WO2023142441A1 - Tag-based money receiving qr code payment method and payment device - Google Patents

Tag-based money receiving qr code payment method and payment device Download PDF

Info

Publication number
WO2023142441A1
WO2023142441A1 PCT/CN2022/112826 CN2022112826W WO2023142441A1 WO 2023142441 A1 WO2023142441 A1 WO 2023142441A1 CN 2022112826 W CN2022112826 W CN 2022112826W WO 2023142441 A1 WO2023142441 A1 WO 2023142441A1
Authority
WO
WIPO (PCT)
Prior art keywords
payment
tag
background
code
collection
Prior art date
Application number
PCT/CN2022/112826
Other languages
French (fr)
Chinese (zh)
Inventor
徐智劼
杨阳
秦杰
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2023142441A1 publication Critical patent/WO2023142441A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Definitions

  • the People's Bank of China issued the "Notice of the People's Bank of China on Strengthening the Management of Payment Acceptance Terminals and Related Businesses" and put forward targeted requirements:
  • the Personal collection barcode users with obvious operating characteristics are managed with reference to special merchants, and it is required to provide such individual users with merchant collection barcodes to improve the quality of acquiring services for individual operators;
  • the second is to prohibit the use of personal static collection barcodes in principle
  • the third is to refer to the relevant requirements of the personal static collection barcode for personal dynamic collection barcodes saved by screenshots, downloads, etc., so as to prevent lawbreakers from using personal dynamic collection barcodes to evade policy requirements;
  • the fourth is to require Prudently determine the entry conditions and scale of the personal static collection barcode whitelist, the validity period, number of uses and transaction limits of the personal static collection barcode, and prevent the risk of whitelist abuse.
  • a tag-based collection code payment method executed in a payment device, the method comprising: scanning the collection code to obtain a link; communicating with the collection code based on a short-distance communication Interact with the tag device corresponding to the code to obtain security verification information; and send a payment request to the payment background based on the security verification information.
  • the payment collection code is a static payment collection two-dimensional code
  • the payment device acquires a URL link by scanning the static payment collection two-dimensional code.
  • the tag device is a passive tag.
  • interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information includes: code ID to apply for the security check information from the label device; and receive the security check information including signature data and label certificate from the label device.
  • the two-dimensional code for payment and the two-dimensional code for payment are verified by the label certificate. Signed with a timestamp.
  • sending the payment request to the payment background includes: the payment device uses the signature data and the label certificate to access the URL link ; after the payment background successfully verifies the signature data and the tag certificate, receiving a payment page from the payment background; and sending a payment request on the payment page.
  • the above method may further include: after scanning the payment code and before interacting with the tag device to obtain security verification information, the payment device links to the payment background through the URL Applying for a payment page; and receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static QR code for payment.
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first key
  • the key is formed by dispersing the master key corresponding to the tag device through the background random number.
  • interacting with the tag device corresponding to the payment code based on short-distance communication to obtain security verification information includes: the payment device broadcasting the access token; and After the tag device passes the verification of the access token, a payment credential is received from the tag device.
  • the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographical location information, payment ID, the access token, and the second key through the second key.
  • the time stamp is encrypted, and the second key is formed by dispersing the tag random number generated by the tag device and the background random number with a master key corresponding to the tag device.
  • sending a payment request to the payment background includes: after receiving the payment certificate, sending a payment request to the payment background, wherein , the payment request includes the payment credential.
  • the above method may further include: receiving a payment result from the payment background.
  • the above method may further include: after scanning the collection code, receiving a payment page and tag-related information from the payment background, where the tag-related information includes a tag device MAC and a tag device ID.
  • interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information includes: receiving a broadcast message from the tag device; The tag device MAC and the tag device ID in the broadcast message; after the verification is successful, send a request for payment voucher to the tag device; and receive the payment voucher from the tag device.
  • the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
  • a payment device includes: a scanning device for scanning a collection code to obtain a link; an interaction device for communicating with the payment collection code based on a short-distance communication method
  • the tag device corresponding to the code interacts to obtain security verification information; and the payment request sending device is used to send a payment request to the payment background based on the security verification information.
  • the payment collection code is a static payment collection two-dimensional code
  • the scanning device acquires a URL link by scanning the static payment collection two-dimensional code
  • the tag device is a passive tag.
  • the interaction device is configured to: apply for the security check information from the label device through the two-dimensional code ID attached to the URL link;
  • the tag device receives the security verification information including signature data and tag certificate.
  • the two-dimensional code for payment is verified through the label certificate signed with a timestamp.
  • the payment request sending device is configured to: use the signature data and the label certificate to access the URL link; After the signature data and the tag certificate are successfully received, the payment page is received from the payment background; and a payment request is sent on the payment page.
  • the above payment device may further include: payment page application means, used to pass the URL linking to the payment background to apply for a payment page, and first receiving means for receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static collection QR code .
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first The key is formed by dispersing the master key corresponding to the tag device through the background random number.
  • the interaction device is configured to: broadcast the access token; and after the tag device passes the verification of the access token, from the tag device Receive proof of payment.
  • the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographical location information, payment ID, the access token, and the second key through the second key.
  • Two timestamps are encrypted, wherein the second key is formed by dispersing the tag random number generated by the tag device and the background random number with a master key corresponding to the tag device.
  • the payment request sending means is configured to: after receiving the payment voucher, send a payment request to the payment background, wherein the payment request includes the payment voucher.
  • the above payment device may further include: a second receiving device, configured to receive a payment result from the payment background.
  • the above payment device may further include: a third receiving device, configured to receive the payment page and tag-related information from the payment background after scanning the payment collection code, the tag-related information includes Tag device MAC and tag device ID.
  • the interaction means is configured to: receive a broadcast message from the tag device; verify the tag device MAC and tag device ID in the broadcast message; Thereafter, sending a payment voucher request to the tag device; and receiving a payment voucher from the tag device.
  • the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
  • a passive tag includes: a communication module, used to interact with the aforementioned payment device based on a short-distance communication method; a control module, used to generate security verification information; and an environmental energy conversion module, configured to obtain the energy required by the passive tag through an environmental energy source.
  • control module is configured to: verify the payment receiving QR code ID provided by the payment device; and generate the security verification after the verification is successful information, wherein the security verification information includes signature data and label certificates.
  • the signature data is obtained by the control module signing the payment two-dimensional code and the time stamp through the tag certificate.
  • control module is configured to: verify the access token provided by the payment device; and generate the security verification information after the verification is successful, wherein
  • the security verification information is a payment certificate.
  • the payment credential passes the key to the tag device ID, the payment two-dimensional code ID, geographic location information, payment ID, the access token, and a time stamp Encrypted, wherein the key is formed by dispersing the master key corresponding to the passive tag through tag random numbers and background random numbers.
  • control module is configured to: verify the tag ID and random number provided by the payment device; The device ID and payment account ID are hashed to generate payment credentials.
  • a payment background includes: a payment device interaction module, used to interact with the aforementioned payment device; and a verification module, used to verify the The security verification information provided by the payment device.
  • the verification module is configured to verify the label certificate and signature data provided by the payment device.
  • the payment device interaction module is configured to: return a payment page to the payment device after the verification module succeeds in verification.
  • the payment interaction module is configured to: receive an application for a payment page from the payment device; The access token corresponding to the QR code.
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first The key is formed by dispersing the master key corresponding to the tag device through the background random number.
  • the verification module is configured to verify the payment certificate included in the payment request sent by the payment device.
  • the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and the second key through the second key.
  • Two timestamps are encrypted, wherein the second key is formed by dispersing the tag random number and the background random number with the master key corresponding to the tag device.
  • a computer storage medium includes instructions, and the instructions execute the method as described above when executed.
  • a computer program product including a computer program, and when the computer program is executed by a processor, the aforementioned method is implemented.
  • the tag-based collection code payment scheme of the embodiment of the present invention proposes that after the payment device scans the collection code (such as a static collection QR code), it interacts with the tag device corresponding to the collection code based on a short-distance communication method so that Obtain security verification information. Subsequently, the subsequent payment process is performed based on the security verification information.
  • the tag device such as a passive tag
  • the collection code such as a static collection code
  • the passive tag provided by one or more embodiments of the present invention can collect radio waves transmitted from the network side, capture and collect energy, and complete corresponding calculation and transmission tasks without requiring additional batteries or external power supplies.
  • Fig. 1 shows a schematic flow diagram of a tag-based collection code payment method executed in a payment device according to an embodiment of the present invention
  • Fig. 2 shows a schematic structural diagram of a payment device according to an embodiment of the present invention
  • Fig. 3 shows a schematic structural diagram of a passive tag according to an embodiment of the present invention
  • Fig. 4 shows a schematic structural diagram of a payment background according to an embodiment of the present invention
  • Fig. 5 shows the architecture diagram of the static collection code security payment system based on passive tags according to an embodiment of the present invention
  • Fig. 6 shows a schematic diagram of a passive tag-based static payment code security payment method according to an embodiment of the present invention
  • Figure 7 shows a schematic diagram of a passive tag-based static payment code security payment method according to another embodiment of the present invention.
  • Fig. 8 shows a schematic diagram of a passive tag-based static payment code secure payment method according to yet another embodiment of the present invention.
  • Fig. 1 shows a schematic flow chart of a tag-based collection code payment method 1000 executed in a payment device according to an embodiment of the present invention. As shown in Figure 1, the method 1000 includes the following steps:
  • step S110 scan the payment code to obtain the link
  • step S120 interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information
  • step S130 based on the security verification information, a payment request is sent to the payment background.
  • the payment device refers to a device with a payment function, which can scan a collection code (such as a static collection QR code) to perform a subsequent payment process.
  • the payment device may be a smart phone, smart watch, IPAD, etc.
  • the payment collection code may be a static payment collection two-dimensional code, and the payment device acquires a URL link by scanning the static payment collection two-dimensional code.
  • URL is the abbreviation of uniform resource locator, which means Uniform Resource Locator System, which is a representation method for specifying the location of information on the Internet's World Wide Web service program.
  • Using URL links can describe various information resources in a unified format, including files, server addresses and directories, etc.
  • the format of the URL can be composed of the following three parts: the first part is the protocol (or service method); the second part is the host IP address (sometimes including the port number) where the resource is stored; the third part is the specific address of the host resource , such as directory and file names, etc.
  • the first part and the second part are separated by a "://" symbol, and the second part and the third part are separated by a "/" symbol.
  • the first and second parts are indispensable, and the third part can sometimes be omitted.
  • the tag device is a passive tag.
  • a passive tag can also be referred to as a passive IoT tag, which does not have a built-in battery.
  • the so-called "passive Internet of Things” is essentially passive terminal nodes. They do not have power lines and built-in batteries, but obtain energy from the environment.
  • the Internet of Things based on wireless electromagnetic energy capture technology
  • the passive Internet of Things The terminal captures and collects energy by collecting radio waves emitted from the network side, so as to complete data collection, transmission and distributed computing.
  • a tag device corresponds to a payment device.
  • the tag device when the payment device is outside a certain range, the tag device is in a passive state, and when it is within a certain range of the payment device, the tag device sends radio frequency energy from the payment device (for example, transmitted from the network side) The power it needs to work is extracted from radio waves).
  • step S120 interact with the tag device corresponding to the payment code based on the short-distance communication method.
  • the "short-range communication method” may include, but not limited to, low-power short-range communication methods such as bluetooth and wifi.
  • the tag device can verify the information provided by the payment device (or payment terminal) (such as the payment QR code ID, access token, etc.) to provide the payment device with "security verification information" , used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
  • the payment device or payment terminal
  • security verification information used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
  • step S120 includes: applying for the security verification information from the tag device through the payment collection QR code ID attached to the URL link; and receiving the signature data and tag certificate from the tag device The security verification information of .
  • the signature data is obtained by the label device signing the payment two-dimensional code and time stamp through the label certificate when the verification of the payment two-dimensional code is successful.
  • step S130 includes: the payment device uses the signature data and the label certificate to access the URL link; after the payment background verifies the signature data and the label certificate successfully, Receive a payment page (such as an H5 page) from the payment background; and send a payment request on the payment page.
  • a payment page such as an H5 page
  • the above method 1000 may further include between step S110 and step S120: the payment device applies for a payment page to the payment background through the URL link; And receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static payment collection QR code.
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is encrypted with the background random number It is formed by dispersing the master key corresponding to the tag device.
  • the key distribution algorithm can be used for the distribution operation of the master key.
  • the so-called key distribution algorithm means that a double-length (one length key is 8 bytes) master key (MK) is used to disperse the data, and a double-length DES encryption key (DK) is derived. This algorithm is widely used in current financial IC cards and other industries with high security requirements.
  • the DK derivation process is as follows: First, the left half of the DK is derived.
  • the specific method is: 1. Use the rightmost 8 bytes of the scattered data as input data; 2. Use MK as the encryption key; 3. Use MK to input data Perform 3DES operation to get the left half of DK.
  • deduce the right half of DK the specific method is as follows: 1. Invert the rightmost 8 bytes of the scattered data as the input data; 2. Use MK as the encryption key; 3. Use MK to perform 3DES operation on the input data , get the right half of DK.
  • the 8 bytes of the left and right parts of the DK are combined into a double-length DK key, which is the 3DES key to be used obtained by dispersion.
  • step S120 includes: the payment device broadcasting the access token; and receiving a payment certificate from the tag device after the tag device passes the verification of the access token.
  • the payment credential is formed by encrypting the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and a second time stamp with a second key
  • the second key is formed by dispersing the tag random number generated by the tag device and the background random number into a master key corresponding to the tag device.
  • the key distribution algorithm as mentioned above can be used for the distribution operation of the master key.
  • step S130 includes: after receiving the payment voucher, sending a payment request to the payment background, wherein the payment request includes the payment voucher.
  • the above method 1000 may further include: receiving a payment result from the payment background.
  • the above method 1000 may further include: after scanning the collection code, receiving the payment page and label-related information from the payment background, the label-related information includes label device MAC and label device ID and other information.
  • step S120 includes: receiving a broadcast message (for example, including a tag ID and a random number, etc.) from the tag device; verifying the tag device MAC and tag device ID in the broadcast message; Afterwards, sending a payment voucher request (for example, including information such as tag ID, random number, payment device ID, payment account ID, etc.) to the tag device; and receiving a payment voucher from the tag device.
  • a broadcast message for example, including a tag ID and a random number, etc.
  • a payment voucher request for example, including information such as tag ID, random number, payment device ID, payment account ID, etc.
  • each implementation can be implemented by means of software plus a necessary general-purpose hardware platform, and of course can also be implemented by hardware.
  • the above-mentioned technical solution essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, and the computer-readable record A medium includes any mechanism for storing or transmitting information in a form readable by a computer (eg, a computer).
