WO2021196892A1 - Biometric identification payment method and apparatus, gateway device and storage medium - Google Patents

Biometric identification payment method and apparatus, gateway device and storage medium Download PDF

Info

Publication number
WO2021196892A1
WO2021196892A1 PCT/CN2021/075657 CN2021075657W WO2021196892A1 WO 2021196892 A1 WO2021196892 A1 WO 2021196892A1 CN 2021075657 W CN2021075657 W CN 2021075657W WO 2021196892 A1 WO2021196892 A1 WO 2021196892A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
payment
group
token
user
Prior art date
Application number
PCT/CN2021/075657
Other languages
French (fr)
Chinese (zh)
Inventor
周明
陈旭
沈鑫
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2021196892A1 publication Critical patent/WO2021196892A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/35Switches specially adapted for specific applications

Definitions

  • This application belongs to the field of data processing, and in particular relates to a biometric payment method, device, gateway device and storage medium.
  • Biometric identification is a kind of biometric identification technology based on biometric information for identity authentication.
  • Biometric payment is a technology that uses biometrics to make payments or transactions.
  • the user's biometric data collected during the biometric payment process is the user's personal privacy data.
  • due to the large-scale promotion of face payment there is a risk that users' personal privacy data will be abused on a large scale.
  • the risk of users' personal privacy data being leaked also increases. Once the user's personal privacy data is leaked, the security of the user's biometric payment will be greatly affected.
  • the embodiments of the present application provide a biometric payment method, device, gateway device, and storage medium, which can improve the security of a user's biometric payment.
  • an embodiment of the present application provides a biometric payment method applied to a gateway device.
  • the method includes: receiving a biometric routing payment request message.
  • the biometric routing payment request message includes a first biometric payment group token and a first biometric payment group token.
  • a biometric data, the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group; determined according to the first biometric payment group token
  • the first group uses the first biometric data and the biometric database corresponding to the first group to perform biometric identification to obtain the biometric result; send the biometric result to the payment device so that the payment device initiates payment based on the biometric result Process.
  • an embodiment of the present application provides a biometric payment device, including: a receiving module, configured to receive a biometric routing payment request message, the biometric routing payment request message including a first biometric payment group token and a first Biometric data, the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority to make biometric payments in the first group; the processing module is used to pay according to the first biometric payment group The group token determines the first group to perform biometric identification using the first biometric data and the biometric database corresponding to the first group to obtain the biometric result; the sending module is used to send the biometric result to the payment device to Make the payment device initiate the payment process based on the biometric result.
  • embodiments of the present application provide a gateway device, including a processor, a memory, and a computer program stored in the memory and capable of running on the processor.
  • the computer program is executed by the processor, the technical solution as in the first aspect is implemented.
  • the biometric payment method in.
  • an embodiment of the present application provides a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed by a processor, the biometric payment method in the technical solution of the first aspect is implemented.
  • the embodiments of the present application provide a biometric payment method, device, gateway device, and storage medium.
  • the gateway device receives a biometric routing payment request message including a first biometric payment group token and first biometric data.
  • the first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result.
  • the biometric results can be used by the payment device to initiate the payment process.
  • the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group.
  • biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
  • FIG. 1 is a schematic structural diagram of an example of a biometric payment system shown in an embodiment of the application;
  • FIG. 2 is a flowchart of an embodiment of the biometric payment method provided by this application.
  • FIG. 3 is a flowchart of another embodiment of the biometric payment method provided by this application.
  • FIG. 4 is a flowchart of another embodiment of the biometric payment method provided by this application.
  • FIG. 5 is a flowchart of an example of a biometric payment method in a biometric payment system provided by an embodiment of the application;
  • FIG. 6 is a flowchart of still another embodiment of the biometric payment method provided by this application.
  • FIG. 7 is a schematic structural diagram of an embodiment of a biometric payment device provided by this application.
  • FIG. 8 is a schematic structural diagram of another embodiment of the biometric payment device provided by this application.
  • FIG. 9 is a schematic diagram of the hardware structure of an embodiment of the gateway device provided by this application.
  • FIG. 1 is a schematic structural diagram of an example of a biometric payment system shown in an embodiment of the application.
  • the biometric payment system may include a payment device, an acquiring server, a gateway device, and a service server.
  • the identification of biometric authority and biometric identification can be carried out between the payment device and the network device.
  • the interaction between the gateway device and the payment device can be performed through the acquiring server.
  • the payment device and the business server can perform the payment process.
  • the interaction between the payment device and the service server can be carried out through the acquiring server.
  • This application provides a biometric payment method, device, gateway device, and storage medium, which can be applied to a scenario where a user makes a biometric payment.
  • the biometric payment method in this application can be specifically applied to a gateway device, that is, executed by the gateway device.
  • the biometric payment method in this application can use the biometric payment group token to limit the scope of the user's ability to use biometric payment, thereby avoiding the risk of the user's personal privacy data being abused on a large scale, and improving the security of biometric payment.
  • the token mentioned in this application is Token.
  • Fig. 2 is a flowchart of an embodiment of the biometric payment method provided by this application. As shown in Figure 2, the biometric payment method may include steps S101 to S103.
  • step S101 a biometric routing payment request message is received.
  • the user may first send a biometric routing payment request message to the acquiring device through the payment device, and the acquiring device then sends the biometric routing payment request message to the gateway device.
  • the biometric routing payment request message received by the network device may include the first biometric payment group token and the first biometric data.
  • the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group.
  • the first biometric payment group token is a biometric payment group token.
  • the biometric payment group token is used to signify that the user has the authority of biometric payment in the group.
  • the biometric payment group token can indicate a user who has the authority of biometric payment, or a group of which the user has the authority of biometric payment.
  • the biometric payment group token is unique.
  • the biometric payment group token included in the biometric routing payment request message is referred to as the first biometric payment group token.
  • the first group is the group.
  • the group indicated by the first biometric payment group token is referred to as the first group.
  • the first biometric payment group token in different biometric routing payment request messages may be different, which is not limited here.
  • the users with the biometric payment authority indicated by different first biometric payment group tokens may be different, which is not limited herein.
  • Different first biometric payment group tokens indicate that the first groups of users having biometric payment permissions may be different, which is not limited herein.
  • the group may be a group divided by the user, a group divided by a service provider that interacts with the user, or a group divided by the payment itself, which is not limited here.
  • a group may be a group divided by service members, for example, a member of supermarket A is divided into one group, and a member of supermarket B is divided into another group.
  • a group may be a group divided by a business district, a payment occurring in the A business district is divided into one group, and a payment occurring in the B business district is divided into another group.
  • the first biometric data is the user's biometric data collected when the payment device initiates the biometric routing payment request message.
  • the biometric data may specifically include facial feature data, fingerprint feature data, palmprint feature data, iris feature data, etc., which are not limited herein.
  • the first biometric data contained in different biometric routing payment request messages may be different, which is not limited here.
  • step S102 the first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result.
  • the group to which the user has the authority of biometric payment can be determined, that is, the first group.
  • the first biometric data and the biometric database corresponding to the determined first group are used for biometric identification.
  • Biometrics are only implemented in the first group, which narrows the scope of application of biometric data and reduces the risk of misuse of biometric data.
  • the result of biometric recognition is used to characterize the success or failure of biometric recognition.
  • the biometric identification can be completed by the gateway device, that is, the gateway generates the biometric identification result.
  • the biometric identification can be completed by the business server, that is, the business server generates the biometric identification result.
  • the gateway device can obtain the biometric result from the service server.
  • step S103 the biometric identification result is sent to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
  • the gateway device may first send the biometric identification result to the acquiring device.
  • the acquiring device then sends the biometric identification result to the payment device.
  • the payment device receives the biometric result, and can initiate a payment process based on the biometric result.
  • the payment device may send a payment transaction request to the service server.
  • This biometric payment is realized through the interaction between the payment device and the service server.
  • the payment transaction request may include a user account, a payment password, a payment token, etc., which are not limited here.
  • the gateway device receives the biometric routing payment request message including the first biometric payment group token and the first biometric data.
  • the first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result.
  • the biometric results can be used by the payment device to initiate the payment process.
  • the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group.
  • biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
  • FIG. 3 is a flowchart of another embodiment of the biometric payment method provided by this application. The difference between FIG. 3 and FIG. 2 is that step S102 in FIG. 2 can be specifically refined into step S1021 and step S1022 in FIG. 3.
  • step S1021 based on the pre-stored binding relationship between the user ID and the biometric payment group token, it is determined whether the first user ID and the first biometric payment group token have a binding relationship.
  • the biometric routing payment request message may also include the first user identification.
  • the first user ID is a user ID, which is used to identify a user, and can specifically be a user account, a user card number, etc., which is not limited here.
  • the user identification included in the biometric routing payment request message is referred to as the first user identification.
  • the gateway device may pre-store the binding relationship between the user identification and the biometric payment group token.
  • the user identity can be authenticated through the binding relationship between the user ID and the biometric payment group token. Specifically, if there is a corresponding relationship between the first user ID and the first biometric payment group token in the pre-stored binding relationship between the user ID and the biometric payment group token, it means that the first user ID and the first biometric payment group token have a corresponding relationship.
  • the identification payment group token has a binding relationship, and the biometric routing payment request message is valid.
  • step S1022 when it is determined that the first user ID and the first biometric payment group token have a binding relationship, the first group is determined according to the first biometric payment group token, so as to use the first biometric payment group token.
  • the feature data and the biometric database corresponding to the first group perform biometric identification to obtain a biometric identification result.
  • the first user ID and the first biometric payment group token When it is determined that the first user ID and the first biometric payment group token have a binding relationship, it indicates that the biometric routing payment request message is valid, and the first group can be determined to use the first biometric data and the first biometric payment group token.
  • a biometric database corresponding to a group performs biometric identification.
  • the biometric routing payment request message may further include the first payment token.
  • the first payment token is a payment token.
  • the payment token is used for payment verification when the payment device and the service server perform the payment process.
  • the payment token included in the biometric routing payment request message is referred to as the first payment token.
  • the validity of the biometric routing payment request message can be determined.
  • the first user ID and the first biometric payment group token have a binding relationship
  • it can also be combined with whether the first user ID and the first payment token have a binding relationship. Identify the validity of the routing payment request message.
  • the above step S1022 may specifically include step S1022a and step S1022b.
  • step S1022a when it is determined that the first user ID and the first biometric payment group token have a binding relationship, based on the pre-stored binding relationship between the user ID and the payment token, it is determined that the first user ID and the payment token have a binding relationship. Whether the first payment token has a binding relationship.
  • the gateway device also pre-stores the binding relationship between the user identification and the payment token. Specifically, if there is a corresponding relationship between the first user ID and the first payment token in the pre-stored binding relationship between the user ID and the payment token, it means that the first user ID and the first payment token have a binding relationship, and Identifies that the routing payment request message is valid. If there is no corresponding relationship between the first user ID and the first payment token in the pre-stored binding relationship between the user ID and the payment token, it means that the first user ID does not have a binding relationship with the first payment token. The routing payment request message is invalid.
  • step S1022b when it is determined that the first user ID and the first payment token have a binding relationship, the first group is determined according to the first biometric payment group token, so as to use the first biometric data and the first payment token.
  • a biometric database corresponding to a group performs biometric identification to obtain a biometric identification result.
  • the first group can be determined to use the first biometric data to correspond to the first group Biometric database for biometric steps.
  • the biometric routing payment request message is invalid, and there is no need to perform determining the first group to use the first biometric data and the first group.
  • the biometric payment group token, biometric data, user identification, and payment token of the same user can all have a binding relationship, and the biometric payment group token and biometric data can be used.
  • the binding relationship between the user ID and the payment token determines the comprehensive validity of the biometric routing payment request message, which will not be illustrated one by one here.
  • FIG. 4 is a flowchart of another embodiment of the biometric payment method provided by this application.
  • the difference between FIG. 4 and FIG. 2 is that in the case that the biometric database is stored in the gateway device, step S102 in FIG. 2 can be specifically refined into step S1023 and step S1024 in FIG. 4; it is stored in the service server In the case of a biometric database, step S102 in FIG. 2 can be specifically refined into step S1025 and step S1026 in FIG. 4.
  • step S1023 the first group is determined according to the first biometric payment group token.
  • the first biometric payment group token may indicate the first group. In some examples, at least a portion of the first biometric payment group token can indicate the first group.
  • the first biometric payment group token may be implemented as a character string, a part of the character string may be a group identifier, and the group identifier may indicate the first group.
  • step S1024 the first biometric data is matched with the biometric data in the biometric database corresponding to the first group to obtain a biometric recognition result.
  • the gateway device may store at least one biometric database.
  • Each biometric database corresponds to a group.
  • biometric identification there is no need to match the first biometric data with the biometric data in each biometric database, only the biometric data in the biometric database corresponding to the first group and the first biometric data are used. The data can be matched.
  • 6 biometric databases are stored in the gateway device, and the 6 biometric databases correspond to group A1, group A2, group A3, group A4, group A5, and group A6, respectively.
  • the first group determined according to the first biometric payment group token is the group A3
  • the first biometric data is used to match the biometric data in the biometric database corresponding to the group A3.
  • step S1025 the first group is determined according to the first biometric payment group token, and the first biometric data and the group identification of the first group are sent to the service server.
  • the business server stores at least one biometric database, and each biometric database corresponds to a group.
  • the service server receives the group identifier of the first group, and can use the group identifier of the first group to determine the biometric database corresponding to the first group.
  • the business server performs biometric identification, it does not need to match the first biometric data with the biometric data in each biometric database, and only needs to use the biometric data in the biometric database corresponding to the first group and the first biometric data.
  • the biometric data can be matched.
  • step S1026 the result of the biometric recognition is received.
  • the biometric identification result is obtained by the service server matching the first biometric data with the biometric data in the biometric database corresponding to the first group.
  • the service server sends the biometric identification result to the gateway device, and the gateway device can determine whether the biometric identification is successful or the biometric identification fails according to the received biometric identification result.
  • the business server may belong to the acquiring institution. Since the business server can provide service providers such as merchants with payment terminal management, payment initiation, fund settlement and other functional services, the business server can more accurately divide the group, thereby storing the biometric database corresponding to the accurately divided group , Improve the accuracy of biometric database division and management. Moreover, because the business server is closely related to service providers such as merchants, it is easier to manage and update the biometric database, making the biometric database more efficient.
