[go: up one dir, main page]

CN104240074A - Prepaid card online payment system based on identity authentication and payment method of prepaid card online payment system - Google Patents

Prepaid card online payment system based on identity authentication and payment method of prepaid card online payment system Download PDF

Info

Publication number
CN104240074A
CN104240074A CN201410531823.7A CN201410531823A CN104240074A CN 104240074 A CN104240074 A CN 104240074A CN 201410531823 A CN201410531823 A CN 201410531823A CN 104240074 A CN104240074 A CN 104240074A
Authority
CN
China
Prior art keywords
information
prepaid card
payment
client
management equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410531823.7A
Other languages
Chinese (zh)
Other versions
CN104240074B (en
Inventor
谈剑锋
姜立稳
何江华
王力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhonglianxing Enterprise Management Co ltd
Original Assignee
Shanghai Everybody Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Everybody Science And Technology Ltd filed Critical Shanghai Everybody Science And Technology Ltd
Priority to CN201410531823.7A priority Critical patent/CN104240074B/en
Publication of CN104240074A publication Critical patent/CN104240074A/en
Application granted granted Critical
Publication of CN104240074B publication Critical patent/CN104240074B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/28Pre-payment schemes, e.g. "pay before"
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/342Cards defining paid or billed services or quantities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to the field of payment of intelligent terminals, particularly relates to a system for implementing virtualized payment of a physical card by using a client side and a management service platform which work cooperatively, and provides a prepaid card online payment system based on identity authentication. The prepaid card online payment system based on identity authentication specifically comprises a client side, payment management equipment and a management and service platform, wherein a first identity authentication module and a first NFC (near field communication) module are arranged in the client side; the token information is acquired through the first identity authentication module; payment information and the token information are transmitted to the payment management equipment through the first NFC module; a second NFC module is arranged in the payment management equipment; information transmitted from the client side is received through the second NFC module; the payment information and the token information are transmitted to the management and service platform so as to respond to the payment information; a second identity authentication module is arranged in the management and service platform; the management and service platform is used for generating and authenticating the token information; user information and prepaid card information are managed and authenticated through the second identity authentication module; identity authentication in a payment process is realized; the safety performance of the prepaid card online payment system is improved; and applications are extended.

Description

基于身份认证的预付卡联机支付系统及其支付方法Prepaid Card Online Payment System and Payment Method Based on Identity Authentication

技术领域technical field

本发明涉及智能终端的支付领域,尤其涉及一种客户端与管理服务平台合作实现实体卡虚拟化支付的系统及其支付方法。The present invention relates to the payment field of intelligent terminals, in particular to a system and a payment method for a client and a management service platform to cooperate to realize physical card virtualization payment.

背景技术Background technique

预付卡又叫储值卡、消费卡、福礼卡、智能卡、积分卡等,是指发卡机构以特定载体和形式发行的,可在发卡机构之外购买商品或服务的预付价值,即其实一种先付费再消费的卡片。按是否记载持卡人身份信息分为记名预付卡和不记名预付卡,其中记名预付卡包括如超市发放的购物卡等,不记名预付卡包括如手机中的SIM卡等;按信息载体不同分为磁条卡、芯片(IC)卡。Prepaid cards are also called stored-value cards, consumer cards, gift cards, smart cards, point cards, etc., which refer to the prepaid value of goods or services that can be purchased outside the card issuer and issued by the card issuer in a specific carrier and form. A card that pays first and spends later. According to whether the identity information of the cardholder is recorded or not, it is divided into registered prepaid cards and bearer prepaid cards, among which registered prepaid cards include shopping cards issued by supermarkets, etc., and bearer prepaid cards include SIM cards in mobile phones, etc.; classified according to different information carriers For magnetic stripe card, chip (IC) card.

预付卡购物是继信用卡之后出现的交易形式,现时使用最普遍的是日本。预付卡的使用过程是:消费者在某一系统范围内的商店预交限定数额的现金,得到此卡,在这些商店里即可不用现金仅凭借此卡在预付金额内一次或多次直接购物。Prepaid card shopping is a form of transaction that appeared after credit cards, and it is most commonly used in Japan at present. The process of using a prepaid card is: consumers prepay a limited amount of cash in a store within a certain system and get this card. In these stores, they can directly make one or more direct purchases within the prepaid amount without cash in these stores. .

使用这种方法不管是对商家还是消费者都有很多的好处。对于商家来说,使用预付卡后商家不经手现金,大量减少了现金的流动,既可避免收假钞的损失,又可减少盗劫等凶险;同时使用预付卡,现金收汇、账目收支大量减少,既可提高效率,又可减少人工和设备的费用等等;对于消费者来说,只需要带上一张薄薄的预付卡,可不带或少带许多现金,减少失窃和遭劫之险,携带也非常方便等。Using this method has many benefits for both merchants and consumers. For merchants, after using the prepaid card, the merchant does not handle cash, which greatly reduces the flow of cash, which can not only avoid the loss of counterfeit banknotes, but also reduce dangers such as robbery; at the same time, the use of prepaid cards can collect cash and account receipts and expenditures. Reduction can not only improve efficiency, but also reduce labor and equipment costs, etc.; for consumers, they only need to bring a thin prepaid card, which can reduce the risk of theft and robbery without or with a lot of cash , It is also very convenient to carry.

发明内容Contents of the invention

目前,利用预付卡进行支付的平台已经有很多,如银商资讯“虚拟预付卡”平台,在平台中商户可通过自有软件与第三方平台,如微信、支付宝钱包等实现现有实体卡的虚拟化,同时也可在该平台发行纯虚拟卡片。使用第三方平台进行支付的过程中,持卡人首先使用手机在线生成条形码,收银员即通过扫码枪对条形码进行扫码支付。但是,在这种支付系统的支付过程中还存在着很多问题,如:目前条形码只支持红光扫描不支持激光扫描;在整个支付过程中缺少身份认证过程:在支付过程中即使用户不通过第三方平台,如微信平台,用户可以也直接用电脑浏览器输入URL(Uniform Resource Locator:统一资源定位器)生成条形码进行支付;以及在整个交易过程中是数据和密码都属于明文传输,很容易被监听和被截获。针对以上问题,本发明提供了一种基于身份认证的预付卡联机支付系统,其在客户端和管理服务器平台中间分别设置身份认证模块,实现支付过程中的身份认证;又在客户端和支付管理设备中分别设置NFC模块实现客户端与支付管理设备之间的信息交互,进而提高了本发明的安全性能,同时扩展了应用。At present, there are already many platforms that use prepaid cards for payment, such as the "virtual prepaid card" platform of Yinshang Information. In the platform, merchants can use their own software and third-party platforms, such as WeChat, Alipay wallet, etc. to realize the payment of existing physical cards. Virtualization, and also can issue pure virtual cards on this platform. In the process of using a third-party platform for payment, the cardholder first uses a mobile phone to generate a barcode online, and the cashier scans the barcode with a barcode scanner for payment. However, there are still many problems in the payment process of this payment system, such as: currently the barcode only supports red light scanning but not laser scanning; Three-party platforms, such as the WeChat platform, users can also directly use a computer browser to enter a URL (Uniform Resource Locator: Uniform Resource Locator) to generate a barcode for payment; and during the entire transaction process, data and passwords are transmitted in plain text, which is easy to be Listen and be intercepted. In view of the above problems, the present invention provides a prepaid card online payment system based on identity authentication, which sets identity authentication modules respectively between the client and the management server platform to realize identity authentication in the payment process; The NFC modules are respectively set in the device to realize the information interaction between the client and the payment management device, thereby improving the security performance of the present invention and expanding the application at the same time.