  • a machine-readable medium includes, for example, read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash storage media, electronic, optical, acoustic, or other forms of propagated signals (e.g., carrier waves). , infrared signal, digital signal, etc.), the computer software product includes several instructions to make a computer device (which can be a personal computer, server, or network device, etc.) execute various embodiments or some parts of the embodiments Methods.
  • ROM read-only memory
  • RAM random-access memory
  • magnetic disk storage media e.g., magnetic disk storage media, optical storage media, flash storage media, electronic, optical, acoustic, or other forms of propagated signals (e.g., carrier waves).
  • infrared signal, digital signal, etc. the computer software product includes several instructions to make a computer device (which can be a personal computer, server, or network device, etc.) execute various embodiments or some parts of the embodiments Methods.
  • Fig. 2 shows a schematic structural diagram of a payment device 2000 according to an embodiment of the present invention.
  • the payment device 2000 includes a scanning device 210 , an interaction device 220 and a payment request sending device 230 .
  • the scanning device 210 is used to scan the payment code to obtain the link;
  • the interaction device 220 is used to interact with the label device corresponding to the payment code based on the short-distance communication method to obtain security verification information; and the payment request is sent to
  • the device 230 is configured to send a payment request to the payment background based on the security verification information.
  • the payment device refers to a device with a payment function, which can scan a collection code (such as a static collection QR code) to perform a subsequent payment process.
  • the payment device may be a smart phone, smart watch, IPAD, etc.
  • the scanning device 210 is used to scan the payment code to obtain a link, wherein the payment code may be a static payment two-dimensional code, and the payment device scans the static payment two-dimensional code to Get the URL link.
  • URL is the abbreviation of uniform resource locator, which means Uniform Resource Locator System, which is a representation method for specifying the location of information on the Internet's World Wide Web service program.
  • the use of URL links can describe various information resources in a unified format, including files, addresses and directories of servers, and so on.
  • the format of the URL can be composed of the following three parts: the first part is the protocol (or service method); the second part is the host IP address (sometimes including the port number) where the resource is stored; the third part is the specific address of the host resource , such as directory and file names, etc.
  • the first part and the second part are separated by a "://" symbol, and the second part and the third part are separated by a "/" symbol.
  • the first and second parts are indispensable, and the third part can sometimes be omitted.
  • the tag device is a passive tag.
  • a passive tag can also be referred to as a passive IoT tag, which does not have a built-in battery.
  • the so-called "passive Internet of Things” is essentially passive terminal nodes. They do not have power lines and built-in batteries, but obtain energy from the environment.
  • the Internet of Things based on wireless electromagnetic energy capture technology
  • Passive Internet of Things The terminal captures and collects energy by collecting radio waves emitted from the network side, so as to complete data collection, transmission and distributed computing.
  • a tag device corresponds to a payment device.
  • the tag device when the payment device is outside a certain range, the tag device is in a passive state, and when it is within a certain range of the payment device, the tag device sends radio frequency energy from the payment device (for example, transmitted from the network side) The power it needs to work is extracted from radio waves).
  • the interaction device 220 is configured to interact with the label device corresponding to the payment code based on the short-distance communication method to obtain security verification information.
  • the "short-range communication method” may include, but not limited to, low-power short-range communication methods such as bluetooth and wifi.
  • the tag device can verify the information provided by the payment device (or payment terminal) (such as the payment QR code ID, access token, etc.) to provide the payment device with "security verification information" , used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
  • the payment device or payment terminal
  • security verification information used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
  • the interaction device 220 is configured to: apply for the security verification information from the label device through the payment two-dimensional code ID attached to the URL link; and receive a signature from the label device.
  • the security verification information of data and tag certificates is configured to: apply for the security verification information from the label device through the payment two-dimensional code ID attached to the URL link; and receive a signature from the label device.
  • the security verification information of data and tag certificates is configured to: apply for the security verification information from the label device through the payment two-dimensional code ID attached to the URL link.
  • the signature data may be obtained by the label device signing the payment two-dimensional code and the time stamp through the label certificate when the verification of the payment two-dimensional code is successful.
  • the payment request sending device 230 is configured to: use the signature data and the label certificate to access the URL link; verify the signature data and the label certificate in the payment background After success, receive a payment page from the payment background; and send a payment request on the payment page.
  • the above-mentioned payment device 2000 may further include: payment page application means 240, configured to pass the URL link to apply for a payment page from the payment background, and the first receiving means 250 is configured to receive the payment page from the payment background, wherein the payment page carries an access token corresponding to the static payment two-dimensional code Card.
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password is formed by encrypting information such as the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is distributed with the background random number.
  • the master key corresponding to the tag device is formed.
  • the key distribution algorithm can be used for the distribution operation of the master key.
  • the so-called key distribution algorithm means that a double-length (one length key is 8 bytes) master key (MK) is used to disperse the data, and a double-length DES encryption key (DK) is derived. This algorithm is widely used in current financial IC cards and other industries with high security requirements.
  • the DK derivation process is as follows: First, the left half of the DK is derived.
  • the specific method is: 1. Use the rightmost 8 bytes of the scattered data as input data; 2. Use MK as the encryption key; 3. Use MK to input data Perform 3DES operation to get the left half of DK.
  • deduce the right half of DK the specific method is as follows: 1. Invert the rightmost 8 bytes of the scattered data as the input data; 2. Use MK as the encryption key; 3. Use MK to perform 3DES operation on the input data , get the right half of DK.
  • the 8 bytes of the left and right parts of the DK are combined into a double-length DK key, which is the 3DES key to be used obtained by dispersion.
  • the interaction device 220 is configured to: broadcast the access token; and receive a payment credential from the tag device after the tag device passes the verification of the access token.
  • the payment credential can be formed by encrypting information such as the tag device ID, the payment two-dimensional code ID, the geographic location information, the payment ID, the access token, and the second time stamp through the second key, wherein The second key is formed by dispersing the tag random number generated by the tag device and the background random number into a master key corresponding to the tag device.
  • the above-mentioned key distribution algorithm may be used for the distribution operation of the master key, so details will not be repeated here.
  • the payment request sending means 230 may be configured to: after receiving the payment credential, send a payment request to the payment background, wherein the payment request includes the payment credential.
  • the above-mentioned payment device 2000 may further include: a second receiving means 260, configured to receive a payment result from the payment background.
  • the above-mentioned payment device 2000 may further include: a third receiving means 270, configured to receive the payment page and label-related information from the payment background after scanning the collection code, the label
  • the relevant information includes tag device MAC and tag device ID and other information.
  • the interaction device 220 may be configured to: receive a broadcast message (for example, including a tag ID and a random number, etc.) from the tag device; check the tag device MAC and the tag device ID in the broadcast message; After the verification is successful, send a payment credential request (for example, including tag device ID, random number, payment device ID, payment account ID, etc.) to the tag device; and receive a payment credential from the tag device.
  • a broadcast message for example, including a tag ID and a random number, etc.
  • a payment credential request for example, including tag device ID, random number, payment device ID, payment account ID, etc.
  • Fig. 3 shows a schematic structural diagram of a passive tag 3000 according to an embodiment of the present invention.
  • the passive tag 3000 includes: a communication module 310 , a control module 320 and an environmental energy conversion module 330 .
  • the communication module 310 is used to interact with the payment device based on short-distance communication;
  • the control module 320 is used to generate security verification information; energy.
  • the passive tag 3000 provides security verification services for payment devices when scanning offline static QR codes for payment.
  • the communication module 310 is responsible for communication with payment devices, including but not limited to low-power short-distance communication methods such as bluetooth and wifi.
  • the control module 320 is responsible for access token verification, payment credential generation and storage calculation of payment-related keys.
  • the environmental energy conversion module 330 obtains the required power through a variety of environmental energy sources (micro-light energy, temperature gradient, radio frequency, vibration, etc.), and the micro-energy management chip optimizes and stores the collected energy to solve the self-power supply problem of the device.
  • control module 320 is configured to: verify the payment collection QR code ID provided by the payment device; and generate the security verification information after the verification is successful, wherein the security verification Information includes signed data as well as tag certificates.
  • the signature data is obtained by the control module 320 signing the payment two-dimensional code and the time stamp through the label certificate.
  • control module 320 is configured to: verify the access token provided by the payment device; and generate the security verification information after the verification is successful, wherein the security verification information is a payment certificate.
  • the payment credential is formed by encrypting the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and time stamp with a key, wherein the key is randomly generated by the tag. number and the background random number are formed by dispersing the master key corresponding to the passive tag.
  • Fig. 4 shows a schematic structural diagram of a payment background 4000 according to an embodiment of the present invention.
  • the payment background 4000 includes: a payment device interaction module 410 and a verification module 420 .
  • the payment device interaction module 410 is used to interact with the payment device; and the verification module 420 is used to verify the security verification information provided by the payment device.
  • the verification module 420 is configured to verify the tag certificate and signature data provided by the payment device.
  • the payment device interaction module 410 is configured to: return a payment page to the payment device after the verification module succeeds in verification.
  • the payment interaction module 410 is configured to: receive an application for a payment page from the payment device; and return to the payment page, wherein the payment page carries an access code corresponding to the static payment QR code token.
  • the access token includes a background random number in plain text and an access password in cipher text.
  • the access password can be formed, for example, by encrypting information such as the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is distributed with the background random number.
  • the master key corresponding to the tag device is formed.
  • the verification module 420 is configured to verify the payment credential included in the payment request sent by the payment device.
  • the payment credential is formed by encrypting information such as the tag device ID, the payment two-dimensional code ID, the geographic location information, the payment ID, the access token, and the second time stamp with the second key, wherein the The second key is formed by dispersing the tag random number and the background random number with the master key corresponding to the tag device.
  • the device embodiments described above are only illustrative, and the modules described as separate components may not be physically separated, that is, they may be located in one place, or may be distributed to multiple network modules. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.
  • Fig. 5 shows a structure diagram of a passive tag-based static payment code security payment system according to an embodiment of the present invention.
  • the static payment code security payment system based on passive tags can be composed of four parts: passive micro tags, payment QR codes, payment equipment and payment background.
  • the passive micro-tag can include, for example, a communication module, an MCU module (control module) and a radio wave energy conversion module, and the payment device provides security verification services when scanning offline static QR codes for payment.
  • the communication module is responsible for communication with payment devices, including but not limited to low-power short-distance communication methods such as Bluetooth and wifi; the MCU module is responsible for access token verification, payment voucher generation, and storage and calculation of payment-related keys; environmental energy conversion The module obtains the required power through a variety of environmental energy sources (micro-light energy, temperature gradient, radio frequency, vibration, etc.), and the micro-energy management chip optimizes and stores the collected energy to solve the self-power supply problem of the device.
  • the payment QR code is an offline static QR code, which is responsible for providing the payment URL link; the payment device, such as a mobile phone, provides payment services for users; the payment background is responsible for verifying the payment certificate and completing the transaction.
  • Fig. 6 shows a schematic diagram of a passive tag-based static payment code secure payment method according to an embodiment of the present invention.
  • the static payment code security payment method based on passive tags refers to the introduction of passive IoT tags on the basis of the original offline static QR code collection scheme, and the interaction between passive IoT tags and payment devices to ensure The on-site static QR code is used on-site and used remotely without being photographed, which improves payment security, ensures the authenticity of transaction information, improves the effect of risk monitoring, and then empowers and adds value to business activities through payment services.
  • the passive tag-based static payment code security payment method may include the following steps:
  • the payment device scans the payment QR code to obtain the URL link
  • the payment device applies for a tag certificate to the passive tag through broadcasting through the payment receiving QR code ID attached to the URL;
  • the tag verifies whether the payment QR code ID is correct, and if the verification is successful, it signs the receipt (QR code ID+time stamp) on the tag certificate, and returns the signature data and the tag certificate;
  • the payment device carries the signature data + label certificate to access the corresponding URL link;
  • Fig. 7 shows a schematic diagram of a passive tag-based static payment code secure payment method according to another embodiment of the present invention. This embodiment can deal with scenarios with higher security.
  • the passive tag-based static collection code security payment method may include the following steps:
  • the payment device scans the payment QR code to obtain the URL link
  • the payment device applies for the H5 payment interface to the payment background through the URL;
  • the payment background returns to the H5 interface, and carries the passive tag access token corresponding to the payment QR code: background random number (plain text)+access password ((passive tag ID+time stamp 1+payment order number+payment device ID), the ciphertext is formed by encrypting the key 1 formed by the master key corresponding to the label through the background random number dispersion master key);
  • the payment device broadcasts the passive tag access token.
  • the passive micro tag After the passive micro tag receives the access token, it generates the key 1 through the background random number in the plain text, and after decrypting the cipher text, it checks whether the passive tag ID is consistent with itself. , Whether the timestamp 1 is within the valid time (refer to setting within 5S of the current time);
  • a tag random number is generated and a payment credential key is generated (formed by tag random number + background random number disperse master key), encrypted by key 2 (passive tag ID, payment QR code ID , geographic location information, payment device ID, current access token, time stamp 2 and other information) return to the payment device;
  • the user enters the payment amount on the payment device, and submits the payment order with the payment amount, merchant number, payment order and other information;
  • the payment background checks whether the payment certificate is valid, and completes the payment deduction.
  • Fig. 8 shows a schematic diagram of a passive tag-based static payment code secure payment method according to yet another embodiment of the present invention.
  • the static payment code security payment method based on passive tags may include the following steps:
  • the user scans the payment QR code on the payment device (such as a payment APP) to obtain the URL, and applies for information such as the payment interface, tag ID, and tag MAC;
  • the payment device such as a payment APP
  • the payment device or APP calls the Bluetooth of the mobile phone to enter the monitoring mode
  • the Internet of Things tag bound to the collection terminal broadcasts tag information (including tag ID and random number, etc.) at regular intervals;
  • the payment device receives the tag broadcast information, verifies the tag MAC and tag ID, and sends the tag device ID, random number, payment device ID, payment account ID and other information to the IoT tag after the verification is successful, and applies for a payment certificate.
  • the Internet of Things tag device verifies the tag device ID and random number, and if the verification is successful, it performs a hash operation on the tag device ID, payment device ID, payment account ID and other information to obtain a face-to-face payment certificate and returns it to the payment device;
  • the payment device sends the payment bill and payment voucher to the payment background;
  • the payment service platform verifies the face-to-face payment voucher and completes the payment
  • the payment service platform returns the payment result to the payment APP.
  • the label-based collection code payment scheme of the embodiment of the present invention proposes that after the payment device scans the collection code (such as a static collection QR code), the label device corresponding to the collection code based on the short-distance communication method Interact to obtain security verification information. Subsequently, the subsequent payment process is performed based on the security verification information.
  • the tag device such as a passive tag
  • the collection code such as a static collection code
  • the passive tags provided by one or more embodiments of the present invention can collect radio waves transmitted from the network side, capture and collect energy, and complete corresponding calculation and transmission tasks without requiring additional batteries or external power supplies.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a tag-based money receiving QR code payment method executed in a payment device. The method comprises: scanning a money receiving QR code, so as to obtain a link; interacting with a tag apparatus on the basis of a short-distance communication mode so as to obtain security verification information; and sending a payment request to a payment background on the basis of the security verification information. The present invention also relates to a payment device, a passive tag, a payment background, a computer storage medium, and a computer program product.