  • the biometric database corresponds to the group one-to-one, and the biometric data of a large number of users is stored in separate databases.
  • a specific biometric database can be quickly located according to the user's group, which relieves the data carrying capacity of the gateway device or service server, and also improves the response speed of biometric payment.
  • Fig. 5 is a flowchart of an example of a biometric payment method in a biometric payment system provided by an embodiment of the application. As shown in FIG. 5, the biometric payment method in the biometric payment system may specifically include step S201 to step S210.
  • step S201 the payment device sends a biometric routing payment request message to the acquiring device.
  • step S202 the acquiring device sends a biometric routing payment request message to the gateway device.
  • step S203 the gateway device verifies the validity of the biometric routing payment request message.
  • step S204 when the biometric identification routing payment request message is valid, the gateway device uses the first biometric feature and the biometric feature corresponding to the first group to perform biometric identification to obtain a biometric identification result.
  • step S205 the gateway device sends the biometric identification result to the acquiring device.
  • step S206 the acquiring device sends the biometric identification result to the payment device.
  • step S207 the payment device sends a payment transaction request message to the acquiring device when the biometric identification result indicates that the biometric identification is successful.
  • the payment transaction request message may include a payment token, a payment password, a user identification, etc., which are not limited herein.
  • step S208 the acquiring device sends a payment transaction request message to the service server.
  • step S209 the service server generates a payment transaction response message and sends it to the acquiring device.
  • the payment transaction response message is used to characterize whether the biometric payment is successful.
  • step S210 the acquiring device sends a payment transaction response message to the payment terminal.
  • the foregoing business server may specifically include a server in a clearing system and a server in a card issuing business system, which is not limited herein.
  • Fig. 6 is a flowchart of still another embodiment of the biometric payment method provided by this application. The difference between FIG. 6 and FIG. 2 is that the biometric payment method shown in FIG. 6 may further include step S104 to step S107.
  • step S104 a biometric group payment activation request message is received.
  • the biometric group payment activation request message includes the second user identification and group information.
  • the group information is used to characterize the second group.
  • the second user ID is the user ID.
  • the user identifier included in the biometric group payment activation request message is referred to as the second user identifier.
  • the second group is a group.
  • the group represented by the group information in the biometric group payment activation request message is referred to as the second group.
  • the second user identification in different biometric group payment activation request messages may be different, which is not limited here.
  • the group information in different biometric group payment activation request messages may be different, and the second group represented by the group information in different biometric group payment activation request messages may be different, which is not limited herein.
  • step S105 a second biometric payment group token is generated according to the second user identification and the group information.
  • the second biometric payment group token is used to characterize that the user who initiated the biometric group payment activation request message has the authority of biometric payment in the second group. That is, the second biometric payment group token may indicate a user who has the authority of biometric payment, and may also indicate the second group of which the user has the authority of biometric payment.
  • the second biometric payment group token is a biometric payment group token.
  • the biometric payment group token generated after receiving the biometric group payment activation request message is referred to as the second biometric payment group token.
  • the users indicated by the different second biometric payment group tokens and the indicated second groups may be different.
  • the second user identification and group information may be processed to generate a second biometric payment group token.
  • the processing of the second user identification and the group information may specifically be processing means such as merging, tokenization processing, encryption, etc., which is not limited herein.
  • step S106 the binding relationship between the second user ID and the second biometric payment group token is stored.
  • the gateway device stores the second user identification and the second biometric payment group token. Binding relationship. In the process of the user identified by the second user ID making biometric payment, the gateway device can be used to store the binding relationship between the second user ID and the second biometric payment group token to verify the biometric route initiated by the user Whether the payment request message is valid.
  • step S107 a face payment group activation response message is sent to the payment device.
  • the gateway device may first send a face payment group activation response message to the acquiring device.
  • the acquiring system then sends the face payment group activation response message to the payment device.
  • the face payment group activation response message includes the second biometric payment group token.
  • the gateway device transmits the second biometric payment group token, which is the second biometric payment group token, to the payment device through the face payment group activation response message.
  • the payment device may provide the second biometric payment group token to the gateway device in the subsequent process to realize the biometric payment.
  • the gateway device may also send an identity verification request message to the service server.
  • the identity verification request message includes the second user identification.
  • the service server receives the second user ID, performs identity verification on the user corresponding to the second user ID, and generates an identity verification response message to send to the gateway device.
  • the gateway device receives the identity verification response message from the service server.
  • the identity verification response message is used to characterize whether the identity verification of the second user identity is successful.
  • the biometric group payment activation request message may further include the second biometric data.
  • the second biometric data is biometric data.
  • the biometric data included in the biometric group payment activation request message is referred to as second biometric data.
  • the second biometric data is collected before initiating the biometric group payment activation request message.
  • the gateway device can store the second biometric data in the biometric database corresponding to the second group for use in the subsequent biometric payment process.
  • the group information in the foregoing embodiment may include the group identification of the second group and/or the collection channel information of the second biometric data.
  • Different collection channels for collecting the second biometric data can correspond to different groups. Therefore, the corresponding second group can be determined according to the collection channel information of the second biometric data.
  • C city has business districts A1, A2, and A3.
  • the collection channel information indicates that the second biometric data is collected in the business district A1, and the second group corresponding to the collected channel information is the group corresponding to the business district A1.
  • the collection channel information indicates that the second biometric data is collected in the business district A2, and the second group corresponding to the collected channel information is the group corresponding to the business district A2.
  • the collection channel information indicates that the second biometric data is collected in the business district A3, and the second group corresponding to the collected channel information is the group corresponding to the business district A3.
  • the gateway device may also generate a second payment token according to the second user identification.
  • the face payment group activation response message may also include the second payment token.
  • the second payment token is a payment token.
  • the payment token generated according to the second user identifier after receiving the biometric group payment activation request message is referred to as the second payment token.
  • the gateway device can store the binding relationship between the second user ID and the second payment token, so that in the subsequent biometric payment process, the binding relationship between the second user ID and the second payment token can be used to determine the user’s biometric identification Validity of routing payment request messages.
  • the service server and the gateway device can also synchronize at least part of the biometric payment information with each other.
  • the biometric payment information may include at least part of the user's mobile phone number, biometric data cipher text, biometric routing index, service party organization code, payment card number, etc., which are not limited here.
  • the data in the aforementioned gateway device, payment device, acquiring device, and service server can be independently encrypted and stored, and data modification is prohibited, that is, data modification operations are invalid operations, which further improves the controllability of user privacy data , Safety, stability and reliability.
  • FIG. 7 is a schematic structural diagram of an embodiment of a biometric payment device provided by this application.
  • the biometric payment device 300 may include a receiving module 301, a processing module 302 and a sending module 303.
  • the receiving module 301 is configured to receive a biometric routing payment request message, where the biometric routing payment request message includes a first biometric payment group token and first biometric data.
  • the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group.
  • the processing module 302 is configured to determine the first group according to the first biometric payment group token, so as to perform biometric identification using the first biometric data and the biometric database corresponding to the first group , Get the biometric results.
  • the sending module 303 is configured to send the biometric identification result to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
  • the biometric payment device receives the biometric routing payment request message including the first biometric payment group token and the first biometric data.
  • the first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result.
  • the biometric results can be used by the payment device to initiate the payment process.
  • the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group.
  • biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
  • the biometric routing payment request message may also include the first user identification.
  • the processing module 302 may be specifically configured to determine whether the first user ID and the first biometric payment group token have a binding relationship based on the pre-stored binding relationship between the user ID and the biometric payment group token ,
  • the biometric payment group token is used to characterize that the user has the authority to pay in the group; in the case where it is determined that the first user ID and the first biometric payment group token have a binding relationship, according to the first
  • the biometric payment group token determines the first group to perform biometric identification using the first biometric data and a biometric database corresponding to the first group to obtain a biometric identification result.
  • the biometric routing payment request message may also include the first payment token.
  • the processing module 302 may be specifically configured to: in a case where it is determined that the first user ID and the first biometric payment group token have a binding relationship, based on the pre-stored binding relationship between the user ID and the payment token, Determine whether the first user ID and the first payment token have a binding relationship; in the case where it is determined that the first user ID and the first payment token have a binding relationship, the first biometric payment group token is used to determine the first The group uses the first biometric data and the biometric database corresponding to the first group to perform biometric identification to obtain a biometric identification result.
  • the biometric payment device stores at least one biometric database.
  • Each biometric database corresponds to a group.
  • the processing module 302 may be specifically configured to: determine the first group according to the first biometric payment group token; match the first biometric data with the biometric data in the biometric database corresponding to the first group to obtain the biometric Recognition results.
  • the service server stores at least one biometric database.
  • Each biometric database corresponds to a group.
  • the processing module 302 may be specifically configured to determine the first group according to the first biometric payment group token.
  • the sending module 303 may also be used to send the first biometric data and the group identification of the first group to the service server.
  • the receiving module 301 can also be used to receive biometric results.
  • the biometric identification result is obtained by the service server matching the first biometric data with the biometric data in the biometric database corresponding to the first group.
  • FIG. 8 is a schematic structural diagram of another embodiment of the biometric payment device provided by this application.
  • the biometric payment device 300 shown in FIG. 8 may further include a group token generation module 304, a storage module 305, and a payment token generation module 306.
  • the above-mentioned receiving module 301 can also be used to receive a biometric group payment activation request message.
  • the biometric group payment activation request message includes the second user identification and group information.
  • the group information is used to characterize the second group.
  • the group token generation module 304 may be used to generate a second biometric payment group token according to the second user identification and group information.
  • the second biometric payment group token is used to characterize that the initiating user of the biometric group payment activation request message has the authority of biometric payment in the second group.
  • the storage module 305 may be used to store the binding relationship between the second user ID and the second biometric payment group token.
  • the aforementioned sending module 303 can also be used to send a face payment group activation response message to the payment device.
  • the face payment group activation response message includes the second biometric payment group token.
  • the aforementioned sending module 303 is also used to send an identity verification request message to the service server.
  • the identity verification request message includes the second user identification.
  • the above-mentioned receiving module 301 may also be used to receive an identity verification response message from the service server.
  • the identity verification response message is used to characterize whether the identity verification of the second user identity is successful.
  • the group token generation module 304 may be specifically configured to generate a second biometric payment group token according to the second user ID and group information when the identity verification response message indicates that the identity verification of the second user ID is successful.
  • the biometric group payment activation request message further includes the second biometric data.
  • the aforementioned storage module 305 may also be used to store the second biometric data in the biometric database corresponding to the second group.
  • the group information in the foregoing embodiment may include the group identification of the second group and/or the collection channel information of the second biometric data.
  • the payment token generation module 306 may be used to generate a second payment token according to the second user identification.
  • the storage module 305 may also be used to store the binding relationship between the second user ID and the second payment token.
  • the face payment group activation response message further includes the second payment token.
  • FIG. 9 is a schematic diagram of the hardware structure of an embodiment of the gateway device provided by this application.
  • the gateway device 400 includes a memory 401, a processor 402, and a computer program stored on the memory 401 and running on the processor 402.
  • the aforementioned processor 402 may include a central processing unit (CPU) or a specific integrated circuit (ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present application.
  • CPU central processing unit
  • ASIC specific integrated circuit
  • the memory 401 may include a large-capacity memory for data or instructions.
  • the memory 401 may include an HDD, a floppy disk drive, a flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a universal serial bus (USB) drive, or a combination of two or more of these.
  • the storage 401 may include removable or non-removable (or fixed) media.
  • the memory 401 can be opened inside or outside the gateway device 400 at the terminal hotspot.
  • the memory 401 is a non-volatile solid state memory.
  • the memory 401 includes read-only memory (ROM).
  • the ROM can be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically rewritable ROM (EAROM) or flash memory or A combination of two or more of these.
  • the processor 402 runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory 401, so as to implement the biometric payment method in the foregoing embodiment.
  • the gateway device 400 may further include a communication interface 403 and a bus 404. Among them, as shown in FIG. 9, the memory 401, the processor 402, and the communication interface 403 are connected through the bus 404 and complete mutual communication.
  • the communication interface 403 is mainly used to implement communication between various modules, devices, units and/or devices in the embodiments of the present application.
  • the input device and/or output device can also be accessed through the communication interface 403.
  • the bus 404 includes hardware, software, or both, and couples the components of the gateway device 400 to each other.
  • the bus 404 may include an accelerated graphics port (AGP) or other graphics bus, an enhanced industry standard architecture (EISA) bus, a front side bus (FSB), a hypertransport (HT) interconnect, an industry standard architecture (ISA) ) Bus, unlimited bandwidth interconnect, low pin count (LPC) bus, memory bus, microchannel architecture (MCA) bus, peripheral component interconnect (PCI) bus, PCI-Express (PCI-X) bus, serial advanced Technical Attachment (SATA) bus, Video Electronics Standards Association Local (VLB) bus or other suitable bus or a combination of two or more of these.
  • the bus 404 may include one or more buses.
  • An embodiment of the present application also provides a computer-readable storage medium with a computer program stored on the computer-readable storage medium.
  • the computer program is executed by a processor, the biometric payment applied to the gateway device in the above-mentioned embodiment can be realized. method.
  • each block in the flowchart and/or block diagram and the combination of each block in the flowchart and/or block diagram can be implemented by a program or instruction.
  • These programs or instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device to generate a machine so that these programs or instructions are executed by the processor of the computer or other programmable data processing device Enables the realization of functions/actions specified in one or more blocks of the flowchart and/or block diagram.
  • Such a processor can be, but is not limited to, a general-purpose processor, a dedicated processor, a special application processor, or a field programmable logic circuit. It can also be understood that each block in the block diagram and/or flowchart and the combination of the blocks in the block diagram and/or flowchart can also be implemented by dedicated hardware that performs specified functions or actions, or can be implemented by dedicated hardware and A combination of computer instructions.

