cardemulation) or SE (Secure Element). transaction. In addition, usually the cloud will generate more than one Token in advance so that users can still use HCE payment when the device is not connected to the Internet.
⑥商户终端400将包括当前消费位置、商户号、交易金额以及交易Token、交易密文等在内的相关消费信息传送至服务器300。The merchant terminal 400 transmits the relevant consumption information including the current consumption location, the merchant number, the transaction amount, and the transaction token, the transaction ciphertext, and the like to the server 300.
⑦服务器300验证交易Token和交易密文,并根据需要判断交易金额、交易时间、交易地点、交易商户是否符合授权限定金额、授权限定时间、授权限定地点、授权限定商户等。7 The server 300 verifies the transaction token and the transaction ciphertext, and judges the transaction amount, the transaction time, the transaction location, the transaction merchant's compliance with the authorized limit amount, the authorization limited time, the authorized limited location, the authorized limited merchant, and the like according to the need.
⑧根据需要可选地进行交易确认,服务器300发送交易信息给主用户终端100进行交易确认。8 Optionally, the transaction confirmation is performed as needed, and the server 300 transmits the transaction information to the primary user terminal 100 for transaction confirmation.
⑨验证成功的情况(可选地包含交易确认成功的情况)下,服务器300向商户终端400返回验证成功并完成支付。9 In the case where the verification is successful (optionally including the case where the transaction confirmation is successful), the server 300 returns the verification success to the merchant terminal 400 and completes the payment.
在本发明中,Token为解决卡号信息泄露问题,以由13至19位的虚拟数字串,替代卡号。服务器300颁发Token和交易密钥给从用户终端200,通过交易密钥,针对每次刷卡交易,计算出一个交易密文,用于交易身份合法性确认。通过Token、交易密钥相结合,实现交易安全保障。In the present invention, Token solves the problem of card number information leakage, and replaces the card number with a virtual digit string of 13 to 19 bits. The server 300 issues a Token and a transaction key to the slave user terminal 200, and through the transaction key, calculates a transaction ciphertext for each transaction of the card transaction for the validity verification of the transaction identity. Transaction security is achieved through the combination of Token and transaction keys.
图3是表示本发明的移动支付转授权系统的一实施方式的构造框图。Fig. 3 is a block diagram showing the construction of an embodiment of the mobile payment transfer authorization system of the present invention.
如图3所示,本发明的移动支付转授权系统包括主用户终端100、从用户终端200、服务器300以及商户终端400。As shown in FIG. 3, the mobile payment transfer authorization system of the present invention includes a primary user terminal 100, a secondary user terminal 200, a server 300, and a merchant terminal 400.
主用户终端100是指主用户的移动支付设备,例如可以是智能手机、平板电脑或可穿戴设备等,它可以包含支付APP,绑定支付账户(例如,银行卡、支付卡等),可以利用支付APP实现用户登录以及之后的支付转授权。主用户终端 100用于绑定支付账户,用于向服务器300提交转授权请求。其中,主用户终端100可以根据需要在转授权请求中设定授权限定金额、授权限定时间、授权限定地点、授权限定商户等中的一项或多项,也可以根据需要设置是否需要交易确认。The primary user terminal 100 refers to a mobile payment device of the primary user, and may be, for example, a smart phone, a tablet computer, or a wearable device, etc., and may include a payment APP, a binding payment account (eg, a bank card, a payment card, etc.), which may be utilized. The payment APP implements user login and subsequent payment-to-authorization. The primary user terminal 100 is configured to bind a payment account for submitting a transfer authorization request to the server 300. The primary user terminal 100 may set one or more of the authorized limited amount, the authorized limited time, the authorized limited location, the authorized limited merchant, and the like in the transfer authorization request, and may also set whether the transaction confirmation is required according to the need.
从用户终端200是指从用户的移动设备,它安装有支付APP,例如可以是智能手机、平板电脑或可穿戴设备等,接受来自服务器300传送的Token证书(或者存储于云端),完成支付。从用户终端200接受服务器300发送来的Token和交易密钥,将Token和交易密钥储存在安全单元中或者储存在云端,并且利用该Token和交易密钥进行交易。The slave user terminal 200 refers to a mobile device of the user, which is installed with a payment APP, such as a smartphone, a tablet or a wearable device, and the like, accepts a Token certificate transmitted from the server 300 (or is stored in the cloud), and completes the payment. The Token and the transaction key transmitted from the server 300 are accepted from the user terminal 200, the Token and the transaction key are stored in the security unit or stored in the cloud, and the transaction is performed using the Token and the transaction key.