Description

基于标签的收款码支付方法以及支付设备Tag-based collection code payment method and payment device 技术领域technical field
本申请要求中国专利申请(申请号:202210111031.9)的优先权,并且本申请涉及收款码支付领域,更具体地,涉及一种在支付设备中执行的基于标签的收款码支付方法、支付设备、无源标签、支付后台、计算机存储介质以及计算机程序产品。This application claims the priority of the Chinese patent application (Application No.: 202210111031.9), and this application relates to the field of collection code payment, and more specifically, relates to a tag-based collection code payment method executed in a payment device, and a payment device , passive tags, payment background, computer storage media and computer program products.
背景技术Background technique
近年来,个人收款条码得到广泛运用,有效满足了社会公众的个性化、多样化支付需求,提高了小微经济、地摊经济的资金收付效率。但与此同时,个人收款条码也存在一些风险隐患。部分机构使用个人收款条码转账业务办理大量生产经营、生活消费交易,既混淆了交易性质,导致交易信息失真,影响风险监测效果,也不利于借助支付服务为经营活动赋能增值。In recent years, personal payment barcodes have been widely used, effectively meeting the individualized and diversified payment needs of the public, and improving the efficiency of fund collection and payment for small and micro economies and street stall economies. But at the same time, personal payment barcodes also have some hidden risks. Some institutions use the personal collection barcode transfer business to handle a large number of production, operation and daily consumption transactions, which not only confuses the nature of the transaction, leads to distortion of transaction information, affects the effect of risk monitoring, but also does not facilitate the use of payment services to empower and add value to business activities.
为在防范风险的前提下更好发挥收款条码的普惠性、便利性,中国人民银行颁发了《中国人民银行关于加强支付受理终端及相关业务管理的通知》提出针对性要求:一是对具有明显经营特征的个人收款条码用户参照特约商户管理,要求为此类个人用户提供商户收款条码,提升对个人经营者的收单服务质量;二是要求个人静态收款条码原则上禁止用于远程非面对面收款;三是对通过截屏、下载等方式保存的个人动态收款条码参照执行个人静态收款条码有关要求,以防止不法分子借助个人动态收款条码规避政策要求;四是要求审慎确定个人静态收款条码白名单准入条件与规模、个人静态收款条码的有效期、使用次数和交易限额,防范白名单滥用风险。In order to make better use of the inclusiveness and convenience of payment collection barcodes under the premise of preventing risks, the People's Bank of China issued the "Notice of the People's Bank of China on Strengthening the Management of Payment Acceptance Terminals and Related Businesses" and put forward targeted requirements: First, the Personal collection barcode users with obvious operating characteristics are managed with reference to special merchants, and it is required to provide such individual users with merchant collection barcodes to improve the quality of acquiring services for individual operators; the second is to prohibit the use of personal static collection barcodes in principle The third is to refer to the relevant requirements of the personal static collection barcode for personal dynamic collection barcodes saved by screenshots, downloads, etc., so as to prevent lawbreakers from using personal dynamic collection barcodes to evade policy requirements; the fourth is to require Prudently determine the entry conditions and scale of the personal static collection barcode whitelist, the validity period, number of uses and transaction limits of the personal static collection barcode, and prevent the risk of whitelist abuse.
但是,在现有技术中,并没有有效地对线下静态二维码被滥用/远程使用的进行防范的方案。However, in the prior art, there is no effective solution to prevent the abuse/remote use of offline static QR codes.
发明内容Contents of the invention
根据本发明的一方面,提供了一种在支付设备中执行的基于标签的收款码支付方法,所述方法包括:扫描收款码,以便获取链接;基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及基于所述安全校验信息,向支付后台上送支付请求。According to one aspect of the present invention, there is provided a tag-based collection code payment method executed in a payment device, the method comprising: scanning the collection code to obtain a link; communicating with the collection code based on a short-distance communication Interact with the tag device corresponding to the code to obtain security verification information; and send a payment request to the payment background based on the security verification information.
作为上述方案的补充或替换,在上述方法中,所述收款码为静态收款二维码,并且所述支付设备通过扫描所述静态收款二维码而获取URL链接。As a supplement or an alternative to the above solution, in the above method, the payment collection code is a static payment collection two-dimensional code, and the payment device acquires a URL link by scanning the static payment collection two-dimensional code.
作为上述方案的补充或替换,在上述方法中,所述标签装置为无源标签。As a supplement or alternative to the above solution, in the above method, the tag device is a passive tag.
作为上述方案的补充或替换,在上述方法中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及从所述标签装置接收包括签名数据和标签证书的所述安全校验信息。As a supplement or alternative to the above solution, in the above method, interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information includes: code ID to apply for the security check information from the label device; and receive the security check information including signature data and label certificate from the label device.
作为上述方案的补充或替换,在上述方法中,所述签名数据由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行签名而得。As a supplement or an alternative to the above solution, in the above method, when the signature data is successfully verified by the label device on the payment two-dimensional code, the two-dimensional code for payment and the two-dimensional code for payment are verified by the label certificate. Signed with a timestamp.
作为上述方案的补充或替换,在上述方法中,基于所述安全校验信息,向支付后台上送支付请求包括:所述支付设备利用所述签名数据和所述标签证书来访问所述URL链接;在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面;以及在所述支付页面上送支付请求。As a supplement or alternative to the above solution, in the above method, based on the security verification information, sending the payment request to the payment background includes: the payment device uses the signature data and the label certificate to access the URL link ; after the payment background successfully verifies the signature data and the tag certificate, receiving a payment page from the payment background; and sending a payment request on the payment page.
作为上述方案的补充或替换,上述方法还可包括:在扫描收款码之后,并且在与标签装置进行交互从而获取安全校验信息之前,所述支付设备通过所述URL链接向所述支付后台申请支付页面;以及从所述支付后台接收所述支付页面,其中,所述支付页面携带与所述静 态收款二维码对应的访问令牌。As a supplement or alternative to the above solution, the above method may further include: after scanning the payment code and before interacting with the tag device to obtain security verification information, the payment device links to the payment background through the URL Applying for a payment page; and receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static QR code for payment.
作为上述方案的补充或替换,在上述方法中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。As a supplement or alternative to the above solution, in the above method, the access token includes a background random number in plain text and an access password in cipher text.
作为上述方案的补充或替换,在上述方法中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。As a supplement or alternative to the above solution, in the above method, the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first key The key is formed by dispersing the master key corresponding to the tag device through the background random number.
作为上述方案的补充或替换,在上述方法中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:所述支付设备广播所述访问令牌;以及在所述标签装置对所述访问令牌校验通过后,从所述标签装置接收支付凭证。As a supplement or alternative to the above solution, in the above method, interacting with the tag device corresponding to the payment code based on short-distance communication to obtain security verification information includes: the payment device broadcasting the access token; and After the tag device passes the verification of the access token, a payment credential is received from the tag device.
作为上述方案的补充或替换,在上述方法中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。As a supplement or an alternative to the above solution, in the above method, the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographical location information, payment ID, the access token, and the second key through the second key. The time stamp is encrypted, and the second key is formed by dispersing the tag random number generated by the tag device and the background random number with a master key corresponding to the tag device.
作为上述方案的补充或替换,在上述方法中,基于所述安全校验信息,向支付后台上送支付请求包括:在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求包括所述支付凭证。As a supplement or alternative to the above solution, in the above method, based on the security verification information, sending a payment request to the payment background includes: after receiving the payment certificate, sending a payment request to the payment background, wherein , the payment request includes the payment credential.
作为上述方案的补充或替换,上述方法还可包括:从所述支付后台接收支付结果。As a supplement or alternative to the above solution, the above method may further include: receiving a payment result from the payment background.
作为上述方案的补充或替换,上述方法还可包括:在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID。As a supplement or alternative to the above solution, the above method may further include: after scanning the collection code, receiving a payment page and tag-related information from the payment background, where the tag-related information includes a tag device MAC and a tag device ID.
作为上述方案的补充或替换,在上述方法中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:从所述标签装置接收广播消息;校验所述广播消息中的标签装置MAC和标签装置ID;在校验成功后,向所述标签装置发送支付凭证 请求;以及从所述标签装置接收支付凭证。As a supplement or alternative to the above solution, in the above method, interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information includes: receiving a broadcast message from the tag device; The tag device MAC and the tag device ID in the broadcast message; after the verification is successful, send a request for payment voucher to the tag device; and receive the payment voucher from the tag device.
作为上述方案的补充或替换,在上述方法中,所述支付凭证请求包括标签装置ID、所述广播消息中包含的随机数、支付设备ID以及支付账户ID。As a supplement or alternative to the above solution, in the above method, the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
根据本发明的另一方面,提供了一种支付设备,所述支付设备包括:扫描装置,用于扫描收款码,以便获取链接;交互装置,用于基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及支付请求上送装置,用于基于所述安全校验信息,向支付后台上送支付请求。According to another aspect of the present invention, a payment device is provided, and the payment device includes: a scanning device for scanning a collection code to obtain a link; an interaction device for communicating with the payment collection code based on a short-distance communication method The tag device corresponding to the code interacts to obtain security verification information; and the payment request sending device is used to send a payment request to the payment background based on the security verification information.
作为上述方案的补充或替换,在上述支付设备中,所述收款码为静态收款二维码,并且所述扫描装置通过扫描所述静态收款二维码而获取URL链接。As a supplement or an alternative to the above solution, in the above payment device, the payment collection code is a static payment collection two-dimensional code, and the scanning device acquires a URL link by scanning the static payment collection two-dimensional code.
作为上述方案的补充或替换,在上述支付设备中,所述标签装置为无源标签。As a supplement or alternative to the above solution, in the above payment device, the tag device is a passive tag.
作为上述方案的补充或替换,在上述支付设备中,所述交互装置配置成:通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及从所述标签装置接收包括签名数据和标签证书的所述安全校验信息。As a supplement or an alternative to the above solution, in the above payment device, the interaction device is configured to: apply for the security check information from the label device through the two-dimensional code ID attached to the URL link; The tag device receives the security verification information including signature data and tag certificate.
作为上述方案的补充或替换,在上述支付设备中,所述签名数据由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行签名而得。As a supplement or alternative to the above solution, in the above payment device, when the signature data is successfully verified by the label device on the two-dimensional code for payment, the two-dimensional code for payment is verified through the label certificate signed with a timestamp.
作为上述方案的补充或替换,在上述支付设备中,所述支付请求上送装置配置成:利用所述签名数据和所述标签证书来访问所述URL链接;在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面;以及在所述支付页面上送支付请求。As a supplement or alternative to the above solution, in the above payment device, the payment request sending device is configured to: use the signature data and the label certificate to access the URL link; After the signature data and the tag certificate are successfully received, the payment page is received from the payment background; and a payment request is sent on the payment page.
作为上述方案的补充或替换,上述支付设备还可包括:支付页面申请装置,用于在所述扫描装置扫描收款码之后,并且在所述交互装置与标签装置进行交互之前,通过所述URL链接向所述支付后台申 请支付页面,以及第一接收装置,用于从所述支付后台接收所述支付页面,其中,所述支付页面携带与所述静态收款二维码对应的访问令牌。As a supplement or alternative to the above solution, the above payment device may further include: payment page application means, used to pass the URL linking to the payment background to apply for a payment page, and first receiving means for receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static collection QR code .
作为上述方案的补充或替换,在上述支付设备中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。As a supplement or alternative to the above solution, in the above payment device, the access token includes a background random number in plain text and an access password in cipher text.
作为上述方案的补充或替换,在上述支付设备中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。As a supplement or alternative to the above solution, in the above payment device, the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first The key is formed by dispersing the master key corresponding to the tag device through the background random number.
作为上述方案的补充或替换,在上述支付设备中,所述交互装置配置成:广播所述访问令牌;以及在所述标签装置对所述访问令牌校验通过后,从所述标签装置接收支付凭证。As a supplement or alternative to the above solution, in the above payment device, the interaction device is configured to: broadcast the access token; and after the tag device passes the verification of the access token, from the tag device Receive proof of payment.
作为上述方案的补充或替换,在上述支付设备中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。As a supplement or alternative to the above solution, in the above payment device, the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographical location information, payment ID, the access token, and the second key through the second key. Two timestamps are encrypted, wherein the second key is formed by dispersing the tag random number generated by the tag device and the background random number with a master key corresponding to the tag device.
作为上述方案的补充或替换,在上述支付设备中,所述支付请求上送装置配置成:在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求包括所述支付凭证。As a supplement or alternative to the above solution, in the above payment device, the payment request sending means is configured to: after receiving the payment voucher, send a payment request to the payment background, wherein the payment request includes the payment voucher.
作为上述方案的补充或替换,上述支付设备还可包括:第二接收装置,用于从所述支付后台接收支付结果。As a supplement or alternative to the above solution, the above payment device may further include: a second receiving device, configured to receive a payment result from the payment background.
作为上述方案的补充或替换,上述支付设备还可包括:第三接收装置,用于在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID。As a supplement or alternative to the above solution, the above payment device may further include: a third receiving device, configured to receive the payment page and tag-related information from the payment background after scanning the payment collection code, the tag-related information includes Tag device MAC and tag device ID.
作为上述方案的补充或替换,在上述支付设备中,所述交互装置配置成:从所述标签装置接收广播消息;校验所述广播消息中的标签 装置MAC和标签装置ID;在校验成功后,向所述标签装置发送支付凭证请求;以及从所述标签装置接收支付凭证。As a supplement or alternative to the above solution, in the above payment device, the interaction means is configured to: receive a broadcast message from the tag device; verify the tag device MAC and tag device ID in the broadcast message; Thereafter, sending a payment voucher request to the tag device; and receiving a payment voucher from the tag device.
作为上述方案的补充或替换,在上述支付设备中,所述支付凭证请求包括标签装置ID、所述广播消息中包含的随机数、支付设备ID以及支付账户ID。As a supplement or alternative to the above solution, in the above payment device, the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
根据本发明的又一个方面,提供了一种无源标签,所述无源标签包括:通讯模块,用于基于短距离通信方式与如前所述的支付设备进行交互;控制模块,用于生成安全校验信息;以及环境能量转换模块,用于通过环境能量源获取所述无源标签所需的能量。According to still another aspect of the present invention, a passive tag is provided, and the passive tag includes: a communication module, used to interact with the aforementioned payment device based on a short-distance communication method; a control module, used to generate security verification information; and an environmental energy conversion module, configured to obtain the energy required by the passive tag through an environmental energy source.
作为上述方案的补充或替换,在上述无源标签中,所述控制模块配置成:校验所述支付设备提供的收款二维码ID;以及在校验成功后,生成所述安全校验信息,其中所述安全校验信息包括签名数据以及标签证书。As a supplement or replacement for the above solution, in the above passive tag, the control module is configured to: verify the payment receiving QR code ID provided by the payment device; and generate the security verification after the verification is successful information, wherein the security verification information includes signature data and label certificates.