Abstract

A biometric identification payment method and apparatus (300), a gateway device (400) and a storage medium, which relate to the field of data processing. The biometric identification payment method comprises: receiving a biometric identification routing payment request message (S101), the biometric identification routing payment request message comprising a first biometric identification payment group token and first biological characteristic data, and the first biometric identification payment group token being used to show that the user who initiated the biometric identification routing payment request message has a permission for biometric identification payment in a first group; determining the first group according to the first biometric identification payment group token, so as to perform biometric identification by using the first biological characteristic data and a biological characteristic database corresponding to the first group, and obtaining a biometric identification result (S102); and sending the biometric identification result to a payment device, so that the payment device initiates a payment process according to the biometric identification result (S103). The described technical solution can improve the security of biometric identification payment by a user.

Description

生物识别支付方法、装置、网关设备及存储介质Biometric payment method, device, gateway device and storage medium
相关申请的交叉引用Cross-references to related applications
本申请要求享有于2020年04月03日提交的名称为“生物识别支付方法、装置、网关设备及存储介质”的中国专利申请202010259375.5的优先权,该申请的全部内容通过引用并入本文中。This application claims the priority of the Chinese patent application 202010259375.5 entitled "Biometric Payment Method, Device, Gateway Device and Storage Medium" filed on April 3, 2020, the entire content of which is incorporated herein by reference.
技术领域Technical field
本申请属于数据处理领域,尤其涉及一种生物识别支付方法、装置、网关设备及存储介质。This application belongs to the field of data processing, and in particular relates to a biometric payment method, device, gateway device and storage medium.
背景技术Background technique
随着支付技术的逐渐发展,支付的高效和便捷成为了用户关注的重点。其中,生物识别支付由于其高效便捷的特点,得到了大面积的推广,目前已经成为支付技术中的一大重点技术。With the gradual development of payment technology, the efficiency and convenience of payment have become the focus of users' attention. Among them, biometric payment has been widely promoted due to its high efficiency and convenience, and has now become a major technology in payment technology.
生物识别是一种基于生物特征信息进行身份认证的生物特征识别技术。生物识别支付是一种利用生物识别来进行支付或交易的技术。生物识别支付过程中采集到的用户的生物特征数据为用户的个人隐私数据。但由于人脸支付的大面积推广,存在用户的个人隐私数据被大范围滥用的风险。在个人隐私数据存在被大范围滥用的风险的情况下,用户的个人隐私数据被泄露的风险也随之提高。一旦用户的个人隐私数据被泄露,该用户的生物识别支付的安全性将会大受影响。Biometric identification is a kind of biometric identification technology based on biometric information for identity authentication. Biometric payment is a technology that uses biometrics to make payments or transactions. The user's biometric data collected during the biometric payment process is the user's personal privacy data. However, due to the large-scale promotion of face payment, there is a risk that users' personal privacy data will be abused on a large scale. In the case where there is a risk of personal privacy data being abused on a large scale, the risk of users' personal privacy data being leaked also increases. Once the user's personal privacy data is leaked, the security of the user's biometric payment will be greatly affected.
发明内容Summary of the invention
本申请实施例提供了一种生物识别支付方法、装置、网关设备及存储介质,能够提高用户的生物识别支付的安全性。The embodiments of the present application provide a biometric payment method, device, gateway device, and storage medium, which can improve the security of a user's biometric payment.
第一方面,本申请实施例提供一种生物识别支付方法,应用于网关设 备,方法包括:接收生物识别路由支付请求消息,生物识别路由支付请求消息包括第一生物识别支付群组令牌和第一生物特征数据,第一生物识别支付群组令牌用于表征生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限;根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果;将生物识别结果向支付设备发送,以使支付设备根据生物识别结果发起支付流程。In the first aspect, an embodiment of the present application provides a biometric payment method applied to a gateway device. The method includes: receiving a biometric routing payment request message. The biometric routing payment request message includes a first biometric payment group token and a first biometric payment group token. A biometric data, the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group; determined according to the first biometric payment group token The first group uses the first biometric data and the biometric database corresponding to the first group to perform biometric identification to obtain the biometric result; send the biometric result to the payment device so that the payment device initiates payment based on the biometric result Process.
第二方面,本申请实施例提供一种生物识别支付装置,包括:接收模块,用于接收生物识别路由支付请求消息,生物识别路由支付请求消息包括第一生物识别支付群组令牌和第一生物特征数据,第一生物识别支付群组令牌用于表征生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限;处理模块,用于根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果;发送模块,用于将生物识别结果向支付设备发送,以使支付设备根据生物识别结果发起支付流程。In a second aspect, an embodiment of the present application provides a biometric payment device, including: a receiving module, configured to receive a biometric routing payment request message, the biometric routing payment request message including a first biometric payment group token and a first Biometric data, the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority to make biometric payments in the first group; the processing module is used to pay according to the first biometric payment group The group token determines the first group to perform biometric identification using the first biometric data and the biometric database corresponding to the first group to obtain the biometric result; the sending module is used to send the biometric result to the payment device to Make the payment device initiate the payment process based on the biometric result.
第三方面,本申请实施例提供一种网关设备,包括处理器、存储器及存储在存储器上并可在处理器上运行的计算机程序,计算机程序被处理器执行时实现如第一方面的技术方案中的生物识别支付方法。In a third aspect, embodiments of the present application provide a gateway device, including a processor, a memory, and a computer program stored in the memory and capable of running on the processor. When the computer program is executed by the processor, the technical solution as in the first aspect is implemented. The biometric payment method in.
第四方面,本申请实施例提供一种计算机可读存储介质,计算机可读存储介质上存储计算机程序,计算机程序被处理器执行时实现第一方面的技术方案中的生物识别支付方法。In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the biometric payment method in the technical solution of the first aspect is implemented.
本申请实施例提供了一种生物识别支付方法、装置、网关设备及存储介质,网关设备接收包括第一生物识别支付群组令牌和第一生物特征数据的生物识别路由支付请求消息。根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。生物识别结果可用于支付设备发起支付流程。其中,第一生物识别支付群组令牌可表征用户在第一群组中具有生物识别支付的权限。利用生物识别支付群组令牌,将用户的生物特征数据在支付的应用范围缩小至群组,降低用户的个人隐私数据被大范围滥用的风 险,降低用户的个人隐私数据被泄露的风险,从而提高用户的生物识别支付的安全性。The embodiments of the present application provide a biometric payment method, device, gateway device, and storage medium. The gateway device receives a biometric routing payment request message including a first biometric payment group token and first biometric data. The first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result. The biometric results can be used by the payment device to initiate the payment process. Wherein, the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group. The use of biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
附图说明Description of the drawings
从下面结合附图对本发明的具体实施方式的描述中可以更好地理解本申请。其中,相同或相似的附图标记表示相同或相似的特征。This application can be better understood from the following description of the specific embodiments of the present invention in conjunction with the accompanying drawings. Wherein, the same or similar reference signs indicate the same or similar features.
图1为本申请实施例示出的生物识别支付系统的一示例的架构示意图;FIG. 1 is a schematic structural diagram of an example of a biometric payment system shown in an embodiment of the application;
图2为本申请提供的生物识别支付方法的一实施例的流程图;FIG. 2 is a flowchart of an embodiment of the biometric payment method provided by this application;
图3为本申请提供的生物识别支付方法的另一实施例的流程图;FIG. 3 is a flowchart of another embodiment of the biometric payment method provided by this application;
图4为本申请提供的生物识别支付方法的又一实施例的流程图;FIG. 4 is a flowchart of another embodiment of the biometric payment method provided by this application;
图5为本申请实施例提供的生物识别支付系统中的生物识别支付方法的一示例的流程图;5 is a flowchart of an example of a biometric payment method in a biometric payment system provided by an embodiment of the application;
图6为本申请提供的生物识别支付方法的再一实施例的流程图;FIG. 6 is a flowchart of still another embodiment of the biometric payment method provided by this application;
图7为本申请提供的生物识别支付装置的一实施例的结构示意图;FIG. 7 is a schematic structural diagram of an embodiment of a biometric payment device provided by this application;
图8为本申请提供的生物识别支付装置的另一实施例的结构示意图;FIG. 8 is a schematic structural diagram of another embodiment of the biometric payment device provided by this application;
图9为本申请提供的网关设备的一实施例的硬件结构示意图。FIG. 9 is a schematic diagram of the hardware structure of an embodiment of the gateway device provided by this application.
具体实施方式Detailed ways
下面将详细描述本申请的各个方面的特征和示例性实施例。在下面的详细描述中,提出了许多具体细节,以便提供对本申请的全面理解。但是,对于本领域技术人员来说很明显的是,本申请可以在不需要这些具体细节中的一些细节的情况下实施。下面对实施例的描述仅仅是为了通过示出本申请的示例来提供对本申请的更好的理解。本申请决不限于下面所提出的任何具体配置和算法,而是在不脱离本申请的精神的前提下覆盖了元素、部件和算法的任何修改、替换和改进。在附图和下面的描述中,没有示出公知的结构和技术,以便避免对本申请造成不必要的模糊。The features and exemplary embodiments of various aspects of the present application will be described in detail below. In the following detailed description, many specific details are proposed in order to provide a comprehensive understanding of the application. However, it is obvious to those skilled in the art that this application can be implemented without some of these specific details. The following description of the embodiments is only to provide a better understanding of the present application by showing examples of the present application. This application is by no means limited to any specific configurations and algorithms proposed below, but covers any modification, replacement and improvement of elements, components and algorithms without departing from the spirit of this application. In the drawings and the following description, well-known structures and technologies are not shown in order to avoid unnecessary obscurity of the application.
生物识别支付是一种利用生物识别来进行支付或交易的技术。由于生物识别支付涉及到用户的生物特征数据等个人隐私数据,因此生物识别支 付的安全性成为了需要关注的重点问题。图1为本申请实施例示出的生物识别支付系统的一示例的架构示意图。如图1所示,该生物识别支付系统可包括支付设备、收单服务器、网关设备和业务服务器。支付设备与网络设备之间可进行生物识别权限的认定以及生物识别。网关设备与支付设备之间的交互可通过收单服务器进行。支付设备与业务服务器可进行支付流程。支付设备与业务服务器之间的交互可通过收单服务器进行。Biometric payment is a technology that uses biometrics to make payments or transactions. Since biometric payment involves personal privacy data such as the user's biometric data, the security of biometric payment has become a key issue that requires attention. FIG. 1 is a schematic structural diagram of an example of a biometric payment system shown in an embodiment of the application. As shown in Figure 1, the biometric payment system may include a payment device, an acquiring server, a gateway device, and a service server. The identification of biometric authority and biometric identification can be carried out between the payment device and the network device. The interaction between the gateway device and the payment device can be performed through the acquiring server. The payment device and the business server can perform the payment process. The interaction between the payment device and the service server can be carried out through the acquiring server.
本申请提供了一种生物识别支付方法、装置、网关设备及存储介质,可应用于用户进行生物识别支付的场景中。本申请中的生物识别支付方法具体可应用于网关设备,即由网关设备执行。本申请中的生物识别支付方法可利用生物识别支付群组令牌限定用户能够使用生物识别支付的范围,从而避免用户的个人隐私数据被大范围滥用的风险,提高生物识别支付的安全性。值得一提的是,本申请中提到了令牌即为Token。This application provides a biometric payment method, device, gateway device, and storage medium, which can be applied to a scenario where a user makes a biometric payment. The biometric payment method in this application can be specifically applied to a gateway device, that is, executed by the gateway device. The biometric payment method in this application can use the biometric payment group token to limit the scope of the user's ability to use biometric payment, thereby avoiding the risk of the user's personal privacy data being abused on a large scale, and improving the security of biometric payment. It is worth mentioning that the token mentioned in this application is Token.
图2为本申请提供的生物识别支付方法的一实施例的流程图。如图2所示,该生物识别支付方法可包括步骤S101至步骤S103。Fig. 2 is a flowchart of an embodiment of the biometric payment method provided by this application. As shown in Figure 2, the biometric payment method may include steps S101 to S103.
在步骤S101中,接收生物识别路由支付请求消息。In step S101, a biometric routing payment request message is received.
可由用户通过支付设备先向收单设备发送生物识别路由支付请求消息,收单设备再将该生物识别路由支付请求消息向网关设备发送。网络设备接收的生物识别路由支付请求消息可包括第一生物识别支付群组令牌和第一生物特征数据。第一生物识别支付群组令牌用于表征生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限。第一生物识别支付群组令牌为生物识别支付群组令牌。生物识别支付群组令牌用于表征用户在群组中具有生物识别支付的权限。生物识别支付群组令牌既可以指示具有生物识别支付的权限的用户,也可以指示用户具有生物识别支付的权限的群组。生物识别支付群组令牌具有唯一性。这里为了便于描述,将生物识别路由支付请求消息中包含的生物识别支付群组令牌称为第一生物识别支付群组令牌。第一群组为群组。这里为了便于描述,将第一生物识别支付群组令牌所指示的群组称为第一群组。The user may first send a biometric routing payment request message to the acquiring device through the payment device, and the acquiring device then sends the biometric routing payment request message to the gateway device. The biometric routing payment request message received by the network device may include the first biometric payment group token and the first biometric data. The first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group. The first biometric payment group token is a biometric payment group token. The biometric payment group token is used to signify that the user has the authority of biometric payment in the group. The biometric payment group token can indicate a user who has the authority of biometric payment, or a group of which the user has the authority of biometric payment. The biometric payment group token is unique. For ease of description, the biometric payment group token included in the biometric routing payment request message is referred to as the first biometric payment group token. The first group is the group. For ease of description, the group indicated by the first biometric payment group token is referred to as the first group.
不同的生物识别路由支付请求消息中的第一生物识别支付群组令牌可以不同,在此并不限定。不同的第一生物识别支付群组令牌所指示的具有 生物识别支付的权限的用户可以不同,在此并不限定。不同的第一生物识别支付群组令牌所指示的用户具有生物识别支付的权限的第一群组可以不同,在此并不限定。The first biometric payment group token in different biometric routing payment request messages may be different, which is not limited here. The users with the biometric payment authority indicated by different first biometric payment group tokens may be different, which is not limited herein. Different first biometric payment group tokens indicate that the first groups of users having biometric payment permissions may be different, which is not limited herein.
群组可以为用户划分的群组,也可为与用户进行支付交互的服务提供方划分的群组,也可为支付本身划分的群组,在此并不限定。例如,群组可为服务会员划分的群组,如A超市的会员划分为一个群组,B超市的会员划分为另一个群组。又例如,群组可以为商圈划分的群组,发生在A商圈中的支付划分为一个群组,发生在B商圈中的支付划分为另一个群组。The group may be a group divided by the user, a group divided by a service provider that interacts with the user, or a group divided by the payment itself, which is not limited here. For example, a group may be a group divided by service members, for example, a member of supermarket A is divided into one group, and a member of supermarket B is divided into another group. For another example, a group may be a group divided by a business district, a payment occurring in the A business district is divided into one group, and a payment occurring in the B business district is divided into another group.
第一生物特征数据为支付设备发起生物识别路由支付请求消息时采集的用户的生物特征数据。生物特征数据具体可包括人脸特征数据、指纹特征数据、掌纹特征数据、虹膜特征数据等等,在此并不限定。不同的生物识别路由支付请求消息包含的第一生物特征数据可不同,在此并不限定。The first biometric data is the user's biometric data collected when the payment device initiates the biometric routing payment request message. The biometric data may specifically include facial feature data, fingerprint feature data, palmprint feature data, iris feature data, etc., which are not limited herein. The first biometric data contained in different biometric routing payment request messages may be different, which is not limited here.
在步骤S102中,根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In step S102, the first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result.