服务器300用于对来自主用户终端100的转授权请求进行核对并且在通过核对的情况下生成Token和交易密钥并下发给从用户终端200,在进行交易支付时用于验证从从用户终端200发送来的交易Token和交易密文并且在验证通过情况下完成交易支付。The server 300 is configured to check the transfer authorization request from the primary user terminal 100 and generate a Token and transaction key in the case of verification and deliver it to the secondary user terminal 200, and to verify the secondary user terminal when performing transaction payment. 200 sent transaction tokens and transaction ciphertexts and complete transaction payment with verification pass.
服务器300具备:Token授权模块310以及位置计算模块320,其中,位置计算模块320是可选模块。The server 300 is provided with a Token authorization module 310 and a location calculation module 320, wherein the location calculation module 320 is an optional module.
Token授权模块310用于生成Token和交易密钥,并绑定此Token与主交易终端所对应的卡号,将该Token授权与给从用户终端200。进一步地,Token授权模块310还能够对该Token设定一定的生命周期。The Token authorization module 310 is configured to generate a Token and a transaction key, and bind the Token to the card number corresponding to the main transaction terminal, and authorize the Token to the secondary user terminal 200. Further, the Token authorization module 310 can also set a certain life cycle for the Token.
位置计算模块320用于计算交易地点与授权限制地点之间的距离,比对是否符合在所述转授权请求中设定的有关授权限定地点的条件。The location calculation module 320 is configured to calculate a distance between the transaction location and the authorized restriction location, and whether the comparison meets the conditions of the authorization-defined location set in the transfer authorization request.
商户终端400例如可以是商户的POS机等的终端设备,商户终端400具备:通信模块410和LBS功能模块420,其中,LBS功能模块420是可选模块。通讯模块410用于将交易产生的交易地点(可选)和交易信息上传到服务器300。LBS模块420用于探测交易发生的地点。The merchant terminal 400 may be, for example, a terminal device of a merchant's POS machine or the like, and the merchant terminal 400 includes a communication module 410 and an LBS function module 420, wherein the LBS function module 420 is an optional module. The communication module 410 is configured to upload the transaction location (optional) and transaction information generated by the transaction to the server 300. The LBS module 420 is used to detect where the transaction occurred.
根据本发明,能够从主用户终端向从用户终端进行移动支付转授权,由此能够实现家庭成员以及朋友之间基于信任的移动支付转授权。其中,能够利用Token和交易密钥来实现交易,由此能够保证交易的安全性。而且,用户在支付时,无需输入密码,快捷方便,用户体验良好。另一方面,由于在从用户终端可以预先接收和存储多个Token和交易密钥,因此,从用户终端无需联网即可进行支付交易。According to the present invention, it is possible to perform mobile payment transfer authorization from the primary user terminal to the secondary user terminal, thereby enabling trust-based mobile payment transfer authorization between family members and friends. Among them, the transaction can be realized by using the token and the transaction key, thereby ensuring the security of the transaction. Moreover, the user does not need to input a password when paying, which is quick and convenient, and the user experience is good. On the other hand, since a plurality of Tokens and transaction keys can be received and stored in advance from the user terminal, the payment transaction can be performed from the user terminal without networking.
以上例子主要说明了本发明的移动支付转授权方法、利用该移动支付转授权方法实现的支付系统、移动终端以及服务器。尽管只对其中一些本发明的具体实施方式进行了描述,但是本领域普通技术人员应当了解,本发明可以在不偏离其主旨与范围内以许多其他的形式实施。因此,所展示的例子与实施方式被视为示意性的而非限制性的,在不脱离如所附各权利要求所定义的本发明精神及范围的情况下,本发明可能涵盖各种的修改与替换。The above examples mainly illustrate the mobile payment transfer authorization method of the present invention, the payment system implemented by the mobile payment transfer authorization method, the mobile terminal, and the server. Although only a few of the specific embodiments of the present invention have been described, it is understood that the invention may be embodied in many other forms without departing from the spirit and scope of the invention. Accordingly, the present invention is to be construed as illustrative and not restrictive, and the invention may cover various modifications without departing from the spirit and scope of the invention as defined by the appended claims With replacement.

