CN112801660A

CN112801660A - Secret-free signing method and device for payment protocol

Info

Publication number: CN112801660A
Application number: CN202110117507.5A
Authority: CN
Inventors: 谢莎莎; 姚远; 张立伟; 胡松鄂
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2021-01-28
Filing date: 2021-01-28
Publication date: 2021-05-14
Anticipated expiration: 2041-01-28
Also published as: CN112801660B

Abstract

A secret-free signing method and a device of a payment protocol can be used in the financial field or other fields. The method comprises the following steps: analyzing a protocol signing request sent by an application software client to obtain signing information and generating an admission request message; wherein, the signing information comprises a customer card number; determining a card issuer according to the customer card number, encrypting the access request message according to a preset encryption rule, and sending the encrypted access request message to a card issuer server; receiving scene access information returned by a card issuer server, and generating a signing request message according to the signing information and the scene access information; and encrypting the signing request message according to the Unionpay encryption rule, and sending the signing request message to the Unionpay server. The invention carries out the admittance verification of the secret-free signing scene and the scene admittance information verification in a pure message interaction mode, thereby completing the signing of the payment protocol, effectively reducing the interaction between the bank client and a plurality of systems and improving the business handling efficiency.

Description

Secret-free signing method and device for payment protocol

Technical Field

The invention relates to the technical field of payment agreement subscription, in particular to a password-free subscription method and device of a payment agreement.

Background

The Unionpay pay type payment is a quick mobile payment product provided by the Unionpay and realized based on the NFC technology of the mobile terminal, and a deduction authorization protocol is signed in advance by a bank client and a mobile terminal manufacturer, the Unionpay and a card issuing bank, so that the bank client does not need to input a bank card password when the subsequent bank client performs the Unionpay type mobile payment under a specific scene and rule agreed by the protocol. According to the payment design, the mobile terminal replaces a bank card, the situation that the bank card needs to be carried every time of payment is avoided, the situation that a bank card password is input in front of people is also avoided, personal privacy and account safety are protected, and meanwhile mobile payment experience of bank customers is improved. However, with the change of the individual bank account classification management mode, the bank is allowed to open class ii and class iii accounts for individuals through electronic channels, and bank debit accounts without card secrets appear, so that two problems exist: firstly, after a bank debit account without a card password is opened on line on application software of the mobile terminal, the bank debit account cannot sign a UnionPay payment agreement on the application software of the mobile terminal due to the fact that the bank card password is not available. Secondly, although the bank customer can set the bank card password subsequently by going to the service network point of the card issuing bank line or downloading the card issuing bank APP client, and then return to the mobile terminal application software to sign the UnionPay payment protocol, the operation of the process is interrupted, the original design purpose of the convenience of the UnionPay payment protocol is violated, and the bank customer is generally refused to accept by the mobile terminal manufacturer.

Disclosure of Invention

Aiming at the problems in the prior art, the embodiments of the present invention mainly aim to provide a secret-free signing method and device for a payment protocol, so as to achieve the purpose of consistent secret-free signing of the payment protocol after a bank debit account without a secret card is opened on line on a mobile terminal application software.

In order to achieve the above object, a secret-free subscription method for a payment protocol, the method comprising:

analyzing a protocol signing request sent by an application software client to obtain signing information, and generating an admission request message according to the signing information; wherein the subscription information comprises a customer card number;

determining a card issuer according to the customer card number, encrypting the admission request message according to a preset encryption rule, and sending the encrypted admission request message to a card issuer server;

receiving scene access information returned by the card issuer server, and generating a signing request message according to the signing information and the scene access information;

and encrypting the signing request message according to the Unionpay encryption rule, and sending the encrypted signing request message to a Unionpay server.

Optionally, in an embodiment of the present invention, the scenario admission information includes an admission verification code and a scenario ID.

Optionally, in an embodiment of the present invention, the subscription information further includes client information, a subscription payment protocol type, and an application ID.

The embodiment of the invention also provides a secret-free signing method of the payment protocol, which comprises the following steps:

analyzing an admission request message sent by an application software server to obtain subscription information corresponding to the admission request message, and performing admission qualification check according to the subscription information corresponding to the admission request message to obtain a check result;

if the checking result is that the checking is passed, determining a timestamp corresponding to the admission request message, and sending scene admission information corresponding to the admission request message to an application software server;

analyzing a signing request message sent by a Unionpay server side to obtain signing information, scene admission information and a timestamp corresponding to the signing request message, and matching according to the signing information, the scene admission information and the timestamp respectively corresponding to the admission request message and the signing request message to obtain a matching result;

and if the matching result is known to be matching pass, verifying the signing information corresponding to the signing request message according to the scene access information corresponding to the signing request message, and sending the generated verification result to a Unionpay server to generate and sign a payment protocol.

Optionally, in an embodiment of the present invention, the subscription information corresponding to the admission request packet includes client information, a client card number, a subscription payment protocol type, and an application ID corresponding to the admission request packet; the signing information corresponding to the signing request message comprises customer information, a customer card number, a signing payment protocol type and an application software ID corresponding to the signing request message.