根据第一生物识别支付群组可确定用户具有生物识别支付的权限的群组,即第一群组。在生物识别过程中,利用第一生物特征数据和确定的第一群组对应的生物特征数据库进行生物识别。生物识别只在第一群组内执行,缩小了生物特征数据应用的范围,降低生物特征数据被滥用的风险。According to the first biometric payment group, the group to which the user has the authority of biometric payment can be determined, that is, the first group. In the biometric identification process, the first biometric data and the biometric database corresponding to the determined first group are used for biometric identification. Biometrics are only implemented in the first group, which narrows the scope of application of biometric data and reduces the risk of misuse of biometric data.
生物识别结果用于表征生物识别成功或生物识别失败。在一些示例中,生物识别可由网关设备完成,即网关生成生物识别结果。在另一些示例中,生物识别可由业务服务器完成,即业务服务器生成生物识别结果。网关设备可从业务服务器获取生物识别结果。The result of biometric recognition is used to characterize the success or failure of biometric recognition. In some examples, the biometric identification can be completed by the gateway device, that is, the gateway generates the biometric identification result. In other examples, the biometric identification can be completed by the business server, that is, the business server generates the biometric identification result. The gateway device can obtain the biometric result from the service server.
在步骤S103中,将生物识别结果向支付设备发送,以使支付设备根据生物识别结果发起支付流程。In step S103, the biometric identification result is sent to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
具体地,网关设备可先将生物识别结果向收单设备发送。收单设备再将该生物识别结果向支付设备发送。支付设备接收到生物识别结果,可根据该生物识别结果发起支付流程。例如,在生物识别结果表征生物识别成功的情况下,支付设备可向业务服务器发送支付交易请求。通过支付设备 与业务服务器之间的交互实现本次生物识别支付。其中,支付交易请求可包括用户账户、支付口令、支付令牌等,在此并不限定。Specifically, the gateway device may first send the biometric identification result to the acquiring device. The acquiring device then sends the biometric identification result to the payment device. The payment device receives the biometric result, and can initiate a payment process based on the biometric result. For example, in the case where the biometric identification result represents the successful biometric identification, the payment device may send a payment transaction request to the service server. This biometric payment is realized through the interaction between the payment device and the service server. Among them, the payment transaction request may include a user account, a payment password, a payment token, etc., which are not limited here.
在本申请实施例中,网关设备接收包括第一生物识别支付群组令牌和第一生物特征数据的生物识别路由支付请求消息。根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。生物识别结果可用于支付设备发起支付流程。其中,第一生物识别支付群组令牌可表征用户在第一群组中具有生物识别支付的权限。利用生物识别支付群组令牌,将用户的生物特征数据在支付的应用范围缩小至群组,降低用户的个人隐私数据被大范围滥用的风险,降低用户的个人隐私数据被泄露的风险,从而提高用户的生物识别支付的安全性。In the embodiment of the present application, the gateway device receives the biometric routing payment request message including the first biometric payment group token and the first biometric data. The first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result. The biometric results can be used by the payment device to initiate the payment process. Wherein, the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group. The use of biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
图3为本申请提供的生物识别支付方法的另一实施例的流程图。图3与图2的不同之处在于,图2中的步骤S102具体可细化为图3中的步骤S1021和步骤S1022。FIG. 3 is a flowchart of another embodiment of the biometric payment method provided by this application. The difference between FIG. 3 and FIG. 2 is that step S102 in FIG. 2 can be specifically refined into step S1021 and step S1022 in FIG. 3.
在步骤S1021中,基于预先存储的用户标识与生物识别支付群组令牌的绑定关系,确定第一用户标识与第一生物识别支付群组令牌是否具有绑定关系。In step S1021, based on the pre-stored binding relationship between the user ID and the biometric payment group token, it is determined whether the first user ID and the first biometric payment group token have a binding relationship.
其中,生物识别路由支付请求消息还可包括第一用户标识。第一用户标识为用户标识,用于标识用户,具体可为用户账号、用户卡号等,在此并不限定。这里为了便于描述,将生物识别路由支付请求消息中包含的用户标识称为第一用户标识。Wherein, the biometric routing payment request message may also include the first user identification. The first user ID is a user ID, which is used to identify a user, and can specifically be a user account, a user card number, etc., which is not limited here. For ease of description, the user identification included in the biometric routing payment request message is referred to as the first user identification.
网关设备中可预先存储用户标识与生物识别支付群组令牌的绑定关系。可通过用户标识与生物识别支付群组令牌的绑定关系,对用户进行身份验证。具体地,若预先存储的用户标识与生物识别支付群组令牌的绑定关系中存在第一用户标识与第一生物识别支付群组令牌的对应关系,表示第一用户标识与第一生物识别支付群组令牌具有绑定关系,生物识别路由支付请求消息有效。若预先存储的用户标识与生物识别支付群组令牌的绑定关系中不存在第一用户标识与第一生物识别支付群组令牌的对应关系,表示第一用户标识与第一生物识别支付群组令牌不具有绑定关系,生物识 别路由支付请求消息无效。The gateway device may pre-store the binding relationship between the user identification and the biometric payment group token. The user identity can be authenticated through the binding relationship between the user ID and the biometric payment group token. Specifically, if there is a corresponding relationship between the first user ID and the first biometric payment group token in the pre-stored binding relationship between the user ID and the biometric payment group token, it means that the first user ID and the first biometric payment group token have a corresponding relationship. The identification payment group token has a binding relationship, and the biometric routing payment request message is valid. If there is no corresponding relationship between the first user ID and the first biometric payment group token in the pre-stored binding relationship between the user ID and the biometric payment group token, it means that the first user ID and the first biometric payment are The group token does not have a binding relationship, and the biometric routing payment request message is invalid.
在步骤S1022中,在确定第一用户标识与第一生物识别支付群组令牌具有绑定关系的情况下,根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In step S1022, when it is determined that the first user ID and the first biometric payment group token have a binding relationship, the first group is determined according to the first biometric payment group token, so as to use the first biometric payment group token. The feature data and the biometric database corresponding to the first group perform biometric identification to obtain a biometric identification result.
在确定第一用户标识与第一生物识别支付群组令牌具有绑定关系的情况下,表示生物识别路由支付请求消息有效,可执行确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别的步骤。When it is determined that the first user ID and the first biometric payment group token have a binding relationship, it indicates that the biometric routing payment request message is valid, and the first group can be determined to use the first biometric data and the first biometric payment group token. A biometric database corresponding to a group performs biometric identification.
在确定第一用户标识与第一生物识别支付群组令牌不具有绑定关系的情况下,表示生物识别路由支付请求消息无效,不需执行确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别的步骤。In the case where it is determined that the first user ID and the first biometric payment group token do not have a binding relationship, it means that the biometric routing payment request message is invalid, and there is no need to perform the determination of the first group to use the first biometric data The step of performing biometric identification with the biometric database corresponding to the first group.
进一步地,生物识别路由支付请求消息还可包括第一支付令牌。第一支付令牌为支付令牌。支付令牌用于支付设备与业务服务器进行支付流程时进行支付验证。这里为了便于描述,将生物识别路由支付请求消息中包含的支付令牌称为第一支付令牌。Further, the biometric routing payment request message may further include the first payment token. The first payment token is a payment token. The payment token is used for payment verification when the payment device and the service server perform the payment process. For ease of description, the payment token included in the biometric routing payment request message is referred to as the first payment token.
对应地,为了进一步保证用户的个人隐私数据的安全性,可对生物识别路由支付请求消息的有效性进行认定。在上述实施例中利用第一用户标识与第一生物识别支付群组令牌是否具有绑定关系的基础上,还可结合第一用户标识与第一支付令牌是否具有绑定关系来进行生物识别路由支付请求消息的有效性认定。上述步骤S1022可具体包括步骤S1022a和步骤S1022b。Correspondingly, in order to further ensure the security of the user's personal privacy data, the validity of the biometric routing payment request message can be determined. In the above embodiment, based on whether the first user ID and the first biometric payment group token have a binding relationship, it can also be combined with whether the first user ID and the first payment token have a binding relationship. Identify the validity of the routing payment request message. The above step S1022 may specifically include step S1022a and step S1022b.
在步骤S1022a中,在确定第一用户标识与第一生物识别支付群组令牌具有绑定关系的情况下,基于预先存储的用户标识与支付令牌的绑定关系,确定第一用户标识与第一支付令牌是否具有绑定关系。In step S1022a, when it is determined that the first user ID and the first biometric payment group token have a binding relationship, based on the pre-stored binding relationship between the user ID and the payment token, it is determined that the first user ID and the payment token have a binding relationship. Whether the first payment token has a binding relationship.
网关设备中也预先存储用户标识与支付令牌的绑定关系。具体地,若预先存储的用户标识与支付令牌的绑定关系中存在第一用户标识与第一支付令牌的对应关系,表示第一用户标识与第一支付令牌具有绑定关系,生 物识别路由支付请求消息有效。若预先存储的用户标识与支付令牌的绑定关系中不存在第一用户标识与第一支付令牌的对应关系,表示第一用户标识与第一支付令牌不具有绑定关系,生物识别路由支付请求消息无效。The gateway device also pre-stores the binding relationship between the user identification and the payment token. Specifically, if there is a corresponding relationship between the first user ID and the first payment token in the pre-stored binding relationship between the user ID and the payment token, it means that the first user ID and the first payment token have a binding relationship, and Identifies that the routing payment request message is valid. If there is no corresponding relationship between the first user ID and the first payment token in the pre-stored binding relationship between the user ID and the payment token, it means that the first user ID does not have a binding relationship with the first payment token. The routing payment request message is invalid.
在步骤S1022b中,在确定第一用户标识与第一支付令牌具有绑定关系的情况下,根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In step S1022b, when it is determined that the first user ID and the first payment token have a binding relationship, the first group is determined according to the first biometric payment group token, so as to use the first biometric data and the first payment token. A biometric database corresponding to a group performs biometric identification to obtain a biometric identification result.
在确定第一用户标识与第一支付令牌具有绑定关系的情况下,表示生物识别路由支付请求消息有效,可执行确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别的步骤。In the case where it is determined that the first user ID and the first payment token have a binding relationship, it indicates that the biometric routing payment request message is valid, and the first group can be determined to use the first biometric data to correspond to the first group Biometric database for biometric steps.
在确定第一用户标识与第一支付令牌不具有绑定关系的情况下,表示生物识别路由支付请求消息无效,不需执行确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别的步骤。In the case where it is determined that the first user ID and the first payment token do not have a binding relationship, it means that the biometric routing payment request message is invalid, and there is no need to perform determining the first group to use the first biometric data and the first group. Set the corresponding biometric database to perform biometric identification steps.
在上述实施例中,同一用户的生物识别支付群组令牌、生物特征数据、用户标识和支付令牌之间均可存在绑定关系,且可利用生物识别支付群组令牌、生物特征数据、用户标识和支付令牌之间的绑定关系对生物识别路由支付请求消息进行综合的有效性认定,在此不一一举例说明。In the above embodiment, the biometric payment group token, biometric data, user identification, and payment token of the same user can all have a binding relationship, and the biometric payment group token and biometric data can be used. , The binding relationship between the user ID and the payment token determines the comprehensive validity of the biometric routing payment request message, which will not be illustrated one by one here.
图4为本申请提供的生物识别支付方法的又一实施例的流程图。图4与图2的不同之处在于,在网关设备中存储有生物特征数据库的情况下,图2中的步骤S102具体可细化为图4中的步骤S1023和步骤S1024;在业务服务器中存储生物特征数据库的情况下,图2中的步骤S102具体可细化为图4中的步骤S1025和步骤S1026。FIG. 4 is a flowchart of another embodiment of the biometric payment method provided by this application. The difference between FIG. 4 and FIG. 2 is that in the case that the biometric database is stored in the gateway device, step S102 in FIG. 2 can be specifically refined into step S1023 and step S1024 in FIG. 4; it is stored in the service server In the case of a biometric database, step S102 in FIG. 2 can be specifically refined into step S1025 and step S1026 in FIG. 4.
在步骤S1023中,根据第一生物识别支付群组令牌确定第一群组。In step S1023, the first group is determined according to the first biometric payment group token.
第一生物识别支付群组令牌可指示第一群组。在一些示例中,第一生物识别支付群组令牌的至少一部分能够指示第一群组。例如,第一生物识别支付群组令牌可实现为字符串,字符串中的一部分可为群组标识,群组标识可指示第一群组。The first biometric payment group token may indicate the first group. In some examples, at least a portion of the first biometric payment group token can indicate the first group. For example, the first biometric payment group token may be implemented as a character string, a part of the character string may be a group identifier, and the group identifier may indicate the first group.
在步骤S1024中,对第一生物特征数据与第一群组对应的生物特征数据库中的生物特征数据进行匹配,得到生物识别结果。In step S1024, the first biometric data is matched with the biometric data in the biometric database corresponding to the first group to obtain a biometric recognition result.
网关设备可存储有至少一个生物特征数据库。每个生物特征数据库与一个群组对应。进行生物识别时,不需要将第一生物特征数据与每一生物特征数据库中的生物特征数据进行匹配,只需利用与第一群组对应的生物特征数据库中的生物特征数据与第一生物特征数据进行匹配即可。The gateway device may store at least one biometric database. Each biometric database corresponds to a group. When performing biometric identification, there is no need to match the first biometric data with the biometric data in each biometric database, only the biometric data in the biometric database corresponding to the first group and the first biometric data are used. The data can be matched.
例如,网关设备中存储有6个生物特征数据库,6个生物特征数据库分别对应群组A1、群组A2、群组A3、群组A4、群组A5和群组A6。在根据第一生物识别支付群组令牌确定的第一群组为群组A3的情况下,利用第一生物特征数据与群组A3对应的生物特征数据库中的生物特征数据进行匹配。For example, 6 biometric databases are stored in the gateway device, and the 6 biometric databases correspond to group A1, group A2, group A3, group A4, group A5, and group A6, respectively. In the case where the first group determined according to the first biometric payment group token is the group A3, the first biometric data is used to match the biometric data in the biometric database corresponding to the group A3.
在步骤S1025中,根据第一生物识别支付群组令牌确定第一群组,将第一生物特征数据和第一群组的群组标识向业务服务器发送。In step S1025, the first group is determined according to the first biometric payment group token, and the first biometric data and the group identification of the first group are sent to the service server.
业务服务器存储有至少一个生物特征数据库,每个生物特征数据库与一个群组对应。业务服务器接收到第一群组的群组标识,可利用第一群组的群组标识,确定与第一群组对应的生物特征数据库。业务服务器进行生物识别时,不需要将第一生物特征数据与每一生物特征数据库中的生物特征数据进行匹配,只需利用与第一群组对应的生物特征数据库中的生物特征数据与第一生物特征数据进行匹配即可。The business server stores at least one biometric database, and each biometric database corresponds to a group. The service server receives the group identifier of the first group, and can use the group identifier of the first group to determine the biometric database corresponding to the first group. When the business server performs biometric identification, it does not need to match the first biometric data with the biometric data in each biometric database, and only needs to use the biometric data in the biometric database corresponding to the first group and the first biometric data. The biometric data can be matched.
在步骤S1026中,接收生物识别结果。In step S1026, the result of the biometric recognition is received.
其中,生物识别结果由业务服务器对第一生物特征数据与第一群组对应的生物特征数据库中的生物特征数据匹配得到。业务服务器将生物识别结果向网关设备发送,网关设备可根据接收到的生物识别结果,确定生物识别成功或生物识别失败。Wherein, the biometric identification result is obtained by the service server matching the first biometric data with the biometric data in the biometric database corresponding to the first group. The service server sends the biometric identification result to the gateway device, and the gateway device can determine whether the biometric identification is successful or the biometric identification fails according to the received biometric identification result.
业务服务器可属于收单机构。由于业务服务器可为服务提供方如商户等提供支付终端管理、支付发起、资金结算等功能服务,业务服务器能够对群组进行更精准的划分,从而存储与精准划分的群组对应的生物特征数据库,提高了生物特征数据库划分和管理的精确性。而且,由于业务服务器与服务提供方如商户等关联紧密,更易于对生物特征数据库的管理和更新,使得生物特征数据库的运行效率更高。The business server may belong to the acquiring institution. Since the business server can provide service providers such as merchants with payment terminal management, payment initiation, fund settlement and other functional services, the business server can more accurately divide the group, thereby storing the biometric database corresponding to the accurately divided group , Improve the accuracy of biometric database division and management. Moreover, because the business server is closely related to service providers such as merchants, it is easier to manage and update the biometric database, making the biometric database more efficient.
