CN112150151B - Secure payment method, apparatus, electronic device and storage medium - Google Patents
Secure payment method, apparatus, electronic device and storage medium Download PDFInfo
- Publication number
- CN112150151B CN112150151B CN202011073558.4A CN202011073558A CN112150151B CN 112150151 B CN112150151 B CN 112150151B CN 202011073558 A CN202011073558 A CN 202011073558A CN 112150151 B CN112150151 B CN 112150151B
- Authority
- CN
- China
- Prior art keywords
- payment
- user
- server
- identifier
- payment identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 230000006870 function Effects 0.000 claims description 17
- 238000004590 computer program Methods 0.000 claims description 8
- 238000005516 engineering process Methods 0.000 abstract description 3
- 230000006399 behavior Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 230000009977 dual effect Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the technical field of security, and discloses a secure payment method, which comprises the following steps: when the client performs transaction payment, firstly, a user payment identifier comprising an encrypted user unique identifier is sent to a server for authentication; the server authenticates the user payment identifier according to the pre-stored identity authentication information and then encrypts the user payment identifier again at the server to generate a server payment identifier, generates a random keyboard code and transmits the server payment identifier and the random keyboard code to the client; and after the client passes the authentication of the payment identifier of the server, generating a payment keyboard according to the random keyboard code for a user to input payment information. The invention also provides a safe payment device, electronic equipment and a storage medium. In addition, the invention also relates to a blockchain technology, and the identity authentication information can be stored in the blockchain. The invention can improve the payment safety.
Description
Technical Field
The present invention relates to the field of security technologies, and in particular, to a secure payment method, apparatus, electronic device, and computer readable storage medium.
Background
The mobile payment is a novel payment mode in the Internet era, and the mobile payment is carried out by taking the mobile terminal as the center and carrying out transaction settlement payment through a network. The payment authentication of a user through a mobile payment App installed on a client such as a mobile phone is one of the main payment modes of people transaction at present. But the network security problems such as WiFi links, illegal App Trojan viruses, two-dimension codes of robbery packets and the like occur anywhere, so that payment information of a user can be obtained illegally and tampered, and economic loss of the user is caused.
To solve the above-mentioned network security problem, a conventional manner is to provide a virtual payment keyboard for a user to input payment information. The payment keyboard can also be called as a soft keyboard, is a fixed keyboard or a random keyboard which is customized by a client interface, and a user wakes up the payment keyboard to input a transaction password when paying. At present, the payment keyboard is realized by a mobile payment App, and the program code of the keyboard is easily tampered by means of decompiling codes and the like, so that the payment information of a user can be stolen.
Disclosure of Invention
The invention provides a secure payment method, a secure payment device, electronic equipment and a computer readable storage medium, and mainly aims to improve the security of mobile payment.
In order to achieve the above object, the present invention provides a secure payment method, which is applied to a server, and includes:
receiving a user payment identifier transmitted by a client, and authenticating the user payment identifier;
when the user payment identification authentication is successful, carrying out server encryption on the user payment identification, generating a server payment identification, and returning the server payment identification and a randomly generated random keyboard code to the client;
and receiving the payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information.
Optionally, the receiving the user payment identifier transmitted by the client, and authenticating the user payment identifier includes:
and identifying the encrypted plaintext of the user payment identifier, decrypting the encrypted plaintext in the user payment identifier, and authenticating the successfully decrypted user payment identifier according to a prestored security credential.
Optionally, the encrypting the user payment identifier at the server side to generate the server side payment identifier includes:
the user payment identification is encrypted by a server by the following method:
Wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
Optionally, the secure payment method applied to the server side further includes:
setting the security time of the random keyboard code;
discarding the payment code when the time of receipt of the payment code is not within the security timeframe.
In order to achieve the above object, the present invention further provides a secure payment method, which is applied to a client, and includes:
based on a payment request, acquiring a payment identifier, encrypting the payment identifier by a client, generating a user payment identifier, and transmitting the user payment identifier to a server;
receiving a server payment identifier and a random keyboard code returned by the server, and authenticating the server payment identifier;
and when the payment authentication of the server passes, generating a payment keyboard according to the random keyboard code, generating a payment code according to payment information input by a user through the payment keyboard, and transmitting the payment code to the server for payment authentication.
Optionally, the generating a payment keyboard according to the random keyboard code includes:
acquiring the arrangement sequence of characters in the random keyboard code;
and constructing a virtual keyboard, and carrying out interface configuration on the virtual keyboard according to the arrangement sequence of the characters to obtain a payment keyboard.