Optionally, in an embodiment of the present invention, the performing admission qualification check according to the subscription information corresponding to the admission request packet, and obtaining a check result includes: performing application software qualification inspection according to the application software ID corresponding to the admission request message; if the application software qualification check is passed, carrying out the validity check of the signed payment protocol type according to the signed payment protocol type corresponding to the admission request message; if the signed payment protocol type is checked to pass the validity check, the acceptance card validity check is carried out according to the customer card number corresponding to the access request message; and if the acceptance card is checked to pass the validity check, the check result is the check pass.

Optionally, in an embodiment of the present invention, the matching according to the signing information, the scene admission verification code, and the timestamp respectively corresponding to the admission request packet and the signing request packet, and obtaining a matching result includes: determining a time interval according to the timestamp corresponding to the admission request message and the timestamp corresponding to the signing request message; and if the time interval is less than the preset threshold value, matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the access request message with the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the signed request message one by one to obtain a matching result.

Optionally, in an embodiment of the present invention, the scenario admission information corresponding to the subscription request packet includes an admission verification code and a scenario ID.

Optionally, in an embodiment of the present invention, the verifying the subscription information corresponding to the subscription request packet according to the scene admission information corresponding to the subscription request packet includes: determining the account type according to the customer card number corresponding to the signing request message; and verifying the client information and the client card number corresponding to the signing request message according to the account type and a preset verification rule corresponding to the scene ID to generate a verification result.

The embodiment of the invention also provides a secret-free signing device of the payment protocol, which comprises:

the admission request message module is used for analyzing a protocol signing request sent by an application software client to obtain signing information and generating an admission request message according to the signing information; wherein the subscription information comprises a customer card number;

the first message sending module is used for determining a card issuing bank according to the customer card number, encrypting the access request message according to a preset encryption rule and sending the encrypted access request message to a card issuing bank server;

the signing request message module is used for receiving the scene access information returned by the card issuer server and generating a signing request message according to the signing information and the scene access information;

and the second message sending module is used for encrypting the signing request message according to the Unionpay encryption rule and sending the encrypted signing request message to the Unionpay server.

the admission qualification checking module is used for analyzing the admission request message sent by the application software server to obtain the signing information corresponding to the admission request message, and performing admission qualification checking according to the signing information corresponding to the admission request message to obtain a checking result;

a scene access information module, configured to determine a timestamp corresponding to the access request packet and send scene access information corresponding to the access request packet to an application software server if the checking result is that the checking passes;

the information matching module is used for analyzing a signing request message sent by a Unionpay server side, obtaining signing information, scene admission information and a timestamp corresponding to the signing request message, and matching according to the signing information, the scene admission information and the timestamp respectively corresponding to the admission request message and the signing request message to obtain a matching result;

and the verification result module is used for verifying the signing information corresponding to the signing request message according to the scene access information corresponding to the signing request message and sending the generated verification result to the Unionpay server to generate and sign a payment protocol if the matching result is known to be that the matching is passed.

Optionally, in an embodiment of the present invention, the admission qualification checking module includes: the qualification checking unit is used for checking the qualification of the application software according to the application software ID corresponding to the admission request message; the protocol type checking unit is used for checking the validity of the signed payment protocol type according to the signed payment protocol type corresponding to the admission request message if the qualification check of the application software is passed; the acceptance card checking unit is used for checking the validity of the acceptance card according to the client card number corresponding to the access request message if the validity check of the signed payment protocol type is passed; and the checking result unit is used for judging that the checking result is the checking pass if the acceptance card passes the validity checking.

Optionally, in an embodiment of the present invention, the information matching module includes: a time interval unit, configured to determine a time interval according to a timestamp corresponding to the admission request packet and a timestamp corresponding to the subscription request packet; and the matching result unit is used for matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene admission information corresponding to the admission request message with the client information, the client card number, the signed payment protocol type, the application software ID and the scene admission information corresponding to the signed request message one by one to obtain a matching result if the time interval is less than the preset threshold.

Optionally, in an embodiment of the present invention, the verification result module includes: the account type unit is used for determining the account type according to the customer card number corresponding to the signing request message; and the verification result unit is used for verifying the client information and the client card number corresponding to the signing request message according to the account type and the preset verification rule corresponding to the scene ID to generate a verification result.

The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method when executing the program.

The present invention also provides a computer-readable storage medium storing a computer program for executing the above method.

The invention realizes the purpose of signing a payment protocol continuously after a bank debit account without a card secret is opened on line on the application software of the mobile terminal, and simultaneously, the admission verification of a secret-free signing scene and the scene admission information verification are carried out in a pure message interaction mode, thereby completing the signing of the payment protocol, effectively reducing the interaction between bank customers and a plurality of systems, and improving the business handling efficiency.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.