Claims (15)

  1. 一种移动支付授权方法,由主用户终端、从用户终端、服务器以及商户终端实现,该方法包括下述步骤:A mobile payment authorization method is implemented by a primary user terminal, a user terminal, a server, and a merchant terminal, and the method includes the following steps:
    绑定步骤,主用户终端绑定支付账户;Binding step, the primary user terminal is bound to the payment account;
    转授权请求提出步骤,主用户终端、从用户终端分别登陆服务器,主用户终端向服务器发出转授权请求;The authorization request requesting step, the main user terminal and the user terminal respectively log in to the server, and the main user terminal sends a transfer authorization request to the server;
    转授权请求核实步骤,服务器对于转授权请求进行核实,在通过核实后,颁发Token和交易密钥给从用户终端;以及Transmitting the authorization request verification step, the server verifies the transfer authorization request, and after verification, issues a token and a transaction key to the slave user terminal;
    转授权支付步骤,从用户终端使用所述Token以及交易密钥实现支付。The transfer authorization step is implemented by the user terminal using the Token and the transaction key.
  2. 如权利要求1所述的移动支付授权方法,其特征在于,A mobile payment authorization method according to claim 1, wherein
    在所述转授权请求中,主用户终端预先设定授权限定金额、授权限定时间、授权限定地点、授权限定商户以及是否需要交易确认中的一项或者多项。In the transfer authorization request, the primary user terminal presets one or more of an authorization limited amount, an authorization limited time, an authorized limited place, an authorized limited merchant, and whether a transaction confirmation is required.
  3. 如权利要求2所述的移动支付授权方法,其特征在于,A mobile payment authorization method according to claim 2, wherein
    所述转授权请求核实步骤包括下述子步骤:The sub-authorization request verification step includes the following sub-steps:
    服务器对于转授权请求进行核对;The server checks the transfer authorization request;
    在通过核对后,一次性颁发Token和多个交易密钥给从用户终端;After passing the verification, the token and the plurality of transaction keys are issued to the slave user terminal at one time;
    从用户终端将Token和交易密钥保存在安全元件里或者保存在在云端。The Token and transaction keys are saved from the user terminal in a secure element or saved in the cloud.
  4. 如权利要求3所述的移动支付授权方法,其特征在于,A mobile payment authorization method according to claim 3, wherein
    所述转授权支付步骤包括下述子步骤:The transfer authorization payment step includes the following sub-steps:
    从用户终端在交易终端进行支付交易时,使用在云端或者本地安全元件的Token代替PAN,每次交易使用一个交易密钥,将作为交易要素的Token、交易金额、商户号、终端号进行加密形成交易密文,发送商户终端进行消费交易;When the user terminal performs a payment transaction at the transaction terminal, the Token in the cloud or the local security element is used instead of the PAN, and each transaction uses a transaction key to encrypt the Token, transaction amount, merchant number, and terminal number as transaction elements. Transaction ciphertext, sending merchant terminal to conduct consumer transactions;
    商户终端将包括当前消费位置、商户号、交易金额以及交易Token、交易密文的交易信息发送到服务器;The merchant terminal sends the transaction information including the current consumption location, the merchant number, the transaction amount, and the transaction token and the transaction ciphertext to the server;
    服务器验证交易Token,对交易密文信息进行解密,验证确认交易身份合法性;在验证成功的情况,服务器向商户终端返回验证成功并完成支付。The server verifies the transaction token, decrypts the transaction ciphertext information, and verifies the validity of the transaction identity; in the case of successful verification, the server returns the verification success to the merchant terminal and completes the payment.