In order to solve the above problems, the present invention further provides a secure payment apparatus, which is installed at a server, and includes:
the identity authentication module is used for receiving the user payment identification transmitted by the client and authenticating the user payment identification;
the server side encryption module is used for carrying out server side encryption on the user payment identification when the user payment identification is successfully authenticated, generating a server side payment identification, and returning the server side payment identification and the randomly generated random keyboard code to the client side;
and the payment authentication module is used for receiving the payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information.
In order to solve the above problems, the present invention also provides a secure payment apparatus, which is installed at a client, comprising:
The client encryption module is used for acquiring a payment identifier based on a payment request, encrypting the payment identifier by a client, generating a user payment identifier and transmitting the user payment identifier to a server;
the service authentication module is used for receiving the service end payment identifier returned by the service end and the random keyboard code and authenticating the service end payment identifier;
and the generation module is used for generating a payment keyboard according to the random keyboard code when the payment authentication of the server passes, generating a payment code according to the payment information input by the user through the payment keyboard, and transmitting the payment code to the server for payment authentication.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
a memory storing at least one computer program; and
And a processor executing the computer program stored in the memory to implement the secure payment method.
In order to solve the above-mentioned problems, the present invention also provides a computer-readable storage medium having stored therein at least one instruction that is executed by a processor in an electronic device to implement the secure payment method described above.
The embodiment of the invention utilizes the server to authenticate the user payment identifier sent by the client and utilizes the client to authenticate the server payment identifier sent by the server, thereby realizing double authentication of the client and the server; further, when the payment authentication of the server passes, the embodiment of the invention generates the payment keyboard according to the random keyboard code returned by the server, thereby further ensuring the safety of the payment information of the user. Therefore, the safety payment method, the device, the electronic equipment and the computer readable storage medium provided by the embodiment of the invention improve the safety of mobile payment.
Drawings
Fig. 1 is a flow chart of a secure payment method applied to a server according to a first embodiment of the present invention;
fig. 2 is a flow chart of a secure payment method applied to a client according to a second embodiment of the present invention;
fig. 3 is a schematic block diagram of a secure payment apparatus applied to a server according to a third embodiment of the present invention;
fig. 4 is a schematic block diagram of a payment device applied to secure payment of a client according to a fourth embodiment of the present invention;
fig. 5 is a schematic diagram of an internal structure of an electronic device for implementing a secure payment method according to a fifth embodiment of the present invention;
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides a secure payment method, and an execution subject of the secure payment method includes, but is not limited to, at least one of a server, a client and the like, which can be configured to execute the method provided by the embodiment of the application. In other words, the secure payment method may be performed by software or hardware installed on a client or a server, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like.
In the embodiment of the invention, the secure payment method is realized through interaction of a client or a server, wherein the client can use portable electronic equipment such as a notebook computer, a desktop computer, a smart phone and the like of a user, intelligent wearable equipment and the like, and the core of the embodiment of the invention is as follows: when the client performs transaction payment, firstly, a user payment identifier comprising an encrypted user unique identifier is sent to a server for authentication; after the server passes the authentication of the user payment identifier, encrypting the user payment identifier again at the server to generate a server payment identifier, generating a random keyboard code, and transmitting the server payment identifier and the random keyboard code to the client; and after the client passes the authentication of the payment identifier of the server, generating a payment keyboard according to the random keyboard code for a user to input payment information. The invention performs double authentication on the server and the client, and the payment keyboard is not realized by the mobile payment App, but generated according to the arrangement of the server, so that the safety of payment information of a user is further ensured.
The implementation principle of the present invention is further described below with reference to fig. 1 and 3.
The secure payment method provided by the first embodiment of the present invention is described with reference to the flowchart shown in fig. 1. The method described in fig. 1 is applied to a server, and includes:
s10, receiving a user payment identifier transmitted by a client, and authenticating the user payment identifier.
In a preferred embodiment of the present invention, the client may also be referred to as a mobile payment terminal, and is used for conducting payment transactions, including, but not limited to: cell phones, tablets, PCs, etc. The user payment identifier refers to a unique user identifier based on client encryption, wherein the unique user identifier comprises, but is not limited to, gestures, fingerprints, passwords and the like of a user.
Further, the embodiment of the invention utilizes the pre-constructed security credentials to authenticate the user payment identifier.