在上述实施例中,生物特征数据库与群组一一对应,将大量用户的生 物特征数据分库存储。在进行生物识别的过程中,可根据用户的群组快速定位到具体的生物特征数据库,缓解了网关设备或业务服务器的数据承载量,也提高了生物识别支付的响应速度。In the above embodiment, the biometric database corresponds to the group one-to-one, and the biometric data of a large number of users is stored in separate databases. In the process of biometric identification, a specific biometric database can be quickly located according to the user's group, which relieves the data carrying capacity of the gateway device or service server, and also improves the response speed of biometric payment.
下面将以一示例来说明生物识别支付方法在生物识别支付系统中的应用。图5为本申请实施例提供的生物识别支付系统中的生物识别支付方法的一示例的流程图。如图5所示,该生物识别支付系统中的生物识别支付方法可具体包括步骤S201至步骤S210。The following will take an example to illustrate the application of the biometric payment method in the biometric payment system. Fig. 5 is a flowchart of an example of a biometric payment method in a biometric payment system provided by an embodiment of the application. As shown in FIG. 5, the biometric payment method in the biometric payment system may specifically include step S201 to step S210.
在步骤S201中,支付设备向收单设备发送生物识别路由支付请求消息。In step S201, the payment device sends a biometric routing payment request message to the acquiring device.
在步骤S202中,收单设备向网关设备发送生物识别路由支付请求消息。In step S202, the acquiring device sends a biometric routing payment request message to the gateway device.
在步骤S203中,网关设备验证生物识别路由支付请求消息的有效性。In step S203, the gateway device verifies the validity of the biometric routing payment request message.
在步骤S204中,在生物识别路由支付请求消息有效的情况下,网关设备利用第一生物特征和第一群组对应的生物特征进行生物识别,得到生物识别结果。In step S204, when the biometric identification routing payment request message is valid, the gateway device uses the first biometric feature and the biometric feature corresponding to the first group to perform biometric identification to obtain a biometric identification result.
在步骤S205中,网关设备向收单设备发送生物识别结果。In step S205, the gateway device sends the biometric identification result to the acquiring device.
在步骤S206中,收单设备向支付设备发送生物识别结果。In step S206, the acquiring device sends the biometric identification result to the payment device.
在步骤S207中,在生物识别结果表征生物识别成功的情况下,支付设备向收单设备发送支付交易请求消息。In step S207, the payment device sends a payment transaction request message to the acquiring device when the biometric identification result indicates that the biometric identification is successful.
支付交易请求消息可包括支付令牌、支付口令、用户标识等,在此并不限定。The payment transaction request message may include a payment token, a payment password, a user identification, etc., which are not limited herein.
在步骤S208中,收单设备向业务服务器发送支付交易请求消息。In step S208, the acquiring device sends a payment transaction request message to the service server.
在步骤S209中,业务服务器生成支付交易应答消息,向收单设备发送。In step S209, the service server generates a payment transaction response message and sends it to the acquiring device.
支付交易应答消息用于表征本次生物识别支付是否成功。The payment transaction response message is used to characterize whether the biometric payment is successful.
在步骤S210中,收单设备向支付终端发送支付交易应答消息。In step S210, the acquiring device sends a payment transaction response message to the payment terminal.
在一些示例中,上述业务服务器具体可包括清算系统中的服务器以及发卡业务系统中的服务器,在此并不限定。In some examples, the foregoing business server may specifically include a server in a clearing system and a server in a card issuing business system, which is not limited herein.
图6为本申请提供的生物识别支付方法的再一实施例的流程图。图6与图2的不同之处在于,图6所示的生物识别支付方法还可包括步骤S104至步骤S107。Fig. 6 is a flowchart of still another embodiment of the biometric payment method provided by this application. The difference between FIG. 6 and FIG. 2 is that the biometric payment method shown in FIG. 6 may further include step S104 to step S107.
在步骤S104中,接收生物识别群组支付开通请求消息。In step S104, a biometric group payment activation request message is received.
其中,生物识别群组支付开通请求消息包括第二用户标识和群组信息。群组信息用于表征第二群组。第二用户标识为用户标识。这里为了便于描述,将生物识别群组支付开通请求消息中包含的用户标识称为第二用户标识。第二群组为群组。这里为了便于描述,将生物识别群组支付开通请求消息中群组信息表征的群组为第二群组。Wherein, the biometric group payment activation request message includes the second user identification and group information. The group information is used to characterize the second group. The second user ID is the user ID. For ease of description, the user identifier included in the biometric group payment activation request message is referred to as the second user identifier. The second group is a group. For ease of description, the group represented by the group information in the biometric group payment activation request message is referred to as the second group.
不同的生物识别群组支付开通请求消息中的第二用户标识可不同,在此并不限定。不同的生物识别群组支付开通请求消息中的群组信息可不同,不同的生物识别群组支付开通请求消息中的群组信息表征的第二群组可不同,在此并不限定。The second user identification in different biometric group payment activation request messages may be different, which is not limited here. The group information in different biometric group payment activation request messages may be different, and the second group represented by the group information in different biometric group payment activation request messages may be different, which is not limited herein.
在步骤S105中,根据第二用户标识和群组信息,生成第二生物识别支付群组令牌。In step S105, a second biometric payment group token is generated according to the second user identification and the group information.
第二生物识别支付群组令牌用于表征生物识别群组支付开通请求消息的发起用户在第二群组中具有生物识别支付的权限。即第二生物识别支付群组令牌既可以指示具有生物识别支付的权限的用户,也可以指示用户具有生物识别支付的权限的第二群组。第二生物识别支付群组令牌为生物识别支付群组令牌。这里为了便于描述,将接收生物识别群组支付开通请求消息后生成的生物识别支付群组令牌称为第二生物识别支付群组令牌。不同的第二生物识别支付群组令牌指示的用户,以及指示的第二群组可不同。The second biometric payment group token is used to characterize that the user who initiated the biometric group payment activation request message has the authority of biometric payment in the second group. That is, the second biometric payment group token may indicate a user who has the authority of biometric payment, and may also indicate the second group of which the user has the authority of biometric payment. The second biometric payment group token is a biometric payment group token. For ease of description, the biometric payment group token generated after receiving the biometric group payment activation request message is referred to as the second biometric payment group token. The users indicated by the different second biometric payment group tokens and the indicated second groups may be different.
在一些示例中,可对第二用户标识和群组信息进行处理,生成第二生物识别支付群组令牌。对第二用户标识和群组信息的处理具体可为合并、标记化处理、加密等处理手段,在此并不限定。In some examples, the second user identification and group information may be processed to generate a second biometric payment group token. The processing of the second user identification and the group information may specifically be processing means such as merging, tokenization processing, encryption, etc., which is not limited herein.
在步骤S106中,存储第二用户标识与第二生物识别支付群组令牌的绑定关系。In step S106, the binding relationship between the second user ID and the second biometric payment group token is stored.
在确定为生物识别群组支付开通请求消息的发起用户开通在第二群组 的生物识别支付的权限的情况下,在网关设备中存储第二用户标识与第二生物识别支付群组令牌的绑定关系。在第二用户标识标识的用户进行生物识别支付的过程中,可利用网关设备中存储第二用户标识与第二生物识别支付群组令牌的绑定关系,来验证该用户发起的生物识别路由支付请求消息是否有效。In the case where it is determined that the user who initiated the biometric group payment activation request message has the authority to activate the biometric payment in the second group, the gateway device stores the second user identification and the second biometric payment group token. Binding relationship. In the process of the user identified by the second user ID making biometric payment, the gateway device can be used to store the binding relationship between the second user ID and the second biometric payment group token to verify the biometric route initiated by the user Whether the payment request message is valid.
在步骤S107中,向支付设备发送人脸支付群组开通应答消息。In step S107, a face payment group activation response message is sent to the payment device.
具体地,网关设备可先向收单设备发送人脸支付群组开通应答消息。收单系统再向支付设备发送人脸支付群组开通应答消息。Specifically, the gateway device may first send a face payment group activation response message to the acquiring device. The acquiring system then sends the face payment group activation response message to the payment device.
人脸支付群组开通应答消息包括第二生物识别支付群组令牌。网关设备通过人脸支付群组开通应答消息,将为发起生物识别群组支付开通请求消息的用户生成的生物识别支付群组令牌即第二生物识别支付群组令牌传输给支付设备。支付设备可在后续过程中,向网关设备提供该第二生物识别支付群组令牌,以实现生物识别支付。The face payment group activation response message includes the second biometric payment group token. The gateway device transmits the second biometric payment group token, which is the second biometric payment group token, to the payment device through the face payment group activation response message. The payment device may provide the second biometric payment group token to the gateway device in the subsequent process to realize the biometric payment.
在一些示例中,在接收生物识别群组支付开通请求消息后,网关设备还可向业务服务器发送身份验证请求消息。身份验证请求消息包括第二用户标识。业务服务器接收该第二用户标识,对第二用户标识对应的用户进行身份验证,生成身份验证应答消息向网关设备发送。网关设备从业务服务器接收身份验证应答消息。身份验证应答消息用于表征第二用户标识的身份验证是否成功。In some examples, after receiving the biometric group payment activation request message, the gateway device may also send an identity verification request message to the service server. The identity verification request message includes the second user identification. The service server receives the second user ID, performs identity verification on the user corresponding to the second user ID, and generates an identity verification response message to send to the gateway device. The gateway device receives the identity verification response message from the service server. The identity verification response message is used to characterize whether the identity verification of the second user identity is successful.
在身份验证应答消息表征第二用户标识的身份验证成功的情况下,才执行上述步骤S105至步骤S107,以进一步保证用户的个人隐私安全。Only when the identity verification response message indicates that the identity verification of the second user identity is successful, the above steps S105 to S107 are executed to further ensure the personal privacy of the user.
在一些示例中,生物识别群组支付开通请求消息还可包括第二生物特征数据。第二生物特征数据为生物特征数据。这里为了便于描述,将生物识别群组支付开通请求消息中包含的生物特征数据称为第二生物特征数据。第二生物特征数据是在发起生物识别群组支付开通请求消息前采集的。网关设备可将第二生物特征数据存入第二群组对应的生物特征数据库,以在后续的生物识别支付过程中使用。In some examples, the biometric group payment activation request message may further include the second biometric data. The second biometric data is biometric data. For ease of description, the biometric data included in the biometric group payment activation request message is referred to as second biometric data. The second biometric data is collected before initiating the biometric group payment activation request message. The gateway device can store the second biometric data in the biometric database corresponding to the second group for use in the subsequent biometric payment process.
在一些示例中,上述实施例中的群组信息可包括第二群组的群组标识和/或第二生物特征数据的采集渠道信息。采集第二生物特征数据的不同的 采集渠道可对应不同的群组,因此可根据第二生物特征数据的采集渠道信息,确定对应的第二群组。例如,C城市中具有商圈A1、A2和A3。采集渠道信息表征在商圈A1采集第二生物特征数据,则采集渠道信息对应的第二群组即为商圈A1对应的群组。采集渠道信息表征在商圈A2采集第二生物特征数据,则采集渠道信息对应的第二群组即为商圈A2对应的群组。采集渠道信息表征在商圈A3采集第二生物特征数据,则采集渠道信息对应的第二群组即为商圈A3对应的群组。In some examples, the group information in the foregoing embodiment may include the group identification of the second group and/or the collection channel information of the second biometric data. Different collection channels for collecting the second biometric data can correspond to different groups. Therefore, the corresponding second group can be determined according to the collection channel information of the second biometric data. For example, C city has business districts A1, A2, and A3. The collection channel information indicates that the second biometric data is collected in the business district A1, and the second group corresponding to the collected channel information is the group corresponding to the business district A1. The collection channel information indicates that the second biometric data is collected in the business district A2, and the second group corresponding to the collected channel information is the group corresponding to the business district A2. The collection channel information indicates that the second biometric data is collected in the business district A3, and the second group corresponding to the collected channel information is the group corresponding to the business district A3.
在一些示例中,在接收生物识别群组支付开通请求消息后,网关设备还可根据第二用户标识,生成第二支付令牌。人脸支付群组开通应答消息还可包括第二支付令牌。第二支付令牌为支付令牌。这里为了方便描述,将接收生物识别群组支付开通请求消息后根据第二用户标识生成的支付令牌称为第二支付令牌。网关设备可存储第二用户标识与第二支付令牌的绑定关系,以在后续生物识别支付的过程中,可利用第二用户标识与第二支付令牌的绑定关系确定用户的生物识别路由支付请求消息的有效性。In some examples, after receiving the biometric group payment activation request message, the gateway device may also generate a second payment token according to the second user identification. The face payment group activation response message may also include the second payment token. The second payment token is a payment token. Here, for the convenience of description, the payment token generated according to the second user identifier after receiving the biometric group payment activation request message is referred to as the second payment token. The gateway device can store the binding relationship between the second user ID and the second payment token, so that in the subsequent biometric payment process, the binding relationship between the second user ID and the second payment token can be used to determine the user’s biometric identification Validity of routing payment request messages.
在上述实施例中,业务服务器与网关设备还可相互同步至少部分生物识别支付信息。例如,生物识别支付信息可包括用户手机号至少部分、生物特征数据密文、生物识别路由索引、服务方机构代码、支付卡卡号等,在此并不限定。In the above embodiment, the service server and the gateway device can also synchronize at least part of the biometric payment information with each other. For example, the biometric payment information may include at least part of the user's mobile phone number, biometric data cipher text, biometric routing index, service party organization code, payment card number, etc., which are not limited here.
在一些示例中,上述网关设备、支付设备、收单设备和业务服务器中的数据可独立加密存储,并禁止对数据进行修改即数据修改操作为无效操作,进一步提高了用户隐私数据的可控性、安全性、稳定性和可靠性。In some examples, the data in the aforementioned gateway device, payment device, acquiring device, and service server can be independently encrypted and stored, and data modification is prohibited, that is, data modification operations are invalid operations, which further improves the controllability of user privacy data , Safety, stability and reliability.
本申请还提供了一种生物识别支付装置。图7为本申请提供的生物识别支付装置的一实施例的结构示意图。如图7所示,该生物识别支付装置300可包括接收模块301、处理模块302和发送模块303。The application also provides a biometric payment device. FIG. 7 is a schematic structural diagram of an embodiment of a biometric payment device provided by this application. As shown in FIG. 7, the biometric payment device 300 may include a receiving module 301, a processing module 302 and a sending module 303.
接收模块301,用于接收生物识别路由支付请求消息,所述生物识别路由支付请求消息包括第一生物识别支付群组令牌和第一生物特征数据。The receiving module 301 is configured to receive a biometric routing payment request message, where the biometric routing payment request message includes a first biometric payment group token and first biometric data.
其中,所述第一生物识别支付群组令牌用于表征所述生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限。Wherein, the first biometric payment group token is used to characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group.
处理模块302,用于根据所述第一生物识别支付群组令牌确定所述第 一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。The processing module 302 is configured to determine the first group according to the first biometric payment group token, so as to perform biometric identification using the first biometric data and the biometric database corresponding to the first group , Get the biometric results.
发送模块303,用于将所述生物识别结果向支付设备发送,以使所述支付设备根据所述生物识别结果发起支付流程。The sending module 303 is configured to send the biometric identification result to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
在本申请实施例中,生物识别支付装置接收包括第一生物识别支付群组令牌和第一生物特征数据的生物识别路由支付请求消息。根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。生物识别结果可用于支付设备发起支付流程。其中,第一生物识别支付群组令牌可表征用户在第一群组中具有生物识别支付的权限。利用生物识别支付群组令牌,将用户的生物特征数据在支付的应用范围缩小至群组,降低用户的个人隐私数据被大范围滥用的风险,降低用户的个人隐私数据被泄露的风险,从而提高用户的生物识别支付的安全性。In the embodiment of the present application, the biometric payment device receives the biometric routing payment request message including the first biometric payment group token and the first biometric data. The first group is determined according to the first biometric payment group token, so that the first biometric data and the biometric database corresponding to the first group are used for biometric identification to obtain a biometric identification result. The biometric results can be used by the payment device to initiate the payment process. Wherein, the first biometric payment group token may indicate that the user has the authority of biometric payment in the first group. The use of biometric payment group tokens reduces the user's biometric data in the payment application scope to the group, reduces the risk of the user's personal privacy data being abused on a large scale, and reduces the risk of the user's personal privacy data being leaked, thereby Improve the security of users' biometric payment.