作为上述方案的补充或替换,在上述无源标签中,所述签名数据由所述控制模块通过所述标签证书对所述收款二维码和时间戳进行签名而得。As a supplement or an alternative to the above solution, in the above passive tag, the signature data is obtained by the control module signing the payment two-dimensional code and the time stamp through the tag certificate.
作为上述方案的补充或替换,在上述无源标签中,所述控制模块配置成:校验所述支付设备提供的访问令牌;以及在校验成功后,生成所述安全校验信息,其中所述安全校验信息为支付凭证。As a supplement or alternative to the above solution, in the above passive tag, the control module is configured to: verify the access token provided by the payment device; and generate the security verification information after the verification is successful, wherein The security verification information is a payment certificate.
作为上述方案的补充或替换,在上述无源标签中,所述支付凭证通过密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及时间戳进行加密而成,其中所述密钥通过标签随机数以及后台随机数对与所述无源标签对应的主密钥进行分散而成。As a supplement or alternative to the above scheme, in the above passive tag, the payment credential passes the key to the tag device ID, the payment two-dimensional code ID, geographic location information, payment ID, the access token, and a time stamp Encrypted, wherein the key is formed by dispersing the master key corresponding to the passive tag through tag random numbers and background random numbers.
作为上述方案的补充或替换,在上述无源标签中,所述控制模块配置成:校验所述支付设备提供的标签ID以及随机数;以及在校验成功后,通过对标签装置ID、支付设备ID、支付账户ID做哈希运算来生成支付凭证。As a supplement or alternative to the above solution, in the above passive tag, the control module is configured to: verify the tag ID and random number provided by the payment device; The device ID and payment account ID are hashed to generate payment credentials.
根据本发明的又一个方面,提供了一种支付后台,所述支付后台 包括:支付设备交互模块,用于与如前所述的支付设备进行交互;以及校验模块,用于校验所述支付设备提供的安全校验信息。According to yet another aspect of the present invention, a payment background is provided, and the payment background includes: a payment device interaction module, used to interact with the aforementioned payment device; and a verification module, used to verify the The security verification information provided by the payment device.
作为上述方案的补充或替换,在上述支付后台中,所述校验模块配置成校验所述支付设备提供的标签证书和签名数据。As a supplement or an alternative to the above solution, in the above payment background, the verification module is configured to verify the label certificate and signature data provided by the payment device.
作为上述方案的补充或替换,在上述支付后台中,所述支付设备交互模块配置成:在所述校验模块校验成功后,向所述支付设备返回支付页面。As a supplement or an alternative to the above solution, in the above payment background, the payment device interaction module is configured to: return a payment page to the payment device after the verification module succeeds in verification.
作为上述方案的补充或替换,在上述支付后台中,所述支付交互模块配置成:从所述支付设备接收支付页面的申请;以及返回所述支付页面,其中,所述支付页面携带与静态收款二维码对应的访问令牌。As a supplement or alternative to the above solution, in the above payment background, the payment interaction module is configured to: receive an application for a payment page from the payment device; The access token corresponding to the QR code.
作为上述方案的补充或替换,在上述支付后台中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。As a supplement or an alternative to the above solution, in the above payment background, the access token includes a background random number in plain text and an access password in cipher text.
作为上述方案的补充或替换,在上述支付后台中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与标签装置对应的主密钥而成。As a supplement or alternative to the above solution, in the above payment background, the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with the first key, wherein the first The key is formed by dispersing the master key corresponding to the tag device through the background random number.
作为上述方案的补充或替换,在上述支付后台中,所述校验模块配置成校验所述支付设备上送的支付请求中所包括的支付凭证。As a supplement or an alternative to the above solution, in the above payment background, the verification module is configured to verify the payment certificate included in the payment request sent by the payment device.
作为上述方案的补充或替换,在上述支付后台中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。As a supplement or an alternative to the above solution, in the above payment background, the payment credential is paired with the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and the second key through the second key. Two timestamps are encrypted, wherein the second key is formed by dispersing the tag random number and the background random number with the master key corresponding to the tag device.
根据本发明的又一个方面,提供了一种计算机存储介质,所述介质包括指令,所述指令在运行时执行如前所述的方法。According to yet another aspect of the present invention, a computer storage medium is provided, the medium includes instructions, and the instructions execute the method as described above when executed.
根据本发明的又一个方面,提供了一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现如前所述的方法。According to still another aspect of the present invention, a computer program product is provided, including a computer program, and when the computer program is executed by a processor, the aforementioned method is implemented.
本发明的实施例的基于标签的收款码支付方案提出支付设备在 扫描收款码(例如静态收款二维码)之后,基于短距离通信方式与该收款码对应的标签装置进行交互从而获取安全校验信息。随后,基于该安全校验信息进行后续支付流程。这样,通过将标签装置(例如无源标签)与收款码(例如,静态收款码)进行绑定,确保收款码只能在附近被使用,解决个人收款码被滥用的问题,符合人民银行的规定。另外,上述支付方案能够与现有的扫码支付体验保持一致,不会对用户体验造成负面影响。The tag-based collection code payment scheme of the embodiment of the present invention proposes that after the payment device scans the collection code (such as a static collection QR code), it interacts with the tag device corresponding to the collection code based on a short-distance communication method so that Obtain security verification information. Subsequently, the subsequent payment process is performed based on the security verification information. In this way, by binding the tag device (such as a passive tag) with the collection code (such as a static collection code), it is ensured that the collection code can only be used nearby, and the problem of personal collection code being abused is solved. Regulations of the People's Bank of China. In addition, the above payment scheme can be consistent with the existing code scanning payment experience, and will not have a negative impact on user experience.
此外,本发明的一个或多个实施例提供的无源标签可以采集网络侧发射过来的无线电波,捕捉和收集能量,从而完成对应的计算及传输任务,无需额外的电池或者外接电源供电。In addition, the passive tag provided by one or more embodiments of the present invention can collect radio waves transmitted from the network side, capture and collect energy, and complete corresponding calculation and transmission tasks without requiring additional batteries or external power supplies.
附图说明Description of drawings
从结合附图的以下详细说明中,将会使本发明的上述和其他目的及优点更加完整清楚,其中,相同或相似的要素采用相同的标号表示。The above and other objects and advantages of the present invention will become more complete and clear from the following detailed description in conjunction with the accompanying drawings, wherein the same or similar elements are denoted by the same reference numerals.
图1示出了根据本发明的一个实施例的在支付设备中执行的基于标签的收款码支付方法的流程示意图;Fig. 1 shows a schematic flow diagram of a tag-based collection code payment method executed in a payment device according to an embodiment of the present invention;
图2示出了根据本发明的一个实施例的支付设备的结构示意图;Fig. 2 shows a schematic structural diagram of a payment device according to an embodiment of the present invention;
图3示出了根据本发明的一个实施例的无源标签的结构示意图;Fig. 3 shows a schematic structural diagram of a passive tag according to an embodiment of the present invention;
图4示出了根据本发明的一个实施例的支付后台的结构示意图;Fig. 4 shows a schematic structural diagram of a payment background according to an embodiment of the present invention;
图5示出了根据本发明的一个实施例的基于无源标签的静态收款码安全支付系统的架构图;Fig. 5 shows the architecture diagram of the static collection code security payment system based on passive tags according to an embodiment of the present invention;
图6示出了根据本发明的一个实施例的基于无源标签的静态收款码安全支付方法的示意图;Fig. 6 shows a schematic diagram of a passive tag-based static payment code security payment method according to an embodiment of the present invention;
图7示出了根据本发明的另一个实施例的基于无源标签的静态收款码安全支付方法的示意图;以及Figure 7 shows a schematic diagram of a passive tag-based static payment code security payment method according to another embodiment of the present invention; and
图8示出了根据本发明的又一个实施例的基于无源标签的静态收款码安全支付方法的示意图。Fig. 8 shows a schematic diagram of a passive tag-based static payment code secure payment method according to yet another embodiment of the present invention.
具体实施方式Detailed ways
下面结合附图和实施例对本发明的实施方式作进一步详细描述。以下实施例用于说明本发明,但不能用来限制本发明的范围。Embodiments of the present invention will be further described in detail below in conjunction with the accompanying drawings and examples. The following examples are used to illustrate the present invention, but should not be used to limit the scope of the present invention.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明实施例的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,术语“第一”、“第二”、“第三”仅用于描述目的,而不能理解为指示或暗示相对重要性。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or feature is included in at least one embodiment or example of the embodiments of the present invention. In this specification, the schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the described specific features, structures, materials or characteristics may be combined in any suitable manner in any one or more embodiments or examples. In addition, the terms "first", "second", and "third" are used for descriptive purposes only, and should not be construed as indicating or implying relative importance. In addition, those skilled in the art can combine and combine different embodiments or examples and features of different embodiments or examples described in this specification without conflicting with each other.
图1示出了根据本发明的一个实施例的在支付设备中执行的基于标签的收款码支付方法1000的流程示意图。如图1所示,方法1000包括如下步骤:Fig. 1 shows a schematic flow chart of a tag-based collection code payment method 1000 executed in a payment device according to an embodiment of the present invention. As shown in Figure 1, the method 1000 includes the following steps:
在步骤S110中,扫描收款码,以便获取链接;In step S110, scan the payment code to obtain the link;
在步骤S120中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及In step S120, interacting with the tag device corresponding to the payment code based on the short-distance communication method to obtain security verification information; and
在步骤S130中,基于所述安全校验信息,向支付后台上送支付请求。In step S130, based on the security verification information, a payment request is sent to the payment background.
在本发明的上下文中,“支付设备”表示具有支付功能的设备,该支付设备能够扫描收款码(例如静态收款二维码)以便执行后续支付流程。在一个或多个实施例中,支付设备可以是智能手机、智能手表、IPAD等。In the context of the present invention, "payment device" refers to a device with a payment function, which can scan a collection code (such as a static collection QR code) to perform a subsequent payment process. In one or more embodiments, the payment device may be a smart phone, smart watch, IPAD, etc.
在步骤S110中,收款码可以是静态收款二维码,并且支付设备通过扫描所述静态收款二维码而获取URL链接。URL是uniform resource locator的缩写,表示统一资源定位系统,它是因特网的万维网服务程序上用于指定信息位置的表示方法。采用URL链接可以用 一种统一的格式来描述各种信息资源,包括文件、服务器的地址和目录等。URL的格式可由下列三部分组成:第一部分是协议(或称为服务方式);第二部分是存有该资源的主机IP地址(有时也包括端口号);第三部分是主机资源的具体地址,如目录和文件名等。第一部分和第二部分之间用“://”符号隔开,第二部分和第三部分用“/”符号隔开。第一部分和第二部分是不可缺少的,第三部分有时可以省略。In step S110, the payment collection code may be a static payment collection two-dimensional code, and the payment device acquires a URL link by scanning the static payment collection two-dimensional code. URL is the abbreviation of uniform resource locator, which means Uniform Resource Locator System, which is a representation method for specifying the location of information on the Internet's World Wide Web service program. Using URL links can describe various information resources in a unified format, including files, server addresses and directories, etc. The format of the URL can be composed of the following three parts: the first part is the protocol (or service method); the second part is the host IP address (sometimes including the port number) where the resource is stored; the third part is the specific address of the host resource , such as directory and file names, etc. The first part and the second part are separated by a "://" symbol, and the second part and the third part are separated by a "/" symbol. The first and second parts are indispensable, and the third part can sometimes be omitted.
在一个或多个实施例中,标签装置为无源标签。在这里,无源标签也可称为无源物联网标签,该标签没有内装电池。所谓“无源物联网”,本质上是终端节点无源,它们不带电源线、没有内置电池,而是从环境中获取能源,比如,基于无线电磁能量捕捉技术的物联网,无源物联网终端通过采集网络侧发射过来的无线电波,捕捉和收集能量,从而以完成数据的采集、传输和分布式计算。In one or more embodiments, the tag device is a passive tag. Here, a passive tag can also be referred to as a passive IoT tag, which does not have a built-in battery. The so-called "passive Internet of Things" is essentially passive terminal nodes. They do not have power lines and built-in batteries, but obtain energy from the environment. For example, the Internet of Things based on wireless electromagnetic energy capture technology, the passive Internet of Things The terminal captures and collects energy by collecting radio waves emitted from the network side, so as to complete data collection, transmission and distributed computing.
在本发明的上下文中,标签装置与支付设备对应。在一个实施例中,在支付设备的一定范围之外时,标签装置处于无源状态,而在支付设备的一定范围之内时,该标签装置从支付设备发出的射频能量(例如网络侧发射过来的无线电波)中提取其工作所需的电源。In the context of the present invention, a tag device corresponds to a payment device. In one embodiment, when the payment device is outside a certain range, the tag device is in a passive state, and when it is within a certain range of the payment device, the tag device sends radio frequency energy from the payment device (for example, transmitted from the network side) The power it needs to work is extracted from radio waves).
在步骤S120中,基于短距离通信方式与所述收款码对应的标签装置进行交互。在这里,“短距离通信方式”可包括但不限于蓝牙、wifi等低功耗短距离通信方式。In step S120, interact with the tag device corresponding to the payment code based on the short-distance communication method. Here, the "short-range communication method" may include, but not limited to, low-power short-range communication methods such as bluetooth and wifi.
在本发明的上下文中,标签装置能够对支付设备(或支付终端)所提供的信息(例如收款二维码ID、访问令牌等)进行校验从而提供给支付设备“安全校验信息”,用于确保收款码是在现场被使用而未被拍照后远程使用,提升支付安全性。In the context of the present invention, the tag device can verify the information provided by the payment device (or payment terminal) (such as the payment QR code ID, access token, etc.) to provide the payment device with "security verification information" , used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
在一个实施例中,步骤S120包括:通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及从所述标签装置接收包括签名数据和标签证书的所述安全校验信息。In one embodiment, step S120 includes: applying for the security verification information from the tag device through the payment collection QR code ID attached to the URL link; and receiving the signature data and tag certificate from the tag device The security verification information of .
在一个实施例中,所述签名数据由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行 签名而得。In one embodiment, the signature data is obtained by the label device signing the payment two-dimensional code and time stamp through the label certificate when the verification of the payment two-dimensional code is successful.
在该实施例中,步骤S130包括:所述支付设备利用所述签名数据和所述标签证书来访问所述URL链接;在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面(例如H5页面);以及在所述支付页面上送支付请求。In this embodiment, step S130 includes: the payment device uses the signature data and the label certificate to access the URL link; after the payment background verifies the signature data and the label certificate successfully, Receive a payment page (such as an H5 page) from the payment background; and send a payment request on the payment page.
在一个或多个实施例中,尽管图1中未示出,上述方法1000在步骤S110与步骤S120之间还可包括:所述支付设备通过所述URL链接向所述支付后台申请支付页面;以及从所述支付后台接收所述支付页面,其中,所述支付页面携带与所述静态收款二维码对应的访问令牌。In one or more embodiments, although not shown in FIG. 1 , the above method 1000 may further include between step S110 and step S120: the payment device applies for a payment page to the payment background through the URL link; And receiving the payment page from the payment background, wherein the payment page carries an access token corresponding to the static payment collection QR code.