The pre-constructed security credential refers to a data credential for data communication between the client and the server. Preferably, in the present invention, the security credential includes: digital signature, validity time, domain name, etc. In an alternative embodiment of the invention, the security credentials are built by secure socket protocols (Secure Sockets Layer, SSL).
The embodiment of the invention identifies the encryption plaintext of the client payment identifier based on the security credential, decrypts the encryption plaintext in the client payment identifier through a preset decryption algorithm to obtain the unique user identifier, and authenticates the unique user identifier by using the pre-stored identity authentication information. Wherein the preset decryption algorithm corresponds to the encryption algorithm for encrypting the plaintext.
Further, in order to ensure the security of the identity authentication information, in the embodiment of the present invention, the identity authentication information may be stored in a blockchain.
Based on the authentication of the user payment identifier, the authenticity of the user payment identifier in the client can be identified.
And S11, when the authentication of the user payment identifier is successful, encrypting the user payment identifier by a server side, generating a server side payment identifier, and returning the server side payment identifier and the randomly generated random keyboard code to the client side.
In the embodiment of the invention, when the user payment authentication is successful, the server side encryption is carried out on the user payment identifier by using the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
The random keyboard code may be understood as a sequence of character codes randomly shuffled in sequence. In the embodiment of the invention, the random keyboard code is used for generating a virtual payment keyboard when the client performs transaction payment, namely, character arrangement in the payment keyboard is arranged according to the random keyboard code. In the embodiment of the invention, in order to further ensure the security, the random keyboard code may be provided with security timeliness.
And S12, receiving the payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information to obtain a payment result.
In at least one embodiment of the present invention, when the client verifies the payment identifier of the server successfully, a virtual payment keyboard is generated according to the random keyboard code, and the user can input payment information through the virtual payment keyboard to generate a payment code and transmit the payment code to the server. In other embodiments of the present invention, when the authentication of the client to the server payment identifier fails, a virtual payment keyboard is not generated at the client, and thus the payment code cannot be generated.
In an embodiment of the present invention, the performing payment authentication on the payment information includes: and identifying whether the payment information in the payment code is consistent with the payment authentication information stored in the server side by the user in advance, if so, the authentication result is successful authentication, and if not, the authentication result is failed authentication. Further, in the embodiment of the present invention, a payment result is identified according to the authentication result, that is, if the authentication result is authentication success, the payment result is payment success, and if the authentication result is authentication failure, the payment result is payment failure.
Preferably, in order to secure the payment authentication information, the payment authentication information may also be stored in the blockchain node.
In a preferred embodiment of the present invention, the method further comprises:
setting the security time of the random keyboard code;
and discarding the payment code when the receiving time of the payment code is not within the security age, so as to further ensure the security of payment.
A secure payment method provided by a second embodiment of the present invention is described with reference to a flowchart shown in fig. 2. Wherein the method described in fig. 2 is applied to a client, comprising:
s20, based on the payment request, acquiring a payment identifier, encrypting the payment identifier by a client, generating a user payment identifier, and transmitting the user payment to a server.
In the preferred embodiment of the present invention, the payment request refers to an interaction behavior generated by the user and the payment platform of the system, for example, the user a views a watch in the watch mall platform through the mobile phone terminal, and before making payment, sends a payment behavior requesting payment on the mobile phone terminal of the user a, where the payment behavior is the payment request.
Further, in a preferred implementation of the present invention, the obtaining the payment identifier based on the payment request includes:
identifying a payment environment according to the payment request; and receiving user credentials input by a user in the payment environment to obtain the payment identification.
The payment environment refers to a transaction environment when a user performs payment, and preferably, the payment environment is identified through a preset Linux statement, wherein the preset Linux statement may be an OpenSSL statement. The user credential refers to a user unique identifier, for example, the user unique identifier may be: gestures, fingerprints, passwords, etc. of the user.
Further, in the preferred embodiment of the present invention, the method of encrypting the client is the same as the above-mentioned method of encrypting the server, and further description is omitted herein.
S21, receiving a server payment identifier and a random keyboard code returned by the server, decrypting the server payment identifier, and authenticating the server payment identifier according to the user payment identifier.
In the preferred implementation of the invention, the server payment identifier and the random keyboard code refer to an authentication result generated by the server encrypting the user payment identifier which is successfully authenticated by the server.
Further, in the preferred implementation of the present invention, the authentication is performed on the server payment identifier, that is, the server payment identifier is decrypted, and preferably, the embodiment of the present invention decrypts the encrypted plaintext in the server payment identifier by using a corresponding decryption algorithm according to an encryption algorithm adopted when the user payment identifier is encrypted at the server.