一种基于身份认证的预付卡联机支付系统,包括:A prepaid card online payment system based on identity authentication, including:

客户端,支付管理设备,以及管理服务平台;Client, payment management equipment, and management service platform;

所述客户端内置第一身份认证模块和第一NFC(Near FieldCommunication,近场通信)模块,且通过所述身份认证模块获取令牌信息,同时将支付信息和所述令牌信息通过所述NFC模块发送至所述支付管理设备;The client has a built-in first identity authentication module and a first NFC (Near Field Communication, near field communication) module, and obtains token information through the identity authentication module, and simultaneously passes payment information and the token information through the NFC The module sends to the payment management device;

所述支付管理设备内置第二NFC模块,通过所述第二NFC模块接收所述客户端发送的信息,同时将所述支付信息和所述令牌信息发送至所述管理服务平台,以实现所述支付信息的应答;The payment management device has a built-in second NFC module, receives the information sent by the client through the second NFC module, and sends the payment information and the token information to the management service platform at the same time, so as to realize the Response to the above payment information;

所述管理服务平台内置第二身份认证模块,用于生成和认证所述令牌信息,同时通过所述第二身份认证模块管理及认证用户信息和预付卡信息。The management service platform has a built-in second identity authentication module, which is used to generate and authenticate the token information, and manage and authenticate user information and prepaid card information through the second identity authentication module.

近场通信(NFC)技术是由非接触式射频识别(Radio FrequencyIdentification,RFID)演变而来,由飞利浦半导体(现恩智浦半导体公司)、诺基亚和索尼共同研制开发,其基础是RFID及互连技术,其是一种短距高频的无线电技术,在13.56MHz频率运行于20cm距离内;传输速度分有106kbit/秒、212kbit/秒或者424kbit/秒三种。目前近场通信已通过成为ISO/IEC IS18092国际标准、ECMA-340标准与ETSI TS 102 190标准。NFC采用主动和被动两种读取模式。NFC近场通信技术是在单一芯片上结合感应式读卡器、感应式卡片和点对点的功能,以实现在短距离内与兼容设备进行识别和数据交换的目的。Near Field Communication (NFC) technology is evolved from non-contact radio frequency identification (Radio Frequency Identification, RFID), jointly developed by Philips Semiconductors (now NXP Semiconductors), Nokia and Sony, based on RFID and interconnection technology , which is a short-range high-frequency radio technology that operates at a frequency of 13.56MHz within a distance of 20cm; the transmission speed is divided into three types: 106kbit/s, 212kbit/s or 424kbit/s. At present, near field communication has passed the ISO/IEC IS18092 international standard, ECMA-340 standard and ETSI TS 102 190 standard. NFC adopts two reading modes, active and passive. NFC near-field communication technology combines inductive card readers, inductive cards and point-to-point functions on a single chip to achieve identification and data exchange with compatible devices within a short distance.

身份认证是在计算机网络中确认用户身份的过程。身份认证可分为用户与客户端间的认证和客户端与客户端之间的认证,用户与客户端之间的认证可以基于如下一个或几个因素:如口令、密码等,唯一标识用户的信息,如信用卡等;用户所具有的生物特征:例如指纹、声音、视网膜、签字等。Authentication is the process of confirming a user's identity in a computer network. Identity authentication can be divided into the authentication between the user and the client and the authentication between the client and the client. The authentication between the user and the client can be based on one or more of the following factors: such as passwords, passwords, etc., which uniquely identify the user Information, such as credit cards, etc.; biological characteristics of users: such as fingerprints, voice, retina, signature, etc.

优选地,所述管理服务平台包括:管理服务器,认证服务器,以及预付卡管理设备;Preferably, the management service platform includes: a management server, an authentication server, and a prepaid card management device;

所述管理服务器内置所述第二身份认证模块,接收所述客户端发送的用户信息及预付卡信息,分别发送至所述认证服务器和所述预付卡管理设备;The management server has a built-in second identity authentication module, receives user information and prepaid card information sent by the client, and sends them to the authentication server and the prepaid card management device respectively;

所述认证服务器,在系统进行支付之前,生成会话秘钥和令牌信息;在支付过程中,用于认证所述用户信息和所述令牌信息;The authentication server generates session secret key and token information before the system makes payment; during the payment process, it is used to authenticate the user information and the token information;

所述预付卡管理设备,用于管理并认证所述预付卡信息。The prepaid card management device is used to manage and authenticate the prepaid card information.

优选地,所述用户信息包括用于唯一标识用户的标识信息。Preferably, the user information includes identification information for uniquely identifying the user.

优选地,所述支付管理设备包括POS机,所述POS机中包括NFC阅读器。Preferably, the payment management device includes a POS machine, and the POS machine includes an NFC reader.

本发明同时提供一种基于身份认证的预付卡联机支付方法,应用于上述基于身份认证的预付卡联机支付系统,具体包括:The present invention also provides a prepaid card online payment method based on identity authentication, which is applied to the above-mentioned identity authentication-based prepaid card online payment system, specifically including:

S1基于所述客户端获取的所述用户信息,实现所述客户端和所述认证服务器的相互认证;S1 implement mutual authentication between the client and the authentication server based on the user information acquired by the client;

S2所述认证服务器实现所述预付卡信息的合法性认证,所述预付卡管理设备实现所述预付卡信息的正确性认证;S2 The authentication server implements the legality authentication of the prepaid card information, and the prepaid card management device implements the correctness authentication of the prepaid card information;

S3所述认证服务器响应所述客户端请求生成相应的令牌信息;S3, the authentication server generates corresponding token information in response to the client request;

S4所述支付管理设备发送所述支付请求至所述客户端;S4, the payment management device sends the payment request to the client;

S5所述客户端将所述支付信息和所述令牌信息经由所述支付管理设备和所述预付卡管理设备发送至所述认证服务器;S5, the client sends the payment information and the token information to the authentication server via the payment management device and the prepaid card management device;

S6所述认证服务器实现令牌信息的认证,同时将所述认证结果和所述支付请求发送至预付卡管理设备;The authentication server of S6 realizes the authentication of the token information, and simultaneously sends the authentication result and the payment request to the prepaid card management device;

S7所述预付卡管理设备完成支付操作,同时将支付应答发送至支付管理设备。S7 The prepaid card management device completes the payment operation, and at the same time sends a payment response to the payment management device.