在一个实施例中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。在一个实施例中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。这里,对主密钥进行分散操作可采用密钥分散算法。所谓密钥分散算法是指将一个双长度(一个长度密钥为8个字节)的主密钥(MK),对数据进行分散处理,推导出一个双长度的DES加密密钥(DK)。该算法广泛应用于现在的金融IC卡和其他对于安全要求高的行业。其DK推导过程如下:首先,推导DK左半部分,具体方法是:1、将分散数据的最右8个字节作为输入数据;2、将MK作为加密密钥;3、用MK对输入数据进行3DES运算,得到DK左半部分。接着,推导DK右半部分,具体方法如下:1、将分散数据的最右8个字节求反,作为输入数据;2、将MK作为加密密钥;3、用MK对输入数据进行3DES运算,得到DK右半部分。最后将DK的左右部分各8个字节合并成双长度的DK密钥,即为分散所求得的待使用的3DES密钥。In one embodiment, the access token includes a background random number in plain text and an access password in cipher text. In one embodiment, the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is encrypted with the background random number It is formed by dispersing the master key corresponding to the tag device. Here, the key distribution algorithm can be used for the distribution operation of the master key. The so-called key distribution algorithm means that a double-length (one length key is 8 bytes) master key (MK) is used to disperse the data, and a double-length DES encryption key (DK) is derived. This algorithm is widely used in current financial IC cards and other industries with high security requirements. The DK derivation process is as follows: First, the left half of the DK is derived. The specific method is: 1. Use the rightmost 8 bytes of the scattered data as input data; 2. Use MK as the encryption key; 3. Use MK to input data Perform 3DES operation to get the left half of DK. Next, deduce the right half of DK, the specific method is as follows: 1. Invert the rightmost 8 bytes of the scattered data as the input data; 2. Use MK as the encryption key; 3. Use MK to perform 3DES operation on the input data , get the right half of DK. Finally, the 8 bytes of the left and right parts of the DK are combined into a double-length DK key, which is the 3DES key to be used obtained by dispersion.
在上述实施例中,步骤S120包括:所述支付设备广播所述访问令牌;以及在所述标签装置对所述访问令牌校验通过后,从所述标签 装置接收支付凭证。在一个实施例中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。这里,对主密钥进行分散操作可采用如前所述的密钥分散算法。In the above embodiment, step S120 includes: the payment device broadcasting the access token; and receiving a payment certificate from the tag device after the tag device passes the verification of the access token. In one embodiment, the payment credential is formed by encrypting the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and a second time stamp with a second key, The second key is formed by dispersing the tag random number generated by the tag device and the background random number into a master key corresponding to the tag device. Here, the key distribution algorithm as mentioned above can be used for the distribution operation of the master key.
在一个实施例中,步骤S130包括:在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求包括所述支付凭证。In one embodiment, step S130 includes: after receiving the payment voucher, sending a payment request to the payment background, wherein the payment request includes the payment voucher.
尽管图1中未示出,在一个或多个实施例中,上述方法1000还可包括:从所述支付后台接收支付结果。Although not shown in FIG. 1 , in one or more embodiments, the above method 1000 may further include: receiving a payment result from the payment background.
在一个或多个实施例中,上述方法1000还可包括:在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID等信息。In one or more embodiments, the above method 1000 may further include: after scanning the collection code, receiving the payment page and label-related information from the payment background, the label-related information includes label device MAC and label device ID and other information.
在该实施例中,步骤S120包括:从所述标签装置接收广播消息(例如,包括标签ID和随机数等);校验所述广播消息中的标签装置MAC和标签装置ID;在校验成功后,向所述标签装置发送支付凭证请求(例如,包含标签装置ID、随机数、支付设备ID、支付账户ID等信息);以及从所述标签装置接收支付凭证。In this embodiment, step S120 includes: receiving a broadcast message (for example, including a tag ID and a random number, etc.) from the tag device; verifying the tag device MAC and tag device ID in the broadcast message; Afterwards, sending a payment voucher request (for example, including information such as tag ID, random number, payment device ID, payment account ID, etc.) to the tag device; and receiving a payment voucher from the tag device.
通过以上各种实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,所述计算机可读记录介质包括用于以计算机(例如计算机)可读的形式存储或传送信息的任何机制。例如,机器可读介质包括只读存储器(ROM)、随机存取存储器(RAM)、磁盘存储介质、光存储介质、闪速存储介质、电、光、声或其他形式的传播信号(例如,载波、红外信号、数字信号等)等,该计 算机软件产品包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above descriptions of various implementations, those skilled in the art can clearly understand that each implementation can be implemented by means of software plus a necessary general-purpose hardware platform, and of course can also be implemented by hardware. Based on this understanding, the above-mentioned technical solution essentially or the part that contributes to the prior art can be embodied in the form of a software product, and the computer software product can be stored in a computer-readable storage medium, and the computer-readable record A medium includes any mechanism for storing or transmitting information in a form readable by a computer (eg, a computer). A machine-readable medium includes, for example, read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash storage media, electronic, optical, acoustic, or other forms of propagated signals (e.g., carrier waves). , infrared signal, digital signal, etc.), the computer software product includes several instructions to make a computer device (which can be a personal computer, server, or network device, etc.) execute various embodiments or some parts of the embodiments Methods.
图2示出了根据本发明的一个实施例的支付设备2000的结构示意图。如图2所示,支付设备2000包括扫描装置210、交互装置220以及支付请求上送装置230。其中,扫描装置210用于扫描收款码,以便获取链接;交互装置220用于基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及支付请求上送装置230用于基于所述安全校验信息,向支付后台上送支付请求。Fig. 2 shows a schematic structural diagram of a payment device 2000 according to an embodiment of the present invention. As shown in FIG. 2 , the payment device 2000 includes a scanning device 210 , an interaction device 220 and a payment request sending device 230 . Among them, the scanning device 210 is used to scan the payment code to obtain the link; the interaction device 220 is used to interact with the label device corresponding to the payment code based on the short-distance communication method to obtain security verification information; and the payment request is sent to The device 230 is configured to send a payment request to the payment background based on the security verification information.
在本发明的上下文中,“支付设备”表示具有支付功能的设备,该支付设备能够扫描收款码(例如静态收款二维码)以便执行后续支付流程。在一个或多个实施例中,支付设备可以是智能手机、智能手表、IPAD等。In the context of the present invention, "payment device" refers to a device with a payment function, which can scan a collection code (such as a static collection QR code) to perform a subsequent payment process. In one or more embodiments, the payment device may be a smart phone, smart watch, IPAD, etc.
在一个或多个实施例中,扫描装置210用于扫描收款码,以便获取链接,其中收款码可以是静态收款二维码,并且支付设备通过扫描所述静态收款二维码而获取URL链接。URL是uniform resource locator的缩写,表示统一资源定位系统,它是因特网的万维网服务程序上用于指定信息位置的表示方法。采用URL链接可以用一种统一的格式来描述各种信息资源,包括文件、服务器的地址和目录等。URL的格式可由下列三部分组成:第一部分是协议(或称为服务方式);第二部分是存有该资源的主机IP地址(有时也包括端口号);第三部分是主机资源的具体地址,如目录和文件名等。第一部分和第二部分之间用“://”符号隔开,第二部分和第三部分用“/”符号隔开。第一部分和第二部分是不可缺少的,第三部分有时可以省略。In one or more embodiments, the scanning device 210 is used to scan the payment code to obtain a link, wherein the payment code may be a static payment two-dimensional code, and the payment device scans the static payment two-dimensional code to Get the URL link. URL is the abbreviation of uniform resource locator, which means Uniform Resource Locator System, which is a representation method for specifying the location of information on the Internet's World Wide Web service program. The use of URL links can describe various information resources in a unified format, including files, addresses and directories of servers, and so on. The format of the URL can be composed of the following three parts: the first part is the protocol (or service method); the second part is the host IP address (sometimes including the port number) where the resource is stored; the third part is the specific address of the host resource , such as directory and file names, etc. The first part and the second part are separated by a "://" symbol, and the second part and the third part are separated by a "/" symbol. The first and second parts are indispensable, and the third part can sometimes be omitted.
在一个或多个实施例中,标签装置为无源标签。在这里,无源标签也可称为无源物联网标签,该标签没有内装电池。所谓“无源物联网”,本质上是终端节点无源,它们不带电源线、没有内置电池,而是从环境中获取能源,比如,基于无线电磁能量捕捉技术的物联网, 无源物联网终端通过采集网络侧发射过来的无线电波,捕捉和收集能量,从而以完成数据的采集、传输和分布式计算。In one or more embodiments, the tag device is a passive tag. Here, a passive tag can also be referred to as a passive IoT tag, which does not have a built-in battery. The so-called "passive Internet of Things" is essentially passive terminal nodes. They do not have power lines and built-in batteries, but obtain energy from the environment. For example, the Internet of Things based on wireless electromagnetic energy capture technology, Passive Internet of Things The terminal captures and collects energy by collecting radio waves emitted from the network side, so as to complete data collection, transmission and distributed computing.
在本发明的上下文中,标签装置与支付设备对应。在一个实施例中,在支付设备的一定范围之外时,标签装置处于无源状态,而在支付设备的一定范围之内时,该标签装置从支付设备发出的射频能量(例如网络侧发射过来的无线电波)中提取其工作所需的电源。In the context of the present invention, a tag device corresponds to a payment device. In one embodiment, when the payment device is outside a certain range, the tag device is in a passive state, and when it is within a certain range of the payment device, the tag device sends radio frequency energy from the payment device (for example, transmitted from the network side) The power it needs to work is extracted from radio waves).
交互装置220用于基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息。在这里,“短距离通信方式”可包括但不限于蓝牙、wifi等低功耗短距离通信方式。The interaction device 220 is configured to interact with the label device corresponding to the payment code based on the short-distance communication method to obtain security verification information. Here, the "short-range communication method" may include, but not limited to, low-power short-range communication methods such as bluetooth and wifi.
在本发明的上下文中,标签装置能够对支付设备(或支付终端)所提供的信息(例如收款二维码ID、访问令牌等)进行校验从而提供给支付设备“安全校验信息”,用于确保收款码是在现场被使用而未被拍照后远程使用,提升支付安全性。In the context of the present invention, the tag device can verify the information provided by the payment device (or payment terminal) (such as the payment QR code ID, access token, etc.) to provide the payment device with "security verification information" , used to ensure that the payment code is used on-site and not used remotely after being photographed, improving payment security.
在一个实施例中,所述交互装置220配置成:通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及从所述标签装置接收包括签名数据和标签证书的所述安全校验信息。In one embodiment, the interaction device 220 is configured to: apply for the security verification information from the label device through the payment two-dimensional code ID attached to the URL link; and receive a signature from the label device. The security verification information of data and tag certificates.
例如,所述签名数据可由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行签名而得。For example, the signature data may be obtained by the label device signing the payment two-dimensional code and the time stamp through the label certificate when the verification of the payment two-dimensional code is successful.
在上述实施例中,所述支付请求上送装置230配置成:利用所述签名数据和所述标签证书来访问所述URL链接;在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面;以及在所述支付页面上送支付请求。In the above embodiment, the payment request sending device 230 is configured to: use the signature data and the label certificate to access the URL link; verify the signature data and the label certificate in the payment background After success, receive a payment page from the payment background; and send a payment request on the payment page.
在一个实施例中,上述支付设备2000还可包括:支付页面申请装置240,用于在所述扫描装置扫描收款码之后,并且在所述交互装置与标签装置进行交互之前,通过所述URL链接向所述支付后台申请支付页面,以及第一接收装置250,用于从所述支付后台接收所述 支付页面,其中,所述支付页面携带与所述静态收款二维码对应的访问令牌。In one embodiment, the above-mentioned payment device 2000 may further include: payment page application means 240, configured to pass the URL link to apply for a payment page from the payment background, and the first receiving means 250 is configured to receive the payment page from the payment background, wherein the payment page carries an access token corresponding to the static payment two-dimensional code Card.
在一个实施例中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。例如,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID等信息进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。这里,对主密钥进行分散操作可采用密钥分散算法。所谓密钥分散算法是指将一个双长度(一个长度密钥为8个字节)的主密钥(MK),对数据进行分散处理,推导出一个双长度的DES加密密钥(DK)。该算法广泛应用于现在的金融IC卡和其他对于安全要求高的行业。其DK推导过程如下:首先,推导DK左半部分,具体方法是:1、将分散数据的最右8个字节作为输入数据;2、将MK作为加密密钥;3、用MK对输入数据进行3DES运算,得到DK左半部分。接着,推导DK右半部分,具体方法如下:1、将分散数据的最右8个字节求反,作为输入数据;2、将MK作为加密密钥;3、用MK对输入数据进行3DES运算,得到DK右半部分。最后将DK的左右部分各8个字节合并成双长度的DK密钥,即为分散所求得的待使用的3DES密钥。In one embodiment, the access token includes a background random number in plain text and an access password in cipher text. For example, the access password is formed by encrypting information such as the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is distributed with the background random number. The master key corresponding to the tag device is formed. Here, the key distribution algorithm can be used for the distribution operation of the master key. The so-called key distribution algorithm means that a double-length (one length key is 8 bytes) master key (MK) is used to disperse the data, and a double-length DES encryption key (DK) is derived. This algorithm is widely used in current financial IC cards and other industries with high security requirements. The DK derivation process is as follows: First, the left half of the DK is derived. The specific method is: 1. Use the rightmost 8 bytes of the scattered data as input data; 2. Use MK as the encryption key; 3. Use MK to input data Perform 3DES operation to get the left half of DK. Next, deduce the right half of DK, the specific method is as follows: 1. Invert the rightmost 8 bytes of the scattered data as the input data; 2. Use MK as the encryption key; 3. Use MK to perform 3DES operation on the input data , get the right half of DK. Finally, the 8 bytes of the left and right parts of the DK are combined into a double-length DK key, which is the 3DES key to be used obtained by dispersion.
在上述实施例中,所述交互装置220配置成:广播所述访问令牌;以及在所述标签装置对所述访问令牌校验通过后,从所述标签装置接收支付凭证。例如,所述支付凭证可通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳等信息进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。这里,对主密钥进行分散操作可采用如前所述的密钥分散算法,在此就不再赘述。In the above embodiment, the interaction device 220 is configured to: broadcast the access token; and receive a payment credential from the tag device after the tag device passes the verification of the access token. For example, the payment credential can be formed by encrypting information such as the tag device ID, the payment two-dimensional code ID, the geographic location information, the payment ID, the access token, and the second time stamp through the second key, wherein The second key is formed by dispersing the tag random number generated by the tag device and the background random number into a master key corresponding to the tag device. Here, the above-mentioned key distribution algorithm may be used for the distribution operation of the master key, so details will not be repeated here.
在上述实施例中,支付请求上送装置230可配置成:在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求 包括所述支付凭证。In the above embodiment, the payment request sending means 230 may be configured to: after receiving the payment credential, send a payment request to the payment background, wherein the payment request includes the payment credential.
此外,在一个或多个实施例中,上述支付设备2000还可包括:第二接收装置260,用于从所述支付后台接收支付结果。In addition, in one or more embodiments, the above-mentioned payment device 2000 may further include: a second receiving means 260, configured to receive a payment result from the payment background.
在一个或多个实施例中,上述支付设备2000还可包括:第三接收装置270,用于在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID等信息。In one or more embodiments, the above-mentioned payment device 2000 may further include: a third receiving means 270, configured to receive the payment page and label-related information from the payment background after scanning the collection code, the label The relevant information includes tag device MAC and tag device ID and other information.
在该实施例中,交互装置220可配置成:从所述标签装置接收广播消息(例如,包括标签ID和随机数等);校验所述广播消息中的标签装置MAC和标签装置ID;在校验成功后,向所述标签装置发送支付凭证请求(例如,包含标签装置ID、随机数、支付设备ID、支付账户ID等信息);以及从所述标签装置接收支付凭证。In this embodiment, the interaction device 220 may be configured to: receive a broadcast message (for example, including a tag ID and a random number, etc.) from the tag device; check the tag device MAC and the tag device ID in the broadcast message; After the verification is successful, send a payment credential request (for example, including tag device ID, random number, payment device ID, payment account ID, etc.) to the tag device; and receive a payment credential from the tag device.
图3示出了根据本发明的一个实施例的无源标签3000的结构示意图。如图3所示,无源标签3000包括:通讯模块310、控制模块320以及环境能量转换模块330。其中,通讯模块310用于基于短距离通信方式与支付设备进行交互;控制模块320用于生成安全校验信息;以及环境能量转换模块330用于通过环境能量源获取所述无源标签所需的能量。Fig. 3 shows a schematic structural diagram of a passive tag 3000 according to an embodiment of the present invention. As shown in FIG. 3 , the passive tag 3000 includes: a communication module 310 , a control module 320 and an environmental energy conversion module 330 . Among them, the communication module 310 is used to interact with the payment device based on short-distance communication; the control module 320 is used to generate security verification information; energy.