In the preferred implementation of the invention, the authenticity of the corresponding service end of the client can be identified by decrypting the service payment identifier, so that the reliability degree of the corresponding service end can be judged, and the reliability of the payment environment can be enhanced.
Further, another embodiment of the present invention further includes: and when the authentication of the server fails, generating an error status code to prompt the user for error information.
And S22, when the payment authentication of the server passes, generating a payment keyboard according to the random keyboard code, generating a payment code according to the payment information input by the user through the payment keyboard, and transmitting the payment code to the server for payment authentication.
In at least one embodiment of the invention, when the payment authentication of the server passes, a payment keyboard is generated according to the random keyboard code, a payment code is generated according to payment information input by a user through the payment keyboard, and the payment code is transmitted to the server for payment authentication.
In an embodiment of the present invention, the generating a payment keyboard according to the random keyboard code includes: acquiring the arrangement sequence of characters in the random keyboard code; and constructing a virtual keyboard, and carrying out interface configuration on the virtual keyboard according to the arrangement sequence of the characters to obtain a payment keyboard.
In the embodiment of the invention, the virtual keyboard is compiled through the preset scripting language and is used for supporting the user to input the payment code, and meanwhile, the payment keyboard is generated based on the random keyboard code, so that the payment code input by the user can be ensured to have certain timeliness, disorder and safety, and the payment operation can not be performed even if the payment information of the user is illegally acquired or the payment program code is tampered, thereby greatly improving the payment safety of the user.
In summary, the embodiment of the invention uses the server to authenticate the user payment identifier sent by the client and uses the client to authenticate the server payment identifier sent by the server, thereby realizing the dual authentication of the client and the server.
Fig. 3 is a schematic block diagram of a secure payment apparatus applied to a server according to a third embodiment of the present invention.
The secure payment apparatus 100 applied to a server may be installed in an electronic device. The secure payment apparatus applied to the server may include an identity authentication module 101, a server encryption module 102, and a payment authentication module 103 according to the implemented functions. The module of the present invention may also be referred to as a unit, meaning a series of computer program segments capable of being executed by the processor of the electronic device and of performing fixed functions, stored in the memory of the electronic device.
In the present embodiment, the functions concerning the respective modules/units are as follows:
The identity authentication module 101 is configured to receive a user payment identifier transmitted by a client, and authenticate the user payment identifier.
In a preferred embodiment of the present invention, the client may also be referred to as a mobile payment terminal, and is used for conducting payment transactions, including, but not limited to: cell phones, tablets, PCs, etc. The user payment identifier refers to a unique user identifier based on client encryption, wherein the unique user identifier comprises, but is not limited to, gestures, fingerprints, passwords and the like of a user.
Further, in the embodiment of the present invention, the identity authentication module 101 uses a pre-constructed security credential to authenticate the user payment identifier.
The pre-constructed security credential refers to a data credential for data communication between the client and the server. Preferably, in the present invention, the security credential includes: digital signature, validity time, domain name, etc. In an alternative embodiment of the invention, the security credentials are built by secure socket protocols (Secure Sockets Layer, SSL).
In the embodiment of the present invention, the identity authentication module 101 performs user payment authentication in the following manner: based on the security credentials, identifying an encrypted plaintext of the client payment identifier, decrypting the encrypted plaintext in the client payment identifier by a preset decryption algorithm to obtain the unique user identifier, and authenticating the unique user identifier by using pre-stored identity authentication information. Wherein the preset decryption algorithm corresponds to the encryption algorithm for encrypting the plaintext.
Further, in order to ensure the security of the identity authentication information, in the embodiment of the present invention, the identity authentication information may be stored in a blockchain.
Based on the authentication of the user payment identifier, the authenticity of the user payment identifier in the client can be identified.
The server side encryption module 102 is configured to encrypt the user payment identifier at the server side when authentication of the user payment identifier is successful, generate a server side payment identifier, and return the server side payment identifier and the randomly generated random keyboard code to the client side.
In the embodiment of the present invention, when the user payment authentication is successful, the server encryption module 102 encrypts the user payment identifier by using the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
The random keyboard code may be understood as a sequence of character codes randomly shuffled in sequence. In the embodiment of the invention, the random keyboard code is used for generating a virtual payment keyboard when the client performs transaction payment, namely, character arrangement in the payment keyboard is arranged according to the random keyboard code. In the embodiment of the invention, in order to further ensure the security, the random keyboard code may be provided with security timeliness.