Fig. 1 is a flowchart of a secret-free subscription method of a payment protocol according to an embodiment of the present invention;

fig. 2 is a flowchart of a secret-free subscription method of a payment protocol according to another embodiment of the present invention;

FIG. 3 is a flowchart illustrating qualification checking according to an embodiment of the present invention;

FIG. 4 is a flow chart of information matching in an embodiment of the present invention;

FIG. 5 is a flow chart of account verification in an embodiment of the present invention;

FIG. 6 is a flow chart of interaction among participants in an embodiment of the present invention;

fig. 7 is a flowchart of admission qualification inspection and scene admission information acquisition in an embodiment of the present invention;

FIG. 8 is a flowchart of a secret-free contract-signing pay-type payment protocol in an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a secret-free subscription apparatus for a payment protocol according to an embodiment of the present invention;

fig. 10 is a schematic structural diagram of a secret-free subscription apparatus for a payment protocol according to another embodiment of the present invention;

FIG. 11 is a schematic structural diagram of an admission qualification inspection module according to an embodiment of the present invention;

FIG. 12 is a diagram illustrating a structure of an information matching module according to an embodiment of the present invention;

FIG. 13 is a block diagram of a verification result module according to an embodiment of the present invention;

fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The embodiment of the invention provides a secret-free signing method and a secret-free signing device for a payment protocol, which can be used in the financial field or other fields.

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

As shown in fig. 1, which is a flowchart of a secret-free subscription method for a payment protocol according to an embodiment of the present invention, an execution subject of the secret-free subscription method for a payment protocol provided in the embodiment of the present invention may be an application software server of a mobile terminal. The method shown in the figure comprises the following steps:

step S101, analyzing a protocol signing request sent by an application software client to obtain signing information, and generating an admission request message according to the signing information; wherein the subscription information includes a customer card number.

Before receiving a protocol signing request sent by an application software client of the mobile terminal, the bank client enters the application software client of the mobile terminal and clicks and triggers a password-free (namely, card password-free) payment protocol signing operation. The mobile terminal application software client displays a secret-free payment protocol signing page, and page signing elements comprise client information (name, certificate type, certificate number and the like), client bank card information (client card number, card secret and the like) and bank reserved mobile phone numbers. And the bank client inputs the signing element at the mobile terminal application software client and clicks to acquire the short message verification code at the mobile terminal application software client. The mobile terminal application software client checks the validity of input information (including whether the certificate number is 15 bits or 18 bits if the certificate type is an identity card, and whether the front 17 bits can only be numbers if the certificate number is 18 bits, and the last bit is numbers or letters, etc.), and after the check is passed, the mobile terminal application software client sends a request for obtaining a short message verification code to check the validity of the short message verification code. And after the validity of the short message verification code is verified, the mobile terminal application software client sends a protocol signing request.

And receiving and analyzing the protocol signing request to obtain the signing information input by the bank customer at the mobile terminal application software client, wherein the signing information comprises customer information, a customer card number, a signing payment protocol type and the application software ID of the mobile terminal. And generating an admission request message according to the appointed format of the card issuing bank interface message, the client information, the client card number, the signed payment protocol type and the application software ID.

And step S102, determining a card issuing bank according to the customer card number, encrypting the access request message according to a preset encryption rule, and sending the encrypted access request message to a card issuing bank server.

The card issuing bank is identified according to the customer card number, and the access request message is encrypted according to a preset encryption rule. The preset encryption rule may be an encryption rule agreed with an issuer. And sending the encrypted admission request message to a card issuer service end.

Step S103, receiving the scene access information returned by the card issuer service terminal, and generating a signing request message according to the signing information.

After receiving the admission request message, the service end of the card issuer performs admission qualification check according to the admission request message, and returns scene admission information after the admission qualification check passes.

Specifically, the scene admission information includes an admission verification code and a scene ID. The access verification code may be a randomly generated serial code or a serial code generated according to a preset generation rule. The access verification code may be a number, letter and character, or any combination of numbers, letters and characters. The scene ID may be a digital code representing a scene of the current payment agreement contract, e.g., contract hua is a wallet.

Further, after receiving the scene access information returned by the card issuing bank server, the signing information, including the customer information, the customer card number, the signing payment protocol type and the application software ID, and the scene access information are assembled into a signing request message.

And step S104, encrypting the signing request message according to the Unionpay encryption rule, and sending the encrypted signing request message to the Unionpay server.

And the signing request message is encrypted according to the Unionpay encryption rule, and the encrypted signing request message is sent to the Unionpay server side for subsequent processing of the payment protocol signing.

As shown in fig. 2, which is a flowchart of a secret-less subscription method for a payment protocol according to another embodiment of the present invention, an executive subject of the secret-less subscription method for a payment protocol provided in the embodiment of the present invention may be an issuer server. The method shown in the figure comprises the following steps:

step S201, analyzing an admission request packet sent by an application software server to obtain subscription information corresponding to the admission request packet, and performing admission qualification check according to the subscription information corresponding to the admission request packet to obtain a check result.

The method comprises the steps of receiving an admission request message sent by an application software server of the mobile terminal, decrypting and analyzing the admission request message, and obtaining subscription information input by a bank user at an application software client of the mobile terminal, wherein the subscription information comprises client information and a client card number corresponding to the admission request message, and a subscription payment protocol type and an application software ID. And performing admission qualification inspection by using the subscription information obtained by analysis, wherein the admission qualification inspection comprises application software qualification inspection, subscription payment protocol type validity inspection and acceptance card validity inspection.

Specifically, the qualification inspection of the application software may be performed by using a preset permitted white list of the application software, and whether the application software of the mobile terminal is in the permitted white list is determined according to the application software ID, and if yes, the qualification inspection of the application software passes. The signed payment protocol type validity check means whether the payment protocol currently performed by the application software is within the authority range of the application software, for example, whether the application software has the authority of signing a certain payment protocol without secret is checked, and if the application software has the authority of signing a certain payment protocol without secret, the signed payment protocol type validity check is passed. And the acceptance card validity check means that after the signed payment protocol type validity check is passed, whether the bank card supports the current payment protocol signing is judged according to the customer card number. In particular, different types of bank cards, such as credit or debit cards, support contracting different payment protocols. Therefore, it is necessary to determine whether the current customer bank card has the authority to sign a certain payment protocol, and if so, the acceptance card validity check is passed. And when the acceptance card passes the validity check, obtaining a check result as pass. If the inspection fails in the admission qualification inspection process, the inspection result is failed.

Step S202, if the checking result is that the checking is passed, determining a timestamp corresponding to the admission request message, and sending scene admission information corresponding to the admission request message to an application software server.

And when the admission qualification check is passed, recording the current time as a timestamp corresponding to the admission request message, and sending scene admission information to the application software server. The scene admission information includes an admission verification code and a scene ID. The access verification code may be a randomly generated serial code or a serial code generated according to a preset generation rule. The access verification code may be a number, letter and character, or any combination of numbers, letters and characters. The scene ID may be a digital code representing a scene of the current payment agreement contract, e.g., contract hua is a wallet.

Step S203, analyzing the signing request message sent by the Unionpay server side to obtain signing information, scene admission information and timestamps corresponding to the signing request message, and matching according to the signing information, the scene admission information and the timestamps corresponding to the admission request message and the signing request message respectively to obtain a matching result.

After receiving the scene access information, the application software server of the mobile terminal sends a subscription request message to the Unionpay server. And the UnionPay service terminal decrypts and analyzes the signing request message, determines the card issuing bank, re-encrypts the signing request message and then transparently transmits the signing request message to the card issuing bank. The encryption rule of the Unionpay service end can be a Unionpay encryption rule or a preset encryption rule agreed with an issuer.

Further, after the signing request message sent by the Unionpay server is decrypted and analyzed, the signing information corresponding to the signing request message is obtained, and the signing information comprises client information, a client card number, a signing payment protocol type, an application software ID, scene admission information and a timestamp corresponding to the signing request message. And determining the time interval of the two timestamps according to the timestamp of the signing request message and the timestamp corresponding to the admission request message, wherein if the time interval does not exceed a preset threshold, for example, 1 minute. And matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information which respectively correspond to the signing request message and the access request message one by one, detecting whether the signing request message and the access request message are consistent, and if so, determining that the matching result is that the matching is passed.

And step S204, if the matching result is known to be matching pass, verifying the signing information corresponding to the signing request message according to the scene access information corresponding to the signing request message, and sending the generated verification result to the Unionpay server to generate and sign the payment protocol.

After the matching is passed, verifying the customer information and the customer card number according to the scene access information corresponding to the signing request message, specifically, according to the scene ID in the scene access information and aiming at the account type corresponding to the customer card number. Furthermore, the information of the name, the certificate number, the card number and the like of the client can be checked, and a verification result can be generated. And sending the verification result to a Unionpay server to generate and sign a payment protocol. In particular, the authentication process based on the scene admission information does not require the authentication of the card password.

Further, after receiving the verification result, the Unionpay service end judges whether the verification result is passed. If the verification result is that the verification fails, the payment protocol subscription is terminated, subscription failure information is returned to an application software server side of the mobile terminal, and a subscription failure page is displayed to the bank client by an application software client side of the mobile terminal. And if the verification result is that the verification is passed, the bank card server returns the payment protocol number to the card issuer server and the application software server of the mobile terminal. The card issuing bank server stores information such as a payment protocol number, customer information, a customer card number and the like, the application software server of the mobile terminal stores information such as the payment protocol number, the customer information, the customer card number and the like, and displays a successful signing page to a bank customer through an application software client of the mobile terminal.

As an embodiment of the present invention, the subscription information corresponding to the admission request packet includes the client information, the client card number, the subscription payment protocol type and the application software ID corresponding to the admission request packet; the signing information corresponding to the signing request message comprises client information, a client card number, a signing payment protocol type and an application software ID corresponding to the signing request message.

In this embodiment, as shown in fig. 3, performing admission qualification check according to the subscription information corresponding to the admission request packet, and obtaining a check result includes:

and step S2011, performing qualification check on the application software according to the application software ID corresponding to the admission request message.

The qualification inspection of the application software can be performed by using a preset permitted white list of the application software, whether the application software of the mobile terminal is in the permitted white list is judged according to the ID of the application software, and if so, the qualification inspection of the application software passes.

Step S2012, if it is known that the qualification check of the application software passes, performing a validity check on the subscription payment protocol type according to the subscription payment protocol type corresponding to the admission request packet.

And after the qualification check of the application software passes, carrying out the legality check of the signed payment protocol type. The signed payment protocol type validity check means whether the payment protocol currently performed by the application software is within the authority range of the application software, for example, whether the application software has the authority of signing a certain payment protocol without secret is checked, and if the application software has the authority of signing a certain payment protocol without secret, the signed payment protocol type validity check is passed.

And step S2013, if the signed payment protocol type validity check is passed, performing acceptance card validity check according to the client card number corresponding to the admission request message.

And after the signed payment protocol type validity check is passed, performing acceptance card validity check. And the acceptance card validity check means that after the signed payment protocol type validity check is passed, whether the bank card supports the current payment protocol signing is judged according to the customer card number. In particular, different types of bank cards, such as credit or debit cards, support contracting different payment protocols. Therefore, it is necessary to determine whether the current customer bank card has the authority to sign a certain payment protocol, and if so, the acceptance card validity check is passed.

In step S2014, if it is known that the acceptance card validity check passes, the check result is a check pass.

And when the acceptance card passes the validity check, the check result is a pass. In addition, if the inspection fails during the admission qualification inspection, the inspection result is failed.

As an embodiment of the present invention, as shown in fig. 4, the obtaining a matching result by matching according to the subscription information, the scene admission information, and the timestamp respectively corresponding to the admission request packet and the subscription request packet includes:

step S2031, determining a time interval according to the timestamp corresponding to the admission request message and the timestamp corresponding to the signing request message.

The time interval between the two timestamps is determined according to the timestamp of the subscription request packet and the timestamp corresponding to the admission request packet, and may be, for example, 40 seconds.

Step S2032, if the time interval is less than the preset threshold, matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the access request message with the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the signed request message one by one to obtain a matching result.

Wherein, if the time interval does not exceed a preset threshold, for example, 1 minute. And matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information which respectively correspond to the signing request message and the access request message one by one, detecting whether the signing request message and the access request message are consistent, and if so, determining that the matching result is that the matching is passed.

As an embodiment of the present invention, the scenario admission information corresponding to the subscription request packet includes an admission verification code and a scenario ID.

The access verification code may be a randomly generated serial code or a serial code generated according to a preset generation rule. The access verification code may be a number, letter and character, or any combination of numbers, letters and characters. The scene ID may be a digital code representing a scene of the current payment agreement contract, e.g., contract hua is a wallet.

In this embodiment, as shown in fig. 5, verifying the subscription information corresponding to the subscription request packet according to the scene admission information corresponding to the subscription request packet includes:

step S2041, the account type is determined according to the customer card number corresponding to the signing request message.

Wherein the account type can be determined from the customer card number, for example, a debit account or a credit account.

Step S2042, verifying the customer information and the customer card number corresponding to the signing request message according to the account type and the preset verification rule corresponding to the scene ID, and generating a verification result.

And verifying the customer information and the customer card number according to the scene ID in the scene access information and the account type corresponding to the customer card number. Furthermore, the information of the name, the certificate number, the card number and the like of the client can be checked, and a verification result can be generated.

Specifically, if the account is a debit account, matching the debit account in a debit account register, and verifying the account according to information such as name, card number and the like without verifying the bank card password; and if the account is the credit account, matching the account in a credit account register, and verifying the account according to the information such as the name, the card number and the like without verifying the bank card password. The account verification process is followed by obtaining a verification result, wherein the verification result comprises verification passing or verification failing.

In an embodiment of the present invention, as shown in fig. 6, a cipher-free subscription process of a unionpay pay type payment protocol is taken as an example, and the cipher-free subscription process mainly includes five parties, namely, a bank client, a mobile terminal application software server, a unionpay server, and a card issuing bank server. Wherein, the mobile terminal application software client referred in the process is a client APP of the mobile terminal (for example, wayside wallet, etc.), and the original overall interactive process of each participant specifically includes:

and S1, the bank client enters the mobile terminal application software client and clicks and triggers the UnionPay payment protocol signing operation.

And S2, the mobile terminal application software client displays a Unionpay pay payment protocol signing page, and the page signing elements comprise identity information (name, certificate type, certificate number and the like), bank card information (bank card number, card password and the like) and bank reserved mobile phone numbers.

And S3, the bank client inputs the specific information of the signing elements at the mobile terminal application software client, wherein the specific information comprises identity information (name, certificate type, certificate number and the like), bank card information (bank card number, card password and the like) and bank reserved mobile phone number.

And S4, the bank client clicks the mobile terminal application software client to obtain the short message verification code.

S5, the mobile terminal application software client checks the validity of the input information (including if the certificate type is an identity card, checking whether the certificate number is 15 digits or 18 digits, if the certificate number is 18 digits, the first 17 digits can only be digits, and the last digit is a digit or a letter, etc.), and after the check is passed, the mobile terminal application software client forwards a request for obtaining the short message verification code to the mobile terminal application software server.

And S6, the mobile terminal application software server side assembles the message according to the interface specification of the Unionpay and the card issuing bank agreement, encrypts the message and sends the encrypted message to the Unionpay server side, and obtains the card issuing bank short message verification code.

And S7, the Unionpay server analyzes the message, matches the card number with the card issuing bank according to the card number information in the uploading interface message, and transmits the message information to the card issuing bank server.

And S8, after receiving the mobile terminal application software server interface message transmitted by the Unionpay server, the card issuing bank server sends a short message verification code to the client reserved mobile phone number in the message.

And S9, the bank customer inputs the short message verification code at the mobile terminal application software client.

And S10, the mobile terminal application software client checks the validity of the input short message verification code (including whether the verification code is a 6-digit number or not), and after the verification is passed, the mobile terminal application software client forwards the request to the mobile terminal application software server.

S11-S12, as shown in fig. 7, specifically includes:

a1, the mobile terminal application software server identifies the card issuing bank according to the card number information in the request information, assembles the message according to the appointed format of the card issuing bank interface message, based on the information such as the name, the card number, the type of the signed payment protocol and the like input by the client at the mobile terminal client and the information such as the api (namely the application software ID) and the like, encrypts and sends the message to the card issuing bank server for access check.

a2, the card issuing bank server analyzes the message, obtains the appid information in the message, and performs the admission qualification check of the appid.

a3, if the apid qualification check is passed, the issuer service end obtains the information of the signed payment protocol type in the message, and checks the legality of the payment protocol type according to the current apid.

a4, if the legality check of the payment protocol type passes, the card issuing bank server side obtains the card number information in the message, and the legality check of the acceptable card number range is carried out according to the current appid.

a5, if the validity check of the card number range passes, the card issuing bank server end records the appid, the type of the signed payment agreement, the name, the card number and the current system time stamp.

a6, after the system records the system timestamp, the card issuer server returns the verification code and scene id (in the format of "verification code | scene id"), i.e. scene access information, permitted by the specific scene to the mobile terminal application software server.

S13-S17, as shown in fig. 8, specifically includes:

b1, the mobile terminal application software server side assembles a message and encrypts the message to send to the Unionpay server side (wherein the verification code | scene id ' is sent to the field of the extended domain ' bankchannel date ') on the basis of the information of the name, the card number, the signed payment protocol type and the like input by the client at the mobile terminal application software client side, and the verification code and the scene id (the format is ' verification code | scene id ') permitted by the specific scene and acquired from the card issuer.

b2, the Unionpay server analyzes the message, if the message is successfully analyzed, the card number field in the message is obtained, and the card issuer information is obtained according to the card number information.

b3, the Unionpay server transparently transmits the encrypted message sent by the mobile terminal application software server to the card issuer server to which the card number belongs in a message interaction mode according to the card issuer information.

b4, the issuer server analyzes the message, and if the message is successfully analyzed, the field information (in the format of 'verification code | scene id') of the extended domain 'bankchannel date' is firstly obtained.

b5, the issuer server determines whether the specific scene identifier in the extension field in the message is empty, that is, determines whether the current protocol signing scene belongs to a secret-free signing scene.

b6, if the specific scene mark in the expanded field in the message is not empty, the issuer server matches the information such as appid, the type of the signed payment protocol, the verification code | scene id, and the like, and obtains the timestamp recorded by the system, and the timestamp is compared with the system time of the current transaction, and the time interval is not more than 1 minute.

b7, if the matching check is passed, the card issuer service end according to the current scene id parameter:

a: if the account is a debit account, matching the debit account in a debit account register, verifying the account according to information such as name, card number and the like, and not verifying the bank card password;

b: if yes, matching in a credit account register book, carrying out account verification according to information such as name, card number and the like, and not verifying the bank card password;

and determining whether the account verification passes according to the result: if the verification is passed, returning a verification passing receipt to the Unionpay service end; and if the verification is not passed, returning a receipt that the verification is not passed to the UnionPay service end.

S18, if the specific scene mark in the extension field in the message is empty, namely the non-secret-free signing scene, the card issuing bank server side checks the following information in sequence:

A. the identity information, card number information, mobile phone number and verification code of the bank client in the verification field comprise a name, a certificate type code, a certificate number, a bank reserved mobile phone number, a short message verification code and the like;

B. after the verification of the previous step is passed, judging the type of the card number in the message to be sent;

C. if the account is a debit account, matching and checking information such as a card number and a card password in a debit account register;

D. if the account is a credit account, matching and checking information such as a card number and the like in a credit account register, and not checking the card number and the like;

determining whether the account verification passes according to the result, and if the account verification passes, returning a verification passing receipt to the Unionpay service end; and if the verification is not passed, returning a receipt that the verification is not passed to the UnionPay service end.

And S19, the Unionpay server judges whether the account verification is passed.

And S20, if the account passes the verification, the Unionpay service end generates a Unionpay pay type payment protocol number and sends the number to the card issuing bank service end and the mobile terminal application software service end.

And S21A, the mobile terminal application software server receives the Unionpay pay type payment protocol number returned by the Unionpay server in real time, stores the number to the mobile terminal application software server, stores the number in the mobile terminal application software server, and informs the mobile terminal application software client of the successful signing result, wherein the information comprises a client identification number, a protocol type, a protocol number and the like.

And S21B, the card issuing bank server receives the UnionPay payment protocol number returned by the UnionPay server, stores the number into a card issuing bank server client protocol table, and stores information including name, bank card number, protocol type, protocol number and the like.

And S22, the mobile terminal application software client successfully signs the contract according to the showing Unionpay pay type payment protocol.

The password-free signing method of the payment protocol solves the problem that bank debit accounts without passwords cannot sign payment protocols such as UnionPay payment protocols at the mobile terminal application software client through the interactive cooperation of the bank client, the mobile terminal application software server, the UnionPay server and the card issuing bank server. The method aims to improve the signing convenience of the Unionpay payment agreement in a specific scene, technically solves the problem that the Bank client cannot continuously sign the Unionpay payment agreement after opening a bank debit account without a card secret on a mobile terminal application software, effectively reduces the interaction between the bank client and a plurality of systems, and improves the business handling efficiency.

Fig. 9 is a schematic structural diagram of a secret-free signing apparatus for a payment protocol according to an embodiment of the present invention, where the apparatus includes:

an admission request message module 101, configured to parse a protocol subscription request sent by an application software client to obtain subscription information, and generate an admission request message according to the subscription information; wherein the subscription information includes a customer card number.

Before receiving a protocol signing request sent by an application software client of the mobile terminal, the bank client enters the application software client of the mobile terminal and clicks and triggers a password-free (namely, card password-free) payment protocol signing operation. The mobile terminal application software client displays a password-free payment protocol signing page, and page signing elements comprise client information (name, certificate type, certificate number and the like), client card numbers (bank card number, card password and the like) and bank reserved mobile phone numbers. And the bank client inputs the signing element at the mobile terminal application software client and clicks to acquire the short message verification code at the mobile terminal application software client. The mobile terminal application software client checks the validity of input information (including whether the certificate number is 15 bits or 18 bits if the certificate type is an identity card, and whether the front 17 bits can only be numbers if the certificate number is 18 bits, and the last bit is numbers or letters, etc.), and after the check is passed, the mobile terminal application software client sends a request for obtaining a short message verification code to check the validity of the short message verification code. And after the validity of the short message verification code is verified, the mobile terminal application software client sends a protocol signing request.

The first message sending module 102 is configured to determine a card issuer according to the customer card number, encrypt the admission request message according to a preset encryption rule, and send the encrypted admission request message to a card issuer server.

And the signing request message module 103 is configured to receive the scene admission information returned by the issuer server, and generate a signing request message according to the signing information and the scene admission information.

And the second message sending module 104 is configured to encrypt the subscription request message according to a union pay encryption rule, and send the encrypted subscription request message to a union pay server.

As an embodiment of the present invention, the scenario admission information includes an admission verification code and a scenario ID.

Fig. 10 is a schematic structural diagram of a secret-free signing apparatus for a payment protocol according to another embodiment of the present invention, where the apparatus includes:

and the admission qualification checking module 201 is configured to parse an admission request packet sent by an application software server to obtain subscription information corresponding to the admission request packet, and perform admission qualification checking according to the subscription information corresponding to the admission request packet to obtain a checking result.

And the scene admission information module 202 is configured to determine a timestamp corresponding to the admission request packet and send the scene admission information corresponding to the admission request packet to the application software server if the checking result is that the checking passes.

The information matching module 203 is configured to parse a subscription request packet sent by a union pay service end to obtain subscription information, scene admission information, and a timestamp corresponding to the subscription request packet, and perform matching according to the subscription information, the scene admission information, and the timestamp respectively corresponding to the admission request packet and the subscription request packet to obtain a matching result.

And the verification result module 204 is configured to verify the subscription information corresponding to the subscription request message according to the scene access information corresponding to the subscription request message if it is known that the matching result is a match pass, and send the generated verification result to the union pay service end to generate and sign a payment protocol.

As an embodiment of the present invention, as shown in fig. 11, the admission qualification checking module 201 includes:

a qualification inspection unit 2011, configured to perform qualification inspection on the application software according to the application software ID corresponding to the admission request packet;

a protocol type checking unit 2012, configured to perform, if it is known that the qualification check of the application software passes, a contract payment protocol type validity check according to the contract payment protocol type corresponding to the admission request packet;

the accepted card checking unit 2013 is used for checking the validity of the accepted card according to the client card number corresponding to the access request message if the signed payment protocol type validity check is passed;

and an inspection result unit 2014, configured to, if it is known that the acceptance card validity inspection passes, determine that the inspection result is an inspection pass.

As an embodiment of the present invention, as shown in fig. 12, the information matching module 203 includes:

a time interval unit 2031, configured to determine a time interval according to the timestamp corresponding to the admission request packet and the timestamp corresponding to the subscription request packet;

a matching result unit 2032, configured to match, one by one, the client information, the client card number, the signed payment protocol type, the application software ID, and the scene admission information corresponding to the admission request packet, and the client information, the client card number, the signed payment protocol type, the application software ID, and the scene admission information corresponding to the signed request packet, if it is known that the time interval is smaller than the preset threshold, so as to obtain a matching result.

In this embodiment, as shown in fig. 13, the verification result module 204 includes:

an account type unit 2041, configured to determine an account type according to the customer card number corresponding to the subscription request packet;

a verification result unit 2042, configured to verify the client information and the client card number corresponding to the subscription request packet according to the account type and the preset verification rule corresponding to the scene ID, and generate a verification result.

Based on the same application concept as the secret-free signing method of the payment protocol, the invention also provides a secret-free signing device of the payment protocol. Because the principle of solving the problems of the secret-free signing device of the payment protocol is similar to that of the secret-free signing method of the payment protocol, the implementation of the secret-free signing device of the payment protocol can refer to the implementation of the secret-free signing method of the payment protocol, and repeated parts are not described again.

The present invention also provides an electronic device comprising a first memory, a first processor and a first computer program stored on the first memory and executable on the first processor, the first processor implementing the following method when executing the program, for example comprising:

Fig. 14 shows a schematic structural diagram of the electronic device in this embodiment.

The present invention also provides a computer-readable storage medium storing a first computer program for executing a method comprising, for example:

The present invention also provides an electronic device comprising a second memory, a second processor and a second computer program stored on the second memory and executable on the second processor, the second processor implementing the following method when executing the program, for example comprising:

The electronic device in this embodiment has the same structure as the electronic device in the above embodiment, and the schematic structural diagram can refer to fig. 14.

The present invention further provides a computer-readable storage medium, in which a second computer program for executing the following method is stored, and the method specifically includes:

As shown in fig. 14, the electronic device 600 may further include: communication module 110, input unit 120, audio processing unit 130, display 160, power supply 170. It is noted that the electronic device 600 does not necessarily include all of the components shown in fig. 14; furthermore, the electronic device 600 may also comprise components not shown in fig. 14, which may be referred to in the prior art.

As shown in fig. 14, the central processor 100, sometimes referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, the central processor 100 receiving input and controlling the operation of the various components of the electronic device 600.

The memory 140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 100 may execute the program stored in the memory 140 to realize information storage or processing, etc.

The input unit 120 provides input to the cpu 100. The input unit 120 is, for example, a key or a touch input device. The power supply 170 is used to provide power to the electronic device 600. The display 160 is used to display an object to be displayed, such as an image or a character. The display may be, for example, an LCD display, but is not limited thereto.

The memory 140 may be a solid state memory such as Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 140 may also be some other type of device. Memory 140 includes buffer memory 141 (sometimes referred to as a buffer). The memory 140 may include an application/function storage section 142, and the application/function storage section 142 is used to store application programs and function programs or a flow for executing the operation of the electronic device 600 by the central processing unit 100.

The memory 140 may also include a data store 143, the data store 143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by the electronic device. The driver storage portion 144 of the memory 140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging application, address book application, etc.).

The communication module 110 is a transmitter/receiver 110 that transmits and receives signals via an antenna 111. The communication module (transmitter/receiver) 110 is coupled to the central processor 100 to provide an input signal and receive an output signal, which may be the same as in the case of a conventional mobile communication terminal.

Based on different communication technologies, a plurality of communication modules 110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 110 is also coupled to a speaker 131 and a microphone 132 via an audio processor 130 to provide audio output via the speaker 131 and receive audio input from the microphone 132 to implement general telecommunications functions. Audio processor 130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, an audio processor 130 is also coupled to the central processor 100, so that recording on the local can be enabled through a microphone 132, and so that sound stored on the local can be played through a speaker 131.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A privacy-free sign-up method for a payment protocol, the method comprising:

2. The method of claim 1, wherein the scenario admission information comprises an admission verification code and a scenario ID.

3. The method of claim 1, wherein the subscription information further comprises customer information, a subscription payment agreement type, and an application ID.

4. A privacy-free sign-up method for a payment protocol, the method comprising:

5. The method according to claim 4, wherein the subscription information corresponding to the admission request message includes customer information, a customer card number, a subscription payment protocol type and an application software ID corresponding to the admission request message; the signing information corresponding to the signing request message comprises customer information, a customer card number, a signing payment protocol type and an application software ID corresponding to the signing request message.

6. The method according to claim 5, wherein the performing admission qualification check according to the subscription information corresponding to the admission request packet and obtaining a check result comprises:

performing application software qualification inspection according to the application software ID corresponding to the admission request message;

if the application software qualification check is passed, carrying out the validity check of the signed payment protocol type according to the signed payment protocol type corresponding to the admission request message;

if the signed payment protocol type is checked to pass the validity check, the acceptance card validity check is carried out according to the customer card number corresponding to the access request message;

and if the acceptance card is checked to pass the validity check, the check result is the check pass.

7. The method according to claim 5, wherein the matching according to the subscription information, the scene admission information and the timestamp respectively corresponding to the admission request packet and the subscription request packet, and obtaining the matching result comprises:

determining a time interval according to the timestamp corresponding to the admission request message and the timestamp corresponding to the signing request message;

and if the time interval is less than the preset threshold value, matching the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the access request message with the client information, the client card number, the signed payment protocol type, the application software ID and the scene access information corresponding to the signed request message one by one to obtain a matching result.

8. The method according to claim 5, wherein the context admission information corresponding to the subscription request packet includes an admission verification code and a context ID.

9. The method according to claim 8, wherein the verifying the subscription information corresponding to the subscription request packet according to the scenario admission information corresponding to the subscription request packet comprises:

determining the account type according to the customer card number corresponding to the signing request message;

and verifying the client information and the client card number corresponding to the signing request message according to the account type and a preset verification rule corresponding to the scene ID to generate a verification result.

10. A privacy-free sign-up apparatus for a payment protocol, the apparatus comprising:

11. A privacy-free sign-up apparatus for a payment protocol, the apparatus comprising:

12. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 9 when executing the program.

13. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1 to 9.