优选地,在步骤S1,基于所述客户端获取的所述用户信息,实现所述客户端和所述认证服务器的相互认证中:所述客户端和所述认证服务器中分别根据所述用户信息形成相同的会话密钥,以实现所述客户端和所述管理服务平台之间的信息交互。Preferably, in step S1, based on the user information obtained by the client, mutual authentication between the client and the authentication server is realized: the client and the authentication server are respectively based on the user information The same session key is formed to realize information interaction between the client and the management service platform.

这里说到的会话密钥的形成主要是用户实现客户端和管理服务平台之间的通信,以确保交易信息的安全性能,其是一种在OTP(One-time Password,一次性动态口令)的基础上发展而来的一种新型的密码体制SOTP(StrongOne-time Password,加强型一次性动态口令),SOTP算法除了用于解决身份识别、数据加密以外,还能够验证传输数据的完整性和不可抵赖性。The formation of the session key mentioned here is mainly for the user to realize the communication between the client and the management service platform to ensure the security performance of the transaction information. It is a kind of OTP (One-time Password, one-time dynamic password) A new type of encryption system SOTP (StrongOne-time Password, enhanced one-time dynamic password) developed on the basis of the SOTP algorithm. Denial.

以下对SOTP密码体制进行详细介绍,在整个过程中主要分为三个阶段进行实现:注册阶段、认证阶段、以及会话阶段。The following is a detailed introduction to the SOTP encryption system. The whole process is mainly divided into three stages for implementation: registration stage, authentication stage, and session stage.

1、注册阶段1. Registration stage

在使用SOTP之前,用户首先在安全环境下向服务器进行注册,完成用户的初始化。Before using SOTP, the user first registers with the server in a safe environment to complete user initialization.

在注册阶段,客户端首先结合唯一标识用户的标识信息uid和用户密码信息pw使用第一算法H进行加密,如SHA1算法生成第一信息;与此同时,服务器随即生成第一密钥k和第二密钥k’,并将第一密钥k和第二密钥k’发送至客户端,且将第一密钥k与加密算法E结合,生成一个与第一密钥k相关的加密函数Ek,将第二密钥k’与解密算法D结合生成与第二密钥k’关联的解密函数DkIn the registration stage, the client first uses the first algorithm H to encrypt the identification information uid that uniquely identifies the user and the user password information pw, such as the SHA1 algorithm to generate the first information; at the same time, the server generates the first key k and the second key Two keys k', and send the first key k and the second key k' to the client, and combine the first key k with the encryption algorithm E to generate an encryption function related to the first key k E k , combining the second key k' with the decryption algorithm D to generate a decryption function D k associated with the second key k'.

在这个阶段中,服务器中存储加密算法、解密算法、第一密钥、第二密钥、标识信息以及第一信息;客户端中存储由服务器发送至的加密算法和解密算法。In this stage, the server stores the encryption algorithm, decryption algorithm, first key, second key, identification information and first information; the client stores the encryption algorithm and decryption algorithm sent by the server.

2、认证阶段2. Authentication stage

在身份认证过程中,首先,用户在客户端中输入标识信息uid及用户密码信息pw,同时结合当前时间Tui及用户密码信息pw,使用加密函数Ek和第一算法H进行加密,生成第一加密信息随后客户端再将标识信息uid和第一加密信息发送给服务器。In the process of identity authentication, firstly, the user inputs the identification information uid and user password information pw in the client, and at the same time combines the current time T ui and user password information pw, encrypts with the encryption function E k and the first algorithm H, and generates the second an encrypted message Then the client sends the identification information uid and the first encrypted information sent to the server.

服务器接收到标识信息uid和第一加密信息之后,首先,判断标识信息uid是否为合法用户,即已经在服务器中进行注册,即标识用户信息uid是否预存在服务器中的用户标识信息的列表中。The server receives the identification information uid and the first encrypted information Afterwards, firstly, it is judged whether the identification information uid is a legal user, that is, registered in the server, that is, whether the identification user information uid is pre-stored in the list of user identification information in the server.

若经过验证之后,用户为合法用户,则完成服务器中的初步认证;若初步认证之后发现用户为违法用户,则立即终止与客户端的之间的会话。If after verification, the user is a legitimate user, then complete the preliminary authentication in the server; if the user is found to be an illegal user after the preliminary authentication, immediately terminate the session with the client.

紧接着,服务器选取当前的时间Tsi,同时用加密算法E和第二密钥k’对当前的时间Tsi进行加密为Ek’(Tsi);随后使用解密算法D和第一密钥k对接收到的进行解密得到再把结果(进行异或操作),得到Ek(Tui),最后再使用解密算法D和第一密钥k对Ek(Tui)进行解密得到TuiNext, the server selects the current time T si , and at the same time encrypts the current time T si with the encryption algorithm E and the second key k' to E k '(T si ); then uses the decryption algorithm D and the first key k' k pair received Decrypt to get Then put the result (Exclusive OR operation) to obtain E k (T ui ), and finally use the decryption algorithm D and the first key k to decrypt E k (T ui ) to obtain T ui .

得到Tui之后,计算Tsi与Tui之间的时间差,若时间差在预设时间内,如10min以内,则服务器对客户端认证成功,否则服务器断开与客户端之间的会话。After getting T ui , calculate the time difference between T si and T ui , if the time difference is within the preset time, such as within 10 minutes, the server authenticates the client successfully, otherwise the server disconnects the session with the client.

完成客户端的身份认证之后,服务器紧接着将Ek(Tui)取反(比特顺序和比特极性)得到E’k(Tui),随后使用加密算法E和第一密钥k对Ek(Tui)和E’k(Tui)进行加密,得到会话密钥Ki=Ek(Ek(Tui))+Ek(E’k(Tui)),实现了将原有的64bit扩展为了128bit,大大加强了信息的安全。After completing the identity authentication of the client, the server immediately inverts E k (T ui ) (bit order and bit polarity) to obtain E' k (T ui ), and then uses the encryption algorithm E and the first key k to pair E k (T ui ) and E' k (T ui ) are encrypted to obtain the session key K i =E k (E k (T ui ))+E k (E' k (T ui )), which realizes the original The 64bit extension is 128bit, which greatly strengthens the security of information.

服务器得到会话密钥之后,随即将Ek’(Tsi)发送给客户端。After the server obtains the session key, it immediately sends E k '(T si ) to the client.

客户端接收到Ek’(Tsi)之后,使用解密算法D和第二密钥k’对其进行解密,得到时间Tsi;紧接着计算Tsi与Tui之间的时间差,若在预设的时间差之内,如10min以内,则客户端对服务器认证成功,否则客户端断开与服务器之间的会话。After the client receives E k '(T si ), use the decryption algorithm D and the second key k' to decrypt it to obtain the time T si ; then calculate the time difference between T si and T ui , if Within the set time difference, such as within 10 minutes, the client authenticates the server successfully, otherwise the client disconnects the session with the server.