The payment authentication module 103 is configured to receive a payment code transmitted by a client, obtain payment information of a user according to the payment code and the random keyboard code, and perform payment authentication on the payment information to obtain a payment result.
In at least one embodiment of the present invention, when the payment authentication module 103 responds to the successful verification of the server-side payment identifier, a virtual payment keyboard is generated according to the random keyboard code, and the user can input payment information through the virtual payment keyboard to generate a payment code and transmit the payment code to the server-side. In other embodiments of the present invention, when the authentication of the client to the server payment identifier fails, a virtual payment keyboard is not generated at the client, and thus the payment code cannot be generated.
In the embodiment of the present invention, the payment authentication is performed on the payment information, and the payment authentication module 103 adopts the following manner: and identifying whether the payment information in the payment code is consistent with the payment authentication information stored in the server side by the user in advance, if so, the authentication result is successful authentication, and if not, the authentication result is failed authentication. Further, in the embodiment of the present invention, a payment result is identified according to the authentication result, that is, if the authentication result is authentication success, the payment result is payment success, and if the authentication result is authentication failure, the payment result is payment failure.
Preferably, in order to secure the payment authentication information, the payment authentication information may also be stored in the blockchain node.
In a preferred embodiment of the present invention, the payment authentication module 103 further includes:
setting the security time of the random keyboard code;
and discarding the payment code when the receiving time of the payment code is not within the security age, so as to further ensure the security of payment.
Fig. 4 is a schematic block diagram of a secure payment apparatus applied to a client according to a fourth embodiment of the present invention.
The secure payment apparatus 200 applied to a client may be installed in an electronic device. The secure payment apparatus applied to the client may include a client encryption module 201, a service authentication module 202, and a generation module 203 according to the implemented functions. The module of the present invention may also be referred to as a unit, meaning a series of computer program segments capable of being executed by the processor of the electronic device and of performing fixed functions, stored in the memory of the electronic device.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the client encryption module 201 is configured to obtain a payment identifier based on a payment request, encrypt the payment identifier by using a client, generate a user payment identifier, and transmit the user payment identifier to a server.
In the preferred embodiment of the present invention, the payment request refers to an interaction behavior generated by the user and the payment platform of the system, for example, the user a views a watch in the watch mall platform through the mobile phone terminal, and before making payment, sends a payment behavior requesting payment on the mobile phone terminal of the user a, where the payment behavior is the payment request.
Further, in a preferred embodiment of the present invention, the obtaining the payment identifier based on the payment request, the client encryption module 201 performs the following steps:
identifying a payment environment according to the payment request; and receiving user credentials input by a user in the payment environment to obtain the payment identification.
The payment environment refers to a transaction environment when a user performs payment, and preferably, the payment environment is identified through a preset Linux statement, wherein the preset Linux statement may be an OpenSSL statement. The user credential refers to a user unique identifier, for example, the user unique identifier may be: gestures, fingerprints, passwords, etc. of the user.
Further, in the preferred embodiment of the present invention, the method of encrypting the client is the same as the above-mentioned method of encrypting the server, and further description is omitted herein.
The service authentication module 202 is configured to receive a service payment identifier and a random keyboard code returned by the service, and authenticate the service payment identifier. In the preferred implementation of the invention, the server payment identifier and the random keyboard code refer to an authentication result generated by the server encrypting the user payment identifier which is successfully authenticated by the server.
Further, in the preferred embodiment of the present invention, the service authentication module 202 authenticates the service payment identifier, that is, decrypts the service payment identifier, and preferably, the service authentication module 202 decrypts the encrypted plaintext in the service payment identifier by using a corresponding decryption algorithm according to an encryption algorithm adopted when the user payment identifier is encrypted at the service.
In a preferred embodiment of the present invention, the service authentication module 202 may identify the authenticity of the service end corresponding to the client by decrypting the service payment identifier, so as to determine the reliability of the corresponding service end, so as to enhance the reliability of the payment environment.
Further, in another embodiment of the present invention, the service authentication module 202 further includes: and when the authentication of the server fails, generating an error status code to prompt the user for error information.
The generating module 203 is configured to generate a payment keyboard according to the random keyboard code when the server payment authentication passes, generate a payment code according to payment information input by a user through the payment keyboard, and transmit the payment code to the server for payment authentication.
