TW201723948A - Offline payment method, terminal equipment, backstage payment device and offline payment system - Google Patents

Offline payment method, terminal equipment, backstage payment device and offline payment system Download PDF

Info

Publication number
TW201723948A
TW201723948A TW105142353A TW105142353A TW201723948A TW 201723948 A TW201723948 A TW 201723948A TW 105142353 A TW105142353 A TW 105142353A TW 105142353 A TW105142353 A TW 105142353A TW 201723948 A TW201723948 A TW 201723948A
Authority
TW
Taiwan
Prior art keywords
transaction
payment
challenge code
account
offline
Prior art date
Application number
TW105142353A
Other languages
Chinese (zh)
Other versions
TWI786039B (en
Inventor
孫權
Original Assignee
中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中國銀聯股份有限公司 filed Critical 中國銀聯股份有限公司
Publication of TW201723948A publication Critical patent/TW201723948A/en
Application granted granted Critical
Publication of TWI786039B publication Critical patent/TWI786039B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Push-Button Switches (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Telephone Function (AREA)

Abstract

The present invention relates to an offline payment method, payment terminal equipment, backstage payment device and offline payment system, wherein the offline payment system includes: acquiring a challenge code, encrypting an account ID, and generating a token; utilizing the token and a transaction password to perform offline payment. In the present invention, the backstage payment device dynamically generates a series of challenge codes in each time transaction. The payment terminal equipment will encrypt the payment account information and the challenge codes into a token to replace the payment account information, and perform the front-stage and backstage transaction transmissions. The token is dynamically generates by the payment terminal equipment. Each time transaction will generate a different token, thus ensuring the safety of the account and transaction. The payment terminal equipment can be offline operated without a network, thus raising the probability of a successful transaction and improving the user experience.

Description

線下支付方法、終端設備、後臺支付裝置及線下支付系統Offline payment method, terminal device, background payment device and offline payment system

本發明涉及行動支付技術領域,尤其是涉及一種線下支付方法、終端設備、後臺支付裝置及線下支付系統。The present invention relates to the field of mobile payment technologies, and in particular, to an offline payment method, a terminal device, a background payment device, and an offline payment system.

隨著銀行卡的線上、線下的使用越來越頻繁,使用者透過POS完成支付操作時,不良廠商透過側錄等方式竊取使用者卡片資訊的情況時有發生,給使用者資金安全帶來了嚴重的風險問題。As the online and offline usage of bank cards becomes more and more frequent, when users complete payment operations through POS, it is sometimes the case that bad manufacturers steal user card information through side recording, etc., which brings security to users. A serious risk problem.

使用交易標識(Token)技術,透過在交易中使用支付標識代替帳戶資訊,可以避免銀行卡被的側錄問題。對於行動支付線下交易,如果簡單的用Token代替卡號並不能妥善地解決所有問題:Using the Token technology, you can avoid the side-by-side problem of bank cards by using the payment identifier instead of the account information in the transaction. For mobile payment offline transactions, simply replacing the card number with Token does not properly solve all problems:

1、如果Token固定不變,安全性不高,那麼同樣面臨著Token被竊取的問題。1. If the Token is fixed and the security is not high, then the same problem is faced with the Token being stolen.

2、如果即時產生Token,那麼移動終端必須聯網與後臺支付裝置通訊產生Token,這樣支付成功率就會受到網路環境影響較大,且使用者體驗不佳;並且,將銀行卡號、銀行卡驗證碼與動態二維碼一起傳輸,存在被竊取的問題,因此安全性不高。2. If the Token is generated immediately, the mobile terminal must communicate with the background payment device to generate a Token, so that the payment success rate is greatly affected by the network environment and the user experience is not good; and the bank card number and bank card verification are performed. The code is transmitted together with the dynamic two-dimensional code, and there is a problem of being stolen, so the security is not high.

本發明實施例的主要目的在於提出一種線下支付方法、終端設備、後臺支付裝置及線下支付系統,本發明的技術方案每次交易時由後臺支付裝置動態產生一串挑戰碼(challenge),支付終端設備將支付帳戶資訊、挑戰碼加密形成交易標識(Token),用以代替支付帳戶資訊,進行前後臺交易傳輸。Token由支付終端設備動態產生,每次交易產生不同的Token,保障了帳戶和交易安全。支付終端設備離線操作,無需聯網,提升了交易成功率和使用者體驗。The main purpose of the embodiments of the present invention is to provide an offline payment method, a terminal device, a background payment device, and an offline payment system. The technical solution of the present invention dynamically generates a series of challenge codes (challenge) by the background payment device each time the transaction is performed. The payment terminal device encrypts the payment account information and the challenge code to form a transaction token (Token), which is used instead of the payment account information to perform the front and back office transaction transmission. The Token is dynamically generated by the payment terminal device, and each transaction generates a different Token, which ensures the security of the account and the transaction. The payment terminal device operates offline, without networking, which improves the transaction success rate and user experience.

為實現上述目的,本發明提供了一種線下支付方法,包含:獲取挑戰碼;對該挑戰碼、帳戶ID進行加密,產生交易標識;以及利用交易標識、交易密碼進行線下支付。To achieve the above object, the present invention provides an offline payment method, comprising: acquiring a challenge code; encrypting the challenge code, the account ID, generating a transaction identifier; and performing offline payment by using the transaction identifier and the transaction password.

在本發明的一實施例中,上述線下支付方法另包含:根據銀行卡帳戶資訊產生帳戶ID。In an embodiment of the present invention, the offline payment method further includes: generating an account ID according to the bank card account information.

在本發明的另一實施例中,該挑戰碼係透過藍牙或NFC通訊方式來獲取。In another embodiment of the invention, the challenge code is obtained via Bluetooth or NFC communication.

在本發明的另一實施例中,該交易標識係透過公開金鑰PK加密獲得。In another embodiment of the invention, the transaction identification is obtained by public key PK encryption.

為實現上述目的,本發明提供了另一種線下支付方法,包含:利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;以及利用挑戰碼、帳戶ID進行線下支付。To achieve the above object, the present invention provides another offline payment method, comprising: generating a challenge code by using transaction information, transmitting the challenge code to a client; obtaining a transaction identifier from the client, decrypting the transaction identifier, and obtaining Challenge code, account ID; and offline payment using the challenge code and account ID.

在本發明的一實施例中,該利用挑戰碼、帳戶ID進行線下支付的步驟包含:驗證該挑戰碼;通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;以及從該客戶端獲得交易密碼,對該交易密碼進行驗證,通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。In an embodiment of the present invention, the step of performing the offline payment by using the challenge code and the account ID comprises: verifying the challenge code; after verifying, obtaining the transaction bank card account information by using the account ID; and obtaining the transaction bank card account information from the client The transaction password is used to verify the transaction password. After verification, the transaction bank card account information is used for offline payment.

在本發明的一實施例中,該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。In an embodiment of the invention, the challenge code and the account ID are obtained by decrypting the private key SK.

對應地,為實現上述目的,本發明還提供了一種終端設備,包含:初始化單元,用於獲取挑戰碼;加密單元,用於對該挑戰碼、帳戶ID進行加密,產生交易標識;支付單元,用於利用交易標識、交易密碼進行線下支付。Correspondingly, in order to achieve the above object, the present invention further provides a terminal device, including: an initializing unit, configured to acquire a challenge code; an encryption unit, configured to encrypt the challenge code and the account ID, generate a transaction identifier, and a payment unit, Used to make offline payment by using transaction identifier and transaction password.

在本發明的一實施例中,該初始化單元還用於根據銀行卡帳戶資訊產生帳戶ID。In an embodiment of the invention, the initialization unit is further configured to generate an account ID according to the bank card account information.

在本發明的一實施例中,該初始化單元透過藍牙或NFC通訊方式獲取挑戰碼。In an embodiment of the invention, the initialization unit acquires a challenge code through Bluetooth or NFC communication.

在本發明的一實施例中,該加密單元透過公開金鑰PK進行加密獲得交易標識。In an embodiment of the invention, the encryption unit encrypts the transaction identifier by using the public key PK.

對應地,為實現上述目的,本發明還提供了一種後臺支付裝置,包含:挑戰碼產生單元,用於利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;解密單元,用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;以及支付單元,用於利用挑戰碼、帳戶ID進行線下支付。Correspondingly, in order to achieve the above object, the present invention further provides a background payment device, comprising: a challenge code generating unit, configured to generate a challenge code by using transaction information, and transmit the challenge code to a client; and a decryption unit, configured to The client obtains the transaction identifier, decrypts the transaction identifier, obtains the challenge code, the account ID, and the payment unit, and uses the challenge code and the account ID to perform offline payment.

在本發明的一實施例中,該支付單元包含:第一驗證模組,用於驗證該挑戰碼;第一支付模組,用於通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;第二驗證模組,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及第二支付模組,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。In an embodiment of the present invention, the payment unit includes: a first verification module, configured to verify the challenge code; and a first payment module, configured to obtain transaction bank account account information by using the account ID after verifying; The second verification module is configured to obtain a transaction password from the client to verify the transaction password, and a second payment module, configured to perform offline payment by using the transaction bank card account information after verification.

在本發明的一實施例中,該解密單元透過私密金鑰SK進行解密獲得挑戰碼、帳戶ID。In an embodiment of the invention, the decryption unit decrypts the private key SK to obtain a challenge code and an account ID.

為實現上述目的,本發明還提供了一種線下支付系統,包含:上述終端設備以及上述後臺支付裝置。To achieve the above object, the present invention also provides an offline payment system comprising: the above terminal device and the above-mentioned background payment device.

以上技術方案能夠帶來以下有益效果:The above technical solutions can bring the following beneficial effects:

1、無需提供銀行卡進行支付,銀行卡帳戶資訊不存儲在客戶端,保障銀行卡安全;1. No need to provide bank card for payment, bank card account information is not stored in the client to ensure bank card security;

2、客戶無需登錄網路,離線進行支付交易,因而提昇使用者體驗;2. The customer does not need to log in to the network to perform payment transactions offline, thereby improving the user experience;

3、每次交易使用不同的交易標識,保障交易安全;3. Use different transaction identifiers for each transaction to ensure transaction security;

4、僅僅透過唯一的帳戶ID標識銀行卡帳戶,且透過密文中傳輸,即使密文被破解,也不能獲取銀行卡帳戶資訊,保障安全;以及4. Only the bank account account is identified by a unique account ID, and transmitted through the ciphertext, even if the ciphertext is cracked, the bank card account information cannot be obtained to ensure security;

5、透過設置交易密碼,保障交易安全。5. Secure the transaction by setting a transaction password.

以下將結合本發明實施例中的附圖,對本發明實施例中的技術方案進行清楚、完整地描述,值得注意的是,所描述的實施例僅僅是本發明一部分技術方案,而不是全部的技術方案。本領域通常知識者基於本發明中的實施例所作的修改/修飾皆屬於屬於本發明保護的範圍。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is noted that the described embodiments are only a part of the technical solutions of the present invention, and not all the technologies. Program. Modifications/modifications made by those skilled in the art based on the embodiments of the present invention are all within the scope of the present invention.

本技術方案的工作原理為:本技術方案每次交易時由後臺支付裝置動態產生一串挑戰碼(challenge),由受理終端傳送給終端設備,終端設備將支付帳戶資訊、挑戰碼加密形成動態交易標識(Token)。每次交易動態產生支付標識,無需移動終端聯網,保障交易安全性的同時,提升使用者體驗。The working principle of the technical solution is as follows: the technical solution dynamically generates a series of challenge codes (challenge) by the background payment device during each transaction, and the terminal device transmits the payment account information and the challenge code to form a dynamic transaction. Token. Each transaction dynamically generates a payment identifier, which eliminates the need for mobile terminal networking, and ensures transaction security while enhancing the user experience.

基於上述工作原理,本發明實施例提出一種線下支付方法,如第1圖所示。包含:Based on the above working principle, an embodiment of the present invention provides an offline payment method, as shown in FIG. contain:

步驟101:獲取挑戰碼,其中挑戰碼係透過藍牙或NFC通訊方式獲取。Step 101: Acquire a challenge code, where the challenge code is obtained through Bluetooth or NFC communication.

步驟102:對該挑戰碼、帳戶ID進行加密,產生交易標識,其中交易標識(Token)透過公開金鑰PK加密獲得,每次交易產生不同的交易標識(Token)。Step 102: Encrypt the challenge code and the account ID to generate a transaction identifier, wherein the transaction token (Token) is obtained by encrypting the public key PK, and each transaction generates a different transaction token (Token).

步驟103:利用交易標識、交易密碼進行線下支付。Step 103: Perform offline payment by using the transaction identifier and the transaction password.

基於上述工作原理,本發明實施例提出了另一種線下支付方法,如第2圖所示。包含:Based on the above working principle, the embodiment of the present invention proposes another offline payment method, as shown in FIG. contain:

步驟201:利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;Step 201: Generate a challenge code by using the transaction information, and transmit the challenge code to the client.

步驟202:從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;Step 202: Obtain a transaction identifier from the client, decrypt the transaction identifier, and obtain a challenge code and an account ID.

對於步驟202來說,該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。For step 202, the challenge code and the account ID are obtained by decrypting the private key SK.

步驟203:利用挑戰碼、帳戶ID進行線下支付。Step 203: Perform offline payment by using the challenge code and the account ID.

其中,對於步驟203來說,包含:驗證該挑戰碼;通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;以及從該客戶端獲得交易密碼,對該交易密碼進行驗證,通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。For the step 203, the method includes: verifying the challenge code; after verifying, obtaining the transaction bank card account information by using the account ID; and obtaining a transaction password from the client, verifying the transaction password, and after verifying, Use the transaction bank card account information for offline payment.

對應地,本發明實施例提出了一種終端設備,如第3圖所示,終端設備30包含有初始化單元301、加密單元302以及支付單元303,其中:Correspondingly, the embodiment of the present invention provides a terminal device. As shown in FIG. 3, the terminal device 30 includes an initialization unit 301, an encryption unit 302, and a payment unit 303, where:

初始化單元301係用於獲取挑戰碼,進一步來說,在註冊階段,初始化單元301還用於根據銀行卡帳戶資訊產生帳戶ID。另外,初始化單元301透過藍牙或NFC通訊方式獲取挑戰碼。The initialization unit 301 is configured to acquire a challenge code. Further, in the registration phase, the initialization unit 301 is further configured to generate an account ID according to the bank card account information. In addition, the initialization unit 301 acquires the challenge code through Bluetooth or NFC communication.

加密單元302係用於對該挑戰碼、帳戶ID進行加密,產生交易標識,其中加密單元302係透過公開金鑰PK進行加密獲得交易標識。The encryption unit 302 is configured to encrypt the challenge code and the account ID to generate a transaction identifier, wherein the encryption unit 302 encrypts the transaction identifier by using the public key PK.

支付單元303係用於利用交易標識、交易密碼進行線下支付。The payment unit 303 is configured to perform offline payment using the transaction identifier and the transaction password.

對應地,本發明實施例還提供了一種後臺支付裝置,如第4圖所示。後臺支付裝置40包含挑戰碼產生單元401、解密單元402以及支付單元403,其中:Correspondingly, the embodiment of the present invention further provides a background payment device, as shown in FIG. 4 . The background payment device 40 includes a challenge code generating unit 401, a decryption unit 402, and a payment unit 403, where:

挑戰碼產生單元401係用於利用交易資訊產生挑戰碼,將該挑戰碼傳輸至客戶端;The challenge code generating unit 401 is configured to generate a challenge code by using the transaction information, and transmit the challenge code to the client;

解密單元402係用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得挑戰碼、帳戶ID;其中,解密單元402透過私密金鑰SK進行解密獲得挑戰碼、帳戶ID。The decryption unit 402 is configured to obtain a transaction identifier from the client, decrypt the transaction identifier, and obtain a challenge code and an account ID. The decryption unit 402 decrypts the private key SK to obtain a challenge code and an account ID.

支付單元403係用於利用挑戰碼、帳戶ID進行線下支付。The payment unit 403 is for performing offline payment using the challenge code and the account ID.

第5圖係為根據本發明一實施例的後臺支付裝置中支付單元403的功能方塊圖。包含:第一驗證模組4031,用於驗證該挑戰碼;第一支付模組4032,用於通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊;第二驗證模組4033,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及第二支付模組4034,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。Figure 5 is a functional block diagram of a payment unit 403 in a background payment device in accordance with an embodiment of the present invention. The first verification module 4031 is configured to verify the challenge code. The first payment module 4032 is configured to obtain the transaction bank card account information by using the account ID after the verification, and the second verification module 4033 is configured to The client obtains a transaction password to verify the transaction password; and the second payment module 4034 is configured to perform offline payment by using the transaction bank card account information after verification.

如第6圖所示,為本發明實施例提供的一種線下支付系統框圖。包含:第3圖所示的終端設備30,以及第4圖所示的後臺支付裝置40。FIG. 6 is a block diagram of an offline payment system according to an embodiment of the present invention. The terminal device 30 shown in FIG. 3 and the background payment device 40 shown in FIG. 4 are included.

以下將結合實施例來對上述第1圖~第6圖的技術方案進行詳細說明。The technical solutions of the above-described first to sixth embodiments will be described in detail below with reference to the embodiments.

對於本實施例來說,終端設備可為行動終端,比如手機、IPad等可移動的智慧終端裝置。For the embodiment, the terminal device may be a mobile terminal, such as a mobile smart terminal device such as a mobile phone or an IPad.

在本實施例中,整個支付流程分為兩部份:In this embodiment, the entire payment process is divided into two parts:

第7圖係為根據本發明一實施例的移動終端安裝及註冊流程圖,包含以下步驟:Figure 7 is a flow chart showing the installation and registration of a mobile terminal according to an embodiment of the present invention, comprising the following steps:

1、下載並安裝客戶端程式。1. Download and install the client program.

2、進行使用者註冊:輸入手機號、身份證、使用者登錄密碼/手勢等資訊,提交後臺建立新使用者。2. User registration: Enter the mobile phone number, ID card, user login password/gesture information, etc., and submit a new user in the background.

3、關聯交易銀行卡:使用者將銀行卡帳戶資訊關聯到使用者,且後臺支付裝置根據銀行卡帳戶資訊來產生唯一的帳戶ID,並且回傳給客戶端。為保障安全,客戶端保留帳戶ID,不保留銀行卡帳戶原始資訊。客戶可以根據需要關聯多張銀行卡。3. Associated transaction bank card: The user associates the bank card account information to the user, and the background payment device generates a unique account ID according to the bank card account information, and returns it to the client. For security reasons, the client retains the account ID and does not retain the original information of the bank account. Customers can associate multiple bank cards as needed.

4、金鑰同步:透過非對稱演算法,伺服器端產生私密金鑰SK以及公開金鑰PK,保留私密金鑰SK,並將公開金鑰PK發送給客戶端,且客戶端保留公開金鑰PK。4. Key synchronization: Through the asymmetric algorithm, the server generates the private key SK and the public key PK, retains the private key SK, and sends the public key PK to the client, and the client retains the public key. PK.

5、設置交易密碼:客戶根據需求設置交易密碼P,交易密碼P可以與銀行卡交易密碼相同或者不同,而伺服器端保留交易密碼P,用於交易驗證。5. Set the transaction password: The customer sets the transaction password P according to the requirement. The transaction password P can be the same as or different from the transaction password of the bank card, and the server retains the transaction password P for transaction verification.

第8圖係為根據本發明一實施例的交易流程圖,在支付過程中,移動終端和受理終端的通信可以透過多種方式,例如藍牙、NFC等。移動終端無需聯網也可通信,但是受理終端與後臺支付裝置之間需要聯網。流程包含:Figure 8 is a flow chart of a transaction according to an embodiment of the present invention. During the payment process, communication between the mobile terminal and the receiving terminal can be performed in various manners, such as Bluetooth, NFC, and the like. The mobile terminal can communicate without networking, but the connection between the receiving terminal and the background payment device needs to be networked. The process includes:

1、收銀員透過受理終端,選擇移動Token支付,輸入交易金額;1. The cashier selects the mobile Token payment through the acceptance terminal and enters the transaction amount;

2、受理終端將交易資訊提交至後臺支付裝置,後臺支付裝置針對本次交易,動態產生一串挑戰碼C,並且回傳給受理終端;2. The receiving terminal submits the transaction information to the background payment device, and the background payment device dynamically generates a series of challenge codes C for the transaction, and transmits the challenge code to the receiving terminal;

3、客戶打開並登錄移動終端,選擇交易銀行卡;3. The customer opens and logs in to the mobile terminal and selects the transaction bank card;

4、移動終端應用從受理終端獲取挑戰碼C,並將當前銀行卡的帳戶ID、挑戰碼C,透過公開金鑰PK進行加密,形成本次交易的交易標識Token,並提供給受理終端;4. The mobile terminal application obtains the challenge code C from the receiving terminal, and encrypts the account ID and challenge code C of the current bank card through the public key PK to form a transaction identifier Token of the transaction, and provides it to the receiving terminal;

5、客戶透過受理終端或移動終端的鍵盤輸入交易密碼P。受理終端將獲取交易標識Token、交易密碼P,提交給後臺支付裝置;5. The customer enters the transaction password P through the keypad of the receiving terminal or the mobile terminal. The receiving terminal will obtain the transaction identifier Token and the transaction password P, and submit it to the background payment device;

6、後臺支付裝置透過私密金鑰SK,對交易標識Token進行解密,獲得帳戶ID、挑戰碼C,並且驗證挑戰碼C是否正確;6. The background payment device decrypts the transaction identifier Token through the private key SK, obtains the account ID, the challenge code C, and verifies whether the challenge code C is correct;

7、後臺支付裝置根據帳戶ID,獲取銀行卡帳戶資訊,驗證交易密碼P是否正確;7. The background payment device obtains the bank card account information according to the account ID, and verifies whether the transaction password P is correct;

8、後臺支付裝置完成交易,將交易結果回傳給受理終端;8. The background payment device completes the transaction and returns the transaction result to the receiving terminal;

9、受理終端將交易結果回傳給移動終端。9. The receiving terminal returns the transaction result to the mobile terminal.

由上述實施例可知,本技術方案每次交易時由後臺系統動態產生一串挑戰碼(challenge),終端設備將支付帳戶資訊、挑戰碼加密形成動態交易標識(Token),用以代替支付帳戶資訊,進行前後臺交易傳輸。交易標識由手機端動態產生,每次交易產生不同的交易標識,保障了帳戶和交易安全。終端設備離線操作,無需聯網,提升了交易成功率和使用者體驗。 以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。It can be seen from the above embodiment that the technical solution dynamically generates a series of challenge codes by the background system during each transaction, and the terminal device encrypts the payment account information and the challenge code to form a dynamic transaction identifier (Token), instead of the payment account information. , before and after the background transaction transmission. The transaction identifier is dynamically generated by the mobile terminal, and each transaction generates a different transaction identifier, which ensures the security of the account and transaction. The terminal device operates offline and does not require networking, which improves the transaction success rate and user experience. The above are only the preferred embodiments of the present invention, and all changes and modifications made to the scope of the present invention should be within the scope of the present invention.

101~103、201~203‧‧‧步驟 30‧‧‧終端設備 301‧‧‧初始化單元 302‧‧‧加密單元 303‧‧‧支付單元 40‧‧‧後臺支付裝置 401‧‧‧挑戰碼產生單元 402‧‧‧解密單元 403‧‧‧支付單元 4031‧‧‧第一驗證模組 4032‧‧‧第一支付模組 4033‧‧‧第二驗證模組 4034‧‧‧第二支付模組101-103, 201-203‧‧‧Step 30‧‧‧ Terminal equipment 301‧‧‧Initialization unit 302‧‧‧Encryption unit 303‧‧ Payment unit 40‧‧‧Back-end payment device 401‧‧‧ Challenge code generation unit 402‧‧‧Decryption Unit 403‧‧‧Payment Unit 4031‧‧‧First Verification Module 4032‧‧‧First Payment Module 4033‧‧‧Second Verification Module 4034‧‧‧Second Payment Module

第1圖係為根據本發明一實施例的一種線下支付方法流程圖。 第2圖係為根據本發明另一實施例的一種線下支付方法流程圖。 第3圖係為根據本發明一實施例的一種終端設備功能方塊圖。 第4圖係為根據本發明一實施例的一種後臺支付裝置功能方塊圖。 第5圖係為根據本發明一實施例的後臺支付裝置中支付單元功能方塊圖。 第6圖係為根據本發明一實施例的一種線下支付系統框圖。 第7圖係為根據本發明一實施例的移動終端安裝及註冊流程圖。 第8圖係為根據本發明一實施例的交易流程圖。1 is a flow chart of a method for offline payment according to an embodiment of the present invention. 2 is a flow chart of a method for offline payment according to another embodiment of the present invention. FIG. 3 is a functional block diagram of a terminal device according to an embodiment of the invention. Figure 4 is a functional block diagram of a background payment device in accordance with an embodiment of the present invention. Figure 5 is a functional block diagram of a payment unit in a background payment device according to an embodiment of the present invention. Figure 6 is a block diagram of an offline payment system in accordance with an embodiment of the present invention. Figure 7 is a flow chart showing the installation and registration of a mobile terminal according to an embodiment of the present invention. Figure 8 is a flow chart of a transaction in accordance with an embodiment of the present invention.

101~103‧‧‧步驟 101~103‧‧‧Steps

Claims (15)

一種線下支付方法,其中包含: 從受理終端獲取挑戰碼; 對該挑戰碼、帳戶ID進行加密,產生交易標識,以及將該交易標識傳輸至受理終端;以及 利用該交易標識、交易密碼進行線下支付。An offline payment method, comprising: acquiring a challenge code from an acceptance terminal; encrypting the challenge code, the account ID, generating a transaction identifier, and transmitting the transaction identifier to the acceptance terminal; and using the transaction identifier and the transaction password to perform the line Pay under. 如請求項1所述的方法,另包含: 根據銀行卡帳戶資訊產生該帳戶ID。The method of claim 1, further comprising: generating the account ID based on the bank card account information. 如請求項1~2任一請求項所述的方法,其中該挑戰碼係透過藍牙或NFC通訊方式獲取。The method of any one of claims 1 to 2, wherein the challenge code is obtained by Bluetooth or NFC communication. 如請求項1~2任一請求項所述的方法,其中該交易標識透過公開金鑰PK加密獲得。The method of any one of claims 1 to 2, wherein the transaction identifier is obtained by encrypting the public key PK. 一種線下支付方法,包含: 利用交易資訊產生挑戰碼,將該挑戰碼傳輸至受理終端; 從該受理終端獲取交易標識,對該交易標識進行解密,獲得該挑戰碼、帳戶ID;以及 利用該挑戰碼、帳戶ID進行線下支付。An offline payment method, comprising: generating a challenge code by using transaction information, transmitting the challenge code to an acceptance terminal; acquiring a transaction identifier from the acceptance terminal, decrypting the transaction identifier, obtaining the challenge code, an account ID; and utilizing the Challenge code, account ID for offline payment. 如請求項5所述的方法,其中利用該挑戰碼、該帳戶ID進行線下支付的步驟包含: 驗證該挑戰碼; 通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊; 從該受理終端獲得交易密碼,對該交易密碼進行驗證;以及 通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。The method of claim 5, wherein the step of utilizing the challenge code and the account ID for offline payment comprises: verifying the challenge code; after verifying, obtaining the transaction bank card account information by using the account ID; from the receiving terminal Obtain a transaction password, verify the transaction password; and, after verification, use the transaction bank card account information for offline payment. 如請求項5~6任一請求項所述的方法,其中該挑戰碼、帳戶ID透過私密金鑰SK解密獲得。The method of claim 5, wherein the challenge code and the account ID are obtained by decrypting the private key SK. 一種終端設備,其中包含: 初始化單元,用於從受理終端獲取挑戰碼; 加密單元,用於對該挑戰碼、帳戶ID進行加密,產生交易標識;以及 支付單元,用於利用該交易標識、交易密碼進行線下支付。A terminal device, comprising: an initializing unit, configured to acquire a challenge code from the receiving terminal; an encryption unit, configured to encrypt the challenge code and the account ID, generate a transaction identifier; and a payment unit, configured to use the transaction identifier, the transaction The password is paid offline. 如請求項8所述的設備,其中該初始化單元另用於根據銀行卡帳戶資訊產生帳戶ID。The device of claim 8, wherein the initialization unit is further configured to generate an account ID based on the bank card account information. 如請求項8~9任一請求項所述的設備,其中該初始化單元透過藍牙或NFC通訊方式獲取挑戰碼。The device of any one of claims 8-9, wherein the initialization unit acquires a challenge code through Bluetooth or NFC communication. 如請求項8~9任一請求項所述的設備,其中該加密單元透過公開金鑰PK進行加密獲得交易標識。The device of any one of claims 8-9, wherein the encryption unit encrypts the transaction identifier by using a public key PK. 一種後臺支付裝置,其中包含: 挑戰碼產生單元,用於利用交易資訊產生挑戰碼,以及將該挑戰碼傳輸至客戶端; 解密單元,用於從該客戶端獲取交易標識,對該交易標識進行解密,獲得該挑戰碼、帳戶ID;以及 支付單元,用於利用該挑戰碼、帳戶ID進行線下支付。A background payment device, comprising: a challenge code generating unit, configured to generate a challenge code by using the transaction information, and transmit the challenge code to the client; and a decryption unit, configured to acquire a transaction identifier from the client, and perform the transaction identifier Decrypting, obtaining the challenge code, the account ID; and a payment unit for performing offline payment using the challenge code and the account ID. 如請求項12所述的後臺支付裝置,其中該支付單元包含: 第一驗證模組,用於驗證該挑戰碼; 第一支付模組,用於通過驗證之後,利用該帳戶ID獲取交易銀行卡帳戶資訊; 第二驗證模組,用於從該客戶端獲得交易密碼,對該交易密碼進行驗證;以及 第二支付模組,用於通過驗證之後,利用該交易銀行卡帳戶資訊進行線下支付。The background payment device of claim 12, wherein the payment unit comprises: a first verification module, configured to verify the challenge code; and a first payment module, configured to obtain a transaction bank card by using the account ID after verification Account information; a second verification module, configured to obtain a transaction password from the client to verify the transaction password; and a second payment module, configured to use the transaction bank card account information to perform offline payment after verification . 如請求項12~13任一請求項所述的後臺支付裝置,其中該解密單元透過私密金鑰SK進行解密獲得挑戰碼.帳戶ID。The background payment device of any one of claims 12 to 13, wherein the decryption unit decrypts the private key SK to obtain a challenge code. an account ID. 一種線下支付系統,包含請求項8~11任一項所述的終端設備,以及請求項12~14任一項所述的後臺支付裝置。An offline payment system, comprising the terminal device according to any one of claims 8 to 11, and the background payment device according to any one of claims 12 to 14.
TW105142353A 2015-12-25 2016-12-21 Offline payment method, terminal equipment, backstage payment device and offline payment system TWI786039B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510992050.7 2015-12-25
CN201510992050.7A CN105931047A (en) 2015-12-25 2015-12-25 Offline payment method, terminal device, backend payment apparatus and offline payment system

Publications (2)

Publication Number Publication Date
TW201723948A true TW201723948A (en) 2017-07-01
TWI786039B TWI786039B (en) 2022-12-11

Family

ID=56839957

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105142353A TWI786039B (en) 2015-12-25 2016-12-21 Offline payment method, terminal equipment, backstage payment device and offline payment system

Country Status (3)

Country Link
CN (2) CN112581125A (en)
TW (1) TWI786039B (en)
WO (1) WO2017107733A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112581125A (en) * 2015-12-25 2021-03-30 ***股份有限公司 Offline payment method and system
CN111340464B (en) * 2016-09-20 2023-12-12 徐蔚 Digital person payment method and device and mobile terminal
TWI661365B (en) * 2018-03-27 2019-06-01 財金資訊股份有限公司 System and method for dynamically checking code scanning payment, computer-readable recording medium and computer program product
CN108537536A (en) * 2018-06-21 2018-09-14 咪付(广西)网络技术有限公司 A kind of method for secure transactions and system based on strategy mark

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20040051037A (en) * 2002-12-11 2004-06-18 엘지전자 주식회사 Method for paying e-money of mobile communication terminal
CN1941009A (en) * 2005-09-29 2007-04-04 普天信息技术研究院 Method for realizing fee payment by mobile telecommunication terminal
CA2820983C (en) * 2008-05-18 2019-02-05 Google Inc. Secured electronic transaction system
TW201027448A (en) * 2009-01-09 2010-07-16 Flytech Technology Co Ltd Product selling management system and method thereof
CN101841417A (en) * 2010-03-12 2010-09-22 李勇 Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same
CN101916346A (en) * 2010-08-16 2010-12-15 鸿富锦精密工业(深圳)有限公司 Electronic device capable of preventing piracy and anti-piracy method thereof
US11017382B2 (en) * 2012-03-07 2021-05-25 Sony Corporation Payment processing system, payment terminal, communication device, payment server, and payment processing method
CN102819918A (en) * 2012-07-17 2012-12-12 苏州市米想网络信息技术有限公司 Payment system adopting multiple safety certificates
KR101517964B1 (en) * 2013-04-22 2015-05-07 주식회사 비즈모델라인 Method for Near Field Transaction by using Providing Dynamic Created Token Code
US8905303B1 (en) * 2013-09-01 2014-12-09 Mourad Ben Ayed Method for adaptive wireless payment
CN103903141B (en) * 2014-03-14 2018-05-08 福建联迪商用设备有限公司 A kind of O2O safe payment methods, system and a kind of POS terminal
CN103944730A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN104268746A (en) * 2014-09-17 2015-01-07 江苏爱心消费支付服务有限公司 Card-free payment method
CN104463575A (en) * 2014-11-26 2015-03-25 深圳市智惠付信息技术有限公司 NFC payment communication method based on payment command
CN112581125A (en) * 2015-12-25 2021-03-30 ***股份有限公司 Offline payment method and system

Also Published As

Publication number Publication date
TWI786039B (en) 2022-12-11
WO2017107733A1 (en) 2017-06-29
CN112581125A (en) 2021-03-30
CN105931047A (en) 2016-09-07

Similar Documents

Publication Publication Date Title
US11588637B2 (en) Methods for secure cryptogram generation
US11102007B2 (en) Contactless card emulation system and method
US11258777B2 (en) Method for carrying out a two-factor authentication
CN103297403B (en) A kind of method and system for realizing dynamic cipher verification
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US20150304319A1 (en) System and methods for online authentication
CN111615105B (en) Information providing and acquiring method, device and terminal
CN105528695B (en) Mobile payment method and mobile payment system based on marks
CA2969332C (en) A method and device for authentication
TWI786039B (en) Offline payment method, terminal equipment, backstage payment device and offline payment system
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
CN101944216A (en) Two-factor online transaction safety authentication method and system
US11088838B2 (en) Automated authentication of a new network element
CN107615797B (en) Device, method and system for hiding user identification data
CN105184558B (en) Transaction Information sending method, device and mobile terminal
WO2015110043A1 (en) Dual-channel identity authentication selection device, system and method
TW201828134A (en) Ciphertext-based identity verification method
US20150302506A1 (en) Method for Securing an Order or Purchase Operation Means of a Client Device
Kaur et al. A comparative analysis of various multistep login authentication mechanisms
EP3035589A1 (en) Security management system for authenticating a token by a service provider server
WO2015110045A1 (en) Device, method and system for hiding user identification data
KR20180089951A (en) Method and system for processing transaction of electronic cash
CN113472731A (en) Two-factor authentication method for database user identity verification
KR20180089952A (en) Method and system for processing transaction of electronic cash
KR20120077110A (en) Mobile terminal containded usim chip, crypto verification server, system and method for authenticating user using usim chip