在一些示例中,生物识别路由支付请求消息还可包括第一用户标识。对应地,处理模块302可具体用于:基于预先存储的用户标识与生物识别支付群组令牌的绑定关系,确定第一用户标识与第一生物识别支付群组令牌是否具有绑定关系,生物识别支付群组令牌用于表征用户在群组中具有生物识别支付的权限;在确定第一用户标识与第一生物识别支付群组令牌具有绑定关系的情况下,根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In some examples, the biometric routing payment request message may also include the first user identification. Correspondingly, the processing module 302 may be specifically configured to determine whether the first user ID and the first biometric payment group token have a binding relationship based on the pre-stored binding relationship between the user ID and the biometric payment group token , The biometric payment group token is used to characterize that the user has the authority to pay in the group; in the case where it is determined that the first user ID and the first biometric payment group token have a binding relationship, according to the first The biometric payment group token determines the first group to perform biometric identification using the first biometric data and a biometric database corresponding to the first group to obtain a biometric identification result.
在一些示例中,生物识别路由支付请求消息还可包括第一支付令牌。对应地,处理模块302可具体用于:在确定第一用户标识与第一生物识别支付群组令牌具有绑定关系的情况下,基于预先存储的用户标识与支付令牌的绑定关系,确定第一用户标识与第一支付令牌是否具有绑定关系;在确定第一用户标识与第一支付令牌具有绑定关系的情况下,根据第一生物识别支付群组令牌确定第一群组,以利用第一生物特征数据和第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In some examples, the biometric routing payment request message may also include the first payment token. Correspondingly, the processing module 302 may be specifically configured to: in a case where it is determined that the first user ID and the first biometric payment group token have a binding relationship, based on the pre-stored binding relationship between the user ID and the payment token, Determine whether the first user ID and the first payment token have a binding relationship; in the case where it is determined that the first user ID and the first payment token have a binding relationship, the first biometric payment group token is used to determine the first The group uses the first biometric data and the biometric database corresponding to the first group to perform biometric identification to obtain a biometric identification result.
在一些示例中,生物识别支付装置存储有至少一个生物特征数据库。 每个生物特征数据库与一个群组对应。In some examples, the biometric payment device stores at least one biometric database. Each biometric database corresponds to a group.
处理模块302可具体用于:根据第一生物识别支付群组令牌确定第一群组;对第一生物特征数据与第一群组对应的生物特征数据库中的生物特征数据进行匹配,得到生物识别结果。The processing module 302 may be specifically configured to: determine the first group according to the first biometric payment group token; match the first biometric data with the biometric data in the biometric database corresponding to the first group to obtain the biometric Recognition results.
在另一个示例中,业务服务器存储有至少一个生物特征数据库。每个生物特征数据库与一个群组对应。In another example, the service server stores at least one biometric database. Each biometric database corresponds to a group.
处理模块302可具体用于根据第一生物识别支付群组令牌确定第一群组。The processing module 302 may be specifically configured to determine the first group according to the first biometric payment group token.
发送模块303还可用于将第一生物特征数据和第一群组的群组标识向业务服务器发送。The sending module 303 may also be used to send the first biometric data and the group identification of the first group to the service server.
接收模块301还可用于接收生物识别结果。The receiving module 301 can also be used to receive biometric results.
其中,生物识别结果由业务服务器对第一生物特征数据与第一群组对应的生物特征数据库中的生物特征数据匹配得到。Wherein, the biometric identification result is obtained by the service server matching the first biometric data with the biometric data in the biometric database corresponding to the first group.
图8为本申请提供的生物识别支付装置的另一实施例的结构示意图。图8与图7的不同之处在于,图8所示的生物识别支付装置300还可包括群组令牌生成模块304、存储模块305和支付令牌生成模块306。FIG. 8 is a schematic structural diagram of another embodiment of the biometric payment device provided by this application. The difference between FIG. 8 and FIG. 7 is that the biometric payment device 300 shown in FIG. 8 may further include a group token generation module 304, a storage module 305, and a payment token generation module 306.
上述接收模块301还可用于接收生物识别群组支付开通请求消息。The above-mentioned receiving module 301 can also be used to receive a biometric group payment activation request message.
其中,生物识别群组支付开通请求消息包括第二用户标识和群组信息。群组信息用于表征第二群组。Wherein, the biometric group payment activation request message includes the second user identification and group information. The group information is used to characterize the second group.
群组令牌生成模块304可用于根据第二用户标识和群组信息,生成第二生物识别支付群组令牌。The group token generation module 304 may be used to generate a second biometric payment group token according to the second user identification and group information.
其中,第二生物识别支付群组令牌用于表征生物识别群组支付开通请求消息的发起用户在第二群组中具有生物识别支付的权限。Wherein, the second biometric payment group token is used to characterize that the initiating user of the biometric group payment activation request message has the authority of biometric payment in the second group.
存储模块305可用于存储第二用户标识与第二生物识别支付群组令牌的绑定关系。The storage module 305 may be used to store the binding relationship between the second user ID and the second biometric payment group token.
上述发送模块303还可用于向支付设备发送人脸支付群组开通应答消息。人脸支付群组开通应答消息包括第二生物识别支付群组令牌。The aforementioned sending module 303 can also be used to send a face payment group activation response message to the payment device. The face payment group activation response message includes the second biometric payment group token.
在一些示例中,上述发送模块303还用于向业务服务器发送身份验证请求消息。In some examples, the aforementioned sending module 303 is also used to send an identity verification request message to the service server.
其中,身份验证请求消息包括第二用户标识。Wherein, the identity verification request message includes the second user identification.
上述接收模块301还可用于向从业务服务器接收身份验证应答消息。The above-mentioned receiving module 301 may also be used to receive an identity verification response message from the service server.
其中,身份验证应答消息用于表征第二用户标识的身份验证是否成功。Wherein, the identity verification response message is used to characterize whether the identity verification of the second user identity is successful.
群组令牌生成模块304可具体用于在身份验证应答消息表征第二用户标识的身份验证成功的情况下,根据第二用户标识和群组信息,生成第二生物识别支付群组令牌。The group token generation module 304 may be specifically configured to generate a second biometric payment group token according to the second user ID and group information when the identity verification response message indicates that the identity verification of the second user ID is successful.
在一些示例中,生物识别群组支付开通请求消息还包括第二生物特征数据。上述存储模块305还可用于将第二生物特征数据存入第二群组对应的生物特征数据库。In some examples, the biometric group payment activation request message further includes the second biometric data. The aforementioned storage module 305 may also be used to store the second biometric data in the biometric database corresponding to the second group.
上述实施例中的群组信息可包括第二群组的群组标识和/或第二生物特征数据的采集渠道信息。The group information in the foregoing embodiment may include the group identification of the second group and/or the collection channel information of the second biometric data.
支付令牌生成模块306可用于根据所述第二用户标识,生成第二支付令牌。The payment token generation module 306 may be used to generate a second payment token according to the second user identification.
上述存储模块305还可用于存储所述第二用户标识与所述第二支付令牌的绑定关系。The storage module 305 may also be used to store the binding relationship between the second user ID and the second payment token.
其中,所述人脸支付群组开通应答消息还包括所述第二支付令牌。Wherein, the face payment group activation response message further includes the second payment token.
本申请还提供了一种网关设备。图9为本申请提供的网关设备的一实施例的硬件结构示意图。如图9所示,网关设备400包括存储器401、处理器402及存储在存储器401上并可在处理器402上运行的计算机程序。This application also provides a gateway device. FIG. 9 is a schematic diagram of the hardware structure of an embodiment of the gateway device provided by this application. As shown in FIG. 9, the gateway device 400 includes a memory 401, a processor 402, and a computer program stored on the memory 401 and running on the processor 402.
在一个示例中,上述处理器402可以包括中央处理器(CPU),或者特定集成电路(ASIC),或者可以被配置成实施本申请实施例的一个或多个集成电路。In an example, the aforementioned processor 402 may include a central processing unit (CPU) or a specific integrated circuit (ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present application.
存储器401可以包括用于数据或指令的大容量存储器。举例来说而非限制,存储器401可包括HDD、软盘驱动器、闪存、光盘、磁光盘、磁带或通用串行总线(USB)驱动器或者两个或更多个以上这些的组合。在合适的情况下,存储器401可包括可移除或不可移除(或固定)的介质。在合适的情况下,存储器401可在终端热点开启网关设备400的内部或外部。在特定实施例中,存储器401是非易失性固态存储器。在特定实施例中,存 储器401包括只读存储器(ROM)。在合适的情况下,该ROM可以是掩模编程的ROM、可编程ROM(PROM)、可擦除PROM(EPROM)、电可擦除PROM(EEPROM)、电可改写ROM(EAROM)或闪存或者两个或更多个以上这些的组合。The memory 401 may include a large-capacity memory for data or instructions. By way of example and not limitation, the memory 401 may include an HDD, a floppy disk drive, a flash memory, an optical disk, a magneto-optical disk, a magnetic tape, or a universal serial bus (USB) drive, or a combination of two or more of these. Where appropriate, the storage 401 may include removable or non-removable (or fixed) media. Under appropriate circumstances, the memory 401 can be opened inside or outside the gateway device 400 at the terminal hotspot. In a particular embodiment, the memory 401 is a non-volatile solid state memory. In a particular embodiment, the memory 401 includes read-only memory (ROM). Where appropriate, the ROM can be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically rewritable ROM (EAROM) or flash memory or A combination of two or more of these.
处理器402通过读取存储器401中存储的可执行程序代码来运行与可执行程序代码对应的计算机程序,以用于实现上述实施例中的生物识别支付方法。The processor 402 runs the computer program corresponding to the executable program code by reading the executable program code stored in the memory 401, so as to implement the biometric payment method in the foregoing embodiment.
在一个示例中,网关设备400还可包括通信接口403和总线404。其中,如图9所示,存储器401、处理器402、通信接口403通过总线404连接并完成相互间的通信。In an example, the gateway device 400 may further include a communication interface 403 and a bus 404. Among them, as shown in FIG. 9, the memory 401, the processor 402, and the communication interface 403 are connected through the bus 404 and complete mutual communication.
通信接口403,主要用于实现本申请实施例中各模块、装置、单元和/或设备之间的通信。也可通过通信接口403接入输入设备和/或输出设备。The communication interface 403 is mainly used to implement communication between various modules, devices, units and/or devices in the embodiments of the present application. The input device and/or output device can also be accessed through the communication interface 403.
总线404包括硬件、软件或两者,将网关设备400的部件彼此耦接在一起。举例来说而非限制,总线404可包括加速图形端口(AGP)或其他图形总线、增强工业标准架构(EISA)总线、前端总线(FSB)、超传输(HT)互连、工业标准架构(ISA)总线、无限带宽互连、低引脚数(LPC)总线、存储器总线、微信道架构(MCA)总线、外围组件互连(PCI)总线、PCI-Express(PCI-X)总线、串行高级技术附件(SATA)总线、视频电子标准协会局部(VLB)总线或其他合适的总线或者两个或更多个以上这些的组合。在合适的情况下,总线404可包括一个或多个总线。尽管本申请实施例描述和示出了特定的总线,但本申请考虑任何合适的总线或互连。The bus 404 includes hardware, software, or both, and couples the components of the gateway device 400 to each other. By way of example and not limitation, the bus 404 may include an accelerated graphics port (AGP) or other graphics bus, an enhanced industry standard architecture (EISA) bus, a front side bus (FSB), a hypertransport (HT) interconnect, an industry standard architecture (ISA) ) Bus, unlimited bandwidth interconnect, low pin count (LPC) bus, memory bus, microchannel architecture (MCA) bus, peripheral component interconnect (PCI) bus, PCI-Express (PCI-X) bus, serial advanced Technical Attachment (SATA) bus, Video Electronics Standards Association Local (VLB) bus or other suitable bus or a combination of two or more of these. Where appropriate, the bus 404 may include one or more buses. Although the embodiments of this application describe and show a specific bus, this application considers any suitable bus or interconnection.
本申请一实施例还提供一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时可实现上述实施例中的应用于网关设备的生物识别支付方法。An embodiment of the present application also provides a computer-readable storage medium with a computer program stored on the computer-readable storage medium. When the computer program is executed by a processor, the biometric payment applied to the gateway device in the above-mentioned embodiment can be realized. method.
需要明确的是,本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同或相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。对于装置实施例、网关设备实施例和计算机可读存储介质实施例而言,相关之处可以参见方法实施例的说明部分。本申请并不局限于上文所描述并在图中示出的特定步骤和结构。本领域的技 术人员可以在领会本申请的精神之后,作出各种改变、修改和添加,或者改变步骤之间的顺序。并且,为了简明起见,这里省略对已知方法技术的详细描述。It should be clear that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other. Each embodiment focuses on the differences from other embodiments. Place. For the apparatus embodiment, the gateway device embodiment, and the computer-readable storage medium embodiment, for relevant details, please refer to the description part of the method embodiment. The application is not limited to the specific steps and structures described above and shown in the figures. Those skilled in the art can make various changes, modifications and additions, or change the order between steps after grasping the spirit of this application. And, for the sake of brevity, a detailed description of the known method and technology is omitted here.
上面参考根据本申请的实施例的方法、装置(系统)和机器程序产品的流程图和/或框图描述了本申请的各方面。应当理解,流程图和/或框图中的每个方框以及流程图和/或框图中各方框的组合可以由程序或指令实现。这些程序或指令可被提供给通用计算机、专用计算机、或其它可编程数据处理装置的处理器,以产生一种机器,使得经由计算机或其它可编程数据处理装置的处理器执行的这些程序或指令使能对流程图和/或框图的一个或多个方框中指定的功能/动作的实现。这种处理器可以是但不限于是通用处理器、专用处理器、特殊应用处理器或者现场可编程逻辑电路。还可理解,框图和/或流程图中的每个方框以及框图和/或流程图中的方框的组合,也可以由执行指定的功能或动作的专用硬件来实现,或可由专用硬件和计算机指令的组合来实现。The above describes various aspects of the present application with reference to the flowcharts and/or block diagrams of the methods, devices (systems) and machine program products according to the embodiments of the present application. It should be understood that each block in the flowchart and/or block diagram and the combination of each block in the flowchart and/or block diagram can be implemented by a program or instruction. These programs or instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device to generate a machine so that these programs or instructions are executed by the processor of the computer or other programmable data processing device Enables the realization of functions/actions specified in one or more blocks of the flowchart and/or block diagram. Such a processor can be, but is not limited to, a general-purpose processor, a dedicated processor, a special application processor, or a field programmable logic circuit. It can also be understood that each block in the block diagram and/or flowchart and the combination of the blocks in the block diagram and/or flowchart can also be implemented by dedicated hardware that performs specified functions or actions, or can be implemented by dedicated hardware and A combination of computer instructions.
本领域技术人员应能理解,上述实施例均是示例性而非限制性的。在不同实施例中出现的不同技术特征可以进行组合,以取得有益效果。本领域技术人员在研究附图、说明书及权利要求书的基础上,应能理解并实现所揭示的实施例的其他变化的实施例。在权利要求书中,术语“包括”并不排除其他装置或步骤;名词前未说明量词的,该名词的数目可以为一个或多个;术语“第一”、“第二”用于标示名称而非用于表示任何特定的顺序。权利要求中的任何附图标记均不应被理解为对保护范围的限制。权利要求中出现的多个部分的功能可以由一个单独的硬件或软件模块来实现。某些技术特征出现在不同的从属权利要求中并不意味着不能将这些技术特征进行组合以取得有益效果。Those skilled in the art should understand that the above-mentioned embodiments are all exemplary rather than restrictive. Different technical features appearing in different embodiments can be combined to achieve beneficial effects. Those skilled in the art should be able to understand and implement other modified embodiments of the disclosed embodiments on the basis of studying the drawings, the description, and the claims. In the claims, the term "comprising" does not exclude other means or steps; if no quantifier is specified before the noun, the number of the noun can be one or more; the terms "first" and "second" are used to denote names It is not used to indicate any particular order. Any reference signs in the claims should not be construed as limiting the scope of protection. The functions of multiple parts appearing in the claims can be implemented by a single hardware or software module. The appearance of certain technical features in different dependent claims does not mean that these technical features cannot be combined to achieve beneficial effects.