In at least one embodiment of the present invention, when the server payment authentication passes, the generating module 203 generates a payment keyboard according to the random keyboard code, generates a payment code according to payment information input by a user through the payment keyboard, and transmits the payment code to the server for payment authentication. The method includes that for a server payment identifier with authentication failure, an error code is played in the client to prompt a user for error information.
In the embodiment of the present invention, the generating a payment keyboard according to the random keyboard code, the generating module 203 is executed in the following manner: acquiring the arrangement sequence of characters in the random keyboard code; and constructing a virtual keyboard, and carrying out interface configuration on the virtual keyboard according to the arrangement sequence of the characters to obtain a payment keyboard.
In the embodiment of the invention, the virtual keyboard is compiled through the preset scripting language and is used for supporting the user to input the payment code, and meanwhile, the payment keyboard is generated based on the random keyboard code, so that the payment code input by the user can be ensured to have certain timeliness, disorder and safety, and the payment operation can not be performed even if the payment information of the user is illegally acquired or the payment program code is tampered, thereby greatly improving the payment safety of the user.
In summary, the embodiment of the invention uses the server to authenticate the user payment identifier sent by the client and uses the client to authenticate the server payment identifier sent by the server, thereby realizing the dual authentication of the client and the server.
In the embodiment of the present invention, the secure payment method may also be applied to a secure payment system, where the secure payment system includes: client and server. Wherein the client performs the method steps described in fig. 1 above, and the server performs the method steps described in fig. 3 above.
Fig. 5 is a schematic structural diagram of an electronic device according to a secure payment method according to a fifth embodiment of the present invention.
In the embodiment of the present invention, the electronic device 1 may be a client or a server. Further, the electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a secure payment program 12, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, including flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may in other embodiments also be an external storage device of the electronic device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only for storing application software installed in the electronic device 1 and various types of data, such as a code for secure payment, etc., but also for temporarily storing data that has been output or is to be output.
The processor 10 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, combinations of various control chips, and the like. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device 1 and processes data by running or executing programs or modules (for example, executing secure payments, etc.) stored in the memory 11, and calling data stored in the memory 11.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable a connection communication between the memory 11 and at least one processor 10 etc.
Fig. 5 shows only an electronic device with components, it being understood by a person skilled in the art that the structure shown in fig. 5 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or may combine certain components, or may be arranged in different components.
For example, although not shown, the electronic device 1 may further include a power source (such as a battery) for supplying power to each component, and preferably, the power source may be logically connected to the at least one processor 10 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described herein.
Further, the electronic device 1 may also comprise a network interface, optionally the network interface may comprise a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the electronic device 1 and other electronic devices.
The electronic device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying data processed in the electronic device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The secure payment 12 stored in the memory 11 in the electronic device 1 is a combination of instructions which, when executed in the processor 10, may implement a secure payment method.
Preferably, when the electronic device 1 is a server, the secure payment method includes:
receiving a user payment identifier transmitted by a client, and authenticating the user payment identifier;
when the user payment identification authentication is successful, carrying out server encryption on the user payment identification, generating a server payment identification, and returning the server payment identification and a randomly generated random keyboard code to the client;
and receiving the payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information.
Further, when the electronic device 1 is a client, the secure payment method includes:
based on a payment request, acquiring a payment identifier, encrypting the payment identifier by a client, generating a user payment identifier, and transmitting the user payment identifier to a server;
receiving a server payment identifier and a random keyboard code returned by the server, and authenticating the server payment identifier;
and when the payment authentication of the server passes, generating a payment keyboard according to the random keyboard code, generating a payment code according to payment information input by a user through the payment keyboard, and transmitting the payment code to the server for payment authentication.
Specifically, the specific implementation method of the above instructions by the processor 10 may refer to descriptions of related steps in the corresponding embodiments of fig. 1 and fig. 2, which are not repeated herein.
Further, the integrated modules/units of the electronic device 1 may be stored in a non-volatile computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains a batch of data for network transactions, for authenticating the validity (anti-counterfeiting) of the data and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (8)
1. A secure payment method, wherein the method is applied to a server, and comprises:
receiving a user payment identifier transmitted by a client, and authenticating the user payment identifier;
when the user payment identification authentication is successful, carrying out server encryption on the user payment identification, generating a server payment identification, and returning the server payment identification and a randomly generated random keyboard code to the client;
receiving a payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information;
The receiving the user payment identifier transmitted by the client, and authenticating the user payment identifier includes: identifying an encrypted plaintext of the user payment identifier, decrypting the encrypted plaintext in the user payment identifier, and authenticating the successfully decrypted user payment identifier according to a prestored security credential;
the step of encrypting the user payment identifier at the server side to generate the server side payment identifier comprises the following steps: the user payment identification is encrypted by a server by the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
2. The secure payment method of claim 1, further comprising:
setting the security time of the random keyboard code;
discarding the payment code when the time of receipt of the payment code is not within the security timeframe.