例如,该无源标签3000为支付设备扫描线下静态二维码进行支付时提供安全校验服务。通讯模块310负责与支付设备间的通讯,包括但不限于蓝牙、wifi等低功耗短距离通信方式。控制模块320负责访问令牌校验、支付凭证生成和支付相关密钥的存储计算。环境能量转换模块330通过多种环境能量源(微光能,温度梯度,射频,振动等)获取所需功率,并由微能量管理芯片优化和存储所收集的能量,解决设备的自供电问题。For example, the passive tag 3000 provides security verification services for payment devices when scanning offline static QR codes for payment. The communication module 310 is responsible for communication with payment devices, including but not limited to low-power short-distance communication methods such as bluetooth and wifi. The control module 320 is responsible for access token verification, payment credential generation and storage calculation of payment-related keys. The environmental energy conversion module 330 obtains the required power through a variety of environmental energy sources (micro-light energy, temperature gradient, radio frequency, vibration, etc.), and the micro-energy management chip optimizes and stores the collected energy to solve the self-power supply problem of the device.
在一个实施例中,所述控制模块320配置成:校验所述支付设备提供的收款二维码ID;以及在校验成功后,生成所述安全校验信息,其中所述安全校验信息包括签名数据以及标签证书。例如,所述签名 数据由所述控制模块320通过所述标签证书对所述收款二维码和时间戳进行签名而得。In one embodiment, the control module 320 is configured to: verify the payment collection QR code ID provided by the payment device; and generate the security verification information after the verification is successful, wherein the security verification Information includes signed data as well as tag certificates. For example, the signature data is obtained by the control module 320 signing the payment two-dimensional code and the time stamp through the label certificate.
在一个实施例中,所述控制模块320配置成:校验所述支付设备提供的访问令牌;以及在校验成功后,生成所述安全校验信息,其中所述安全校验信息为支付凭证。例如,所述支付凭证通过密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及时间戳进行加密而成,其中所述密钥通过标签随机数以及后台随机数对与所述无源标签对应的主密钥进行分散而成。In one embodiment, the control module 320 is configured to: verify the access token provided by the payment device; and generate the security verification information after the verification is successful, wherein the security verification information is a payment certificate. For example, the payment credential is formed by encrypting the tag device ID, payment two-dimensional code ID, geographic location information, payment ID, the access token, and time stamp with a key, wherein the key is randomly generated by the tag. number and the background random number are formed by dispersing the master key corresponding to the passive tag.
图4示出了根据本发明的一个实施例的支付后台4000的结构示意图。如图4所示,支付后台4000包括:支付设备交互模块410以及校验模块420。其中,支付设备交互模块410用于与支付设备进行交互;以及校验模块420用于校验所述支付设备提供的安全校验信息。Fig. 4 shows a schematic structural diagram of a payment background 4000 according to an embodiment of the present invention. As shown in FIG. 4 , the payment background 4000 includes: a payment device interaction module 410 and a verification module 420 . Wherein, the payment device interaction module 410 is used to interact with the payment device; and the verification module 420 is used to verify the security verification information provided by the payment device.
在一个实施例中,所述校验模块420配置成校验所述支付设备提供的标签证书和签名数据。在该实施例中,所述支付设备交互模块410配置成:在所述校验模块校验成功后,向所述支付设备返回支付页面。In one embodiment, the verification module 420 is configured to verify the tag certificate and signature data provided by the payment device. In this embodiment, the payment device interaction module 410 is configured to: return a payment page to the payment device after the verification module succeeds in verification.
在一个实施例中,所述支付交互模块410配置成:从所述支付设备接收支付页面的申请;以及返回所述支付页面,其中,所述支付页面携带与静态收款二维码对应的访问令牌。例如,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。所述访问口令可例如通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID等信息进行加密而成,其中所述第一密钥通过所述后台随机数分散与标签装置对应的主密钥而成。In one embodiment, the payment interaction module 410 is configured to: receive an application for a payment page from the payment device; and return to the payment page, wherein the payment page carries an access code corresponding to the static payment QR code token. For example, the access token includes a background random number in plain text and an access password in cipher text. The access password can be formed, for example, by encrypting information such as the tag device ID, the first time stamp, the payment order number, and the payment device ID with a first key, wherein the first key is distributed with the background random number. The master key corresponding to the tag device is formed.
在该实施例中,所述校验模块420配置成校验所述支付设备上送的支付请求中所包括的支付凭证。例如,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳等信息进行加密而成,其中所述第二密钥通过标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。In this embodiment, the verification module 420 is configured to verify the payment credential included in the payment request sent by the payment device. For example, the payment credential is formed by encrypting information such as the tag device ID, the payment two-dimensional code ID, the geographic location information, the payment ID, the access token, and the second time stamp with the second key, wherein the The second key is formed by dispersing the tag random number and the background random number with the master key corresponding to the tag device.
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的模块也可以不是物理上分开的,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the modules described as separate components may not be physically separated, that is, they may be located in one place, or may be distributed to multiple network modules. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.
图5示出了根据本发明的一个实施例的基于无源标签的静态收款码安全支付系统的架构图。如图5所示,基于无源标签的静态收款码安全支付系统可由无源微型标签、收款二维码、支付设备和支付后台四部分组成。其中,无源微型标签例如可包括通讯模块、MCU模块(控制模块)和无线电波能量转换模块,支付设备扫描线下静态二维码进行支付时提供安全校验服务。通讯模块负责与支付设备间的通讯,包括但不限于蓝牙、wifi等低功耗短距离通信方式;MCU模块负责访问令牌校验、支付凭证生成和支付相关密钥的存储计算;环境能量转换模块通过多种环境能量源(微光能,温度梯度,射频,振动等)获取所需功率,并由微能量管理芯片优化和存储所收集的能量,解决设备的自供电问题。收款二维码为线下静态二维码,负责提供收款URL链接;支付设备,例如为手机,为用户提供支付服务;支付后台负责校验支付凭证并完成交易。Fig. 5 shows a structure diagram of a passive tag-based static payment code security payment system according to an embodiment of the present invention. As shown in Figure 5, the static payment code security payment system based on passive tags can be composed of four parts: passive micro tags, payment QR codes, payment equipment and payment background. Among them, the passive micro-tag can include, for example, a communication module, an MCU module (control module) and a radio wave energy conversion module, and the payment device provides security verification services when scanning offline static QR codes for payment. The communication module is responsible for communication with payment devices, including but not limited to low-power short-distance communication methods such as Bluetooth and wifi; the MCU module is responsible for access token verification, payment voucher generation, and storage and calculation of payment-related keys; environmental energy conversion The module obtains the required power through a variety of environmental energy sources (micro-light energy, temperature gradient, radio frequency, vibration, etc.), and the micro-energy management chip optimizes and stores the collected energy to solve the self-power supply problem of the device. The payment QR code is an offline static QR code, which is responsible for providing the payment URL link; the payment device, such as a mobile phone, provides payment services for users; the payment background is responsible for verifying the payment certificate and completing the transaction.
图6示出了根据本发明的一个实施例的基于无源标签的静态收款码安全支付方法的示意图。Fig. 6 shows a schematic diagram of a passive tag-based static payment code secure payment method according to an embodiment of the present invention.
这里,基于无源标签的静态收款码安全支付方法是指在原有线下静态二维码收款方案的基础上,引入无源物联网标签,通过无源物联网标签与支付设备进行交互,确保现场静态二维码是在现场被使用,未被拍照后远程使用,提升支付安全性,保障交易信息真实,提升风险监测效果,进而通过支付服务为经营活动赋能增值。Here, the static payment code security payment method based on passive tags refers to the introduction of passive IoT tags on the basis of the original offline static QR code collection scheme, and the interaction between passive IoT tags and payment devices to ensure The on-site static QR code is used on-site and used remotely without being photographed, which improves payment security, ensures the authenticity of transaction information, improves the effect of risk monitoring, and then empowers and adds value to business activities through payment services.
继续参考图6,基于无源标签的静态收款码安全支付方法可包括如下步骤:Continuing to refer to Figure 6, the passive tag-based static payment code security payment method may include the following steps:
首先,支付设备扫描收款二维码,获取URL链接;First, the payment device scans the payment QR code to obtain the URL link;
其次,支付设备通过URL中附带的收款二维码ID通过广播向无源标签申请标签证书;Secondly, the payment device applies for a tag certificate to the passive tag through broadcasting through the payment receiving QR code ID attached to the URL;
接着,标签校验收款二维码ID是否正确,校验成功则通对标签证书对收款(二维码ID+时间戳)签名,并返回签名数据和标签证书;Next, the tag verifies whether the payment QR code ID is correct, and if the verification is successful, it signs the receipt (QR code ID+time stamp) on the tag certificate, and returns the signature data and the tag certificate;
然后,支付设备携带签名数据+标签证书访问对应URL链接;Then, the payment device carries the signature data + label certificate to access the corresponding URL link;
最后,支付后台校验证书成功后返回收款H5页面,并引导用户完成后续支付步骤。Finally, after the verification certificate is successfully verified in the payment background, it returns to the payment collection H5 page, and guides the user to complete the subsequent payment steps.
图7示出了根据本发明的另一个实施例的基于无源标签的静态收款码安全支付方法的示意图。该实施例能应对安全性更高的场景。Fig. 7 shows a schematic diagram of a passive tag-based static payment code secure payment method according to another embodiment of the present invention. This embodiment can deal with scenarios with higher security.
继续参考图7,基于无源标签的静态收款码安全支付方法可包括如下步骤:Continuing to refer to Figure 7, the passive tag-based static collection code security payment method may include the following steps:
首先,支付设备扫描收款二维码,获取URL链接;First, the payment device scans the payment QR code to obtain the URL link;
其次,支付设备通过URL向支付后台申请H5支付界面;Secondly, the payment device applies for the H5 payment interface to the payment background through the URL;
接着,支付后台返回H5界面,并携带该收款二维码对应的无源标签访问令牌:后台随机数(明文)+访问口令((无源标签ID+时间戳1+支付订单号+支付设备ID),通过由该标签对应的主密钥经后台随机数分散主密钥形成的密钥1加密形成密文);Then, the payment background returns to the H5 interface, and carries the passive tag access token corresponding to the payment QR code: background random number (plain text)+access password ((passive tag ID+time stamp 1+payment order number+payment device ID), the ciphertext is formed by encrypting the key 1 formed by the master key corresponding to the label through the background random number dispersion master key);
然后,支付设备广播无源标签访问令牌,无源微型标签接受到该访问令牌后,通过明文的后台随机数分散生成密钥1,解密密文后校验无源标签ID与自身是否一致、时间戳1是否在有效时间内(可参考设置在当前时间的5S内);Then, the payment device broadcasts the passive tag access token. After the passive micro tag receives the access token, it generates the key 1 through the background random number in the plain text, and after decrypting the cipher text, it checks whether the passive tag ID is consistent with itself. , Whether the timestamp 1 is within the valid time (refer to setting within 5S of the current time);
然后,校验通过后,生成标签随机数并生成支付凭证密钥(通过标签随机数+后台随机数分散主密钥形成),通过密钥2加密(无源标签ID、收款二维码ID、地理位置信息、支付设备ID、当次访问令牌、时间戳2等信息)返回支付设备;Then, after the verification is passed, a tag random number is generated and a payment credential key is generated (formed by tag random number + background random number disperse master key), encrypted by key 2 (passive tag ID, payment QR code ID , geographic location information, payment device ID, current access token, time stamp 2 and other information) return to the payment device;
再然后,用户在支付设备上输入支付金额,携带支付金额、商户号、支付订单等信息提交支付订单;Then, the user enters the payment amount on the payment device, and submits the payment order with the payment amount, merchant number, payment order and other information;
最后,支付后台校验支付凭证是否有效,并完成支付扣款。Finally, the payment background checks whether the payment certificate is valid, and completes the payment deduction.
图8示出了根据本发明的又一个实施例的基于无源标签的静态收款码安全支付方法的示意图。基于无源标签的静态收款码安全支付方法可包括如下步骤:Fig. 8 shows a schematic diagram of a passive tag-based static payment code secure payment method according to yet another embodiment of the present invention. The static payment code security payment method based on passive tags may include the following steps:
首先,用户在支付设备(例如支付APP)扫描收款二维码获取URL,并申请获得支付界面和标签ID、标签MAC等信息;First, the user scans the payment QR code on the payment device (such as a payment APP) to obtain the URL, and applies for information such as the payment interface, tag ID, and tag MAC;
其次,支付设备或APP调用手机蓝牙进入监听模式;Secondly, the payment device or APP calls the Bluetooth of the mobile phone to enter the monitoring mode;
接着,与收款终端绑定的物联网标签定时广播标签信息(包括标签ID和随机数等);Then, the Internet of Things tag bound to the collection terminal broadcasts tag information (including tag ID and random number, etc.) at regular intervals;
然后,支付设备收到标签广播信息,校验标签MAC和标签ID,校验成功后向物联网标签发送标签装置ID、随机数、支付设备ID、支付账户ID等信息,申请支付凭证。Then, the payment device receives the tag broadcast information, verifies the tag MAC and tag ID, and sends the tag device ID, random number, payment device ID, payment account ID and other information to the IoT tag after the verification is successful, and applies for a payment certificate.
再然后,物联网标签装置校验标签装置ID、随机数,校验成功则对标签装置ID、支付设备ID、支付账户ID等信息做哈希运算从而获得面对面支付凭证,返回支付设备;Then, the Internet of Things tag device verifies the tag device ID and random number, and if the verification is successful, it performs a hash operation on the tag device ID, payment device ID, payment account ID and other information to obtain a face-to-face payment certificate and returns it to the payment device;
随后,用户输入支付金额,支付设备将支付账单及支付凭证一同上送支付后台;Then, the user enters the payment amount, and the payment device sends the payment bill and payment voucher to the payment background;
随后,支付服务平台校验面对面支付凭证并完成支付;Subsequently, the payment service platform verifies the face-to-face payment voucher and completes the payment;
最后,支付服务平台向支付APP返回支付结果。Finally, the payment service platform returns the payment result to the payment APP.
综上,本发明的实施例的基于标签的收款码支付方案提出支付设备在扫描收款码(例如静态收款二维码)之后,基于短距离通信方式与该收款码对应的标签装置进行交互从而获取安全校验信息。随后,基于该安全校验信息进行后续支付流程。这样,通过将标签装置(例如无源标签)与收款码(例如,静态收款码)进行绑定,确保收款码只能在附近被使用,解决个人收款码被滥用的问题,符合人民银行的规定。另外,上述支付方案能够与现有的扫码支付体验保持一致,不会对用户体验造成负面影响。To sum up, the label-based collection code payment scheme of the embodiment of the present invention proposes that after the payment device scans the collection code (such as a static collection QR code), the label device corresponding to the collection code based on the short-distance communication method Interact to obtain security verification information. Subsequently, the subsequent payment process is performed based on the security verification information. In this way, by binding the tag device (such as a passive tag) with the collection code (such as a static collection code), it is ensured that the collection code can only be used nearby, and the problem of personal collection code being abused is solved. Regulations of the People's Bank of China. In addition, the above payment scheme can be consistent with the existing code scanning payment experience, and will not have a negative impact on user experience.
此外,本发明的一个或多个实施例提供的无源标签可以采集网络侧发射过来的无线电波,捕捉和收集能量,从而完成对应的计算及传 输任务,无需额外的电池或者外接电源供电。In addition, the passive tags provided by one or more embodiments of the present invention can collect radio waves transmitted from the network side, capture and collect energy, and complete corresponding calculation and transmission tasks without requiring additional batteries or external power supplies.
本申请是参照根据本申请实施例的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowcharts and/or block diagrams of methods, apparatuses (devices) and computer program products according to embodiments of the present application. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a An apparatus for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions The device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams.
尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。While preferred embodiments of the present application have been described, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, the appended claims are intended to be construed to cover the preferred embodiment and all changes and modifications which fall within the scope of the application. Obviously, those skilled in the art can make various changes and modifications to the application without departing from the spirit and scope of the application. In this way, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application is also intended to include these modifications and variations.