Claims (13)

  1. 一种生物识别支付方法,应用于网关设备,所述方法包括:A biometric payment method applied to a gateway device, the method includes:
    接收生物识别路由支付请求消息,所述生物识别路由支付请求消息包括第一生物识别支付群组令牌和第一生物特征数据,所述第一生物识别支付群组令牌用于表征所述生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限;Receive a biometric routing payment request message, where the biometric routing payment request message includes a first biometric payment group token and first biometric data, and the first biometric payment group token is used to characterize the biometric Identify that the initiating user of the routing payment request message has the authority of biometric payment in the first group;
    根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果;Determining the first group according to the first biometric payment group token, so as to perform biometric recognition using the first biometric data and a biometric database corresponding to the first group to obtain a biometric recognition result;
    将所述生物识别结果向支付设备发送,以使所述支付设备根据所述生物识别结果发起支付流程。The biometric identification result is sent to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
  2. 根据权利要求1所述的方法,其中,所述生物识别路由支付请求消息还包括第一用户标识;The method according to claim 1, wherein the biometric routing payment request message further includes a first user identification;
    所述根据所述第一生物识别支付群组令牌确定所述第一群组,利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果,包括:The first group is determined according to the first biometric payment group token, and the first biometric data and the biometric database corresponding to the first group are used for biometric recognition, to obtain a biometric result ,include:
    基于预先存储的用户标识与生物识别支付群组令牌的绑定关系,确定所述第一用户标识与所述第一生物识别支付群组令牌是否具有绑定关系,所述生物识别支付群组令牌用于表征用户在群组中具有生物识别支付的权限;Based on the pre-stored binding relationship between the user ID and the biometric payment group token, it is determined whether the first user ID and the first biometric payment group token have a binding relationship, the biometric payment group The group token is used to signify that the user has the authority of biometric payment in the group;
    在确定所述第一用户标识与所述第一生物识别支付群组令牌具有绑定关系的情况下,根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。When it is determined that the first user ID and the first biometric payment group token have a binding relationship, the first group is determined according to the first biometric payment group token to use The first biometric data and the biometric database corresponding to the first group perform biometric identification to obtain a biometric identification result.
  3. 根据权利要求2所述的方法,其中,所述生物识别路由支付请求消息还包括第一支付令牌;The method according to claim 2, wherein the biometric routing payment request message further includes a first payment token;
    所述根据所述第一生物识别支付群组令牌确定所述第一群组,利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识 别,得到生物识别结果,包括:The first group is determined according to the first biometric payment group token, and the first biometric data and the biometric database corresponding to the first group are used to perform biometric recognition to obtain a biometric result ,include:
    基于预先存储的用户标识与支付令牌的绑定关系,确定所述第一用户标识与所述第一支付令牌是否具有绑定关系;Determining whether the first user identifier and the first payment token have a binding relationship based on the pre-stored binding relationship between the user identifier and the payment token;
    在确定所述第一用户标识与所述第一支付令牌具有绑定关系的情况下,根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果。In the case where it is determined that the first user ID and the first payment token have a binding relationship, the first group is determined according to the first biometric payment group token, so as to use the first The biometric data and the biometric database corresponding to the first group perform biometric identification to obtain a biometric identification result.
  4. 根据权利要求1所述的方法,其中,所述网关设备存储有至少一个生物特征数据库,每个所述生物特征数据库与一个群组对应;The method according to claim 1, wherein the gateway device stores at least one biometric database, and each biometric database corresponds to a group;
    所述根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果,包括:The first group is determined according to the first biometric payment group token, so as to use the first biometric data and the biometric database corresponding to the first group to perform biometric recognition to obtain biometrics The results include:
    根据所述第一生物识别支付群组令牌确定所述第一群组;Determining the first group according to the first biometric payment group token;
    对所述第一生物特征数据与所述第一群组对应的所述生物特征数据库中的生物特征数据进行匹配,得到生物识别结果。Matching the first biometric data with the biometric data in the biometric database corresponding to the first group to obtain a biometric recognition result.
  5. 根据权利要求1所述的方法,其中,所述根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果,包括:The method according to claim 1, wherein the first group is determined according to the first biometric payment group token to use the first biometric data to correspond to the first group Biometrics database for biometrics to obtain biometric results, including:
    根据所述第一生物识别支付群组令牌确定所述第一群组,将所述第一生物特征数据和所述第一群组的群组标识向业务服务器发送,所述业务服务器存储有至少一个生物特征数据库,每个所述生物特征数据库与一个群组对应;The first group is determined according to the first biometric payment group token, and the first biometric data and the group identification of the first group are sent to a service server, where the service server stores At least one biometric database, each of the biometric databases corresponds to a group;
    接收所述生物识别结果,所述生物识别结果由所述业务服务器对所述第一生物特征数据与所述第一群组对应的所述生物特征数据库中的生物特征数据匹配得到。The biometric identification result is received, and the biometric identification result is obtained by the service server matching the first biometric data with the biometric data in the biometric database corresponding to the first group.
  6. 根据权利要求1所述的方法,其中,还包括:The method according to claim 1, further comprising:
    接收生物识别群组支付开通请求消息,所述生物识别群组支付开通请求消息包括第二用户标识和群组信息,所述群组信息用于表征第二群组;Receiving a biometric group payment activation request message, where the biometric group payment activation request message includes a second user ID and group information, and the group information is used to characterize the second group;
    根据所述第二用户标识和所述群组信息,生成第二生物识别支付群组 令牌,所述第二生物识别支付群组令牌用于表征所述生物识别群组支付开通请求消息的发起用户在所述第二群组中具有生物识别支付的权限;According to the second user identification and the group information, a second biometric payment group token is generated, and the second biometric payment group token is used to characterize the request message of the biometric group payment activation The initiating user has the authority of biometric payment in the second group;
    存储所述第二用户标识与所述第二生物识别支付群组令牌的绑定关系;Storing the binding relationship between the second user ID and the second biometric payment group token;
    向所述支付设备发送人脸支付群组开通应答消息,所述人脸支付群组开通应答消息包括所述第二生物识别支付群组令牌。Sending a face payment group activation response message to the payment device, where the face payment group activation response message includes the second biometric payment group token.
  7. 根据权利要求6所述的方法,其中,在所述接收生物识别群组支付开通请求消息之后,还包括:The method according to claim 6, wherein after said receiving the biometric group payment activation request message, the method further comprises:
    向业务服务器发送身份验证请求消息,所述身份验证请求消息包括第二用户标识;Sending an identity verification request message to the service server, where the identity verification request message includes the second user identifier;
    从所述业务服务器接收身份验证应答消息,所述身份验证应答消息用于表征所述第二用户标识的身份验证是否成功;Receiving an identity verification response message from the service server, where the identity verification response message is used to characterize whether the identity verification of the second user identity is successful;
    其中,所述根据所述第二用户标识和所述群组信息,生成第二生物识别支付群组令牌,包括:Wherein, the generating a second biometric payment group token according to the second user identification and the group information includes:
    在所述身份验证应答消息表征所述第二用户标识的身份验证成功的情况下,根据所述第二用户标识和所述群组信息,生成第二生物识别支付群组令牌。In a case where the identity verification response message indicates that the identity verification of the second user identity is successful, a second biometric payment group token is generated according to the second user identity and the group information.
  8. 根据权利要求6所述的方法,其中,所述生物识别群组支付开通请求消息还包括第二生物特征数据;The method according to claim 6, wherein the biometric group payment activation request message further includes second biometric data;
    所述方法还包括:The method also includes:
    将所述第二生物特征数据存入所述第二群组对应的生物特征数据库。The second biometric data is stored in a biometric database corresponding to the second group.
  9. 根据权利要求8所述的方法,其中,The method according to claim 8, wherein:
    所述群组信息包括第二群组的群组标识和/或所述第二生物特征数据的采集渠道信息。The group information includes the group identification of the second group and/or the collection channel information of the second biometric data.
  10. 根据权利要求6所述的方法,其中,在所述接收生物识别群组支付开通请求消息之后,还包括:The method according to claim 6, wherein after said receiving the biometric group payment activation request message, the method further comprises:
    根据所述第二用户标识,生成第二支付令牌;Generate a second payment token according to the second user identification;
    存储所述第二用户标识与所述第二支付令牌的绑定关系;Storing the binding relationship between the second user identifier and the second payment token;
    其中,所述人脸支付群组开通应答消息还包括所述第二支付令牌。Wherein, the face payment group activation response message further includes the second payment token.
  11. 一种生物识别支付装置,包括:A biometric payment device, including:
    接收模块,用于接收生物识别路由支付请求消息,所述生物识别路由支付请求消息包括第一生物识别支付群组令牌和第一生物特征数据,所述第一生物识别支付群组令牌用于表征所述生物识别路由支付请求消息的发起用户在第一群组中具有生物识别支付的权限;The receiving module is configured to receive a biometric routing payment request message, the biometric routing payment request message including a first biometric payment group token and first biometric data, and the first biometric payment group token is used To characterize that the initiating user of the biometric routing payment request message has the authority of biometric payment in the first group;
    处理模块,用于根据所述第一生物识别支付群组令牌确定所述第一群组,以利用所述第一生物特征数据和所述第一群组对应的生物特征数据库进行生物识别,得到生物识别结果;A processing module, configured to determine the first group according to the first biometric payment group token, so as to perform biometric identification using the first biometric data and the biometric database corresponding to the first group, Get biometric results;
    发送模块,用于将所述生物识别结果向支付设备发送,以使所述支付设备根据所述生物识别结果发起支付流程。The sending module is configured to send the biometric identification result to the payment device, so that the payment device initiates a payment process according to the biometric identification result.
  12. 一种网关设备,包括处理器、存储器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求1至10中任意一项所述的生物识别支付方法。A gateway device, comprising a processor, a memory, and a computer program stored on the memory and capable of running on the processor. The computer program is executed by the processor to implement any of claims 1 to 10 One of the biometric payment methods described.
  13. 一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如权利要求1至10中任意一项所述的生物识别支付方法。A computer-readable storage medium storing a computer program on the computer-readable storage medium, and when the computer program is executed by a processor, the biometric payment method according to any one of claims 1 to 10 is realized.
PCT/CN2021/075657 2020-04-03 2021-02-05 Biometric identification payment method and apparatus, gateway device and storage medium WO2021196892A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010259375.5 2020-04-03
CN202010259375.5A CN111539732B (en) 2020-04-03 2020-04-03 Biometric payment method, device, gateway equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2021196892A1 true WO2021196892A1 (en) 2021-10-07