完成服务器的身份认证之后,紧接着将Ek(Tui)取反得到E’k(Tui),随后使用加密算法E和第一密钥k对Ek(Tui)和E’k(Tui)进行加密,得到会话密钥Ki=Ek(Ek(Tui))+Ek(E’k(Tui))。After the identity authentication of the server is completed, E k (T ui ) is reversed to obtain E' k (T ui ), and then the encryption algorithm E and the first key k are used to pair E k (T ui ) and E' k ( T ui ) is encrypted to obtain the session key K i =E k (E k (T ui ))+E k (E' k (T ui )).

3、会话阶段3. Session stage

客户端和服务器中分别生成了会话密钥之后,即建立了客户端和服务器之间的会话关系,此后服务器和客户端之间的每个会话过程中的数据包均使用会话密钥Ki加密保护,并用第一算法H进行完整性校验的校验。After the session key is generated in the client and the server respectively, the session relationship between the client and the server is established, and then the data packets in each session between the server and the client are encrypted using the session key K i protection, and use the first algorithm H to check the integrity check.

另,在会话过程中数据包的发送方和接收方分别包括公用的交易数据加密算法e及对应的解密算法d,包括AES-128。In addition, during the session, the sender and receiver of the data packet respectively include a public transaction data encryption algorithm e and a corresponding decryption algorithm d, including AES-128.

若发送方和接收方进行会话的内容为M,则发送方发送的数据包格式为:eKi(M)+H(M);接收方接收到数据包之后,将信息发送至接收方对应的服务器中,服务器收到对方的会话数据包后,首先使用解密算法d对信息eKi(M)进行解密得到M,随后通过得到的M计算通过第一算法H得到H(M),最后将得到的H(M)与接收到的H(M)比较,如果相同,说明数据包合法,否则终止会话,至此完成了整个SOTP算法的认证过程。If the content of the conversation between the sender and the receiver is M, the format of the data packet sent by the sender is: e Ki (M)+H(M); after receiving the data packet, the receiver sends the information to the corresponding In the server, after receiving the other party’s session data packet, the server first uses the decryption algorithm d to decrypt the information e Ki (M) to obtain M, and then calculates and obtains H(M) through the first algorithm H through the obtained M, and finally obtains Compared with the received H(M), if they are the same, it means that the data packet is legal, otherwise, the session is terminated, and the authentication process of the entire SOTP algorithm is completed so far.

优选地,在步骤S2,所述认证服务器实现所述预付卡信息的合法性认证,所述预付卡管理设备实现所述预付卡信息的正确性认证中,具体包括:Preferably, in step S2, the authentication server implements the legality authentication of the prepaid card information, and the prepaid card management device implements the correctness authentication of the prepaid card information, which specifically includes:

所述客户端将所述预付卡信息和所述会话密钥进行加密为第一加密信息,同时提取所述预付卡信息中的第一摘要信息,随后将所述第一加密信息和所述第一摘要信息一起发送至所述管理服务器;The client encrypts the prepaid card information and the session key into first encrypted information, and simultaneously extracts first summary information in the prepaid card information, and then encrypts the first encrypted information and the second A summary information is sent together to the management server;

所述管理服务器将接收到的所述第第一加密信息和第一摘要信息发送至所述认证服务器;The management server sends the received first encrypted information and first summary information to the authentication server;

所述认证服务器使用生成的所述会话密钥对所述第一加密信息进行解密得到预付卡信息,进而获取所述预付卡信息的第二摘要信息,随后将所述第二摘要信息与接收到的第一摘要信息进行比对,实现所述预付卡信息合法性的认证;最后将接收到的预付卡信息和用户信息一起发送至所述预付卡管理设备;The authentication server uses the generated session key to decrypt the first encrypted information to obtain prepaid card information, and then obtains second summary information of the prepaid card information, and then combines the second summary information with the received Compare the first summary information of the prepaid card information to realize the authentication of the legality of the prepaid card information; finally, send the received prepaid card information and user information to the prepaid card management device;

所述预付卡管理设备根据所述接收到用户信息获取与之匹配的预设在设备内的用户,随后将接收到的所述预付卡信息与所述用户中包括的预付卡信息进行比对,实现所述预付卡信息正确性的认证。The prepaid card management device obtains the matching user preset in the device according to the received user information, and then compares the received prepaid card information with the prepaid card information included in the user, Realize the verification of the correctness of the prepaid card information.

优选地,在步骤S3,所述认证服务器响应所述客户端请求生成相应的令牌信息中,具体包括:Preferably, in step S3, the authentication server generates corresponding token information in response to the client request, specifically including:

所述客户端将令牌请求信息和所述会话密钥进行加密为第二加密信息,同时提取所述令牌请求信息中的第三摘要信息,随后将所述第二加密信息和所述第三摘要信息一起发送至所述管理服务器;The client encrypts the token request information and the session key into second encrypted information, and simultaneously extracts third summary information in the token request information, and then converts the second encrypted information and the first The three summary information are sent to the management server together;

所述管理服务器将接收到的所述第二加密信息和第三摘要信息发送至所述认证服务器;The management server sends the received second encrypted information and third summary information to the authentication server;

所述认证服务器使用生成的所述会话密钥对所述第二加密信息进行解密得到令牌请求信息,进而获取所述令牌请求信息的第四摘要信息,随后将所述第三摘要信息与接收到的第四摘要信息进行比对,实现所述令牌请求信息合法性的认证;最后根据所述客户端的令牌请求生成相应的令牌信息。The authentication server uses the generated session key to decrypt the second encrypted information to obtain token request information, and then obtains fourth summary information of the token request information, and then combines the third summary information with The received fourth summary information is compared to realize the authentication of the legitimacy of the token request information; finally, corresponding token information is generated according to the token request of the client.

优选地,在步骤S6中,所述认证服务器实现令牌信息的认证,同时将所述认证结果和所述支付请求发送至预付卡管理设备,具体包括:Preferably, in step S6, the authentication server implements the authentication of token information, and at the same time sends the authentication result and the payment request to the prepaid card management device, specifically including:

所述支付管理设备发送支付请求至所述客户端;The payment management device sends a payment request to the client;

所述客户端将所述令牌信息、支付信息以及所述会话密钥进行加密为第三加密信息,同时提取所述令牌信息和所述支付信息中的第五摘要信息,随后将所述第三加密信息和所述第五摘要信息发送至所述支付管理设备;The client encrypts the token information, the payment information, and the session key into third encrypted information, and simultaneously extracts the fifth summary information in the token information and the payment information, and then converts the sending the third encrypted information and the fifth summary information to the payment management device;

所述支付管理设备将所述第三加密信息和所述第五摘要信息发送至所述预付卡管理设备;The payment management device sends the third encrypted information and the fifth summary information to the prepaid card management device;

所述预付卡管理设备将接收到的所述第三加密信息和所述第五摘要信息发送至所述认证服务器;The prepaid card management device sends the received third encrypted information and the fifth summary information to the authentication server;

所述认证服务器生成的所述会话密钥对第三加密信息进行解密得到令牌信息和支付信息,进而获取第六摘要信息,随后将所述第六摘要信息和接收到的第五摘要信息进行比对,实现所述令牌请求信息合法性的认证;最后将接收到的所述令牌信息与自身生成的令牌信息进行比对,完成所述令牌信息的比对。The session key generated by the authentication server decrypts the third encrypted information to obtain token information and payment information, and then obtains sixth summary information, and then performs a combination of the sixth summary information and the received fifth summary information Compare to realize the authentication of the legitimacy of the token request information; finally compare the received token information with the token information generated by itself to complete the comparison of the token information.