Claims (48)

  1. 一种在支付设备中执行的基于标签的收款码支付方法,所述方法包括:A tag-based collection code payment method executed in a payment device, the method comprising:
    扫描收款码,以便获取链接;Scan the payment code to get the link;
    基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及Interacting with the label device corresponding to the payment code based on a short-distance communication method to obtain security verification information; and
    基于所述安全校验信息,向支付后台上送支付请求。Based on the security verification information, a payment request is sent to the payment background.
  2. 如权利要求1所述的方法,其中,所述收款码为静态收款二维码,并且所述支付设备通过扫描所述静态收款二维码而获取URL链接。The method according to claim 1, wherein the payment collection code is a static payment collection two-dimensional code, and the payment device obtains a URL link by scanning the static payment collection two-dimensional code.
  3. 如权利要求1所述的方法,其中,所述标签装置为无源标签。The method of claim 1, wherein the tag device is a passive tag.
  4. 如权利要求2所述的方法,其中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:The method according to claim 2, wherein interacting with the label device corresponding to the collection code based on the short-distance communication method so as to obtain the security verification information includes:
    通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及Applying for the safety verification information to the tag device through the payment receiving QR code ID attached to the URL link; and
    从所述标签装置接收包括签名数据和标签证书的所述安全校验信息。The security check information including signature data and a tag certificate is received from the tag device.
  5. 如权利要求4所述的方法,其中,所述签名数据由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行签名而得。The method according to claim 4, wherein, when the signature data is successfully verified by the label device on the two-dimensional code for payment, the two-dimensional code for payment and the time stamp are verified by the label certificate Obtained by signing.
  6. 如权利要求5所述的方法,其中,基于所述安全校验信息,向支付后台上送支付请求包括:The method according to claim 5, wherein, based on the security verification information, sending the payment request to the payment background includes:
    所述支付设备利用所述签名数据和所述标签证书来访问所述URL链接;The payment device utilizes the signature data and the tag certificate to access the URL link;
    在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面;以及After the payment background successfully verifies the signature data and the tag certificate, receiving a payment page from the payment background; and
    在所述支付页面上送支付请求。Send a payment request on the payment page.
  7. 如权利要求2所述的方法,还包括:The method of claim 2, further comprising:
    在扫描收款码之后,并且在与标签装置进行交互从而获取安全校验信息之前,所述支付设备通过所述URL链接向所述支付后台申请支付页面;以及After scanning the collection code and before interacting with the tag device to obtain security verification information, the payment device applies for a payment page to the payment background through the URL link; and
    从所述支付后台接收所述支付页面,其中,所述支付页面携带与所述静态收款二维码对应的访问令牌。The payment page is received from the payment background, wherein the payment page carries an access token corresponding to the static payment collection QR code.
  8. 如权利要求7所述的方法,其中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。The method of claim 7, wherein the access token comprises a background random number in clear text and an access password in cipher text.
  9. 如权利要求8所述的方法,其中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。The method according to claim 8, wherein the access password is formed by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with a first key, wherein the first key is encrypted with The background random number is formed by dispersing the master key corresponding to the tag device.
  10. 如权利要求7至9中任一项所述的方法,其中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:The method according to any one of claims 7 to 9, wherein interacting with the tag device corresponding to the collection code based on a short-distance communication method to obtain security verification information includes:
    所述支付设备广播所述访问令牌;以及the payment device broadcasts the access token; and
    在所述标签装置对所述访问令牌校验通过后,从所述标签装置接收支付凭证。After the tag device passes the verification of the access token, a payment credential is received from the tag device.
  11. 如权利要求10所述的方法,其中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。The method of claim 10, wherein the payment credential passes a second key pair tag device ID, payment QR code ID, geographic location information, payment ID, the access token, and a second time stamp Encrypted, wherein the second key is formed by dispersing the tag random number generated by the tag device and the background random number with the master key corresponding to the tag device.
  12. 如权利要求11所述的方法,其中,基于所述安全校验信息,向支付后台上送支付请求包括:The method according to claim 11, wherein, based on the security verification information, sending the payment request to the payment background includes:
    在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求包括所述支付凭证。After receiving the payment credential, a payment request is sent to the payment background, wherein the payment request includes the payment credential.
  13. 如权利要求1所述的方法,还包括:The method of claim 1, further comprising:
    从所述支付后台接收支付结果。Receive a payment result from the payment background.
  14. 如权利要求1所述的方法,还包括:The method of claim 1, further comprising:
    在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID。After scanning the collection code, receive the payment page and tag-related information from the payment background, the tag-related information includes tag device MAC and tag device ID.
  15. 如权利要求14所述的方法,其中,基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息包括:The method according to claim 14, wherein interacting with the label device corresponding to the collection code based on the short-distance communication method so as to obtain the security verification information includes:
    从所述标签装置接收广播消息;receiving a broadcast message from the tag device;
    校验所述广播消息中的标签装置MAC和标签装置ID;Verifying the tag device MAC and the tag device ID in the broadcast message;
    在校验成功后,向所述标签装置发送支付凭证请求;以及After the verification is successful, sending a payment credential request to the tag device; and
    从所述标签装置接收支付凭证。Payment credentials are received from the tag device.
  16. 如权利要求15所述的方法,其中,所述支付凭证请求包括标签装置ID、所述广播消息中包含的随机数、支付设备ID以及支付账户ID。The method of claim 15, wherein the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
  17. 一种支付设备,所述支付设备包括:A payment device, the payment device comprising:
    扫描装置,用于扫描收款码,以便获取链接;Scanning device, used to scan the payment code, so as to obtain the link;
    交互装置,用于基于短距离通信方式与所述收款码对应的标签装置进行交互从而获取安全校验信息;以及The interaction device is used to interact with the label device corresponding to the payment code based on the short-distance communication method to obtain security verification information; and
    支付请求上送装置,用于基于所述安全校验信息,向支付后台上送支付请求。The payment request sending device is configured to send the payment request to the payment background based on the security verification information.
  18. 如权利要求17所述的支付设备,其中,所述收款码为静态收款二维码,并且所述扫描装置通过扫描所述静态收款二维码而获取URL链接。The payment device according to claim 17, wherein the payment collection code is a static payment collection two-dimensional code, and the scanning device acquires a URL link by scanning the static payment collection two-dimensional code.
  19. 如权利要求17所述的支付设备,其中,所述标签装置为无源标签。The payment device of claim 17, wherein said tag means is a passive tag.
  20. 如权利要求18所述的支付设备,其中,所述交互装置配置成:The payment device of claim 18, wherein the interaction means is configured to:
    通过所述URL链接中附带的收款二维码ID向所述标签装置申请所述安全校验信息;以及Applying for the safety verification information to the tag device through the payment receiving QR code ID attached to the URL link; and
    从所述标签装置接收包括签名数据和标签证书的所述安全校验信 息。The security check information including signature data and a tag certificate is received from the tag device.
  21. 如权利要求20所述的支付设备,其中,所述签名数据由所述标签装置在对所述收款二维码校验成功时,通过所述标签证书对所述收款二维码和时间戳进行签名而得。The payment device according to claim 20, wherein, when the signature data is successfully verified by the label device on the two-dimensional code for payment, the two-dimensional code for payment and time are verified by the label certificate stamped for signature.
  22. 如权利要求21所述的支付设备,其中,所述支付请求上送装置配置成:The payment device according to claim 21, wherein the payment request sending means is configured to:
    利用所述签名数据和所述标签证书来访问所述URL链接;using the signature data and the tag certificate to access the URL link;
    在所述支付后台校验所述签名数据和所述标签证书成功后,从所述支付后台接收支付页面;以及After the payment background successfully verifies the signature data and the tag certificate, receiving a payment page from the payment background; and
    在所述支付页面上送支付请求。Send a payment request on the payment page.
  23. 如权利要求18所述的支付设备,还包括:The payment device of claim 18, further comprising:
    支付页面申请装置,用于在所述扫描装置扫描收款码之后,并且在所述交互装置与标签装置进行交互之前,通过所述URL链接向所述支付后台申请支付页面,以及A payment page application device, configured to apply for a payment page to the payment background through the URL link after the scanning device scans the collection code and before the interaction device interacts with the label device, and
    第一接收装置,用于从所述支付后台接收所述支付页面,其中,所述支付页面携带与所述静态收款二维码对应的访问令牌。The first receiving means is configured to receive the payment page from the payment background, wherein the payment page carries an access token corresponding to the static payment collection QR code.
  24. 如权利要求23所述的支付设备,其中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。The payment device according to claim 23, wherein the access token comprises a background random number in plain text and an access password in cipher text.
  25. 如权利要求24所述的支付设备,其中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与所述标签装置对应的主密钥而成。The payment device according to claim 24, wherein the access password is formed by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with a first key, wherein the first key It is formed by dispersing the master key corresponding to the tag device through the background random number.
  26. 如权利要求23至25中任一项所述的支付设备,其中,所述交互装置配置成:A payment device as claimed in any one of claims 23 to 25, wherein the interaction means is configured to:
    广播所述访问令牌;以及broadcast said access token; and
    在所述标签装置对所述访问令牌校验通过后,从所述标签装置接收支付凭证。After the tag device passes the verification of the access token, a payment credential is received from the tag device.
  27. 如权利要求26所述的支付设备,其中,所述支付凭证通过第 二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过所述标签装置生成的标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。The payment device according to claim 26, wherein the payment credential passes the second key to the tag device ID, the payment two-dimensional code ID, the geographic location information, the payment ID, the access token, and the second time stamp, wherein the second key is formed by dispersing the tag random number generated by the tag device and the background random number with the master key corresponding to the tag device.
  28. 如权利要求27所述的支付设备,其中,所述支付请求上送装置配置成:The payment device according to claim 27, wherein the payment request sending means is configured to:
    在接收到所述支付凭证后,向所述支付后台上送支付请求,其中,所述支付请求包括所述支付凭证。After receiving the payment credential, a payment request is sent to the payment background, wherein the payment request includes the payment credential.
  29. 如权利要求17所述的支付设备,还包括:The payment device of claim 17, further comprising:
    第二接收装置,用于从所述支付后台接收支付结果。The second receiving means is used for receiving the payment result from the payment background.
  30. 如权利要求17所述的支付设备,还包括:The payment device of claim 17, further comprising:
    第三接收装置,用于在扫描所述收款码之后,从所述支付后台接收支付页面以及标签相关信息,所述标签相关信息包括标签装置MAC和标签装置ID。The third receiving means is configured to receive the payment page and tag-related information from the payment background after scanning the payment collection code, the tag-related information including tag device MAC and tag device ID.
  31. 如权利要求30所述的支付设备,其中,所述交互装置配置成:The payment device of claim 30, wherein the interaction means is configured to:
    从所述标签装置接收广播消息;receiving a broadcast message from the tag device;
    校验所述广播消息中的标签装置MAC和标签装置ID;Verifying the tag device MAC and the tag device ID in the broadcast message;
    在校验成功后,向所述标签装置发送支付凭证请求;以及After the verification is successful, sending a payment credential request to the tag device; and
    从所述标签装置接收支付凭证。Payment credentials are received from the tag device.
  32. 如权利要求31所述的支付设备,其中,所述支付凭证请求包括标签装置ID、所述广播消息中包含的随机数、支付设备ID以及支付账户ID。The payment device according to claim 31, wherein the payment credential request includes a tag device ID, a random number contained in the broadcast message, a payment device ID, and a payment account ID.
  33. 一种无源标签,所述无源标签包括:A passive tag, the passive tag includes:
    通讯模块,用于基于短距离通信方式与如权利要求17至32中任一项所述的支付设备进行交互;A communication module, configured to interact with the payment device according to any one of claims 17 to 32 based on a short-distance communication method;
    控制模块,用于生成安全校验信息;以及a control module, configured to generate security verification information; and
    环境能量转换模块,用于通过环境能量源获取所述无源标签所需的能量。The environmental energy conversion module is used to obtain energy required by the passive tag through an environmental energy source.
  34. 如权利要求33所述的无源标签,其中,所述控制模块配置成:The passive tag of claim 33, wherein the control module is configured to:
    校验所述支付设备提供的收款二维码ID;以及verifying the payment receiving QR code ID provided by the payment device; and
    在校验成功后,生成所述安全校验信息,其中所述安全校验信息包括签名数据以及标签证书。After the verification is successful, the safety verification information is generated, wherein the safety verification information includes signature data and a label certificate.
  35. 如权利要求34所述的无源标签,其中,所述签名数据由所述控制模块通过所述标签证书对所述收款二维码和时间戳进行签名而得。The passive tag according to claim 34, wherein the signature data is obtained by the control module signing the payment two-dimensional code and the time stamp through the tag certificate.
  36. 如权利要求33所述的无源标签,其中,所述控制模块配置成:The passive tag of claim 33, wherein the control module is configured to:
    校验所述支付设备提供的访问令牌;以及verifying the access token provided by said payment device; and
    在校验成功后,生成所述安全校验信息,其中所述安全校验信息为支付凭证。After the verification is successful, the safety verification information is generated, wherein the safety verification information is a payment credential.
  37. 如权利要求36所述的无源标签,其中,所述支付凭证通过密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及时间戳进行加密而成,其中所述密钥通过标签随机数以及后台随机数对与所述无源标签对应的主密钥进行分散而成。The passive tag of claim 36, wherein the payment credentials are encrypted with a key to the tag device ID, payment QR code ID, geographic location information, payment ID, the access token, and a time stamp wherein the key is formed by dispersing the master key corresponding to the passive tag through tag random numbers and background random numbers.
  38. 如权利要求33所述的无源标签,其中,所述控制模块配置成:The passive tag of claim 33, wherein the control module is configured to:
    校验所述支付设备提供的标签ID以及随机数;以及Verify the tag ID and random number provided by the payment device; and
    在校验成功后,通过对标签装置ID、支付设备ID、支付账户ID做哈希运算来生成支付凭证。After the verification is successful, a payment voucher is generated by hashing the tag device ID, payment device ID, and payment account ID.
  39. 一种支付后台,所述支付后台包括:A payment background, the payment background includes:
    支付设备交互模块,用于与如权利要求17至32中任一项所述的支付设备进行交互;以及A payment device interaction module, configured to interact with the payment device according to any one of claims 17 to 32; and
    校验模块,用于校验所述支付设备提供的安全校验信息。A verification module, configured to verify the security verification information provided by the payment device.
  40. 如权利要求39所述的支付后台,其中,所述校验模块配置成校验所述支付设备提供的标签证书和签名数据。The payment background according to claim 39, wherein the verification module is configured to verify the tag certificate and signature data provided by the payment device.
  41. 如权利要求40所述的支付后台,其中,所述支付设备交互模块配置成:在所述校验模块校验成功后,向所述支付设备返回支付页面。The payment background according to claim 40, wherein the payment device interaction module is configured to: return a payment page to the payment device after the verification by the verification module is successful.
  42. 如权利要求39所述的支付后台,其中,所述支付交互模块配置成:The payment background according to claim 39, wherein the payment interaction module is configured to:
    从所述支付设备接收支付页面的申请;以及receiving an application for a payment page from the payment device; and
    返回所述支付页面,其中,所述支付页面携带与静态收款二维码对应的访问令牌。Return to the payment page, where the payment page carries an access token corresponding to the static QR code for payment.
  43. 如权利要求42所述的支付后台,其中,所述访问令牌包括采用明文形式的后台随机数以及采用密文形式的访问口令。The payment background according to claim 42, wherein the access token includes a background random number in plain text and an access password in cipher text.
  44. 如权利要求43所述的支付后台,其中,所述访问口令通过第一密钥对标签装置ID、第一时间戳、支付订单号以及支付设备ID进行加密而成,其中所述第一密钥通过所述后台随机数分散与标签装置对应的主密钥而成。The payment background according to claim 43, wherein the access password is obtained by encrypting the tag device ID, the first time stamp, the payment order number and the payment device ID with a first key, wherein the first key It is formed by dispersing the master key corresponding to the tag device through the background random number.
  45. 如权利要求44所述的支付后台,其中,所述校验模块配置成校验所述支付设备上送的支付请求中所包括的支付凭证。The payment background according to claim 44, wherein the verification module is configured to verify the payment certificate included in the payment request sent by the payment device.
  46. 如权利要求45所述的支付后台,其中,所述支付凭证通过第二密钥对标签装置ID、收款二维码ID、地理位置信息、支付ID、所述访问令牌、以及第二时间戳进行加密而成,其中所述第二密钥通过标签随机数以及所述后台随机数分散与所述标签装置对应的主密钥而成。The payment background as claimed in claim 45, wherein said payment credential passes through a second key pair tag device ID, payment two-dimensional code ID, geographic location information, payment ID, said access token, and a second time stamp, wherein the second key is formed by dispersing the master key corresponding to the tag device through the tag random number and the background random number.
  47. 一种计算机存储介质,所述介质包括指令,所述指令在运行时执行如权利要求1至16中任一项所述的方法。A computer storage medium comprising instructions which, when executed, perform the method of any one of claims 1 to 16.
  48. 一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现如权利要求1至16中任一项所述的方法。A computer program product comprising a computer program, which implements the method according to any one of claims 1 to 16 when executed by a processor.
PCT/CN2022/112826 2022-01-29 2022-08-16 Tag-based money receiving qr code payment method and payment device WO2023142441A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210111031.9A CN114493581A (en) 2022-01-29 2022-01-29 Label-based cash register code payment method and payment equipment
CN202210111031.9 2022-01-29