  5. 如权利要求4所述的移动支付授权方法,其特征在于,A mobile payment authorization method according to claim 4, wherein
    在服务器验证交易Token的子步骤中,服务器验证交易Token并根据需要判断交易金额、交易时间、交易地点、交易商户中的一项或多项是否在所述转授权请求中的预先设定。In a sub-step of the server verifying the transaction token, the server verifies the transaction token and determines whether one or more of the transaction amount, transaction time, transaction location, and transaction merchant are pre-set in the transfer authorization request as needed.
  6. 如权利要求5所述的移动支付授权方法,其特征在于,A mobile payment authorization method according to claim 5, wherein
    在服务器验证交易Token的子步骤中,进一步包括:服务器发送交易信息给主用户终端进行交易确认,在主用户终端确认交易可执行的情况下服务器向商户终端返回验证成功。In the sub-step of the server verifying the transaction token, the method further includes: the server sends the transaction information to the main user terminal for transaction confirmation, and the server returns the verification success to the merchant terminal if the main user terminal confirms that the transaction is executable.
  7. 一种移动支付转授权系统,其特征在于,具备:A mobile payment transfer authorization system, characterized in that:
    主用户终端,用于与支付账户进行绑定并且用于向下述的服务器提交转授权请求;a primary user terminal for binding with a payment account and for submitting a delegation authorization request to a server described below;
    从用户终端,用于接受下述服务器发送来的Token和交易密钥储存在安全单元中或者储存在云端,并且利用该Token和交易密钥进行交易;From the user terminal, the Token and the transaction key for receiving the following server are stored in the security unit or stored in the cloud, and the transaction is performed by using the Token and the transaction key;
    服务器,用于对来自主用户终端的所述转授权请求进行核对并且在通过核对的情况下生成Token和交易密钥并下发给所述从用户终端,在进行交易支付时用于验证从所述从用户终端发送来的交易Token和交易密文并且在验证通过情况下完成交易;以及a server, configured to check the transfer authorization request from the primary user terminal and generate a Token and a transaction key in the case of verification and deliver the token and the transaction key to the slave user terminal, and use it to verify the transaction when performing transaction payment Describe the transaction token and transaction ciphertext sent from the user terminal and complete the transaction if the verification passes;
    商户终端,在所述从用户终端在商户终端进行消费时,用于将来自从所述用户终端包含交易Token、商户号、交易金额、交易密文的交易信息提交到服务器。The merchant terminal is configured to submit transaction information from the user terminal including the transaction token, the merchant number, the transaction amount, and the transaction ciphertext to the server when the slave user terminal consumes at the merchant terminal.
  8. 如权利要求7所述的移动支付转授权系统,其特征在于,The mobile payment transfer authorization system of claim 7 wherein:
    所述主用户终端在转授权请求中设定授权限定金额、授权限定时间、授权限定地点、授权限定商户等中的一项或多项。The primary user terminal sets one or more of an authorized limited amount, an authorized limited time, an authorized limited location, an authorized limited merchant, and the like in the transfer authorization request.
  9. 如权利要求8所述的移动支付转授权系统,其特征在于,A mobile payment transfer authorization system according to claim 8 wherein:
    所述商户终端具备:The merchant terminal has:
    LBS模块,用于获取产生交易的交易地点;以及LBS module for obtaining the trading location where the transaction is generated;
    通讯模块,用于将交易产生的交易地点和交易信息上传到所述服务器。a communication module, configured to upload a transaction place and transaction information generated by the transaction to the server.
  10. 如权利要求9所述的移动支付转授权系统,其特征在于,The mobile payment transfer authorization system of claim 9 wherein:
    所述服务器具备:The server has:
    Token授权模块,用于生成Token和交易密钥,将该Token和交易密钥下发给所 述从用户终端;以及a Token authorization module, configured to generate a Token and a transaction key, and deliver the Token and the transaction key to the slave user terminal;
    位置计算模块,用于计算交易地点与授权限制地点之间的距离,比对是否符合在所述转授权请求中设定的有关授权限定地点的条件。And a location calculation module, configured to calculate a distance between the transaction location and the authorized restriction location, and whether the comparison meets the condition for the authorized authorized location set in the transfer authorization request.
  11. 如权利要求9所述的移动支付转授权系统,其特征在于,The mobile payment transfer authorization system of claim 9 wherein:
    所述Token授权模块进一步用于对该Token设定一定的生命周期。The Token authorization module is further configured to set a certain life cycle for the Token.
  12. 如权利要求9所述的移动支付转授权系统,其特征在于,The mobile payment transfer authorization system of claim 9 wherein:
    所述主用户终端在转授权请求中设置是否需要交易确认,在设置为需要交易确认的情况下,所述服务器将有关的交易的信息转发到主用户终端并由主用户终端进行确认,仅在通过主用户终端确认后才允许交易。The primary user terminal sets whether a transaction confirmation is required in the transfer authorization request, and in the case that the transaction confirmation is required, the server forwards the information about the transaction to the primary user terminal and confirms by the primary user terminal, only in the The transaction is allowed only after confirmation by the main user terminal.
  13. 一种移动终端,其特征在于,A mobile terminal, characterized in that
    所述移动终端用于接受服务器发送来的Token和交易密钥储存在安全单元中或者储存在云端,并且利用该Token和交易密钥进行交易。The mobile terminal is configured to accept that the Token and the transaction key sent by the server are stored in the security unit or stored in the cloud, and use the Token and the transaction key to perform the transaction.
  14. 一种服务器,用于实现主用户终端向用户终端进行转支付授权,其特征在于,用于对来自主用户终端的转授权请求进行核对并且在通过核对的情况下生成Token和交易密钥并下发给从用户终端,在进行交易支付时用于验证从所述从用户终端发送来的交易Token和交易密文并且在验证通过情况下完成交易支付。A server, configured to implement a transfer authorization for a primary user terminal to a user terminal, configured to check a transfer authorization request from a primary user terminal and generate a token and a transaction key by collation The slave user terminal is used to verify the transaction token and the transaction ciphertext sent from the slave user terminal when the transaction payment is made and complete the transaction payment if the verification is passed.
  15. 如权利要求14所述的服务器,其特征在于,具备:The server according to claim 14, comprising:
    Token授权模块,用于生成Token和交易密钥,将该Token和交易密钥下发给从用户终端;以及a Token authorization module, configured to generate a Token and a transaction key, and send the Token and the transaction key to the slave user terminal;
    位置计算模块,用于计算交易地点与授权限制地点之间的距离,比对是否符合在所述转授权请求中设定的有关授权限定地点的条件。And a location calculation module, configured to calculate a distance between the transaction location and the authorized restriction location, and whether the comparison meets the condition for the authorized authorized location set in the transfer authorization request.
PCT/CN2018/077845 2017-03-17 2018-03-02 Mobile payment sublicensing method and payment system implemented by using same WO2018166359A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201710160386.6 2017-03-17
CN201710160386.6A CN107256484B (en) 2017-03-17 2017-03-17 Mobile payment authorization transfer method and payment system realized by using same