优选地,在步骤S7,所述预付卡管理设备完成支付操作,同时将支付应答发送至支付管理设备,具体包括中:Preferably, in step S7, the prepaid card management device completes the payment operation, and at the same time sends a payment response to the payment management device, specifically including:

所述令牌信息认证成功之后,即将所述认证结果和支付信息发送至所述预付卡管理设备;After the token information is authenticated successfully, the authentication result and payment information are sent to the prepaid card management device;

所述预付卡管理设备接收到认证结果和所述支付信息之后,根据接收到的支付信息进行支付响应,同时将所述支付应答发送至所述支付管理设备,完成所述预付卡联机支付系统的支付操作。After the prepaid card management device receives the authentication result and the payment information, it responds to the payment according to the received payment information, and at the same time sends the payment response to the payment management device, completing the prepaid card online payment system. payment operation.

本发明提供了一种基于身份认证的预付卡联机支付系统,其有益效果在于:The present invention provides a prepaid card online payment system based on identity authentication, which has the beneficial effects of:

1.在本发明分别在客户端和管理服务平台中设置身份认证模块,实现了客户端和管理服务平台之间的会话;同时大大提高了会话过程中会话信息的安全性能;1. In the present invention, the identity authentication module is set respectively in the client and the management service platform, and the conversation between the client and the management service platform is realized; the security performance of the conversation information in the conversation process is greatly improved simultaneously;

2.在本发明中客户端和管理服务平台的会话过程中使用SOTP技术对会话信息进行加密:2. use SOTP technology to encrypt session information in the session process of client and management service platform among the present invention:

在这个过程中,每个客户端中包括独立的应用程序或插件将内置的算法和密钥融合在一起,即客户端中只存储由加密解密算法结合随机密钥生成的加密函数和解密函数,有效地解决了会话过程中会话密钥存储的安全问题;且每个客户端中随机生成的密钥不同,因而每个客户端中包括的算法不一样,即使客户端中安全插件意外泄露也不会影响系统的整体安全性;In this process, each client includes an independent application or plug-in to integrate the built-in algorithm and key, that is, the client only stores the encryption function and decryption function generated by the encryption and decryption algorithm combined with the random key, It effectively solves the security problem of session key storage during the session; and the randomly generated key in each client is different, so the algorithm included in each client is different, even if the security plug-in in the client is leaked accidentally Will affect the overall security of the system;

客户端与管理服务平台之间采取双向认证的方法分别对客户端和管理服务平台进行认证,采用这种认证方法有效地防止了外界的假冒攻击。The two-way authentication method is adopted between the client and the management service platform to authenticate the client and the management service platform respectively, and this authentication method effectively prevents counterfeiting attacks from the outside.

客户端和管理服务平台之间进行了双向认证之后分别生成相同的会话密钥,进而客户端和服务器平台整个会话过程都采用会话密钥进行加密保护会话信息的完整性,防止交易内容的泄露、篡改、抵赖、以及中间人的攻击。After two-way authentication between the client and the management service platform, the same session key is generated respectively, and the entire session process of the client and the server platform is encrypted with the session key to protect the integrity of the session information, preventing the disclosure of transaction content, Tampering, repudiation, and man-in-the-middle attacks.

3.本发明在客户端和支付管理设备中分别设置NFC模块,在整个支付过程中,客户端和支付管理设备之间通过NFC模块进行通信,方便快捷,同时有效地解决了支付管理设备不能及时有效地获取客户端中的支付信息,扩展了本发明系统的应用场合。3. The present invention sets NFC modules in the client and the payment management device respectively. During the entire payment process, the client and the payment management device communicate through the NFC module, which is convenient and quick, and effectively solves the problem that the payment management device cannot be timely The payment information in the client terminal is effectively obtained, and the application occasions of the system of the present invention are expanded.

附图说明Description of drawings

下面结合附图和具体实施方式对本发明作进一步详细说明:Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

图1为本发明中基于身份认证的预付卡联机支付系统的结构示意图;Fig. 1 is the structural representation of the prepaid card online payment system based on identity authentication among the present invention;

图2为本发明中基于身份认证的预付卡联机支付方法的流程示意图。Fig. 2 is a schematic flowchart of the online payment method for prepaid cards based on identity authentication in the present invention.

具体实施方式Detailed ways

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面结合附图和实施例对本发明进行具体的描述。下面描述中的附图仅仅是本发明的一些实施例。对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be specifically described below in conjunction with the accompanying drawings and embodiments. The drawings in the following description are only some embodiments of the invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.

如图1所示,本发明提供了一种基于身份认证的预付卡联机支付系统,具体包括:客户端,支付管理设备,以及管理服务平台。As shown in Fig. 1, the present invention provides an identity authentication-based prepaid card online payment system, which specifically includes: a client, a payment management device, and a management service platform.

具体地,客户端中分别内置第一身份认证模块和第一NFC模块;其中,第一身份认证模块用于实现客户端与管理服务平台之间的数据通信过程中的身份认证,以保障通信数据的安全性能;第一NFC模块,用于将客户端中的支付信息和令牌信息发送至设置了第二NFC模块的支付管理设备。Specifically, the first identity authentication module and the first NFC module are respectively built in the client; wherein, the first identity authentication module is used to realize the identity authentication in the data communication process between the client and the management service platform, so as to ensure the communication data security performance; the first NFC module is used to send the payment information and token information in the client to the payment management device equipped with the second NFC module.