Family

ID=71978563

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/075657 WO2021196892A1 (en) 2020-04-03 2021-02-05 Biometric identification payment method and apparatus, gateway device and storage medium

Country Status (2)

Country Link
CN (1) CN111539732B (en)
WO (1) WO2021196892A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111539732B (en) * 2020-04-03 2024-02-27 中国银联股份有限公司 Biometric payment method, device, gateway equipment and storage medium
CN112036894B (en) * 2020-09-01 2023-08-18 中国银行股份有限公司 Method and system for identity confirmation by utilizing iris characteristics and action characteristics

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105930765A (en) * 2016-02-29 2016-09-07 中国银联股份有限公司 Payment method and device
WO2019162957A1 (en) * 2018-08-20 2019-08-29 Lad Denikumar Biometric payment transaction without mobile or card
CN110457882A (en) * 2019-07-18 2019-11-15 阿里巴巴集团控股有限公司 A kind of identification pretreatment, personal identification method and system
CN110688974A (en) * 2019-09-30 2020-01-14 支付宝(杭州)信息技术有限公司 Identity recognition method and device
CN111539732A (en) * 2020-04-03 2020-08-14 中国银联股份有限公司 Biological identification payment method, device, gateway equipment and storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200058032A1 (en) * 2018-08-20 2020-02-20 Denikumar Dalpatbhai Lad Biometric Payment Transaction Without Mobile or Card

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105930765A (en) * 2016-02-29 2016-09-07 中国银联股份有限公司 Payment method and device
WO2019162957A1 (en) * 2018-08-20 2019-08-29 Lad Denikumar Biometric payment transaction without mobile or card
CN110457882A (en) * 2019-07-18 2019-11-15 阿里巴巴集团控股有限公司 A kind of identification pretreatment, personal identification method and system
CN110688974A (en) * 2019-09-30 2020-01-14 支付宝(杭州)信息技术有限公司 Identity recognition method and device
CN111539732A (en) * 2020-04-03 2020-08-14 中国银联股份有限公司 Biological identification payment method, device, gateway equipment and storage medium

Also Published As

Publication number Publication date
CN111539732A (en) 2020-08-14
CN111539732B (en) 2024-02-27

Similar Documents

Publication Publication Date Title
US11928678B2 (en) Variable authentication process and system
US11743042B2 (en) Secure remote token release with online authentication
KR102052036B1 (en) Method for obtaining data through searching and merging distributed data stored using blockchain
US20200336315A1 (en) Validation cryptogram for transaction
KR102405042B1 (en) Electronic payment systems and methods
RU2649786C2 (en) Mobile payment device based on biological technology, method and device
US10433128B2 (en) Methods and systems for provisioning multiple devices
RU2595885C2 (en) Method and system using universal identifier and biometric data
JP2020517201A (en) Method for approving card use by using blockchain-based token ID and server using the same {METHOD FOR APPROVING USE OF CARD BY USING BLOCKCHAIN-BASED TOKEN ID AND SERVER USING METHOD}
US20150088746A1 (en) Method and system for implementing financial transactions
US20150142673A1 (en) Methods and systems for token request management
JP2017530586A (en) System and method for authenticating a client to a device
WO2021196892A1 (en) Biometric identification payment method and apparatus, gateway device and storage medium
CN113015992B (en) Cloud token provisioning of multiple tokens
WO2019116052A1 (en) Authentication and authorisation
US20170353436A1 (en) Compromise alert and reissuance
US20210073813A1 (en) A system and method for processing a transaction
BR112021009895A2 (en) method, and, digital assistant device
US11893418B2 (en) Systems for processing a resource event across disparate real-time processing networks
US9639835B2 (en) Method to enable consumers to make purchases at e-Commerce websites using their mobile number
WO2023174091A1 (en) Home-based business startup pre-authentication apparatus and home-based business startup pre-authentication method
KR20190118253A (en) Simple authentication method and system
US20230316270A1 (en) Apparatus, system and method for on-device mutlifactor authentication security
KR100788429B1 (en) Dealings details inspection method
KR102459974B1 (en) System and method for data authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21781285

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21781285

Country of ref document: EP

Kind code of ref document: A1