Publications (1)

Publication Number Publication Date
WO2018166359A1 true WO2018166359A1 (en) 2018-09-20

Family

ID=60027216

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077845 WO2018166359A1 (en) 2017-03-17 2018-03-02 Mobile payment sublicensing method and payment system implemented by using same

Country Status (3)

Country Link
CN (1) CN107256484B (en)
TW (1) TW201835824A (en)
WO (1) WO2018166359A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107256484B (en) * 2017-03-17 2021-01-15 中国银联股份有限公司 Mobile payment authorization transfer method and payment system realized by using same
CN108960818A (en) * 2018-05-04 2018-12-07 中国银联股份有限公司 A kind of virtual card generation method, user terminal and token server
CN110009348A (en) * 2019-03-25 2019-07-12 杭州秘猿科技有限公司 A kind of allograph method, system and the electronic equipment of block chain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450691A (en) * 2014-08-21 2016-03-30 阿里巴巴集团控股有限公司 Service-processing method and device, and server
CN105593883A (en) * 2013-08-30 2016-05-18 金雅拓股份有限公司 Method for authenticating transactions
CN106464492A (en) * 2013-10-11 2017-02-22 维萨国际服务协会 Network token system
CN107256484A (en) * 2017-03-17 2017-10-17 中国银联股份有限公司 Mobile payment sublicense method and the payment system realized using this method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103065240B (en) * 2013-01-11 2018-04-27 中兴通讯股份有限公司 A kind of mobile payment processing method and system
CN103051459B (en) * 2013-01-17 2016-04-06 北京印天网真科技有限公司 The management method of the transaction key of safety card and device
US20160063487A1 (en) * 2014-08-29 2016-03-03 Capital One Services, Llc System and method for double blind authentication
CN105528695B (en) * 2014-09-28 2019-12-24 中国银联股份有限公司 Mobile payment method and mobile payment system based on marks
CN106127467A (en) * 2016-06-20 2016-11-16 上海易码信息科技有限公司 The method of mobile payment integrating financial card paying and settle accounts
CN106251140A (en) * 2016-08-02 2016-12-21 中国银联股份有限公司 Method of payment, payment application system and payment system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105593883A (en) * 2013-08-30 2016-05-18 金雅拓股份有限公司 Method for authenticating transactions
CN106464492A (en) * 2013-10-11 2017-02-22 维萨国际服务协会 Network token system
CN105450691A (en) * 2014-08-21 2016-03-30 阿里巴巴集团控股有限公司 Service-processing method and device, and server
CN107256484A (en) * 2017-03-17 2017-10-17 中国银联股份有限公司 Mobile payment sublicense method and the payment system realized using this method

Also Published As

Publication number Publication date
CN107256484A (en) 2017-10-17
TW201835824A (en) 2018-10-01
CN107256484B (en) 2021-01-15

Similar Documents

Publication Publication Date Title
US20170364895A1 (en) Person-To-Person Electronic Payment Processing
WO2018166359A1 (en) Mobile payment sublicensing method and payment system implemented by using same
CN105745678A (en) Secure remote payment transaction processing including consumer authentication
US10325260B2 (en) System, method and computer program product for secure peer-to-peer transactions
US20200302439A1 (en) Terminal configuration server for the remote configuration of terminals
KR101772358B1 (en) Method for Automatic Identifying Other Companies Application for Registration of Payment Means
CN101425901A (en) Control method and device for customer identity verification in processing terminals
KR101472751B1 (en) Method and System for Providing Payment by using Alliance Application
KR20140023052A (en) Agent system and method for payment
KR20190083284A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
WO2015162276A2 (en) Secure token implementation
CN107395600A (en) Business datum verification method, service platform and mobile terminal
KR101505847B1 (en) Method for Validating Alliance Application for Payment
KR20140089730A (en) Method and System for Registering Payment Means by using Alliance Application
KR20190083098A (en) Method for Providing Asynchronous Reverse Direction Payment by using Radio Signal Device and Cryptocurrency
KR20190081013A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20190083179A (en) Method for Providing Asynchronous Reverse Direction Payment by using Sound Signal Device and Cryptocurrency
KR20190083175A (en) Method for Providing Asynchronous Reverse Direction Payment by using Radio Signal Device and Cryptocurrency
KR20190081012A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20190083283A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20190083285A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20140089732A (en) Method for Automatic Identifying Alliance Application for Registration of Payment Means
KR20190083288A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20190083287A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency
KR20190081015A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Sound Signal Device and Cryptocurrency

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18766958

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18766958

Country of ref document: EP

Kind code of ref document: A1