进一步地,客户端包括内置NFC模块的智能终端,如手机等。特别地,为了实现本发明的目的,在智能终端,如手机中使用了HCE(Host Card Mode,主机卡模式)技术确保客户端从外部接收的信息直接发送到客户端主机中相应的应用程序中,而不是发送至客户端,如手机中的安全模块(SE)上。然而,HCE技术只是实现了将从外部NFC模块中发送来的数据至客户端中的HCE服务或者将回复数据返回给外部的NFC模块中,而对于数据的处理和敏感信息的存储没有具体实现,因而在本发明中,通过使用SOTP算法的方式实现在客户端中模拟安全模块,以保证NFC业务的安全性能。根据以上描述,可以知道,基于NFC模块和HCE技术的客户端的具体形式除了手机之外,还包括设置了NFC模块和使用HCE技术的其他智能设备,只要客户端与管理服务平台之间进行数据通信的过程中使用了本发明中的SOTP算法,都能保障数据通信过程中安全性能。Further, the client includes an intelligent terminal with a built-in NFC module, such as a mobile phone. Particularly, in order to realize the purpose of the present invention, in the intelligent terminal, used HCE (Host Card Mode, host card mode) technology in the mobile phone as sure that the information that the client receives from the outside is directly sent to the corresponding application program in the client host , instead of sending to the client, such as the security module (SE) in the mobile phone. However, HCE technology only implements the data sent from the external NFC module to the HCE service in the client or returns the reply data to the external NFC module, but there is no specific implementation of data processing and sensitive information storage. Therefore, in the present invention, the security module is simulated in the client by using the SOTP algorithm to ensure the security performance of the NFC service. According to the above description, it can be known that the specific form of the client based on the NFC module and HCE technology includes not only the mobile phone, but also other smart devices equipped with the NFC module and using the HCE technology, as long as there is data communication between the client and the management service platform In the process of using the SOTP algorithm in the present invention, the security performance in the data communication process can be guaranteed.

支付管理设备内置第二NFC模块,其通过第二NFC模块接收客户端发送的信息,同时将支付信息和令牌信息发送至管理服务平台,以实现支付信息的应答。The payment management device has a built-in second NFC module, which receives the information sent by the client through the second NFC module, and at the same time sends the payment information and token information to the management service platform to realize the response of the payment information.

进一步地,支付管理设备包括POS机,POS机中包括NFC阅读器。在支付过程中,POS机通过其内置的NFC阅读器发送支付请求至客户端的HCE服务,同时通过NFC阅读器接收客户端发送过来的信息。特别地,本发明对支付管理设备的具体形式不做限定,只要其能实现本发明的目的,都包括在本发明的内容中。Further, the payment management device includes a POS machine, and the POS machine includes an NFC reader. During the payment process, the POS machine sends a payment request to the HCE service of the client through its built-in NFC reader, and at the same time receives the information sent by the client through the NFC reader. In particular, the present invention does not limit the specific form of the payment management device, as long as it can achieve the purpose of the present invention, it is included in the content of the present invention.

管理服务平台内置第二身份认证模块,用于生成和认证令牌信息,同时通过第二身份认证模块管理及认证用户信息和预付卡信息。The management service platform has a built-in second identity authentication module, which is used to generate and authenticate token information, and manage and authenticate user information and prepaid card information through the second identity authentication module.

进一步地,管理服务平台中具体包括:管理服务器,认证服务器,以及预付卡管理设备。Further, the management service platform specifically includes: a management server, an authentication server, and a prepaid card management device.

具体地,管理服务器中内置第二身份认证模块,接收客户端发送的用户信息及预付卡信息,分别发送至认证服务器和预付卡管理设备。特别地,在本发明中,管理服务器主要用于统一管理预付卡的信息,包括:持预付卡用户进行支付操作之前在管理服务平台进行的注册操作,以及用户的注销操作;实现预付卡与用户的实体卡的绑定操作或者用户对预付卡进行充值;用户在线购买预付卡;以及用户对预付卡中余额查询、积分查询等操作。此外,管理服务器同时为认证服务器和预付卡设备提供接入的作用(通过内置的身份认证模块实现),随后将接收的信息分别转发至认证服务器和预付卡设备。Specifically, the management server has a built-in second identity authentication module, which receives user information and prepaid card information sent by the client, and sends them to the authentication server and the prepaid card management device respectively. In particular, in the present invention, the management server is mainly used for unified management of prepaid card information, including: the registration operation performed on the management service platform before the user with the prepaid card performs the payment operation, and the user's logout operation; The binding operation of the physical card or the user recharges the prepaid card; the user purchases the prepaid card online; and the user performs operations such as querying the balance and points of the prepaid card. In addition, the management server simultaneously provides access to the authentication server and the prepaid card device (realized through the built-in identity authentication module), and then forwards the received information to the authentication server and the prepaid card device respectively.

认证服务器,在系统进行支付之前,生成会话秘钥和令牌信息;在支付过程中,用于认证用户信息和令牌信息。具体地,在持预付卡用户通过客户端在管理服务平台中进行注册时,管理服务器接收到用户信息之后即将信息发送至认证服务器进行存储,以便在进行支付之前实现对用户身份的验证。进一步地,用户信息包括能够位移标识用户的标识信息,如用户名等,还包括用户的登陆密码等。除此之外,认证服务器还包括能根据能够实现SOTP的算法,包括:SOTP算法库的生成,SOTP算法库的下载,以实现会话密钥的生成;同时根据客户端的请求基于用户信息和时间信息生成相应的令牌信息。特别地,客户端中的第一身份认证模块和管理服务器中的第二身份认证模块包括SOTP算法的端口,用于实现使用了SOTP算法加密过后的数据的传输。The authentication server generates session secret key and token information before the system makes payment; it is used to authenticate user information and token information during the payment process. Specifically, when a user holding a prepaid card registers in the management service platform through the client, the management server will send the information to the authentication server for storage after receiving the user information, so as to verify the identity of the user before making payment. Further, the user information includes identification information capable of identifying the user, such as a user name, and also includes the user's login password. In addition, the authentication server also includes an algorithm that can realize SOTP, including: generation of SOTP algorithm library, download of SOTP algorithm library to realize session key generation; at the same time, based on user information and time information according to the client's request Generate corresponding token information. In particular, the first identity authentication module in the client and the second identity authentication module in the management server include SOTP algorithm ports, which are used to realize the transmission of data encrypted using the SOTP algorithm.

预付卡管理设备,用于管理并认证预付卡信息。具体地,在系统中,每个用户可以包括多个预付卡,用户只需要在注册的过程中将预付卡的信息存储在管理服务器和预付卡管理设备中即可,则用户在支付的过程中,只需要对预付卡进行选择,预付卡管理设备接收到用户信息和预付卡信息之后,首先对通过用户信息查找到该用户,进而确认用户选择的预付卡是否合理。The prepaid card management device is used for managing and authenticating prepaid card information. Specifically, in the system, each user can include multiple prepaid cards, and the user only needs to store the information of the prepaid card in the management server and the prepaid card management device during the registration process. , it is only necessary to select the prepaid card. After the prepaid card management device receives the user information and the prepaid card information, it first finds the user through the user information, and then confirms whether the prepaid card selected by the user is reasonable.

如图2所示,本发明还提供了一种基于身份认证的预付卡联机支付方法,具体包括:As shown in Figure 2, the present invention also provides a prepaid card online payment method based on identity authentication, which specifically includes:

S1基于客户端获取的用户信息,实现客户端和认证服务器的相互认证;S1 implements mutual authentication between the client and the authentication server based on the user information obtained by the client;

S2认证服务器实现预付卡信息的合法性认证,预付卡管理设备实现预付卡信息的正确性认证;The S2 authentication server realizes the legality authentication of the prepaid card information, and the prepaid card management device realizes the correctness authentication of the prepaid card information;

S3认证服务器响应客户端请求生成相应的令牌信息;The S3 authentication server generates corresponding token information in response to the client request;

S4支付管理设备发送支付请求至客户端;The S4 payment management device sends a payment request to the client;

S5客户端将支付信息和令牌信息经由支付管理设备和预付卡管理设备发送至认证服务器;The S5 client sends the payment information and token information to the authentication server via the payment management device and the prepaid card management device;

S6认证服务器实现令牌信息的认证,同时将认证结果和支付请求发送至预付卡管理设备;The S6 authentication server realizes the authentication of the token information, and simultaneously sends the authentication result and the payment request to the prepaid card management device;

S7预付卡管理设备完成支付操作,同时将支付应答发送至支付管理设备。S7 The prepaid card management device completes the payment operation, and at the same time sends the payment response to the payment management device.

具体地,在步骤S1中,即预付卡联机支付系统进行支付操作之前,客户端和管理服务平台中根据用户信息分别形成相同的会话密钥,实现客户端和管理服务平台的相互认证。由于本发明使用的是SOTP算法,基于我们对SOTP算法的介绍知道,在算法的使用过程中,整个过程主要分为三个阶段进行实现:注册阶段、认证阶段、以及会话阶段。具体地,这里说的会话阶段即客户端和管理服务平台之间进行信息交互的过程;在信息交互之前,管理服务平台中的认证服务器中和客户端中会基于用户信息依照SOTP算法的实现注册阶段和认证阶段,实现客户端对认证服务器的认证及认证服务器对客户端的认证,同时生成相同的会话密钥,与此同时,用户成功登陆管理服务平台;在后续的支付过程中,客户端和管理服务平台中的每次对话都通过会话密钥进行加密,以保障交互的信息的安全性能。Specifically, in step S1, that is, before the prepaid card online payment system performs the payment operation, the client and the management service platform respectively form the same session key according to user information to realize mutual authentication between the client and the management service platform. Because the present invention uses the SOTP algorithm, based on our introduction to the SOTP algorithm, in the process of using the algorithm, the whole process is mainly divided into three stages: registration stage, authentication stage, and session stage. Specifically, the session phase mentioned here is the process of information interaction between the client and the management service platform; before the information interaction, the authentication server in the management service platform and the client will register based on user information according to the SOTP algorithm. stage and authentication stage, realize the authentication of the client to the authentication server and the authentication of the authentication server to the client, and generate the same session key at the same time, at the same time, the user successfully logs in to the management service platform; in the subsequent payment process, the client and Each conversation in the management service platform is encrypted with a session key to ensure the security of the exchanged information.

会话密钥生成了之后,客户端和管理服务平台之间即可进行数据的验证。特别地,本发明中,在客户端中和认证服务器中还分别包括用户对交互信息进行加密和解密的加密算法和解密算法,如AES-128;还包括用于提取摘要信息的H算法,如SHA1,特别地,本发明对加密解密算法和H算法都不作限定,只要其能实现本发明的目的,都包括在本发明的内容中。After the session key is generated, data verification can be performed between the client and the management service platform. In particular, in the present invention, the client and the authentication server also include an encryption algorithm and a decryption algorithm for the user to encrypt and decrypt the interaction information, such as AES-128; and an H algorithm for extracting summary information, such as SHA1, in particular, the present invention does not limit the encryption and decryption algorithm and the H algorithm, as long as they can achieve the purpose of the present invention, they are all included in the content of the present invention.

客户端通过上述步骤成功登陆管理服务平台之后,即开始对与用户关联的预付卡进行选择,即在步骤S2中,具体包括:客户端将预付卡信息和会话密钥通过加密算法进行加密为第一加密信息,同时使用H算法提取预付卡信息中的第一摘要信息,随后将第一加密信息和第一摘要信息一起发送至管理服务器;管理服务器将接收到的第一加密信息和第一摘要信息发送至认证服务器;认证服务器使用自身生成的会话密钥和解密算法对第一加密信息进行解密得到预付卡信息,进而通过H算法获取预付卡信息的第二摘要信息,随后将第二摘要信息与接收到的第二摘要信息进行比对,实现预付卡信息合法性的认证,若验证认证,则将接收到的预付卡信息和用户信息一起发送至预付卡管理设备;预付卡管理设备根据接收到用户信息获取与之匹配的预设在设备内的用户,随后将接收到的预付卡信息与用户中包括的预付卡信息进行比对,实现预付卡信息正确性的认证。若预付卡信息在合法性验证过程中出现错误,则立即停止与客户端的会话过程,同时提醒用户;如在正确性的验证过程中出现错误,则也立即停止会话过程,同时提示用户预付卡选择出错。进一步地,认证结果经过管理服务器发送回客户端的过程中同样会经过上述过程,即首先在认证服务器中使用会话秘钥和加密算法进行加密,提取认证结果中的摘要信息,一起发送至客户端,客户端接收之后,使用解密算法对加密信息进行解密,获取解密信息的摘要信息,最后将两个摘要信息进行比对,对获取的信息的合理性和完整性分别验证。After the client successfully logs in to the management service platform through the above steps, it starts to select the prepaid card associated with the user, that is, in step S2, it specifically includes: the client encrypts the prepaid card information and session key through an encryption algorithm into the first One encrypted information, using the H algorithm to extract the first abstract information in the prepaid card information, and then send the first encrypted information and the first abstract information to the management server; the management server will receive the first encrypted information and the first abstract The information is sent to the authentication server; the authentication server uses the session key generated by itself and the decryption algorithm to decrypt the first encrypted information to obtain the prepaid card information, and then obtains the second summary information of the prepaid card information through the H algorithm, and then converts the second summary information Compare with the received second summary information to realize the authentication of the legitimacy of the prepaid card information, if the authentication is verified, then send the received prepaid card information and user information to the prepaid card management device; the prepaid card management device After obtaining the matching user information preset in the device, the received prepaid card information is compared with the prepaid card information included in the user to realize the verification of the correctness of the prepaid card information. If there is an error in the prepaid card information verification process, the session process with the client will be stopped immediately, and the user will be reminded at the same time; if an error occurs in the correctness verification process, the session process will also be stopped immediately, and the user will be prompted to choose a prepaid card error. Furthermore, the process of sending the authentication result back to the client through the management server will also go through the above-mentioned process, that is, first encrypt the session key and encryption algorithm in the authentication server, extract the summary information in the authentication result, and send it to the client together. After the client receives it, it uses the decryption algorithm to decrypt the encrypted information, obtains the summary information of the decrypted information, and finally compares the two summary information to verify the rationality and integrity of the obtained information.

在这一步中,预付卡管理设备即记录下用户在支付过程中需要使用到的预付卡,以便实现后续的支付过程。In this step, the prepaid card management device records the prepaid card that the user needs to use in the payment process, so as to realize the subsequent payment process.