Publications (1)

Publication Number Publication Date
WO2023142441A1 true WO2023142441A1 (en) 2023-08-03

Family

ID=81477621

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/112826 WO2023142441A1 (en) 2022-01-29 2022-08-16 Tag-based money receiving qr code payment method and payment device

Country Status (2)

Country Link
CN (1) CN114493581A (en)
WO (1) WO2023142441A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114493581A (en) * 2022-01-29 2022-05-13 中国银联股份有限公司 Label-based cash register code payment method and payment equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359968A (en) * 2018-09-28 2019-02-19 中国工商银行股份有限公司 A kind of method of payment, device, electronic equipment and payment label
US20190325407A1 (en) * 2002-10-01 2019-10-24 World Award Foundation INC Crypto digital currency (virtual payment cards) issued by central bank or other issuer for mobile and wearable devices
CN111047313A (en) * 2020-03-12 2020-04-21 支付宝(杭州)信息技术有限公司 Code scanning payment, information sending and key management method, device and equipment
CN111784332A (en) * 2020-06-29 2020-10-16 中国工商银行股份有限公司 Mobile payment method based on electronic cash register label and label issuing method
CN111967870A (en) * 2020-07-17 2020-11-20 北京大学 Label, terminal and mobile device with transaction function
CN114493581A (en) * 2022-01-29 2022-05-13 中国银联股份有限公司 Label-based cash register code payment method and payment equipment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190325407A1 (en) * 2002-10-01 2019-10-24 World Award Foundation INC Crypto digital currency (virtual payment cards) issued by central bank or other issuer for mobile and wearable devices
CN109359968A (en) * 2018-09-28 2019-02-19 中国工商银行股份有限公司 A kind of method of payment, device, electronic equipment and payment label
CN111047313A (en) * 2020-03-12 2020-04-21 支付宝(杭州)信息技术有限公司 Code scanning payment, information sending and key management method, device and equipment
CN111784332A (en) * 2020-06-29 2020-10-16 中国工商银行股份有限公司 Mobile payment method based on electronic cash register label and label issuing method
CN111967870A (en) * 2020-07-17 2020-11-20 北京大学 Label, terminal and mobile device with transaction function
CN114493581A (en) * 2022-01-29 2022-05-13 中国银联股份有限公司 Label-based cash register code payment method and payment equipment

Also Published As

Publication number Publication date
CN114493581A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
CN109768988B (en) Decentralized Internet of things security authentication system, equipment registration and identity authentication method
CN102473212B (en) Generate the method for soft token
CN104065653B (en) A kind of interactive auth method, device, system and relevant device
CN110692214A (en) Method and system for ownership verification using blockchains
US20170180337A1 (en) Techniques to verify location for location based services
CN105007274A (en) Mobile terminal-based identity authentication system and method
CN101916388B (en) Smart SD card and method for using same for mobile payment
US11997213B2 (en) Verification and encryption scheme in data storage
CN101951321B (en) Device, system and method for realizing identity authentication
CN103259667A (en) Method and system for eID authentication on mobile terminal
CN108242999B (en) Key escrow method, device and computer-readable storage medium
CN102088353A (en) Two-factor authentication method and system based on mobile terminal
CN110070357B (en) Data processing method, device and system
CN101808077B (en) Information security input processing system and method and smart card
CN110335040B (en) Resource transfer method, device, electronic equipment and storage medium
CN101304569A (en) Mobile authentication system based on intelligent mobile phone
CN102710611A (en) Network security authentication method and system
CN104282091A (en) Bill data generating/transmitting/storing/authenticating method
CN109978479A (en) A kind of electronic invoice method of charging out, device, data sharing server and system
CN101916459A (en) Safe electronic ticket method
CN112507300A (en) Electronic signature system based on eID and electronic signature verification method
WO2023142441A1 (en) Tag-based money receiving qr code payment method and payment device
US11943210B2 (en) System and method for distributed, keyless electronic transactions with authentication
JP6447949B1 (en) Authentication system, authentication server, authentication method, and authentication program
CN104918245B (en) A kind of identity identifying method, device, server and client

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22923245

Country of ref document: EP

Kind code of ref document: A1