3. A secure payment method, the method being applied to a client, comprising:
based on a payment request, obtaining a payment identifier, encrypting the payment identifier by a client, generating a user payment identifier, transmitting the user payment identifier to a server for the server to receive the user payment identifier transmitted by the client, authenticating the user payment identifier, encrypting the user payment identifier by the server when the user payment identifier is successfully authenticated, generating a server payment identifier, and returning the server payment identifier and a random keyboard code generated randomly to the client;
Receiving a server payment identifier and a random keyboard code returned by the server, and authenticating the server payment identifier;
when the payment authentication of the server passes, a payment keyboard is generated according to the random keyboard code, a payment code is generated according to payment information input by a user through the payment keyboard, and the payment code is transmitted to the server for payment authentication;
the receiving the user payment identifier transmitted by the client, and authenticating the user payment identifier, includes: identifying an encrypted plaintext of the user payment identifier, decrypting the encrypted plaintext in the user payment identifier, and authenticating the successfully decrypted user payment identifier according to a prestored security credential;
the step of encrypting the user payment identifier at the server side to generate the server side payment identifier comprises the following steps: the user payment identification is encrypted by a server by the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
4. A secure payment method as recited in claim 3, wherein said generating a payment keypad from said random keypad code comprises:
acquiring the arrangement sequence of characters in the random keyboard code;
and constructing a virtual keyboard, and carrying out interface configuration on the virtual keyboard according to the arrangement sequence of the characters to obtain a payment keyboard.
5. A secure payment device, the device being installed at a server, comprising:
the identity authentication module is used for receiving the user payment identification transmitted by the client and authenticating the user payment identification;
the server side encryption module is used for carrying out server side encryption on the user payment identification when the user payment identification is successfully authenticated, generating a server side payment identification, and returning the server side payment identification and the randomly generated random keyboard code to the client side;
the payment authentication module is used for receiving the payment code transmitted by the client, acquiring payment information of a user according to the payment code and the random keyboard code, and performing payment authentication on the payment information;
the receiving the user payment identifier transmitted by the client, and authenticating the user payment identifier includes: identifying an encrypted plaintext of the user payment identifier, decrypting the encrypted plaintext in the user payment identifier, and authenticating the successfully decrypted user payment identifier according to a prestored security credential;
The step of encrypting the user payment identifier at the server side to generate the server side payment identifier comprises the following steps: the user payment identification is encrypted by a server by the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
6. A secure payment device, the device being installed on a client, comprising:
the client encryption module is used for acquiring a payment identifier based on a payment request, carrying out client encryption on the payment identifier, generating a user payment identifier, transmitting the user payment identifier to a server for the server to receive the user payment identifier transmitted by the client, authenticating the user payment identifier, carrying out server encryption on the user payment identifier when the user payment identifier is successfully authenticated, generating a server payment identifier, and returning the server payment identifier and a random keyboard code generated randomly to the client;
the service authentication module is used for receiving the service end payment identifier returned by the service end and the random keyboard code and authenticating the service end payment identifier;
The generation module is used for generating a payment keyboard according to the random keyboard code when the payment authentication of the server passes, generating a payment code according to the payment information input by a user through the payment keyboard, and transmitting the payment code to the server for payment authentication;
the receiving the user payment identifier transmitted by the client, and authenticating the user payment identifier, includes: identifying an encrypted plaintext of the user payment identifier, decrypting the encrypted plaintext in the user payment identifier, and authenticating the successfully decrypted user payment identifier according to a prestored security credential;
the step of encrypting the user payment identifier at the server side to generate the server side payment identifier comprises the following steps: the user payment identification is encrypted by a server by the following method:
wherein E (M) represents a server payment identifier, M represents an mth plaintext in a user payment identifier, t represents the number of the plaintext in the user payment identifier, E represents a wireless non-circulating decimal, mod represents a plaintext encryption function, and N represents the encryption times.
7. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
A memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the secure payment method of any one of claims 1 to 4.
8. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the secure payment method according to any one of claims 1 to 4.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011073558.4A CN112150151B (en) | 2020-10-09 | 2020-10-09 | Secure payment method, apparatus, electronic device and storage medium |
| PCT/CN2021/090308 WO2022073336A1 (en) | 2020-10-09 | 2021-04-27 | Secure payment method and apparatus, electronic device, and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011073558.4A CN112150151B (en) | 2020-10-09 | 2020-10-09 | Secure payment method, apparatus, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112150151A CN112150151A (en) | 2020-12-29 |
| CN112150151B true CN112150151B (en) | 2023-07-14 |
Family
ID=73952694
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011073558.4A Active CN112150151B (en) | 2020-10-09 | 2020-10-09 | Secure payment method, apparatus, electronic device and storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112150151B (en) |
| WO (1) | WO2022073336A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112150151B (en) * | 2020-10-09 | 2023-07-14 | 平安科技(深圳)有限公司 | Secure payment method, apparatus, electronic device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201207190Y (en) * | 2008-05-22 | 2009-03-11 | 北京飞天诚信科技有限公司 | Apparatus for automatically inputting password |
| CN103020825A (en) * | 2012-12-05 | 2013-04-03 | 福建省派活园科技信息有限公司 | Safety payment authentication method based on software client |
| CN111611976A (en) * | 2020-06-04 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | Payment method and device based on face recognition |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9842335B2 (en) * | 2012-03-23 | 2017-12-12 | The Toronto-Dominion Bank | System and method for authenticating a payment terminal |
| CN106920091A (en) * | 2015-12-25 | 2017-07-04 | 北京数码视讯科技股份有限公司 | A kind of method of payment and SOS |
| CN107465701B (en) * | 2017-10-04 | 2021-06-15 | 深圳市杰科创想科技有限公司 | Method and device for inputting password into interface at dynamic position |
| CN112150151B (en) * | 2020-10-09 | 2023-07-14 | 平安科技(深圳)有限公司 | Secure payment method, apparatus, electronic device and storage medium |
-
2020
- 2020-10-09 CN CN202011073558.4A patent/CN112150151B/en active Active
-
2021
- 2021-04-27 WO PCT/CN2021/090308 patent/WO2022073336A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201207190Y (en) * | 2008-05-22 | 2009-03-11 | 北京飞天诚信科技有限公司 | Apparatus for automatically inputting password |
| CN103020825A (en) * | 2012-12-05 | 2013-04-03 | 福建省派活园科技信息有限公司 | Safety payment authentication method based on software client |
| CN111611976A (en) * | 2020-06-04 | 2020-09-01 | 支付宝(杭州)信息技术有限公司 | Payment method and device based on face recognition |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022073336A1 (en) | 2022-04-14 |
| CN112150151A (en) | 2020-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951489B (en) | Digital identity authentication method, equipment, device, system and storage medium | |
| US10972290B2 (en) | User authentication with self-signed certificate and identity verification | |
| US7934096B2 (en) | Integrity protected smart card transaction | |
| US8689290B2 (en) | System and method for securing a credential via user and server verification | |
| CN103167491B (en) | A kind of mobile terminal uniqueness authentication method based on software digital certificate | |
| CN105427099A (en) | Network authentication method for secure electronic transactions | |
| US9065806B2 (en) | Internet based security information interaction apparatus and method | |
| US20140172741A1 (en) | Method and system for security information interaction based on internet | |
| WO2015188424A1 (en) | Key storage device and method for using same | |
| CN110620763B (en) | Mobile identity authentication method and system based on mobile terminal APP | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| CN114499859A (en) | Password verification method, device, equipment and storage medium | |
| CN112862484A (en) | Secure payment method and device based on multi-terminal interaction | |
| CN112150151B (en) | Secure payment method, apparatus, electronic device and storage medium | |
| US8904508B2 (en) | System and method for real time secure image based key generation using partial polygons assembled into a master composite image | |
| CN116226932A (en) | Service data verification method and device, computer medium and electronic equipment | |
| CN116760585A (en) | Information verification method, device, server and medium based on characteristic information | |
| CN116188009A (en) | National cipher soft encryption mode key acquisition method, system, terminal and readable storage medium | |
| CN115600220A (en) | Data processing method, data processing device, computer equipment and storage medium | |
| CN117201124A (en) | Data encryption method, device, computer equipment and storage medium | |
| CN112449143A (en) | Implementation method and implementation system of secure video | |
| CN116866333A (en) | Method and device for transmitting encrypted file, electronic equipment and storage medium | |
| EP3116159A1 (en) | Method and apparatus for securing data transmission |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |