WO2021179748A1 - Methods, apparatuses and devices for barcode scanning payment, information transmission and collection code generation - Google Patents

Methods, apparatuses and devices for barcode scanning payment, information transmission and collection code generation Download PDF

Info

Publication number
WO2021179748A1
WO2021179748A1 PCT/CN2020/140561 CN2020140561W WO2021179748A1 WO 2021179748 A1 WO2021179748 A1 WO 2021179748A1 CN 2020140561 W CN2020140561 W CN 2020140561W WO 2021179748 A1 WO2021179748 A1 WO 2021179748A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
access address
address information
key
payment
Prior art date
Application number
PCT/CN2020/140561
Other languages
French (fr)
Chinese (zh)
Inventor
刘佳伟
魏亚文
孙曦
林立
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021179748A1 publication Critical patent/WO2021179748A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • the code scanning payment method includes: obtaining code image information by a terminal; analyzing the code image information to obtain code image analysis information contained in the code image information; the code image analysis information Contains the first key parameter; obtains the second key parameter; calculates the key according to the first key parameter and the second key parameter; obtains the encrypted acquirer access stored by the blockchain node Address information; using the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and make payment based on the access address information of the acquirer.
  • An apparatus for generating a payment code includes: an instruction acquisition module, a first terminal obtains a payment code generation instruction; the payment code generation instruction is used to instruct the first terminal to generate a payment code ; Decentralized identity acquisition module to obtain the decentralized identity of the first terminal; decentralized identity transmission module to send the decentralized identity to the blockchain node storing the decentralized identity document Identity identification; Merchant information acquisition module, which obtains the merchant information queried from the decentralized identity identification document by the blockchain node based on the decentralized identity identification; Receipt code generation module, based on the merchant information A collection code is generated with the pre-stored first key parameter; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
  • FIG. 2 is a schematic flowchart of a method for sending information in a payment process according to an embodiment of this specification
  • FIG. 3 is a schematic flowchart of a method for generating a payment code provided by an embodiment of this specification
  • FIG. 6 is a schematic structural diagram of an information sending device in a payment process corresponding to FIG. 2 provided by an embodiment of this specification;
  • the process may include step 102 to step 114.
  • the payment code may be presented on a printed matter or on a display screen of a merchant terminal device.
  • the following description assumes that the payment code is displayed on a merchant terminal.
  • the second key parameter can be used together with the aforementioned first key parameter to generate a key, and the generated key can be used to decrypt the encrypted access address information of the acquirer.
  • the second key parameter may be a key corresponding to the current payment application.
  • Each payment application can correspond to a second key parameter, and different payment applications can correspond to different second key parameters.
  • the APP of payment institution A may correspond to a second key parameter
  • the APP of payment institution B may correspond to another second key parameter.
  • the obtaining the second key parameter may specifically include: sending a request for obtaining the second key parameter to the first server; and obtaining the second key parameter fed back by the first server.
  • the first server may be a server of a payment institution corresponding to the payment application, that is, the first server may be a server of a payment institution to which the payment application belongs.
  • the payment application may be an Alipay APP
  • the payment institution may be Alipay
  • the first server may be an Alipay server.
  • Step 110 Obtain the encrypted access address information of the acquirer stored by the blockchain node.
  • the access address information of the acquirer may include the main address information and the merchant ID.
  • the access address of the acquiring institution may be: https://alipay.com/123456, where "alipay.com” is the main payment address and "123456" is the merchant ID.
  • the format of the access address of the acquirer is not limited to this example.
  • Step 114 Make payment based on the access address information of the acquirer.
  • the access address of the acquiring institution is in the form of ciphertext.
  • the blockchain node cannot analyze the private data of the merchant or the payment institution based on the data corresponding to a certain merchant or payment institution stored on it, thereby ensuring the merchant and the payment institution
  • the privacy of the private data is to ensure the security of the information stored in the regional block chain node.
  • the key used to decrypt the ciphertext is not stored in a certain terminal or server, but is generated by using step 102, step 104, step 106, and step 108 before payment.
  • the first key parameter and the second key parameter are kept by the merchant side (for example, the merchant terminal or server) and the payment institution side (for example, the local user terminal where the payment application of the payment institution is located, or the server of the payment institution).
  • the method of decentralized management of key parameters and instant generation when in use ensures the security of the key used to decrypt the ciphertext.
  • the index data generated based on the identification information of the payment institution corresponding to the payment application may be carried in the request, so that the blockchain node
  • the encrypted acquiring institution access address information corresponding to the payment application (or payment institution) may be returned based on the index data.
  • the code image analysis information obtained by analyzing the code image obtained from the merchant side may further include the merchant index number.
  • the merchant index number may be a number used to identify the merchant.
  • a merchant has a unique merchant index number, and different merchants have different merchant index numbers.
  • a certain merchant The merchant index numbers of can be the same.
  • the access address of the acquirer you visit during payment can be obtained based on the information corresponding to Alipay International.
  • the payment application used is "Alipay APP" (that is, it can be used for payment in China)
  • it is generated based on the first key parameter corresponding to the foreign store and the second key parameter corresponding to the domestic payment application Key, and then generate index data based on the key and the payment application ID, the cipher text corresponding to the index data will not be found on the blockchain node.
  • a corresponding first field may be additionally stored.
  • the first field may be generated in advance based on the associated fields of the payment institution and its associated institutions corresponding to the current payment application.
  • a payment institution and an associated institution of the payment institution may have the same associated field, and the associated field may be stored on the server of the payment institution and its associated institution, and/or may be stored in the user where the corresponding payment application of the payment institution is located. In the terminal.
  • the searching for the corresponding encrypted access address information of the acquirer may specifically include: obtaining the index data included in the information obtaining request; searching for the encrypted data corresponding to the index data
  • the acquiring institution accesses the address information.
  • the index data is generated based on the key and the identification information of the payment institution.
  • the user terminal uses the key to decrypt the received ciphertext information to obtain the access address information of the acquirer, so that the payment can be completed based on the access address information of the acquirer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Business, Economics & Management (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Methods, apparatuses and devices for barcode scanning payment, information transmission in payment process and collection code generation. The solution comprises: a terminal obtains code image information; parse the code image information, to obtain code image parsing information comprised in the code image information, the code image parsing information comprising a first key parameter; obtain a second key parameter; calculate, according to the first key parameter and the second key parameter, to obtain a key; obtain encrypted merchant-acquiring mechanism access address information stored in a blockchain node; use the key to decrypt the encrypted merchant-acquiring mechanism access address information, to obtain merchant-acquiring mechanism access address information; pay based on the merchant-acquiring mechanism access address information.

Description

扫码支付、信息发送及生成收款码的方法、装置和设备Method, device and equipment for scanning code payment, sending information and generating payment code 技术领域Technical field
本申请涉及计算机技术领域,尤其涉及一种扫码支付、支付过程中的信息发送以及生成收款码的方法、装置和设备。This application relates to the field of computer technology, and in particular to a method, device and equipment for scanning code payment, sending information during the payment process, and generating a payment code.
背景技术Background technique
电子支付已经被广泛应用在各种场合。其中,采用二维码等码图像进行扫码支付的方式尤为普及。实际应用中,每个商户可以在收款的位置显示商户自身的二维码,消费者可以通过对二维码的扫描完成支付。Electronic payment has been widely used in various occasions. Among them, the use of QR codes and other code images to scan code payments is particularly popular. In practical applications, each merchant can display the merchant's own QR code at the payment location, and consumers can complete the payment by scanning the QR code.
随着支付技术的演进,一个二维码可以支持多个支付机构的支付渠道。即,用户对一个二维码进行扫描后,即可以选择支付渠道A(例如某某银行)进行支付,也可以选择支付渠道B(例如某平台的电子钱包)进行支付。为了使一个二维码可以支持多个支付渠道,需要在支付网络的节点中同时存储一个商户所支持的多个支付渠道信息。这些支付渠道信息对于商户或者支付机构来说,属于隐私信息。With the evolution of payment technology, one QR code can support the payment channels of multiple payment institutions. That is, after the user scans a QR code, he can choose payment channel A (such as a certain bank) for payment, or choose payment channel B (such as an electronic wallet on a certain platform) for payment. In order to enable a QR code to support multiple payment channels, it is necessary to store the information of multiple payment channels supported by a merchant in the nodes of the payment network at the same time. These payment channel information is private information for merchants or payment institutions.
但是,如何对扫码支付过程中涉及的隐私信息从数据的角度进行保护,是亟待解决的技术问题。However, how to protect the privacy information involved in the scan code payment process from the perspective of data is a technical problem that needs to be solved urgently.
发明内容Summary of the invention
有鉴于此,本申请实施例提供了一种扫码支付、支付过程中的信息发送以及生成收款码的方法、装置和设备方法、装置和设备,用于从数据角度保护了扫码支付过程中涉及的隐私数据的私密性。In view of this, the embodiments of the present application provide a method, device, and equipment for scanning code payment, sending information during the payment process, and generating a payment code. The method, device, and equipment are used to protect the scanning code payment process from a data perspective. The privacy of the private data involved in.
本说明书实施例提供的一种扫码支付方法,包括:终端获取码图像信息;对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;获取第二密钥参数;根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;获取区块链节点存储的加密后的收单机构访问地址信息;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。The code scanning payment method provided by the embodiment of this specification includes: obtaining code image information by a terminal; analyzing the code image information to obtain code image analysis information contained in the code image information; the code image analysis information Contains the first key parameter; obtains the second key parameter; calculates the key according to the first key parameter and the second key parameter; obtains the encrypted acquirer access stored by the blockchain node Address information; using the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and make payment based on the access address information of the acquirer.
本说明书实施例提供的一种支付过程中的信息发送方法,包括:区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;将查找到的所述加密后的收单机构访问地址信息发送至所述终端。The embodiment of this specification provides a method for sending information in the payment process, including: a blockchain node obtains an information obtaining request sent by a terminal; the information obtaining request is used to request obtaining access address information of an acquiring institution; based on the information Obtain the request to find the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is calculated with the terminal according to the first key parameter and the second key parameter The obtained keys are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; and the encrypted acquirer access address information that is found is sent To the terminal.
本说明书实施例提供的一种收款码的生成方法,包括:第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码;获取所述第一终端的去中心化身份标识;向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。The method for generating a payment code provided by an embodiment of this specification includes: a first terminal obtains a payment code generation instruction; the payment code generation instruction is used to instruct the first terminal to generate a payment code; The decentralized identity of the first terminal; send the decentralized identity to the blockchain node storing the decentralized identity document; obtain the blockchain node based on the decentralized identity from all The merchant information queried in the decentralized identity document; based on the merchant information and the pre-stored first key parameter, a payment code is generated; the payment code is used to be scanned by the second terminal to obtain the encrypted The acquirer's access address information.
本说明书实施例提供的一种电子支付方法,包括:服务器获取终端发送的加密后的收单机构访问地址信息;确定与所述服务器对应的密钥;采用所述密钥对所述加密后 的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。An electronic payment method provided by an embodiment of this specification includes: a server obtains encrypted access address information of an acquirer sent by a terminal; determining a key corresponding to the server; and using the key to pair the encrypted The access address information of the acquiring institution is decrypted to obtain the access address information of the acquiring institution; and payment is made based on the access address information of the acquiring institution.
本说明书实施例提供的一种扫码支付装置,包括:码图像信息获取模块,用于获取码图像信息;码图像信息解析模块,用于对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;第二密钥参数获取模块,用于获取第二密钥参数;密钥生成模块,用于根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;密文获取模块,用于获取区块链节点存储的加密后的收单机构访问地址信息;密文解密模块,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;支付模块,用于基于所述收单机构访问地址信息,进行支付。The code scanning payment device provided by the embodiment of this specification includes: a code image information acquisition module for acquiring code image information; a code image information analysis module for analyzing the code image information to obtain the code image The code image analysis information contained in the information; the code image analysis information includes the first key parameter; the second key parameter acquisition module is used to obtain the second key parameter; the key generation module is used to obtain the second key parameter according to the A key parameter and the second key parameter are calculated to obtain the key; the ciphertext acquisition module is used to obtain the encrypted access address information of the acquirer stored by the blockchain node; the ciphertext decryption module is used to adopt The key decrypts the encrypted access address information of the acquirer to obtain the access address information of the acquirer; the payment module is used to make payment based on the access address information of the acquirer.
本说明书实施例提供的一种支付过程中的信息发送装置,包括:请求接收模块,区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;信息查找模块,基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;信息发送模块,将查找到的所述加密后的收单机构访问地址信息发送至所述终端。An information sending device in a payment process provided by an embodiment of this specification includes: a request receiving module, where a blockchain node obtains an information obtaining request sent by a terminal; the information obtaining request is used to request obtaining access address information of an acquiring institution; The information search module searches for the corresponding encrypted access address information of the acquirer based on the information acquisition request; the key used for encrypting the access address information of the acquirer is based on the terminal according to the first key The parameter is the same as the key calculated from the second key parameter; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; the information sending module will find the The encrypted acquiring institution access address information is sent to the terminal.
本说明书实施例提供的一种收款码的生成装置,包括:指令获取模块,第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码;去中心化身份标识获取模块,获取所述第一终端的去中心化身份标识;去中心化身份标识发送模块,向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;商户信息获取模块,获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;收款码生成模块,基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。An apparatus for generating a payment code provided by an embodiment of this specification includes: an instruction acquisition module, a first terminal obtains a payment code generation instruction; the payment code generation instruction is used to instruct the first terminal to generate a payment code ; Decentralized identity acquisition module to obtain the decentralized identity of the first terminal; decentralized identity transmission module to send the decentralized identity to the blockchain node storing the decentralized identity document Identity identification; Merchant information acquisition module, which obtains the merchant information queried from the decentralized identity identification document by the blockchain node based on the decentralized identity identification; Receipt code generation module, based on the merchant information A collection code is generated with the pre-stored first key parameter; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
本说明书实施例提供的一种电子支付装置,密文信息获取模块,用于获取终端发送的加密后的收单机构访问地址信息;密钥确定模块,用于确定与服务器对应的密钥;解密模块,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;支付模块,用于基于所述收单机构访问地址信息,进行支付。An electronic payment device provided by an embodiment of this specification, a ciphertext information acquisition module, used to acquire encrypted access address information of an acquirer sent by a terminal; a key determination module, used to determine a key corresponding to the server; decryption The module is used to decrypt the encrypted access address information of the acquirer by using the key to obtain the access address information of the acquirer; the payment module is used to make payment based on the access address information of the acquirer.
本说明书实施例提供的一种用户终端,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述用户终端能够:获取码图像信息;对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;获取第二密钥参数;根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;获取区块链节点存储的加密后的收单机构访问地址信息;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。A user terminal provided by an embodiment of this specification includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores instructions that can be executed by the at least one processor The instruction is executed by the at least one processor, so that the user terminal can: obtain code image information; analyze the code image information to obtain the code image analysis information contained in the code image information; The code image analysis information includes the first key parameter; obtains the second key parameter; calculates the key according to the first key parameter and the second key parameter; obtains the encrypted data stored by the blockchain node The access address information of the acquiring institution; using the key to decrypt the encrypted access address information of the acquiring institution to obtain the access address information of the acquiring institution; and making payment based on the access address information of the acquiring institution.
本说明书实施例提供的一种区块链节点,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述区块链节点能够:获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存 储设备不同;将查找到的所述加密后的收单机构访问地址信息发送至所述终端。A blockchain node provided by an embodiment of this specification includes: at least one processor; and, a memory communicatively connected with the at least one processor; wherein the memory stores the memory that can be executed by the at least one processor The instruction is executed by the at least one processor, so that the blockchain node can: obtain an information obtaining request sent by the terminal; the information obtaining request is used to request to obtain the access address information of the acquiring institution; The information acquisition request searches for the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is related to the terminal according to the first key parameter and the second secret key. The keys calculated by the key parameters are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; access to the found encrypted acquirer The address information is sent to the terminal.
本说明书实施例提供的一种终端,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述终端能够:获取收款码生成指令;所述收款码生成指令用于指示所述终端生成收款码;获取所述终端的去中心化身份标识;向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。A terminal provided by an embodiment of this specification includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores instructions that can be executed by the at least one processor, The instruction is executed by the at least one processor, so that the terminal can: obtain a payment code generation instruction; the payment code generation instruction is used to instruct the terminal to generate a payment code; Centralized identity; send the decentralized identity to the blockchain node storing the decentralized identity document; obtain the blockchain node from the decentralized identity based on the decentralized identity Identify the merchant information queried in the document; generate a payment code based on the merchant information and the pre-stored first key parameter; the payment code is used to obtain the encrypted access of the acquiring institution after being scanned by the second terminal Address information.
本说明书实施例提供的一种服务器,包括:至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述服务器能够:获取终端发送的加密后的收单机构访问地址信息;确定与所述服务器对应的密钥;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。A server provided by an embodiment of this specification includes: at least one processor; and a memory communicatively connected with the at least one processor; wherein the memory stores instructions that can be executed by the at least one processor, The instruction is executed by the at least one processor, so that the server can: obtain the encrypted access address information of the acquirer sent by the terminal; determine the key corresponding to the server; The encrypted access address information of the acquiring institution is decrypted to obtain the access address information of the acquiring institution; and payment is made based on the access address information of the acquiring institution.
本说明书实施例采用的上述至少一个技术方案能够达到以下有益效果:提供了一种扫码支付过程的隐私保护方案,在区块链节点上存储的是加密后的收单机构访问地址信息,由于是以密文形式存储,区块链节点无法基于其上存储的某商户或某支付机构对应的数据来分析得出该商户或该支付机构的隐私数据,从而确保了商户和支付机构的数据隐私,即可以确保存储在区域块链节点中的信息的安全性。由此,从数据角度保护了扫码支付过程中涉及的隐私数据的私密性。The above-mentioned at least one technical solution adopted in the embodiment of this specification can achieve the following beneficial effects: a privacy protection solution for the scan code payment process is provided, and the encrypted access address information of the acquirer is stored on the blockchain node. It is stored in cipher text, and the blockchain node cannot analyze the private data of the merchant or the payment institution based on the data stored on it corresponding to a merchant or payment institution, thereby ensuring the data privacy of the merchant and payment institution , Which can ensure the security of the information stored in the regional block chain node. As a result, the privacy of the private data involved in the scan code payment process is protected from a data perspective.
附图说明Description of the drawings
此处所述明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide a further understanding of the application and constitute a part of the application. The exemplary embodiments and descriptions of the application are used to explain the application, and do not constitute an improper limitation of the application. In the attached picture:
图1为本说明书实施例提供的一种扫码支付方法的流程示意图;FIG. 1 is a schematic flowchart of a code scanning payment method provided by an embodiment of this specification;
图2为本说明书实施例提供的一种支付过程中的信息发送方法的流程示意图;2 is a schematic flowchart of a method for sending information in a payment process according to an embodiment of this specification;
图3为本说明书实施例提供的一种收款码的生成方法的流程示意图;3 is a schematic flowchart of a method for generating a payment code provided by an embodiment of this specification;
图4为本说明书实施例中提供的扫码支付方案的应用场景的示意图;FIG. 4 is a schematic diagram of an application scenario of the scan code payment solution provided in an embodiment of the specification;
图5为本说明书实施例提供的对应于图1的一种扫码支付装置结构示意图;Fig. 5 is a schematic structural diagram of a code scanning payment device corresponding to Fig. 1 provided by an embodiment of the specification;
图6为本说明书实施例提供的对应于图2的一种支付过程中的信息发送装置的结构示意图;FIG. 6 is a schematic structural diagram of an information sending device in a payment process corresponding to FIG. 2 provided by an embodiment of this specification;
图7为本说明书实施例提供的对应于图3的一种收款码的生成装置的结构示意图;FIG. 7 is a schematic structural diagram of a device for generating a payment code corresponding to FIG. 3 according to an embodiment of the specification;
图8为本说明书实施例提供的一种网络支付设备的结构示意图。Fig. 8 is a schematic structural diagram of a network payment device provided by an embodiment of this specification.
具体实施方式Detailed ways
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the present application clearer, the technical solutions of the present application will be described clearly and completely in conjunction with specific embodiments of the present application and the corresponding drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
在本申请的说明书中,使用了术语第一、第二等来描述各种信息、参数、字段、指令、终端等,但是这些信息、参数、字段、指令、终端不应受这些术语的限制。这些术语用来将一个信息、参数、字段、指令、终端与另一信息、参数、字段、指令、终端区分开。因此,在不脱离本公开的教导的情况下,下面讨论的第一信息、参数、字段、指令、终端也可以被称为第二信息、参数、字段、指令、终端。In the specification of this application, the terms first, second, etc. are used to describe various information, parameters, fields, instructions, terminals, etc., but these information, parameters, fields, instructions, and terminals should not be limited by these terms. These terms are used to distinguish one message, parameter, field, instruction, terminal from another message, parameter, field, instruction, terminal. Therefore, without departing from the teachings of the present disclosure, the first information, parameters, fields, instructions, and terminals discussed below may also be referred to as second information, parameters, fields, instructions, and terminals.
以下结合附图,详细说明本申请各实施例提供的技术方案。The technical solutions provided by the embodiments of the present application will be described in detail below with reference to the accompanying drawings.
图1为本说明书实施例提供的一种扫码支付方法的流程示意图。从程序角度而言,流程的执行主体可以为搭载于用户终端的程序。在本申请的实施例中,用户终端具体指的是进行扫码支付的用户所使用的终端,也即,安装有支付应用(支付APP)的终端。Fig. 1 is a schematic flowchart of a code scanning payment method provided by an embodiment of this specification. From a program perspective, the execution subject of a process can be a program carried on a user terminal. In the embodiments of the present application, the user terminal specifically refers to a terminal used by a user who performs a code scanning payment, that is, a terminal on which a payment application (payment APP) is installed.
如图1所示,该流程可以包括步骤102~步骤114。As shown in FIG. 1, the process may include step 102 to step 114.
步骤102:终端获取码图像信息。Step 102: The terminal obtains code image information.
在扫码支付场景下,可以使用用户终端扫描收款方的收款码,以得到码图像信息。其中,所述用户终端可以包括智能电话。所述收款方可以包括商户。所述收款码可以包括二维码、条形码等任意形式的码。所述获取码图像信息可以是获取收款码的图像信息。In the scan code payment scenario, the user terminal can be used to scan the payment code of the payee to obtain the code image information. Wherein, the user terminal may include a smart phone. The payee may include a merchant. The payment code may include any form of code such as a two-dimensional code and a barcode. The acquisition code image information may be the image information for acquiring the payment code.
其中,所述收款码可以呈现在印刷品上,也可以呈现在商户终端设备的显示屏上,作为示例,下文的描述中均假设收款码呈现于商户终端上的情况。Wherein, the payment code may be presented on a printed matter or on a display screen of a merchant terminal device. As an example, the following description assumes that the payment code is displayed on a merchant terminal.
步骤104:对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息,所述码图像解析信息包含第一密钥参数。Step 104: Analyze the code image information to obtain code image analysis information contained in the code image information, and the code image analysis information includes a first key parameter.
用户终端获取到码图像信息后,可以对获取的码图像信息进行解析以得到其中包含的码图像解析信息。所述码图像解析信息可以包括与当前商户以及当前交易相关的信息。After the user terminal obtains the code image information, it can analyze the obtained code image information to obtain the code image analysis information contained therein. The code image analysis information may include information related to the current merchant and the current transaction.
在实施例中,所述码图像解析信息可以包括第一密钥参数。所述第一密钥参数可以被用于生成密钥,该生成的密钥可以被用于对加密后的收单机构访问地址信息进行解密。所述第一密钥参数可以是与当前商户对应的密钥。每个商户可以对应一个第一密钥参数,不同的商户可以对应不同的第一密钥参数。In an embodiment, the code image analysis information may include the first key parameter. The first key parameter may be used to generate a key, and the generated key may be used to decrypt the encrypted access address information of the acquiring institution. The first key parameter may be a key corresponding to the current merchant. Each merchant can correspond to one first key parameter, and different merchants can correspond to different first key parameters.
可选地,用户终端从商户终端获取第一参数密钥的过程,可以利用密钥交换协议进行,以确保密钥的安全性。例如,第一密钥参数为y,那么实际在携带在码图像信息中进行传输的可以是处理后的第一密钥参数,例如g y,其中g是一个大数,具体地,为大素数,例如,大于10000000的素数。素数被利用在密码学上,对要传递的信息(密码)进行编码时加入素数,编码之后进行信息传递,使得信息的破解过程成为寻找素数的过程,由此,将会因为找素数的过程(分解质因数)过久,使即使取得信息也会无意义。因此,基于对大素数的使用,能够确保信息(密码)传输的安全性。 Optionally, the process in which the user terminal obtains the first parameter key from the merchant terminal may be performed using a key exchange protocol to ensure the security of the key. For example, if the first key parameter is y, then what is actually carried in the code image information for transmission may be the processed first key parameter, such as g y , where g is a large number, specifically, a large prime number , For example, prime numbers greater than 10000000. Prime numbers are used in cryptography. Prime numbers are added when encoding the information (password) to be transmitted, and the information is transmitted after encoding, making the process of information decryption a process of finding prime numbers. Therefore, it will be due to the process of finding prime numbers ( Decomposing prime factors) is too long, so that even if the information is obtained, it will be meaningless. Therefore, based on the use of large prime numbers, the security of information (cipher) transmission can be ensured.
步骤106:获取第二密钥参数。Step 106: Obtain the second key parameter.
所述第二密钥参数可以与前述第一密钥参数一起被用于生成密钥,该生成的密钥可以被用于对加密后的收单机构访问地址信息进行解密。所述第二密钥参数可以是与当前支付应用对应的密钥。每个支付应用可以对应一个第二密钥参数,不同的支付应用可以对应不同的第二密钥参数。例如,支付机构A的APP可以对应一个第二密钥参数、支付机构B的APP可以对应一个另外的第二密钥参数。The second key parameter can be used together with the aforementioned first key parameter to generate a key, and the generated key can be used to decrypt the encrypted access address information of the acquirer. The second key parameter may be a key corresponding to the current payment application. Each payment application can correspond to a second key parameter, and different payment applications can correspond to different second key parameters. For example, the APP of payment institution A may correspond to a second key parameter, and the APP of payment institution B may correspond to another second key parameter.
可选地,所述获取第二密钥参数,具体可以包括:获取所述终端本地存储的第二密钥参数。即,安装有支付应用的用户终端中,可以预先存储有与所述支付应用对应的第二密钥参数。Optionally, the obtaining the second key parameter may specifically include: obtaining the second key parameter stored locally by the terminal. That is, in the user terminal where the payment application is installed, the second key parameter corresponding to the payment application may be pre-stored.
可选地,所述获取第二密钥参数,具体可以包括:向第一服务器发送获取第二密钥参数的请求;获取所述第一服务器反馈的所述第二密钥参数。其中,所述第一服务器可以是与所述支付应用对应的支付机构的服务器,即,所述第一服务器可以是所述支付应用所属的支付机构的服务器。例如,支付应用可以为支付宝APP,支付机构可以为支付宝,第一服务器可以是支付宝的服务器。Optionally, the obtaining the second key parameter may specifically include: sending a request for obtaining the second key parameter to the first server; and obtaining the second key parameter fed back by the first server. Wherein, the first server may be a server of a payment institution corresponding to the payment application, that is, the first server may be a server of a payment institution to which the payment application belongs. For example, the payment application may be an Alipay APP, the payment institution may be Alipay, and the first server may be an Alipay server.
可选地,支付机构也可以根据不同的商户索引存储不同的第二密钥参数。Optionally, the payment institution may also store different second key parameters according to different merchant indexes.
步骤108:根据所述第一密钥参数与所述第二密钥参数,计算得到密钥。Step 108: Calculate the key according to the first key parameter and the second key parameter.
在本申请的实施例中,在用户终端获取了与商户对应的第一密钥参数(例如,处理后的第一密钥参数),并获取了与自身对应的第二密钥参数,可以基于第一密钥参数和第二密钥参数来得到密钥,该密钥可以用于对加密后的收单机构访问地址信息进行解密。In the embodiment of the present application, the user terminal obtains the first key parameter corresponding to the merchant (for example, the processed first key parameter), and obtains the second key parameter corresponding to itself, which may be based on The first key parameter and the second key parameter are used to obtain the key, which can be used to decrypt the encrypted access address information of the acquiring institution.
例如,沿用上例,处理后的第二密钥参数为g y,所述第二密钥参数可以记为x,则可以计算得到密钥可以为(g y) x=g xyFor example, following the above example, the processed second key parameter is g y , and the second key parameter can be denoted as x, and the key can be calculated as (g y ) x =g xy .
步骤110:获取区块链节点存储的加密后的收单机构访问地址信息。Step 110: Obtain the encrypted access address information of the acquirer stored by the blockchain node.
其中,在区块链节点上存储的收单机构访问地址信息是预先经过加密处理得到的密文信息,并且在将收单机构访问地址信息从区块链节点返回至用户终端时,也是以密文的形式。下文中的密文信息,指的是加密后的收单机构访问地址信息。由此使得,无论在存储状态下还是在信息传输过程中,收单机构访问地址信息无法被对手机构等获取,确保了保密性。Among them, the access address information of the acquirer stored on the blockchain node is ciphertext information obtained through encryption processing in advance, and when the access address information of the acquirer is returned from the blockchain node to the user terminal, it is also encrypted The form of the text. The ciphertext information below refers to the encrypted access address information of the acquirer. As a result, no matter in the storage state or in the process of information transmission, the access address information of the acquiring institution cannot be obtained by the counterpart institution, etc., ensuring confidentiality.
在实施例中,收单机构访问地址信息中可以包含主地址信息与商户ID。例如,收单机构访问地址可以是:https://alipay.com/123456,其中,“alipay.com”是主支付地址,“123456”是商户ID。收单机构访问地址的格式不限于此示例。In an embodiment, the access address information of the acquirer may include the main address information and the merchant ID. For example, the access address of the acquiring institution may be: https://alipay.com/123456, where "alipay.com" is the main payment address and "123456" is the merchant ID. The format of the access address of the acquirer is not limited to this example.
步骤112:采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息。Step 112: Use the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer.
其中,在安装有支付应用的用户终端本地生成的用于对加密后的收单机构访问地址信息进行解密的密钥,与区块链节点存储的加密后的收单机构访问地址信息被加密时使用的密钥,是相同的,由此,可以利用该生成的密钥对获取的加密后的收单机构访问地址信息进行解密,从而获得收单机构访问地址信息。Among them, the key generated locally on the user terminal where the payment application is installed is used to decrypt the encrypted acquirer access address information, and the encrypted acquirer access address information stored on the blockchain node is encrypted The keys used are the same. Therefore, the encrypted access address information of the acquirer can be decrypted by using the generated key, so as to obtain the access address information of the acquirer.
步骤114:基于所述收单机构访问地址信息,进行支付。Step 114: Make payment based on the access address information of the acquirer.
具体地,用户可以在用户终端访问该解密得到的收单机构访问地址,并在该地址对应的页面中完成支付操作,此处完成支付操作的方法可以参照现有技术,本说明书中不再进行具体说明。Specifically, the user can access the decrypted acquirer access address on the user terminal, and complete the payment operation on the page corresponding to the address. The method for completing the payment operation here can refer to the existing technology, which will not be described in this specification. Specific instructions.
在本申请的上述实施例中,信息在区块链节点上的存储状态下以及将信息从区块链节点向用户终端传输的过程中,收单机构访问地址均是以密文的形式存在,确保了私密性。并且,由于是以密文形式存储,区块链节点无法基于其上存储的某商户或某支付机构对应的数据来分析得出该商户或该支付机构的隐私数据,从而确保了商户和支付机构的隐私数据的私密性,即确保存储在区域块链节点中的信息的安全性。再者,用于密文进行解密的密钥并非存储在某一个终端或服务器中,而是在支付前采用步骤102、步骤104、步骤106和步骤108来生成,其中用于生成密钥的第一密钥参数和第二密钥参数分别由商户侧(例如,商户终端或服务器)和支付机构侧(例如,支付机构的支付应用所在的用户终端本地,或者支付机构的服务器)保管,通过将密钥参数分散管理且在使用时即时生成的方式,确保了用于解密密文的密钥的安全性。In the above-mentioned embodiment of this application, when the information is stored on the blockchain node and when the information is transmitted from the blockchain node to the user terminal, the access address of the acquiring institution is in the form of ciphertext. Ensure privacy. In addition, because it is stored in ciphertext, the blockchain node cannot analyze the private data of the merchant or the payment institution based on the data corresponding to a certain merchant or payment institution stored on it, thereby ensuring the merchant and the payment institution The privacy of the private data is to ensure the security of the information stored in the regional block chain node. Furthermore, the key used to decrypt the ciphertext is not stored in a certain terminal or server, but is generated by using step 102, step 104, step 106, and step 108 before payment. The first key parameter and the second key parameter are kept by the merchant side (for example, the merchant terminal or server) and the payment institution side (for example, the local user terminal where the payment application of the payment institution is located, or the server of the payment institution). The method of decentralized management of key parameters and instant generation when in use ensures the security of the key used to decrypt the ciphertext.
基于图1的方法,本说明书实施例还提供了该方法的一些具体实施方案,下面进行说明。Based on the method in FIG. 1, the examples of this specification also provide some specific implementations of the method, which are described below.
在实际应用中,区块链节点中可以存储有许多不同的支付机构各自对应的收单机构访问地址的密文,安装有支付应用的用户终端可以从区块链节点中获取与支付应用对应的收单机构访问地址的密文。在本说明书的实施例中,所述与支付应用对应的收单机构访问地址中的所述收单机构,可以是所述支付机构。In practical applications, blockchain nodes can store the ciphertext of the access addresses of many different payment institutions corresponding to the acquirer, and the user terminal installed with the payment application can obtain the corresponding payment application from the blockchain node The ciphertext of the access address of the acquirer. In the embodiment of this specification, the acquiring institution in the access address of the acquiring institution corresponding to the payment application may be the payment institution.
具体地,根据本申请的实施例,所述获取区块链节点存储的加密后的收单机构访问地址信息(步骤110),具体可以包括:获取在本次支付过程中使用的应用的支付机构标识信息;根据所述密钥与所述支付机构标识信息,生成索引数据;向所述区块链节点发送用于获取收单机构访问地址信息的请求,所述用于获取收单机构访问地址信息的请求中至少包括所述索引数据;获取所述区块链节点反馈的加密后的收单机构访问地址信息。Specifically, according to an embodiment of the present application, the obtaining the encrypted access address information of the acquirer stored by the blockchain node (step 110) may specifically include: obtaining the payment institution of the application used in the current payment process Identification information; generate index data according to the key and the payment institution identification information; send to the blockchain node a request for obtaining the access address information of the acquiring institution, which is used to obtain the access address of the acquiring institution The information request includes at least the index data; obtaining the encrypted access address information of the acquiring institution fed back by the blockchain node.
该实施例中,当向区块链节点发送用于获取收单机构访问地址信息的请求时,可以在请求中携带基于与支付应用对应的支付机构标识信息生成的索引数据,使得区块链节点可以基于该索引数据来返回与所述支付应用(或者说,支付机构)对应的加密后的收单机构访问地址信息。In this embodiment, when a request for obtaining the access address information of the acquiring institution is sent to the blockchain node, the index data generated based on the identification information of the payment institution corresponding to the payment application may be carried in the request, so that the blockchain node The encrypted acquiring institution access address information corresponding to the payment application (or payment institution) may be returned based on the index data.
作为一个具体示例,沿用上例中计算得到密钥为g xy,支付机构标识记为“支付机构ID”,那么可以通过例如密钥派生函数(Key Derivation Function,KDF)来生成索引数据Index,即,Index←KDF(g xy,支付机构ID),以在获取请求中携带该索引数据。然后在区块链节点中,查找与该索引数据对应的加密的索引数据Index并返回。 As a specific example, following the calculation in the above example, the key is g xy , and the payment institution identification is marked as "payment institution ID", then the index data Index can be generated by, for example, a key derivation function (KDF), namely , Index←KDF (g xy , payment institution ID), to carry the index data in the acquisition request. Then in the blockchain node, search for the encrypted index data Index corresponding to the index data and return.
在实际应用中,每个商户可以与多个支付机构具有合作关系,这种情况下,区块链中可以与商户对应地、且与支付机构对应地来存储加密后的收单机构访问地址信息。具体地,例如可以以商户索引号作为第一层目录、以索引数据作为第二层目录来存储加密后的收单机构访问地址信息。In practical applications, each merchant can have a cooperative relationship with multiple payment institutions. In this case, the blockchain can store the encrypted access address information of the acquirer corresponding to the merchant and corresponding to the payment institution. . Specifically, for example, the merchant index number may be used as the first-level directory, and the index data may be used as the second-level directory to store the encrypted access address information of the acquirer.
根据可选的实施例,步骤102和步骤104中,对从商户侧获取的码图像进行解析得到的码图像解析信息中,还可以包括商户索引号。所述商户索引号可以是用于识别商户的编号。在一个指定范围的网络支付***中,一个商户具有唯一的一个商户索引号,不同的商户具有不同的商户索引号。例如,在由A银行机构、电子支付平台A和电子支付平台B三者合作的网络支付***中,对于由A银行机构、电子支付平台A和电子支付平台B三者来说,某一确定商户的商户索引号可以是相同的。According to an optional embodiment, in step 102 and step 104, the code image analysis information obtained by analyzing the code image obtained from the merchant side may further include the merchant index number. The merchant index number may be a number used to identify the merchant. In a specified range of online payment system, a merchant has a unique merchant index number, and different merchants have different merchant index numbers. For example, in a network payment system cooperating with banking institution A, electronic payment platform A, and electronic payment platform B, for a bank institution A, electronic payment platform A, and electronic payment platform B, a certain merchant The merchant index numbers of can be the same.
在可选的实施例中,所述码图像解析信息中还可以包括交易关键参数。所述交易关键参数可以包括交易订单编号、交易建立时间、交易金额等。In an optional embodiment, the code image analysis information may also include key transaction parameters. The key transaction parameters may include transaction order number, transaction establishment time, transaction amount, and so on.
在可选的实施例中,所述码图像解析信息中还可以包括商户签名。在实践中,当响应于信息请求方的请求来返回请求信息之前,信息发送方可以先对信息请求方的身份进行验证,以确保信息安全。在本申请的实施例中,在后续区块节点向用户终端发送加密后的收单机构访问地址信息前,可以先对商户签名进行验签,当验签通过的情况下,向用户终端发送所述加密后的收单机构访问地址信息。在本申请的实施例中,对商户进行验签可以验证区块链节点接收到的商户索引号的来源的真实性,以保障收单机构访问地址信息的安全。In an optional embodiment, the code image analysis information may also include a merchant's signature. In practice, before returning the requested information in response to the request of the information requester, the information sender may first verify the identity of the information requester to ensure information security. In the embodiment of this application, before the subsequent block node sends the encrypted acquirer's access address information to the user terminal, the merchant's signature can be verified. The encrypted access address information of the acquiring institution. In the embodiment of the present application, the verification of the merchant's signature can verify the authenticity of the source of the merchant's index number received by the blockchain node, so as to ensure the security of the acquiring institution's access to the address information.
在本申请的实施例中,所述用于获取收单机构访问地址信息的请求中,具体可以包括:商户索引号、商户签名和所述索引数据。由此,当区块链节点接收到该请求后,可以基于所述商户索引号和所述索引数据,来查找到对应商户下面的对应Index下的密文,并返回给用户终端。In the embodiment of the present application, the request for obtaining the access address information of the acquiring institution may specifically include: a merchant index number, a merchant signature, and the index data. Therefore, when the blockchain node receives the request, it can find the ciphertext under the corresponding Index under the corresponding merchant based on the merchant index number and the index data, and return it to the user terminal.
在本申请的一个或多个实施例中,提供了一种扫码支付过程的隐私保护方案,在区块链节点上存储的是加密后的收单机构访问地址信息,由于是以密文形式存储,区块链节点无法基于其上存储的某商户或某支付机构对应的数据来分析得出该商户或该支付机构的隐私数据,从而确保了商户和支付机构的数据隐私,即可以确保存储在区域块链节点中的信息的安全性。并且,商户侧和支付机构侧分别存储用于生成密钥的部分密钥参数,密钥参数通过密钥协议来传输,双方均不知道对方的密钥参数,商户与支付机构彼此间实现了信息保密。In one or more embodiments of the present application, a privacy protection scheme for the scanning payment process is provided. The encrypted access address information of the acquirer is stored on the blockchain node, because it is in the form of cipher text. Storage, the blockchain node cannot analyze the privacy data of the merchant or the payment institution based on the data stored on it corresponding to the merchant or payment institution, thus ensuring the data privacy of the merchant and the payment institution, that is, the storage can be ensured The security of information in the nodes of the regional block chain. In addition, the merchant side and the payment institution side separately store some key parameters used to generate the key. The key parameters are transmitted through the key agreement. Both parties do not know the other's key parameters. The merchant and the payment institution realize information between each other. Keep it secret.
在实际应用中,当区块链节点响应于用户终端发送的请求查找相应的密文信息时,有可能无法查找到与请求中携带的索引数据所对应的密文。在这种情况下,可以返回与请求中携带的商户索引号对应的商户下的所有密文,并将符合一定条件的密文数据发送至与当前支付应用所属支付机构的关联支付机构的服务器,来进行解密。例如,当前支付应用为“支付宝APP”,其所述的支付机构为“支付宝”,相应的服务器为支付宝服务器(在本申请中可以称为“第一服务器”);与当前支付应用所述的支付机构关联的支付机构可以为“支付宝国际”,相应的服务器为支付宝国际服务器(在本申请中可以称为“第二服务器”)。在本申请的实施例中,当前支付应用对应的支付机构的服务器可以称为当前支付应用的第一服务器,当前支付应用所属支付机构的关联支付机构的服务器可以称为当前支付应用的第二服务器。In practical applications, when a blockchain node searches for corresponding ciphertext information in response to a request sent by a user terminal, it may not be able to find the ciphertext corresponding to the index data carried in the request. In this case, all ciphertexts under the merchant corresponding to the merchant index number carried in the request can be returned, and the ciphertext data that meets certain conditions can be sent to the server of the payment institution associated with the payment institution to which the current payment application belongs. To decrypt it. For example, the current payment application is "Alipay APP", the payment institution mentioned is "Alipay", and the corresponding server is Alipay server (may be referred to as the "first server" in this application); The payment institution associated with the payment institution may be "Alipay International", and the corresponding server is the Alipay International server (which may be referred to as the "second server" in this application). In the embodiment of the present application, the server of the payment institution corresponding to the current payment application may be referred to as the first server of the current payment application, and the server of the payment institution associated with the payment institution to which the current payment application belongs may be referred to as the second server of the current payment application .
根据实施例,所述采用所述密钥对所述加密后的收单机构访问地址信息进行解密(步骤112)之后,还可以包括:若采用所述密钥无法对所述加密后的收单机构访问地址信息进行解密,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器,以便所述第二服务器基于所述加密后的收单机构访问地址信息完成本次支付。According to an embodiment, after the decryption of the encrypted access address information of the acquirer by using the key (step 112), the method may further include: if the encrypted acquirer cannot be decrypted using the key When the institution access address information is decrypted, the encrypted acquirer access address information is sent to the second server of the application used in the payment process, so that the second server is based on the encrypted acquirer Visit address information to complete this payment.
其中,用户终端无法采用本地生成的密钥对加密后的收单机构访问地址信息进行解密,可以是,无法从区块链节点上查找到并返回可以使用用户终端本地生成的密钥进行解密的加密后的收单机构访问地址信息。Among them, the user terminal cannot use the locally generated key to decrypt the encrypted access address information of the acquirer. It may be that it cannot be found from the blockchain node and returned that can be decrypted using the locally generated key of the user terminal. The encrypted access address information of the acquirer.
例如,对于一个国外的店铺,实际上可以使用例如“支付宝国际APP”来进行支付,相应地,支付时访问的收单机构访问地址可以基于与支付宝国际相对应的信息来获取到。在实际使用时,若使用的支付应用为“支付宝APP”(即,可用于中国境内支付),那么基于该国外店铺对应的第一密钥参数和该国内支付应用对应的第二密钥参数生成密钥,进而基于该密钥与支付应用ID生成索引数据后,将无法在区块链节点上查找到与该索引数据对应的密文。在这种情况下,可以将与商户对应的密文数据返回至用户终端,进而发送至当前支付应用的第二服务器,在该示例中,可以发送至支付宝国际的服务器,则可以由支付宝国际的服务器对该密文进行解密,使得可以完成后续支付。For example, for a foreign store, you can actually use, for example, "Alipay International APP" to make payment. Accordingly, the access address of the acquirer you visit during payment can be obtained based on the information corresponding to Alipay International. In actual use, if the payment application used is "Alipay APP" (that is, it can be used for payment in China), then it is generated based on the first key parameter corresponding to the foreign store and the second key parameter corresponding to the domestic payment application Key, and then generate index data based on the key and the payment application ID, the cipher text corresponding to the index data will not be found on the blockchain node. In this case, the ciphertext data corresponding to the merchant can be returned to the user terminal, and then sent to the second server of the current payment application. In this example, it can be sent to the server of Alipay International. The server decrypts the ciphertext so that subsequent payments can be completed.
在实际应用中,并非要将当前商户下所有加密的收单机构地址访问均发送至所述第二服务器,而是可以仅发送满足一定条件的部分密文。In practical applications, it is not necessary to send all encrypted acquirer address accesses under the current merchant to the second server, but only part of the ciphertext that meets certain conditions may be sent.
在本申请的实施例中,对于存储于区块链节点上的每个Index以及对应的加密后的收单机构访问地址信息,均可以额外存储一个相应的第一字段,所述一个第一字段至少与一个加密后的收单机构访问地址信息相对应。所述第一字段可以是预先基于当前支付应用对应的支付机构及其关联机构的关联字段生成的。一个支付机构与该支付机构的关联机构可以具有相同的关联字段,该关联字段可以存储在支付机构及其关联机构的服务器上,和/或可以存储在该支付机构的相应的支付应用所在的用户终端中。In the embodiment of the present application, for each Index stored on the blockchain node and the corresponding encrypted access address information of the acquirer, a corresponding first field may be additionally stored. Correspond to at least one encrypted access address information of the acquirer. The first field may be generated in advance based on the associated fields of the payment institution and its associated institutions corresponding to the current payment application. A payment institution and an associated institution of the payment institution may have the same associated field, and the associated field may be stored on the server of the payment institution and its associated institution, and/or may be stored in the user where the corresponding payment application of the payment institution is located. In the terminal.
根据实施例,所述将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器之前,还可以包括:获取所述区块链节点反馈的第一字段,一个所述第一字段至少与一个加密后的收单机构访问地址信息相对应;获取第二字段;判 断所述第一字段与所述第二字段是否相同,得到判断结果;若所述判断结果表示所述第一字段与所述第二字段相同,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器。According to an embodiment, before sending the encrypted acquirer access address information to the second server of the application used in this payment process, it may further include: obtaining the first field fed back by the blockchain node , One of the first fields corresponds to at least one encrypted acquirer's access address information; acquiring the second field; judging whether the first field is the same as the second field, and obtaining the judgment result; if the judgment is The result indicates that the first field is the same as the second field, and the encrypted acquirer access address information is sent to the second server of the application used in the payment process.
其中,获取第二字段的过程可以包括,基于当前支付应用对应的支付机构的关联字段,并基于从商户处获得的第一密钥参数(例如,处理后的第一密钥参数),生成第二字段。在支付应用中生成该第二字段的方式与区块链节点中存储的预先生成的第一字段的生成方式相同。举例,若来自商户的处理后的第一密钥参数为g y,当前支付应用对应的支付机构的关联密钥为T,可以通过例如哈希算法来生成第一字段/第二字段,例如,预先生成存储于区块链节点的第一字段Q1←Hash(T,g y),在支付应用所在用户终端生成第二字段Q2←Hash(T,g y)。若第二字段与第一字段相同,说明第一字段对应的Index下的加密后的收单机构访问地址信息可以被当前支付应用的支付机构或其关联机构解密。因此,在当前支付应用对应的支付机构无法解密时,则将其发送至当前支付机构的关联机构。在实施例中,若一个第一字段与两个加密后的收单机构访问地址信息相对应,亦即当前支付机构有另外的一个关联机构,则在当前支付机构无法解密时,可以将符合条件的密文发送至所述另外的一个关联机构。可选地,若一个第一字段与多于两个加密后的收单机构访问地址信息相对应,亦即当前支付机构有另外的至少两个关联机构,在当前支付机构无法解密时,可以将符合条件的密文依次发送至所述另外的至少两个关联机构。 Wherein, the process of obtaining the second field may include, based on the associated field of the payment institution corresponding to the current payment application, and based on the first key parameter obtained from the merchant (for example, the processed first key parameter), generating the first key parameter. Two fields. The method of generating the second field in the payment application is the same as the method of generating the pre-generated first field stored in the blockchain node. For example, if the processed first key parameter from the merchant is g y , and the associated key of the payment institution corresponding to the current payment application is T, the first field/second field can be generated by, for example, a hash algorithm, for example, The first field Q1←Hash(T,g y ) stored in the blockchain node is generated in advance, and the second field Q2←Hash(T,g y ) is generated at the user terminal where the payment application is located. If the second field is the same as the first field, it means that the encrypted access address information of the acquiring institution under the Index corresponding to the first field can be decrypted by the payment institution of the current payment application or its associated institution. Therefore, when the payment institution corresponding to the current payment application cannot be decrypted, it is sent to the affiliated institution of the current payment institution. In the embodiment, if a first field corresponds to the access address information of the two encrypted acquiring institutions, that is, the current payment institution has another affiliated institution, when the current payment institution cannot decrypt it, the eligible The ciphertext of is sent to the other affiliate. Optionally, if a first field corresponds to more than two encrypted acquirer access address information, that is, the current payment institution has at least two other affiliated institutions, and when the current payment institution cannot decrypt it, the The ciphertexts that meet the conditions are sequentially sent to the at least two other associated institutions.
在本申请的实施例中,使用代理支付的电子支付方法,通过当前支付应用的支付机构的关联机构的服务器(第二服务器)进行付款的情况,可以称为代理支付。该方案的实施使得,即便跨国使用支付应用(例如,在国外使用国内版的支付应用),也依然能够实现付款,且在用户端无感知。In the embodiment of the present application, the electronic payment method of proxy payment is used to make payment through the server (second server) of the affiliated institution of the payment institution of the current payment application, which can be referred to as proxy payment. The implementation of this solution makes it possible to make payments even if payment applications are used across the country (for example, using a domestic version of the payment application abroad), without perception on the user side.
为了更清楚地描述上述使用代理支付的电子支付方法。下面从第二服务器的角度来描述该方法。从程序的角度而言,方法的执行主体是第二服务器。In order to more clearly describe the above electronic payment method using proxy payment. The method is described below from the perspective of the second server. From a program point of view, the execution subject of the method is the second server.
具体地,第二服务器(即,代理服务器)获取用户终端发送的加密后的收单机构访问地址信息;确定与所述服务器对应的密钥;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。Specifically, the second server (ie, the proxy server) obtains the encrypted acquirer access address information sent by the user terminal; determines the key corresponding to the server; uses the key to perform the encrypted acquirer The access address information of the institution is decrypted to obtain the access address information of the acquiring institution; and payment is made based on the access address information of the acquiring institution.
其中,第二服务器可以经由当前支付应用所在的用户终端来获取存储于区块链节点上的加密后的收单机构访问地址信息以及对应的第一字段。具体地,第二服务器可以获取的是与用户终端计算得到的第二字段相等的第一字段及其对应的加密后的收单机构访问地址信息。Wherein, the second server may obtain the encrypted acquirer access address information and the corresponding first field stored on the blockchain node via the user terminal where the current payment application is located. Specifically, what the second server can acquire is the first field that is equal to the second field calculated by the user terminal and the corresponding encrypted access address information of the acquiring institution.
其中,所述确定与所述服务器对应的密钥,具体可以包括:获取所述用户终端发送的第一密钥参数;获取与所述服务器对应的第三密钥参数;根据所述第一密钥参数与所述第三密钥参数,计算得到密钥。其中,用户终端发送的第一密钥参数是从商户终端获取来的、与商户对应的密钥参数,沿用上文的示例,可以记为g y。其中,第三密钥参数即权利要求16中的第二密钥参数,是与第二服务器对应的(即,与关联机构对应的)密钥参数,例如,可以记为x'。则可以计算得到密钥为(g y) x'=g x'yWherein, the determining the key corresponding to the server may specifically include: obtaining a first key parameter sent by the user terminal; obtaining a third key parameter corresponding to the server; The key parameter and the third key parameter are calculated to obtain the key. Among them, the first key parameter sent by the user terminal is the key parameter corresponding to the merchant obtained from the merchant terminal, which can be denoted as g y according to the above example. Wherein, the third key parameter, that is, the second key parameter in claim 16, is a key parameter corresponding to the second server (that is, corresponding to an associated organization), and may be denoted as x′, for example. Then the key can be calculated as (g y ) x' = g x'y .
与前述扫码支付方法对应的,本申请提供了一种支付过程中的信息发送方法。图2为本说明书实施例提供的一种支付过程中的信息发送方法的流程示意图。从程序角度而言,该流程的执行主体可以为区块链节点。Corresponding to the aforementioned scan code payment method, this application provides a method for sending information during the payment process. Fig. 2 is a schematic flowchart of a method for sending information in a payment process provided by an embodiment of the specification. From a program point of view, the execution subject of this process can be a blockchain node.
如图2所示,该流程可以包括步骤202~步骤206。As shown in FIG. 2, the process may include step 202 to step 206.
步骤202:区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求 获取收单机构访问地址信息。Step 202: The blockchain node obtains the information obtaining request sent by the terminal; the information obtaining request is used to request to obtain the access address information of the acquiring institution.
其中,所述终端是安装有支付应用的用户终端。Wherein, the terminal is a user terminal installed with a payment application.
步骤204:基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同。Step 204: Based on the information acquisition request, search for the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is compared with the terminal according to the first key parameter The key calculated from the second key parameter is the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter.
其中,所述第一密钥参数的初始存储设备是商户终端,所述第一密钥参数与商户终端的商户索引号对应。所述第二密钥参数初始存储设备是当前支付应用所在的用户终端或当前支付应用所属支付机构的服务器,所述第二密钥参数与当前支付应用对应。用户终端可以从商户终端获取的所述第一密钥参数,并且用户终端可以获取本地存储的或者从支付应用对应的支付机构的服务器处获取所述第二密钥参数,然后基于所述第一密钥参数与第二密钥参数计算得到的密钥。Wherein, the initial storage device of the first key parameter is the merchant terminal, and the first key parameter corresponds to the merchant index number of the merchant terminal. The second key parameter initial storage device is the user terminal where the current payment application is located or the server of the payment institution to which the current payment application belongs, and the second key parameter corresponds to the current payment application. The user terminal can obtain the first key parameter from the merchant terminal, and the user terminal can obtain the second key parameter stored locally or from the server of the payment institution corresponding to the payment application, and then based on the first key parameter. A key calculated from the key parameter and the second key parameter.
其中,对所述收单机构访问地址信息进行加密所使用的密钥,实际上也是基于第一密钥参数和第二密钥参数预先生成并进行使用的。Wherein, the key used for encrypting the access address information of the acquiring institution is actually generated and used in advance based on the first key parameter and the second key parameter.
步骤206:将查找到的所述加密后的收单机构访问地址信息发送至所述终端。Step 206: Send the encrypted access address information of the acquirer to the terminal.
在实施例中,所述查找对应的加密后的收单机构访问地址信息(步骤204),具体可以包括:获取所述信息获取请求中包含的索引数据;查找所述索引数据对应的加密后的收单机构访问地址信息。其中,所述索引数据是基于所述密钥与支付机构的标识信息生成的。In an embodiment, the searching for the corresponding encrypted access address information of the acquirer (step 204) may specifically include: obtaining the index data included in the information obtaining request; searching for the encrypted data corresponding to the index data The acquiring institution accesses the address information. Wherein, the index data is generated based on the key and the identification information of the payment institution.
在实施例中,所述查找对应的加密后的收单机构访问地址信息(步骤206)之后,还可以包括:若未查找到所述索引数据对应的加密后的收单机构访问地址信息,则将所述信息获取请求中包含的商户索引号对应的全部加密后的收单机构访问地址信息发送至所述终端。In an embodiment, after searching the corresponding encrypted acquirer access address information (step 206), it may further include: if the encrypted acquirer access address information corresponding to the index data is not found, then All the encrypted access address information of the acquiring institution corresponding to the merchant index number included in the information acquisition request is sent to the terminal.
在实施例中,所述查找对应的加密后的收单机构访问地址信息(步骤206)之前,还可以包括:获取所述信息获取请求中包含的商户签名;对所述商户签名进行验证;若验证通过,则执行所述查找对应的加密后的收单机构访问地址信息的步骤。In an embodiment, before searching for the corresponding encrypted acquirer access address information (step 206), it may further include: obtaining the merchant signature included in the information acquisition request; verifying the merchant signature; if If the verification is passed, the step of searching the corresponding encrypted acquiring institution's access address information is executed.
由于该支付过程中的信息发送方法的实施例与上文中的扫码支付方法的实施例具有相同或相应的技术特征,可以达到与前述扫码支付方法的实施例相同的技术效果。具体地,该支付过程中的信息发送方法中,区块链节点上存储的是加密后的收单机构访问地址信息,由于是以密文形式存储,使得,区块链节点无法基于其上存储的某商户或某支付机构对应的数据来分析得出该商户或该支付机构的隐私数据,从而确保了商户和支付机构的数据隐私,即可以确保存储在区域块链节点中的信息的安全性。由此,从数据角度保护了扫码支付过程中涉及的隐私数据的私密性。Since the embodiment of the information sending method in the payment process has the same or corresponding technical features as the above embodiment of the scanning payment method, the same technical effect as the embodiment of the scanning payment method can be achieved. Specifically, in the information sending method in the payment process, the encrypted access address information of the acquirer is stored on the blockchain node. Because it is stored in cipher text, the blockchain node cannot be based on the storage on it. The data corresponding to a certain merchant or a certain payment institution can be analyzed to obtain the privacy data of the merchant or the payment institution, thereby ensuring the data privacy of the merchant and the payment institution, that is, the security of the information stored in the regional block chain node can be ensured . As a result, the privacy of the private data involved in the scan code payment process is protected from a data perspective.
与上述扫码支付方法和支付过程中的信息发送方法对应的,本申请提供了一种收款码的生成方法。图3为本说明书实施例提供的一种收款码的生成方法的流程示意图。从程序角度而言,流程的执行主体可以为商户终端。Corresponding to the foregoing scanning code payment method and the information sending method in the payment process, this application provides a method for generating a payment code. FIG. 3 is a schematic flowchart of a method for generating a payment code provided by an embodiment of the specification. From a program point of view, the execution subject of the process can be a merchant terminal.
如图3所示,该流程可以包括步骤302~310。As shown in FIG. 3, the process may include steps 302-310.
步骤302:第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码。Step 302: The first terminal obtains a collection code generation instruction; the collection code generation instruction is used to instruct the first terminal to generate a collection code.
在本实施例中,所述第一终端指的是商户侧的终端,商户终端可以生成并出示收款码;下文中的第二终端指的是用户侧的终端,即,安装有支付应用的终端。In this embodiment, the first terminal refers to the terminal on the merchant side, and the merchant terminal can generate and present the payment code; the second terminal in the following refers to the terminal on the user side, that is, the terminal on the user side, that is, the terminal on the user side. terminal.
步骤304:获取所述第一终端的去中心化身份标识。Step 304: Obtain the decentralized identity of the first terminal.
其中,去中心化身份标识(Decentralized Identifier,DID)是一种新类型的标识符,具有全局唯一性、高可用性、可解析性和加密可验证性。DIDs通常与加密材料(如公钥)和服务端点相关联,以建立安全的通信信道。DIDs对于任何受益于自管理、加密可验证的标识符(如个人标识符、组织标识符和物联网场景标识符)的应用程序都很有用。例如,当前W3C可验证凭据的商业部署大量使用DIDs来标识人员、组织和事物,并实现许多安全和隐私保护保证。Among them, the Decentralized Identifier (DID) is a new type of identifier with global uniqueness, high availability, resolvability, and encryption verifiability. DIDs are usually associated with encryption materials (such as public keys) and service endpoints to establish a secure communication channel. DIDs are useful for any application that benefits from self-managed, encrypted and verifiable identifiers (such as personal identifiers, organizational identifiers, and IoT scenario identifiers). For example, the current commercial deployment of W3C verifiable credentials uses a large number of DIDs to identify people, organizations, and things, and implement many security and privacy protection guarantees.
步骤304中所述获取所述终端的去中心化身份标识,即获取所述商户终端的全局唯一的标识符。The obtaining of the decentralized identity of the terminal in step 304 means obtaining the globally unique identifier of the merchant terminal.
步骤306:向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识。Step 306: Send the decentralized identity identifier to the blockchain node storing the decentralized identity document.
步骤308:获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息。Step 308: Obtain the merchant information that the blockchain node has queried from the decentralized identity document based on the decentralized identity.
在区域块链节点中,存储有去中心化身份标识文档(DID文档),DID文档中可以包括DID标识、加密材料的集合(例如,公钥)、加密协议的集合、服务端点的集合、时间戳以及选的用于证明该DID文档合法性的签名。在实际应用中,可以基于DID标识作为键,在区块链节点上查找到相应的DID文档。然后可以从该DID文档中,获取到商户终端的商户信息。In the regional block chain node, a decentralized identity document (DID document) is stored. The DID document can include a DID identification, a collection of encrypted materials (for example, public keys), a collection of encryption protocols, a collection of service endpoints, and time. Stamp and selected signature used to prove the legality of the DID document. In practical applications, based on the DID identifier as a key, the corresponding DID document can be found on the blockchain node. Then, the merchant information of the merchant terminal can be obtained from the DID file.
要说明的是,在此所述的存储有DID文档的区块链节点与上文描述的存储加密后的收单机构访问地址信息的区块链节点可以是不同的区块链节点。It should be noted that the blockchain node storing the DID document described here and the blockchain node storing the encrypted access address information of the acquirer described above may be different blockchain nodes.
步骤310:基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。Step 310: Generate a collection code based on the merchant information and the pre-stored first key parameter; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
在实施例中,所述商户信息具体可以包括商户索引号。In an embodiment, the merchant information may specifically include a merchant index number.
相应地,所述基于所述商户信息与预存的第一密钥参数生成收款码,具体可以包括:获取当前交易的交易参数;获取所述商户索引号对应的第一密钥参数;获取所述商户索引号对应的私钥;根据所述私钥生成商户签名;生成收款码,所述收款码携带的信息包括所述商户索引号、所述第一密钥参数、所述交易参数和所述商户签名。Correspondingly, the generating the collection code based on the merchant information and the pre-stored first key parameter may specifically include: obtaining the transaction parameter of the current transaction; obtaining the first key parameter corresponding to the merchant index number; The private key corresponding to the merchant index number; the merchant signature is generated according to the private key; the receipt code is generated, and the information carried by the receipt code includes the merchant index number, the first key parameter, and the transaction parameter Sign with the merchant.
与前述扫码支付方法和支付过程中的信息发送方法相应地,该收款码的生成方法中,基于DID来获取商户索引号等与商户相关的信息,然后基于这些信息生成收款码,使得该收款码中至少包含与该商户唯一对应的标识信息,以作为后续使得支付应用可以获取到并解密与该商户以及支付应用自身相对应的加密后的收单机构访问地址信息,从数据角度保护了扫码支付过程中涉及的隐私数据的私密性。Corresponding to the aforementioned scanning code payment method and the information sending method in the payment process, in the method for generating the payment code, the merchant index number and other information related to the merchant are obtained based on the DID, and then the payment code is generated based on the information, so that The payment code contains at least the unique identification information corresponding to the merchant, so that the payment application can obtain and decrypt the encrypted acquirer access address information corresponding to the merchant and the payment application itself. From a data perspective The privacy of the private data involved in the scan code payment process is protected.
为了使本申请的描述方案更加清楚,图4为本说明书实施例中提供的扫码支付方案的应用场景的示意图。以下参照图4进行整体方案的描述。In order to make the description scheme of the present application clearer, FIG. 4 is a schematic diagram of an application scenario of the scan code payment scheme provided in an embodiment of this specification. The overall solution is described below with reference to FIG. 4.
参照图4,本申请实施例提供的扫码支付方案具体可以包括步骤(1)~(10)。Referring to FIG. 4, the code scanning payment solution provided by the embodiment of the present application may specifically include steps (1) to (10).
(1)商户终端针对当前交易生成收款码,所述收款码中包含商户索引号信息、商户签名信息、第一密钥参数信息以及交易关键参数信息。所述第一密钥参数信息可以与所述商户索引号对应,即,不同的商户索引号对应不同的第一密钥参数。(1) The merchant terminal generates a payment code for the current transaction, and the payment code includes the merchant index number information, the merchant signature information, the first key parameter information, and the transaction key parameter information. The first key parameter information may correspond to the merchant index number, that is, different merchant index numbers correspond to different first key parameters.
(2)通过安装有支付应用的用户终端扫描所述收款码,解析得到所述收款码中包含的所述商户索引号、所述商户签名、所述第一密钥参数以及所述交易关键参数。(2) Scan the payment code through the user terminal installed with the payment application, and parse and obtain the merchant index number, the merchant signature, the first key parameter, and the transaction contained in the payment code key parameter.
(3)用户终端从与支付应用对应的第一服务器获取第二密钥参数,或者用户终端 获取本地存储的第二密钥参数。其中,所述第二密钥参数可以与支付应用对应,即,不同的支付应用对应于不同的第二密钥参数。(3) The user terminal obtains the second key parameter from the first server corresponding to the payment application, or the user terminal obtains the second key parameter stored locally. Wherein, the second key parameter may correspond to a payment application, that is, different payment applications correspond to different second key parameters.
(4)用户终端基于所述第一密钥参数和第二密钥参数,生成密钥。(4) The user terminal generates a key based on the first key parameter and the second key parameter.
(5)用户终端获取支付机构ID,然后基于所述密钥和所述支付机构ID得到索引数据(即,Index)。(5) The user terminal obtains the payment institution ID, and then obtains index data (that is, Index) based on the key and the payment institution ID.
(6)用户终端将计算得到的所述商户索引号、所述商户签名和所述索引数据,发送至区块链节点。(6) The user terminal sends the calculated merchant index number, the merchant signature, and the index data to the blockchain node.
(7)区块链节点验证所述商户签名通过后,获取与所述商户索引号对应的商户下的与所述索引数据对应的加密后的收单机构访问地址信息,并将获取的该密文信息发送回用户终端;对所述收单机构访问地址信息进行加密所使用的密钥,与用户终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的。(7) After the blockchain node verifies that the merchant’s signature is passed, it obtains the encrypted acquirer access address information corresponding to the index data under the merchant corresponding to the merchant index number, and then obtains the secret The text information is sent back to the user terminal; the key used to encrypt the access address information of the acquiring institution is the same as the key calculated by the user terminal according to the first key parameter and the second key parameter.
(8)用户终端利用所述密钥对接收到的密文信息进行解密,得到收单机构访问地址信息,使得基于所述收单机构访问地址信息完成支付。(8) The user terminal uses the key to decrypt the received ciphertext information to obtain the access address information of the acquirer, so that the payment can be completed based on the access address information of the acquirer.
另外,在实际应用中,可能无法在区块链中找到与获取请求中的索引数据对应的密文,此时可以使用代理支付。在应用代理支付的场景中,相应的,在区块链节点上,与每个索引数据以及相应密文对应地,存储有一个第一字段。该第一字段可以用于表示相应密文中包含的收单机构地址所对应的支付机构及其关联机构。也就是说,一个支付机构及其关联机构可以对应于一个第一字段,一个第一字段可以对应于至少一个支付机构(因为该支付机构可能存在关联机构)。In addition, in actual applications, it may not be possible to find the ciphertext corresponding to the index data in the acquisition request in the blockchain. In this case, proxy payment can be used. In the application proxy payment scenario, correspondingly, a first field is stored corresponding to each index data and corresponding ciphertext on the blockchain node. The first field can be used to indicate the payment institution and its associated institution corresponding to the address of the acquirer included in the corresponding ciphertext. In other words, a payment institution and its affiliates may correspond to a first field, and a first field may correspond to at least one payment institution (because the payment institution may have affiliates).
继续上述实施例,如果在区块链节点上,在某确定商户下找不到与接收到的索引数据对应的密文,则在图4的步骤(7)中返回该商户下的所有数据,返回的数据中包括与索引数据对应的密文,还包括与索引数据对应的第一字段。Continuing the above embodiment, if the ciphertext corresponding to the received index data cannot be found under a certain merchant on the blockchain node, then all data under the merchant will be returned in step (7) of Figure 4, The returned data includes the ciphertext corresponding to the index data, and also includes the first field corresponding to the index data.
此后,(9)用户终端从本地或者从支付应用对应的第一服务器处获取关联字段,并基于关联字段和所述密钥生成第二字段,然后判断第一字段与第二字段是否相同,得到判断结果;After that, (9) the user terminal obtains the associated field locally or from the first server corresponding to the payment application, generates a second field based on the associated field and the key, and then determines whether the first field is the same as the second field, and obtains critical result;
(10)若所述判断结果为第一字段与第二字段相同,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的支付应用的第二服务器,以便所述第二服务器对所述加密后的收单机构访问地址信息进行解密,进而完成本次支付。(10) If the judgment result is that the first field is the same as the second field, send the encrypted access address information of the acquirer to the second server of the payment application used in this payment process, so that the The second server decrypts the encrypted access address information of the acquiring institution, and then completes this payment.
在一些情况下,在权利要求书和说明书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果,另外,在附图中描述的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施例中,多任务处理和并行处理也是可以的或者是可能的。In some cases, the actions or steps described in the claims and the specification can be performed in a different order from the embodiment and still achieve the desired result. In addition, the process described in the drawings does not necessarily require the display In order to achieve the desired result, the specific order or sequential order of the In some embodiments, multitasking and parallel processing are also possible or possible.
基于同样的思路,本说明书实施例还提供了上述方法对应的装置。图5为本说明书实施例提供的对应于图1的一种扫码支付装置结构示意图。如图4所示,该装置可以包括:码图像信息获取模块502,用于获取码图像信息;码图像信息解析模块504,用于对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;第二密钥参数获取模块506,用于获取第二密钥参数;密钥生成模块508,用于根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;密文获取模块510,用于获取区块链节点存储的加密后的收单机构访问地址信息;密文解密模块512,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;支付模块514,用于基于所述收单机构访问地址信息,进行支付。Based on the same idea, the embodiment of this specification also provides a device corresponding to the above method. Fig. 5 is a schematic structural diagram of a code scanning payment device corresponding to Fig. 1 provided by an embodiment of the specification. As shown in FIG. 4, the device may include: a code image information acquisition module 502, used to obtain code image information; a code image information analysis module 504, used to analyze the code image information to obtain the code image information The code image analysis information includes the code image analysis information; the code image analysis information includes the first key parameter; the second key parameter obtaining module 506 is used to obtain the second key parameter; the key generation module 508 is used to obtain the second key parameter according to the A key parameter and the second key parameter are calculated to obtain the key; the ciphertext obtaining module 510 is used to obtain the encrypted access address information of the acquiring institution stored in the blockchain node; the ciphertext decryption module 512 uses Using the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; the payment module 514 is configured to make payment based on the access address information of the acquirer.
根据实施例,所述第二密钥参数获取模块506具体可以用于:获取所述终端本地存储的第二密钥参数;或者,具体可以用于:向第一服务器发送获取第二密钥参数的请求;获取所述第一服务器反馈的所述第二密钥参数。According to an embodiment, the second key parameter obtaining module 506 may be specifically used to: obtain the second key parameter stored locally in the terminal; or, specifically, may be used to: send the second key parameter to the first server. Request; to obtain the second key parameter fed back by the first server.
根据实施例,所述密文获取模块510,具体可以包括:支付机构标识信息获取单元,用于获取在本次支付过程中使用的应用的支付机构标识信息;索引数据生成单元,用于根据所述密钥与所述支付机构标识信息,生成索引数据;密文请求信息发送单元,用于向所述区块链节点发送用于获取收单机构访问地址信息的请求,所述用于获取收单机构访问地址信息的请求中至少包括所述索引数据;密文获取单元,用于获取所述区块链节点反馈的加密后的收单机构访问地址信息。According to an embodiment, the ciphertext obtaining module 510 may specifically include: a payment institution identification information obtaining unit, configured to obtain the payment institution identification information of the application used in this payment process; and an index data generating unit, configured according to the The key and the payment institution identification information are used to generate index data; the ciphertext request information sending unit is used to send a request for obtaining the access address information of the acquiring institution to the blockchain node, and the ciphertext request information sending unit is used to obtain the access address information of the acquiring institution. The single institution access address information request includes at least the index data; the ciphertext obtaining unit is used to obtain the encrypted acquiring institution access address information fed back by the blockchain node.
根据实施例,所述用于获取收单机构访问地址信息的请求中具体可以包括:商户索引号、商户签名和所述索引数据。According to an embodiment, the request for obtaining access address information of an acquiring institution may specifically include: a merchant index number, a merchant signature, and the index data.
根据实施例,所述码图像解析信息,具体可以包括:商户索引号和商户签名;或者,所述码图像解析信息,具体可以包括:商户索引号、交易关键参数和商户签名。According to an embodiment, the code image analysis information may specifically include: a merchant index number and a merchant signature; or, the code image analysis information may specifically include: a merchant index number, key transaction parameters, and a merchant signature.
根据实施例,所述扫码支付装置还可以包括:密文发送模块,用于若采用所述密钥无法对所述加密后的收单机构访问地址信息进行解密,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器,以便所述第二服务器基于所述加密后的收单机构访问地址信息完成本次支付。According to an embodiment, the scan code payment device may further include: a ciphertext sending module, configured to: if the encrypted acquirer access address information cannot be decrypted using the key, then the encrypted The acquiring institution's access address information is sent to the second server of the application used in this payment process, so that the second server completes the current payment based on the encrypted acquiring institution's access address information.
根据实施例,所述密文获取模块510还可以用于,获取所述区块链节点反馈的第一字段,一个所述第一字段至少与一个加密后的收单机构访问地址信息相对应。所述扫码支付装置还可以包括:第二字段获取模块,用于获取第二字段;判断模块,用于判断所述第一字段与所述第二字段是否相同,得到判断结果。所述密文发送模块具体可以用于,若所述判断结果表示所述第一字段与所述第二字段相同,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器。According to an embodiment, the ciphertext obtaining module 510 may also be used to obtain the first field fed back by the blockchain node, and one of the first fields corresponds to at least one encrypted acquirer's access address information. The scanning code payment device may further include: a second field obtaining module, configured to obtain a second field; and a judgment module, configured to judge whether the first field is the same as the second field, and obtain a judgment result. The ciphertext sending module may be specifically configured to, if the judgment result indicates that the first field is the same as the second field, send the encrypted acquiring institution access address information to the current payment process The second server of the application used.
基于同样的思路,本说明书实施例还提供了上述方法对应的装置。图6为本说明书实施例提供的对应于图2的一种支付过程中的信息发送装置的结构示意图。如图6所示,该装置可以包括:请求接收模块602,区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;信息查找模块604,基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;信息发送模块606,将查找到的所述加密后的收单机构访问地址信息发送至所述终端。Based on the same idea, the embodiment of this specification also provides a device corresponding to the above method. FIG. 6 is a schematic structural diagram of an information sending device in a payment process corresponding to FIG. 2 provided by an embodiment of this specification. As shown in FIG. 6, the device may include: a request receiving module 602, where the blockchain node obtains an information obtaining request sent by a terminal; the information obtaining request is used to request obtaining access address information of an acquiring institution; and an information search module 604, based on The information acquisition request searches for the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is related to the terminal according to the first key parameter and the second secret key. The keys calculated by the key parameters are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; the information sending module 606, which encrypts the found The access address information of the acquiring institution is sent to the terminal.
根据实施例,所述信息查找模块604,具体可以包括:索引数据获取单元,用于获取所述信息获取请求中包含的索引数据;信息查找单元,具体用于查找所述索引数据对应的加密后的收单机构访问地址信息。其中,所述索引数据是基于所述密钥与支付机构的标识信息生成的。According to an embodiment, the information search module 604 may specifically include: an index data obtaining unit, configured to obtain the index data contained in the information obtaining request; and an information searching unit, specifically configured to find the encrypted index data corresponding to the index data The acquirer's access address information. Wherein, the index data is generated based on the key and the identification information of the payment institution.
根据实施例,所述信息发送模块606还可以用于,若未查找到所述索引数据对应的加密后的收单机构访问地址信息,则将所述信息获取请求中包含的商户索引号对应的全部加密后的收单机构访问地址信息发送至所述终端。According to an embodiment, the information sending module 606 may also be configured to, if the encrypted acquirer access address information corresponding to the index data is not found, then the information acquisition request includes the merchant index number corresponding to the All encrypted access address information of the acquiring institution is sent to the terminal.
根据实施例,该装置还可以包括:商户签名获取模块,用于获取所述信息获取请求中包含的商户签名;验签模块,用于对所述商户签名进行验证。所述信息查找模块604具体可以用于,若验证通过,则执行所述查找对应的加密后的收单机构访问地址信息的步骤。According to an embodiment, the device may further include: a merchant signature obtaining module, configured to obtain the merchant signature included in the information obtaining request; and a signature verification module, configured to verify the merchant signature. The information search module 604 may be specifically configured to, if the verification is passed, execute the step of searching the corresponding encrypted acquiring institution's access address information.
基于同样的思路,本说明书实施例还提供了上述方法对应的装置。图7为本说明书实施例提供的对应于图3的一种收款码的生成装置的结构示意图。如图7所示,该装置可以包括:指令获取模块702,第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码;去中心化身份标识获取模块704,获取所述第一终端的去中心化身份标识;去中心化身份标识发送模块706,向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;商户信息获取模块708,获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;收款码生成模块710,基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。Based on the same idea, the embodiment of this specification also provides a device corresponding to the above method. FIG. 7 is a schematic structural diagram of a device for generating a payment code corresponding to FIG. 3 provided by an embodiment of the specification. As shown in FIG. 7, the device may include: an instruction acquisition module 702, the first terminal acquires a payment code generation instruction; the payment code generation instruction is used to instruct the first terminal to generate a payment code; a decentralized identity An identification acquisition module 704, to acquire the decentralized identity of the first terminal; a decentralized identity sending module 706, to send the decentralized identity to the blockchain node storing the decentralized identity document; Merchant information obtaining module 708, which obtains the merchant information queried from the decentralized identity document by the blockchain node based on the decentralized identity; the payment code generation module 710, based on the merchant information and The pre-stored first key parameter generates a collection code; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
根据实施例,所述商户信息具体可以包括商户索引号。所述收款码生成模块710,具体可以用于:获取当前交易的交易参数;获取所述商户索引号对应的第一密钥参数;获取所述商户索引号对应的私钥;根据所述私钥生成商户签名;生成收款码,所述收款码携带的信息包括所述商户索引号、所述第一密钥参数、所述交易参数和所述商户签名。According to an embodiment, the merchant information may specifically include a merchant index number. The payment code generation module 710 can be specifically used to: obtain transaction parameters of the current transaction; obtain the first key parameter corresponding to the merchant index number; obtain the private key corresponding to the merchant index number; Key to generate a merchant signature; generate a payment code, the information carried by the payment code includes the merchant index number, the first key parameter, the transaction parameter, and the merchant signature.
基于同样的思路,与上述实施代理支付方法对应地,从代理服务器的角度,本说明书实施例还提供了对应的电子支付装置。具体地,该装置可以包括:密文信息获取模块,用于获取终端发送的加密后的收单机构访问地址信息;密钥确定模块,用于确定与服务器对应的密钥;解密模块,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;支付模块,用于基于所述收单机构访问地址信息,进行支付。Based on the same idea, and corresponding to the foregoing implementation of the proxy payment method, from the perspective of the proxy server, the embodiment of this specification also provides a corresponding electronic payment device. Specifically, the device may include: a ciphertext information acquisition module for acquiring encrypted access address information of the acquirer sent by the terminal; a key determination module for determining a key corresponding to the server; and a decryption module for Using the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; the payment module is used to make payment based on the access address information of the acquirer.
在实施例中,所述密钥确定模块,具体可以用于:获取所述终端发送的第一密钥参数;获取与所述服务器对应的第三密钥参数;根据所述第一密钥参数与所述第三密钥参数,计算得到密钥。In an embodiment, the key determination module may be specifically used to: obtain a first key parameter sent by the terminal; obtain a third key parameter corresponding to the server; and according to the first key parameter With the third key parameter, the key is calculated.
基于同样的思路,本说明书实施例还提供了上述方法和装置对应的设备。Based on the same idea, the embodiments of this specification also provide equipment corresponding to the above-mentioned method and device.
图8为本说明书实施例提供的一种网络支付设备800的结构示意图。具体地,所述网络支付设备可以包括安装有支付应用的用户终端、商户终端以及存储有加密后的收单机构访问地址信息的区块链节点。可选地,所述网络支付设备还可以包括与当前支付应用对应的第一服务器。可选地,所述网络支付设备还可以包括与当前支付应用对应的第二服务器,即,代理服务器。FIG. 8 is a schematic structural diagram of a network payment device 800 provided by an embodiment of this specification. Specifically, the network payment device may include a user terminal installed with a payment application, a merchant terminal, and a blockchain node storing encrypted access address information of the acquirer. Optionally, the network payment device may further include a first server corresponding to the current payment application. Optionally, the network payment device may further include a second server corresponding to the current payment application, that is, a proxy server.
如图8所示,当设备800为用户终端时,设备800可以包括:至少一个处理器810;以及,与所述至少一个处理器通信连接的存储器830;其中,所述存储器830存储有可被所述至少一个处理器810执行的指令820所述指令被所述至少一个处理器810执行,以使所述用户终端能够:获取码图像信息;对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;获取第二密钥参数;根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;获取区块链节点存储的加密后的收单机构访问地址信息;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。As shown in FIG. 8, when the device 800 is a user terminal, the device 800 may include: at least one processor 810; and a memory 830 communicatively connected with the at least one processor; wherein the memory 830 stores The instructions 820 executed by the at least one processor 810 are executed by the at least one processor 810, so that the user terminal can: obtain code image information; parse the code image information to obtain the code The code image analysis information contained in the image information; the code image analysis information includes the first key parameter; the second key parameter is obtained; the secret is calculated according to the first key parameter and the second key parameter Key; obtain the encrypted access address information of the acquirer stored by the blockchain node; use the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; based on the The acquirer accesses the address information and makes the payment.
如图8所示,当设备800为区块链节点时,设备800可以包括:至少一个处理器810;以及,与所述至少一个处理器通信连接的存储器830;其中,所述存储器830存储有可被所述至少一个处理器810执行的指令820,所述指令被所述至少一个处理器810执行,以使所述区块链节点能够:获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初 始存储设备与所述第二密钥参数的初始存储设备不同;将查找到的所述加密后的收单机构访问地址信息发送至所述终端。As shown in FIG. 8, when the device 800 is a blockchain node, the device 800 may include: at least one processor 810; and a memory 830 communicatively connected to the at least one processor; wherein the memory 830 stores An instruction 820 executable by the at least one processor 810, the instruction being executed by the at least one processor 810, so that the blockchain node can: acquire an information acquisition request sent by a terminal; the information acquisition request Used to request to obtain the access address information of the acquirer; based on the information acquisition request, find the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer, and The keys calculated by the terminal according to the first key parameter and the second key parameter are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; The encrypted access address information of the acquiring institution that is found is sent to the terminal.
如图8所示,当设备800为区块链节点时,设备800可以包括:至少一个处理器810;以及,与所述至少一个处理器通信连接的存储器830;其中,所述存储器830存储有可被所述至少一个处理器810执行的指令820,所述指令被所述至少一个处理器810执行,以使所述区块链节点能够:获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;将查找到的所述加密后的收单机构访问地址信息发送至所述终端。As shown in FIG. 8, when the device 800 is a blockchain node, the device 800 may include: at least one processor 810; and a memory 830 communicatively connected to the at least one processor; wherein the memory 830 stores An instruction 820 executable by the at least one processor 810, the instruction being executed by the at least one processor 810, so that the blockchain node can: acquire an information acquisition request sent by a terminal; the information acquisition request It is used to request to obtain the access address information of the acquirer; based on the information acquisition request, find the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is related to the The keys calculated by the terminal according to the first key parameter and the second key parameter are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter; The encrypted access address information of the acquiring institution that is found is sent to the terminal.
如图8所示,当设备800为商户终端时,设备800可以包括:至少一个处理器810;以及,与所述至少一个处理器通信连接的存储器830;其中,所述存储器830存储有可被所述至少一个处理器810执行的指令820,所述指令被所述至少一个处理器810执行,以使所述终端能够:获取收款码生成指令;所述收款码生成指令用于指示所述终端生成收款码;获取所述终端的去中心化身份标识;向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。As shown in FIG. 8, when the device 800 is a merchant terminal, the device 800 may include: at least one processor 810; and a memory 830 communicatively connected with the at least one processor; wherein, the memory 830 stores The instructions 820 executed by the at least one processor 810 are executed by the at least one processor 810, so that the terminal can: obtain a payment code generation instruction; the payment code generation instruction is used to instruct The terminal generates a payment code; obtains the decentralized identity of the terminal; sends the decentralized identity to the blockchain node storing the decentralized identity document; obtains the blockchain node based on the The decentralized identity identifies the merchant information queried from the decentralized identity document; based on the merchant information and the pre-stored first key parameter, a payment code is generated; the payment code is used to be 2. After scanning, the terminal obtains the encrypted access address information of the acquiring institution.
如图8所示,当设备800为代理服务器时,设备800可以包括:至少一个处理器810;以及,与所述至少一个处理器通信连接的存储器830;其中,所述存储器830存储有可被所述至少一个处理器810执行的指令820,所述指令被所述至少一个处理器810执行,以使所述服务器能够:获取终端发送的加密后的收单机构访问地址信息;确定与所述服务器对应的密钥;采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;基于所述收单机构访问地址信息,进行支付。As shown in FIG. 8, when the device 800 is a proxy server, the device 800 may include: at least one processor 810; and a memory 830 communicatively connected with the at least one processor; The instruction 820 executed by the at least one processor 810 is executed by the at least one processor 810, so that the server can: obtain the encrypted access address information of the acquirer sent by the terminal; The key corresponding to the server; using the key to decrypt the encrypted access address information of the acquirer to obtain the access address information of the acquirer; and make payment based on the access address information of the acquirer.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于***实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the difference from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above descriptions are only examples of the present application, and are not used to limit the present application. For those skilled in the art, this application can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims of this application.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字***“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来 撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by the hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (for example, a Field Programmable Gate Array (Field Programmable Gate Array, FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a piece of PLD, without requiring chip manufacturers to design and manufacture dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized with "logic compiler" software, which is similar to the software compiler used in program development and writing, but before compilation The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used It is VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that just a little bit of logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit can easily obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as part of the memory control logic. Those skilled in the art also know that, in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded logic. The same function can be realized in the form of a microcontroller or the like. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for realizing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的***、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本申请时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this application, the functions of each unit can be implemented in the same or multiple software and/or hardware.
本领域内的技术人员应明白,本发明的实施例可提供为方法、***、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention can be provided as a method, a system, or a computer program product. Therefore, the present invention may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本发明是参照根据本发明实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowcharts and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment can be used to generate It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机 或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带式磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cartridges, magnetic tape storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or also include elements inherent to such processes, methods, commodities, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions executed by a computer, such as a program module. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This application can also be practiced in distributed computing environments. In these distributed computing environments, tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.

Claims (28)

  1. 一种扫码支付方法,包括:A scan code payment method, including:
    终端获取码图像信息;The terminal obtains code image information;
    对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;Parsing the code image information to obtain code image analysis information contained in the code image information; the code image analysis information includes a first key parameter;
    获取第二密钥参数;Obtain the second key parameter;
    根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;Calculate a key according to the first key parameter and the second key parameter;
    获取区块链节点存储的加密后的收单机构访问地址信息;Obtain the encrypted access address information of the acquirer stored by the blockchain node;
    采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;Decrypt the encrypted access address information of the acquirer by using the key to obtain the access address information of the acquirer;
    基于所述收单机构访问地址信息,进行支付。The payment is made based on the access address information of the acquiring institution.
  2. 如权利要求1所述的方法,所述获取第二密钥参数,具体包括:The method according to claim 1, wherein said obtaining the second key parameter specifically includes:
    获取所述终端本地存储的第二密钥参数;Acquiring a second key parameter stored locally by the terminal;
    或者,向第一服务器发送获取第二密钥参数的请求;Or, send a request to obtain the second key parameter to the first server;
    获取所述第一服务器反馈的所述第二密钥参数。Obtaining the second key parameter fed back by the first server.
  3. 如权利要求1所述的方法,所述获取区块链节点存储的加密后的收单机构访问地址信息,具体包括:The method according to claim 1, wherein the obtaining the encrypted access address information of the acquirer stored by the blockchain node specifically includes:
    获取在本次支付过程中使用的应用的支付机构标识信息;Obtain the payment institution identification information of the application used in this payment process;
    根据所述密钥与所述支付机构标识信息,生成索引数据;Generate index data according to the key and the identification information of the payment institution;
    向所述区块链节点发送用于获取收单机构访问地址信息的请求;所述用于获取收单机构访问地址信息的请求中至少包括所述索引数据;Sending a request for acquiring access address information of an acquiring institution to the blockchain node; the request for acquiring access address information of an acquiring institution includes at least the index data;
    获取所述区块链节点反馈的加密后的收单机构访问地址信息。Obtain the encrypted access address information of the acquiring institution fed back by the blockchain node.
  4. 如权利要求3所述的方法,所述用于获取收单机构访问地址信息的请求中,具体包括:The method according to claim 3, wherein the request for obtaining the access address information of the acquiring institution specifically includes:
    商户索引号、商户签名和所述索引数据。Merchant index number, merchant signature, and the index data.
  5. 如权利要求1至4任一项所述的方法,所述码图像解析信息,具体包括:5. The method according to any one of claims 1 to 4, the code image analysis information specifically includes:
    商户索引号和商户签名;Merchant index number and merchant signature;
    或者,所述码图像解析信息,具体包括:Alternatively, the code image analysis information specifically includes:
    商户索引号、交易关键参数和商户签名。Merchant index number, key transaction parameters and merchant signature.
  6. 如权利要求1至4任一项所述的方法,所述采用所述密钥对所述加密后的收单机构访问地址信息进行解密之后,还包括:5. The method according to any one of claims 1 to 4, after the decryption of the encrypted access address information of the acquirer by using the key, the method further comprises:
    若采用所述密钥无法对所述加密后的收单机构访问地址信息进行解密,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器,以便所述第二服务器基于所述加密后的收单机构访问地址信息完成本次支付。If the encrypted access address information of the acquirer cannot be decrypted using the key, the encrypted access address information of the acquirer is sent to the second server of the application used in this payment process, So that the second server completes the payment based on the encrypted access address information of the acquirer.
  7. 如权利要求6所述的方法,所述将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器之前,还包括:7. The method according to claim 6, before sending the encrypted acquirer access address information to the second server of the application used in this payment process, the method further comprises:
    获取所述区块链节点反馈的第一字段,一个所述第一字段至少与一个加密后的收单机构访问地址信息相对应;Acquiring the first field fed back by the blockchain node, one of the first fields corresponding to at least one encrypted acquiring institution's access address information;
    获取第二字段;Get the second field;
    判断所述第一字段与所述第二字段是否相同,得到判断结果;Judging whether the first field is the same as the second field, and obtaining a judgment result;
    所述将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器,具体包括:The sending the encrypted access address information of the acquirer to the second server of the application used in this payment process specifically includes:
    若所述判断结果表示所述第一字段与所述第二字段相同,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器。If the judgment result indicates that the first field is the same as the second field, the encrypted acquiring institution's access address information is sent to the second server of the application used in this payment process.
  8. 一种支付过程中的信息发送方法,包括:A method for sending information during the payment process, including:
    区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机 构访问地址信息;The blockchain node obtains the information obtaining request sent by the terminal; the information obtaining request is used to request obtaining the access address information of the acquiring institution;
    基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;Based on the information acquisition request, search for the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is related to the terminal according to the first key parameter and the second key parameter. The keys calculated by the key parameters are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter;
    将查找到的所述加密后的收单机构访问地址信息发送至所述终端。Send the encrypted access address information of the acquirer to the terminal.
  9. 如权利要求8所述的方法,所述查找对应的加密后的收单机构访问地址信息,具体包括:8. The method according to claim 8, wherein the searching the corresponding encrypted access address information of the acquirer specifically includes:
    获取所述信息获取请求中包含的索引数据;Obtaining the index data included in the information obtaining request;
    查找所述索引数据对应的加密后的收单机构访问地址信息。Look up the encrypted access address information of the acquiring institution corresponding to the index data.
  10. 如权利要求9所述的方法,所述索引数据是基于所述密钥与支付机构的标识信息生成的。9. The method of claim 9, wherein the index data is generated based on the key and the identification information of the payment institution.
  11. 如权利要求9或10所述的方法,所述查找对应的加密后的收单机构访问地址信息之后,还包括:The method according to claim 9 or 10, after searching for the corresponding encrypted access address information of the acquirer, the method further comprises:
    若未查找到所述索引数据对应的加密后的收单机构访问地址信息,则将所述信息获取请求中包含的商户索引号对应的全部加密后的收单机构访问地址信息发送至所述终端。If the encrypted acquirer access address information corresponding to the index data is not found, all encrypted acquirer access address information corresponding to the merchant index number included in the information acquisition request is sent to the terminal .
  12. 如权利要求7至10任一项所述的方法,所述查找对应的加密后的收单机构访问地址信息之前,还包括:The method according to any one of claims 7 to 10, before the searching the corresponding encrypted acquirer access address information, further comprising:
    获取所述信息获取请求中包含的商户签名;Obtaining the merchant signature included in the information obtaining request;
    对所述商户签名进行验证;Verify the signature of the merchant;
    若验证通过,则执行所述查找对应的加密后的收单机构访问地址信息的步骤。If the verification is passed, the step of searching the corresponding encrypted acquirer's access address information is performed.
  13. 一种收款码的生成方法,包括:A method for generating a payment code includes:
    第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码;The first terminal obtains a collection code generation instruction; the collection code generation instruction is used to instruct the first terminal to generate a collection code;
    获取所述第一终端的去中心化身份标识;Acquiring the decentralized identity of the first terminal;
    向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;Sending the decentralized identity to the blockchain node storing the decentralized identity document;
    获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;Acquiring the merchant information that the blockchain node has queried from the decentralized identity document based on the decentralized identity;
    基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。Based on the merchant information and the pre-stored first key parameter, a collection code is generated; the collection code is used to obtain encrypted access address information of the acquiring institution after being scanned by the second terminal.
  14. 如权利要求13所述的方法,所述商户信息,具体包括:商户索引号;The method according to claim 13, wherein the merchant information specifically includes: a merchant index number;
    所述基于所述商户信息与预存的第一密钥参数,生成收款码,具体包括:The generating a payment code based on the merchant information and the pre-stored first key parameter specifically includes:
    获取当前交易的交易参数;Get the transaction parameters of the current transaction;
    获取所述商户索引号对应的第一密钥参数;Acquiring the first key parameter corresponding to the merchant index number;
    获取所述商户索引号对应的私钥;Obtain the private key corresponding to the merchant index number;
    根据所述私钥生成商户签名;Generate a merchant signature according to the private key;
    生成收款码,所述收款码携带的信息包括所述商户索引号、所述第一密钥参数、所述交易参数和所述商户签名。A collection code is generated, and the information carried by the collection code includes the merchant index number, the first key parameter, the transaction parameter, and the merchant signature.
  15. 一种电子支付方法,包括:An electronic payment method, including:
    服务器获取终端发送的加密后的收单机构访问地址信息;The server obtains the encrypted access address information of the acquiring institution sent by the terminal;
    确定与所述服务器对应的密钥;Determine the key corresponding to the server;
    采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;Decrypt the encrypted access address information of the acquirer by using the key to obtain the access address information of the acquirer;
    基于所述收单机构访问地址信息,进行支付。The payment is made based on the access address information of the acquiring institution.
  16. 如权利要求15所述的方法,所述确定与所述服务器对应的密钥,具体包括:The method according to claim 15, wherein the determining the key corresponding to the server specifically includes:
    获取所述终端发送的第一密钥参数;Acquiring the first key parameter sent by the terminal;
    获取与所述服务器对应的第二密钥参数;Acquiring a second key parameter corresponding to the server;
    根据所述第一密钥参数与所述第二密钥参数,计算得到密钥。According to the first key parameter and the second key parameter, the key is calculated.
  17. 一种扫码支付装置,包括:A scanning code payment device, including:
    码图像信息获取模块,用于获取码图像信息;Code image information acquisition module for acquiring code image information;
    码图像信息解析模块,用于对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;The code image information analysis module is configured to analyze the code image information to obtain the code image analysis information contained in the code image information; the code image analysis information includes the first key parameter;
    第二密钥参数获取模块,用于获取第二密钥参数;The second key parameter obtaining module is used to obtain the second key parameter;
    密钥生成模块,用于根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;A key generation module, configured to calculate a key according to the first key parameter and the second key parameter;
    密文获取模块,用于获取区块链节点存储的加密后的收单机构访问地址信息;The ciphertext acquisition module is used to acquire the encrypted access address information of the acquirer stored by the blockchain node;
    密文解密模块,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;The ciphertext decryption module is used to decrypt the encrypted access address information of the acquiring institution by using the key to obtain the access address information of the acquiring institution;
    支付模块,用于基于所述收单机构访问地址信息,进行支付。The payment module is used to make payment based on the access address information of the acquirer.
  18. 如权利要求17所述的装置,所述密文获取模块,具体包括:The apparatus according to claim 17, wherein the ciphertext acquisition module specifically comprises:
    支付机构标识信息获取单元,用于获取在本次支付过程中使用的应用的支付机构标识信息;The payment institution identification information obtaining unit is used to obtain the payment institution identification information of the application used in this payment process;
    索引数据生成单元,用于根据所述密钥与所述支付机构标识信息,生成索引数据;An index data generating unit, configured to generate index data according to the key and the identification information of the payment institution;
    密文请求信息发送单元,用于向所述区块链节点发送用于获取收单机构访问地址信息的请求,所述用于获取收单机构访问地址信息的请求中至少包括所述索引数据;A ciphertext request information sending unit, configured to send a request for acquiring access address information of an acquiring institution to the blockchain node, and the request for acquiring access address information of an acquiring institution includes at least the index data;
    密文获取单元,用于获取所述区块链节点反馈的加密后的收单机构访问地址信息。The ciphertext obtaining unit is configured to obtain the encrypted access address information of the acquirer fed back by the blockchain node.
  19. 如权利要求17或18所述的装置,所述装置还可以包括:密文发送模块,用于若采用所述密钥无法对所述加密后的收单机构访问地址信息进行解密,则将所述加密后的收单机构访问地址信息发送至本次支付过程中使用的应用的第二服务器,以便所述第二服务器基于所述加密后的收单机构访问地址信息完成本次支付。The device according to claim 17 or 18, the device may further comprise: a ciphertext sending module, configured to: if the encrypted access address information of the acquiring institution cannot be decrypted by using the key, then the The encrypted acquirer access address information is sent to the second server of the application used in this payment process, so that the second server completes the current payment based on the encrypted acquirer access address information.
  20. 一种支付过程中的信息发送装置,包括:An information sending device in the payment process, including:
    请求接收模块,区块链节点获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;The request receiving module, the blockchain node obtains the information obtaining request sent by the terminal; the information obtaining request is used to request obtaining the access address information of the acquiring institution;
    信息查找模块,基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;The information search module searches for the corresponding encrypted access address information of the acquirer based on the information acquisition request; the key used for encrypting the access address information of the acquirer is based on the terminal according to the first key The parameter is the same as the key calculated from the second key parameter; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter;
    信息发送模块,将查找到的所述加密后的收单机构访问地址信息发送至所述终端。The information sending module sends the encrypted access address information of the acquirer to the terminal.
  21. 如权利要求20所述的装置,所述信息查找模块,具体包括:The apparatus according to claim 20, wherein the information search module specifically comprises:
    索引数据获取单元,用于获取所述信息获取请求中包含的索引数据;索引数据是基于所述密钥与支付机构的标识信息生成的;An index data acquisition unit, configured to acquire index data included in the information acquisition request; the index data is generated based on the key and the identification information of the payment institution;
    信息查找单元,具体用于查找所述索引数据对应的加密后的收单机构访问地址信息。The information search unit is specifically configured to search for the encrypted access address information of the acquiring institution corresponding to the index data.
  22. 如权利要求21所述的装置,所述信息发送模块还用于,若信息查找单元未查找到所述索引数据对应的加密后的收单机构访问地址信息,则将所述信息获取请求中包含的商户索引号对应的全部加密后的收单机构访问地址信息发送至所述终端。The device of claim 21, wherein the information sending module is further configured to include the information acquisition request in the information acquisition request if the information search unit does not find the encrypted acquirer access address information corresponding to the index data All encrypted acquirer access address information corresponding to the merchant index number of is sent to the terminal.
  23. 一种收款码的生成装置,包括:A device for generating a payment code includes:
    指令获取模块,第一终端获取收款码生成指令;所述收款码生成指令用于指示所述第一终端生成收款码;Instruction acquisition module, the first terminal acquires a payment code generation instruction; the payment code generation instruction is used to instruct the first terminal to generate a payment code;
    去中心化身份标识获取模块,获取所述第一终端的去中心化身份标识;The decentralized identity acquisition module obtains the decentralized identity of the first terminal;
    去中心化身份标识发送模块,向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;The decentralized identity sending module sends the decentralized identity to the blockchain node storing the decentralized identity document;
    商户信息获取模块,获取所述区块链节点基于所述去中心化身份标识从所述去中心 化身份标识文档中查询到的商户信息;A merchant information obtaining module, which obtains the merchant information that the blockchain node has queried from the decentralized identity document based on the decentralized identity;
    收款码生成模块,基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终端扫描后,获取加密后的收单机构访问地址信息。The collection code generation module generates a collection code based on the merchant information and the pre-stored first key parameter; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
  24. 一种电子支付装置,包括:An electronic payment device, including:
    密文信息获取模块,用于获取终端发送的加密后的收单机构访问地址信息;The ciphertext information acquisition module is used to acquire the encrypted access address information of the acquirer sent by the terminal;
    密钥确定模块,用于确定与服务器对应的密钥;The key determination module is used to determine the key corresponding to the server;
    解密模块,用于采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;The decryption module is configured to decrypt the encrypted access address information of the acquiring institution by using the key to obtain the access address information of the acquiring institution;
    支付模块,用于基于所述收单机构访问地址信息,进行支付。The payment module is used to make payment based on the access address information of the acquirer.
  25. 一种用户终端,包括:A user terminal, including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述用户终端能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the user terminal can:
    获取码图像信息;Obtain code image information;
    对所述码图像信息进行解析,得到所述码图像信息中包含的码图像解析信息;所述码图像解析信息包含第一密钥参数;Parsing the code image information to obtain code image analysis information contained in the code image information; the code image analysis information includes a first key parameter;
    获取第二密钥参数;Obtain the second key parameter;
    根据所述第一密钥参数与所述第二密钥参数,计算得到密钥;Calculate a key according to the first key parameter and the second key parameter;
    获取区块链节点存储的加密后的收单机构访问地址信息;Obtain the encrypted access address information of the acquirer stored by the blockchain node;
    采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;Decrypt the encrypted access address information of the acquirer by using the key to obtain the access address information of the acquirer;
    基于所述收单机构访问地址信息,进行支付。The payment is made based on the access address information of the acquiring institution.
  26. 一种区块链节点,包括:A blockchain node, including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述区块链节点能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the blockchain node can:
    获取终端发送的信息获取请求;所述信息获取请求用于请求获取收单机构访问地址信息;Obtaining an information obtaining request sent by the terminal; the information obtaining request is used to request obtaining access address information of an acquiring institution;
    基于所述信息获取请求,查找对应的加密后的收单机构访问地址信息;对所述收单机构访问地址信息进行加密所使用的密钥,与所述终端根据第一密钥参数与第二密钥参数计算得到的密钥,是相同的;所述第一密钥参数的初始存储设备与所述第二密钥参数的初始存储设备不同;Based on the information acquisition request, search for the corresponding encrypted access address information of the acquirer; the key used to encrypt the access address information of the acquirer is related to the terminal according to the first key parameter and the second key parameter. The keys calculated by the key parameters are the same; the initial storage device of the first key parameter is different from the initial storage device of the second key parameter;
    将查找到的所述加密后的收单机构访问地址信息发送至所述终端。Send the encrypted access address information of the acquirer to the terminal.
  27. 一种终端,包括:A terminal including:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述终端能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the terminal can:
    获取收款码生成指令;所述收款码生成指令用于指示所述终端生成收款码;Obtain a collection code generation instruction; the collection code generation instruction is used to instruct the terminal to generate a collection code;
    获取所述终端的去中心化身份标识;Acquiring the decentralized identity of the terminal;
    向存储有去中心化身份标识文档的区块链节点发送所述去中心化身份标识;Sending the decentralized identity to the blockchain node storing the decentralized identity document;
    获取所述区块链节点基于所述去中心化身份标识从所述去中心化身份标识文档中查询到的商户信息;Acquiring the merchant information that the blockchain node has queried from the decentralized identity document based on the decentralized identity;
    基于所述商户信息与预存的第一密钥参数,生成收款码;所述收款码用于被第二终 端扫描后,获取加密后的收单机构访问地址信息。Based on the merchant information and the pre-stored first key parameter, a collection code is generated; the collection code is used to obtain the encrypted access address information of the acquiring institution after being scanned by the second terminal.
  28. 一种服务器,包括:A server that includes:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,A memory communicatively connected with the at least one processor; wherein,
    所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述服务器能够:The memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the server can:
    获取终端发送的加密后的收单机构访问地址信息;Obtain the encrypted access address information of the acquiring institution sent by the terminal;
    确定与所述服务器对应的密钥;Determine the key corresponding to the server;
    采用所述密钥对所述加密后的收单机构访问地址信息进行解密,得到收单机构访问地址信息;Decrypt the encrypted access address information of the acquirer by using the key to obtain the access address information of the acquirer;
    基于所述收单机构访问地址信息,进行支付。The payment is made based on the access address information of the acquiring institution.
PCT/CN2020/140561 2020-03-12 2020-12-29 Methods, apparatuses and devices for barcode scanning payment, information transmission and collection code generation WO2021179748A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010171354.8 2020-03-12
CN202010171354.8A CN111062715B (en) 2020-03-12 2020-03-12 Method, device and equipment for code scanning payment, information sending and collection code generation

Publications (1)

Publication Number Publication Date
WO2021179748A1 true WO2021179748A1 (en) 2021-09-16

Family

ID=70307913

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/140561 WO2021179748A1 (en) 2020-03-12 2020-12-29 Methods, apparatuses and devices for barcode scanning payment, information transmission and collection code generation

Country Status (2)

Country Link
CN (1) CN111062715B (en)
WO (1) WO2021179748A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150147A (en) * 2022-06-28 2022-10-04 北京送好运信息技术有限公司 Block chain technology-based method for encrypting and decrypting plaintext and ciphertext in mail in mixed mode
WO2023142421A1 (en) * 2022-01-29 2023-08-03 ***股份有限公司 Transaction processing methods and apparatuses, device, and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111062715B (en) * 2020-03-12 2020-12-08 支付宝(杭州)信息技术有限公司 Method, device and equipment for code scanning payment, information sending and collection code generation
CN112070493B (en) * 2020-08-20 2022-04-08 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system based on two-dimensional code
CN113395315B (en) * 2021-02-23 2024-04-05 福建创识科技股份有限公司 Message broadcasting method, cloud loudspeaker box and cloud pushing platform
CN113435881B (en) * 2021-07-15 2022-04-22 支付宝(杭州)信息技术有限公司 Code scanning payment method and device
CN115296790A (en) * 2022-06-17 2022-11-04 银联商务股份有限公司 Automatic, multi-dimensional quasi real-time processing system for terminal key

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018085011A1 (en) * 2016-11-03 2018-05-11 Mastercard International Incorporated Method and system for net settlement by use of cryptographic promissory notes issued on a blockchain
CN108416587A (en) * 2018-01-26 2018-08-17 银联国际有限公司 Method of payment based on single-point access and the payment system based on single-point access
CN109089428A (en) * 2015-11-30 2018-12-25 舍普施福特股份公司 For improving the system and method for the safety in block chain transaction in assets
CN109102270A (en) * 2018-07-24 2018-12-28 深圳前海益链网络科技有限公司 Transaction verification method, computer equipment and the storage medium of block chain number Token
CN111062715A (en) * 2020-03-12 2020-04-24 支付宝(杭州)信息技术有限公司 Method, device and equipment for code scanning payment, information sending and collection code generation

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170149560A1 (en) * 2012-02-02 2017-05-25 Netspective Communications Llc Digital blockchain authentication
CN108090761A (en) * 2017-11-10 2018-05-29 杭州云象网络技术有限公司 Block chain token method of payment based on credible two-dimension code
CN108681853B (en) * 2018-05-11 2021-01-26 创新先进技术有限公司 Logistics information transmission method, system and device based on block chain
CN110458542A (en) * 2019-08-02 2019-11-15 中国工商银行股份有限公司 Offline electronic payment system and method based on block chain

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109089428A (en) * 2015-11-30 2018-12-25 舍普施福特股份公司 For improving the system and method for the safety in block chain transaction in assets
WO2018085011A1 (en) * 2016-11-03 2018-05-11 Mastercard International Incorporated Method and system for net settlement by use of cryptographic promissory notes issued on a blockchain
CN108416587A (en) * 2018-01-26 2018-08-17 银联国际有限公司 Method of payment based on single-point access and the payment system based on single-point access
CN109102270A (en) * 2018-07-24 2018-12-28 深圳前海益链网络科技有限公司 Transaction verification method, computer equipment and the storage medium of block chain number Token
CN111062715A (en) * 2020-03-12 2020-04-24 支付宝(杭州)信息技术有限公司 Method, device and equipment for code scanning payment, information sending and collection code generation

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023142421A1 (en) * 2022-01-29 2023-08-03 ***股份有限公司 Transaction processing methods and apparatuses, device, and storage medium
CN115150147A (en) * 2022-06-28 2022-10-04 北京送好运信息技术有限公司 Block chain technology-based method for encrypting and decrypting plaintext and ciphertext in mail in mixed mode

Also Published As

Publication number Publication date
CN111062715B (en) 2020-12-08
CN111062715A (en) 2020-04-24

Similar Documents

Publication Publication Date Title
WO2021179748A1 (en) Methods, apparatuses and devices for barcode scanning payment, information transmission and collection code generation
WO2021179744A1 (en) Code-scanning payment method, apparatus and device, information sending method, apparatus and device, and key management method, apparatus and device
US11706026B2 (en) Location aware cryptography
US10931439B2 (en) Data storage method, data query method and apparatuses
US10897456B2 (en) Cryptography using multi-factor key system and finite state machine
WO2017024934A1 (en) Electronic signing method, device and signing server
TW201540040A (en) Service Authorization using Auxiliary Device
US10425388B2 (en) Protecting sensitive data security
WO2020042793A1 (en) Code scanning operation-based page access method, device and system
WO2021204067A1 (en) Forwarding and acquisition of verifiable claim
US11887073B2 (en) Securely storing and using sensitive information for making payments using a wallet application
WO2019165875A1 (en) Transaction processing method, server, client, and system
US11997075B1 (en) Signcrypted envelope message
TWI782502B (en) Information verification method, device and equipment
CN110113162A (en) A kind of sensitive information processing system, method and its equipment
CN114547648A (en) Data hiding trace query method and system
CN112788001A (en) Data encryption-based data processing service processing method, device and equipment
TWI734729B (en) Method and device for realizing electronic signature and signature server
US11070378B1 (en) Signcrypted biometric electronic signature tokens
CN106204034B (en) Using the mutual authentication method and system of interior payment
CN109191122B (en) Method and device for acquiring transaction information certificate
TWI611316B (en) Text processing method for safe input method, text processing device and text processing system
WO2019179240A1 (en) Method and terminal for establishing security infrastructure and device
KR101511451B1 (en) Method of encryption to keyboard input information
US12032663B2 (en) Cross-session issuance of verifiable credential

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20923821

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20923821

Country of ref document: EP

Kind code of ref document: A1