预付卡选择正确以后,为了进一步确保支付过程中的安全性能,客户端还要向管理服务平台请求下载相应的令牌信息,即在步骤S3中,具体包括:客户端将令牌请求信息和会话密钥使用加密算法进行加密为第二加密信息,同时使用H算法提取令牌请求信息中的第三摘要信息,随后将第二加密信息和第三摘要信息一起发送至管理服务器;管理服务器将接收到的第二加密信息和第三摘要信息发送至认证服务器;认证服务器使用自身生成的会话密钥和解密函数对第二加密信息进行解密得到令牌请求信息,进而通过H算法获取令牌请求信息的第四摘要信息,随后将第三摘要信息与接收到的第四摘要信息进行比对,若认证成功,则实现令牌请求信息合法性的认证;最后根据客户端的令牌请求生成基于用户信息、时间信息和密钥种子信息(在用户注册的过程中即将密钥种子储存在认证服务器中)生成令牌信息。若令牌请求信息认证失败,则立即停止与客户端之间的会话。进一步地,生成的令牌信息经过管理服务器发送回客户端的过程中同样会经过上述的加密解密的过程,即首先在认证服务器中使用会话秘钥和加密算法进行加密,提取令牌信息中的摘要信息,再将加密信息和摘要信息一起发送至客户端,客户端接收之后,使用解密算法对加密信息进行解密,随后通过H算法获取解密信息的摘要信息,最后将两个摘要信息进行比对,对获取的信息的合理性和完整性分别验证。After the prepaid card is selected correctly, in order to further ensure the security performance in the payment process, the client also needs to request the management service platform to download the corresponding token information, that is, in step S3, it specifically includes: the client sends the token request information and session The key is encrypted into the second encrypted information using an encryption algorithm, and at the same time, the H algorithm is used to extract the third summary information in the token request information, and then the second encrypted information and the third summary information are sent to the management server; the management server will receive The received second encrypted information and third summary information are sent to the authentication server; the authentication server uses the session key and decryption function generated by itself to decrypt the second encrypted information to obtain the token request information, and then obtain the token request information through the H algorithm The fourth summary information, and then compare the third summary information with the received fourth summary information, if the authentication is successful, then realize the authentication of the legitimacy of the token request information; finally, according to the client’s token request, generate a token based on user information , time information and key seed information (the key seed is stored in the authentication server during the user registration process) to generate token information. If the authentication of the token request information fails, the session with the client will be stopped immediately. Furthermore, when the generated token information is sent back to the client by the management server, it will also go through the above-mentioned encryption and decryption process, that is, the authentication server first uses the session key and encryption algorithm to encrypt, and extracts the abstract of the token information information, and then send the encrypted information and summary information to the client together. After the client receives it, it uses the decryption algorithm to decrypt the encrypted information, then obtains the summary information of the decrypted information through the H algorithm, and finally compares the two summary information. The rationality and completeness of the obtained information are verified separately.

以上支付前的准备工作都做好后,即可以开始进行支付,具体支付的过程包括:After the above preparations before payment are completed, the payment can be started. The specific payment process includes:

首先,如步骤S4,支付管理设备发送支付请求至客户端。特别地,这里的支付管理设备包括POS机,POS机中包括NFC阅读器。即POS机中的NFC阅读器发送支付请求至客户端,客户端中同样通过内置的NFC模块接收支付请求。First, in step S4, the payment management device sends a payment request to the client. In particular, the payment management device here includes a POS machine, and the POS machine includes an NFC reader. That is, the NFC reader in the POS machine sends a payment request to the client, and the client also receives the payment request through the built-in NFC module.

随后,如步骤S6,客户端将令牌信息、支付信息以及会话密钥进行加密为第三加密信息,同时提取令牌信息和支付信息中的第五摘要信息,随后将第三加密信息和第五摘要信息发送至支付管理设备;这里的支付信息,具体包括支付金额等。Subsequently, as in step S6, the client encrypts the token information, payment information, and session key into the third encrypted information, and simultaneously extracts the fifth summary information in the token information and payment information, and then converts the third encrypted information and the 5. The summary information is sent to the payment management device; the payment information here specifically includes the payment amount and so on.

支付管理设备将第三加密信息和第五摘要信息发送至预付卡管理设备;The payment management device sends the third encrypted information and the fifth summary information to the prepaid card management device;

紧接着,预付卡管理设备将接收到的第三加密信息和第五摘要信息发送至认证服务器;Immediately afterwards, the prepaid card management device sends the received third encrypted information and fifth summary information to the authentication server;

最后,认证服务器生成的会话密钥对第三加密信息进行解密得到令牌信息和支付信息,进而获取第六摘要信息,随后将第六摘要信息和接收到的第五摘要信息进行比对,实现令牌请求信息合法性的认证;最后将接收到的令牌信息与自身生成的令牌信息进行比对,完成令牌信息的比对。Finally, the session key generated by the authentication server decrypts the third encrypted information to obtain token information and payment information, and then obtains the sixth summary information, and then compares the sixth summary information with the received fifth summary information to realize Authentication of the legitimacy of the token request information; finally, compare the received token information with the token information generated by itself to complete the token information comparison.

在认证服务器中,如步骤s7,若令牌信息认证成功,即将认证信息发送回预付卡管理设备;预付卡管理设备接收到令牌信息认证成功的消息之后,即根据接收到的支付信息进行支付操作,同时将支付应答发送至支付管理设备,完成整个支付操作。特别地,认证服务器中令牌信息认证成功之后,即将令牌信息进行注销,等待下次令牌信息请求生成新的令牌信息。In the authentication server, as in step s7, if the authentication of the token information is successful, the authentication information will be sent back to the prepaid card management device; after the prepaid card management device receives the message that the token information authentication is successful, the payment will be made according to the received payment information operation, and at the same time send the payment response to the payment management device to complete the entire payment operation. In particular, after the authentication of the token information in the authentication server is successful, the token information will be canceled and wait for the next token information request to generate new token information.

综上,本发明提供了一种基于身份认证的预付卡联机支付系统和方法,其在客户端和管理服务器平台中间分别设置身份认证模块,实现支付过程中的身份认证;又在客户端和支付管理设备中分别设置NFc模块实现客户端与支付管理设备之间的信息交互,进而提高了本发明的安全性能,同时扩展了应用。To sum up, the present invention provides a prepaid card online payment system and method based on identity authentication, which sets an identity authentication module between the client and the management server platform to realize identity authentication in the payment process; The NFc modules are respectively set in the management device to realize the information interaction between the client and the payment management device, thereby improving the security performance of the present invention and expanding the application at the same time.

以上对发明的具体实施例进行了详细描述,但本发明并不限制于以上描述的具体实施例,其只是作为范例。对于本领域技术人员而言,任何对该系统进行的等同修改和替代也都在本发明的范畴之中。因此,在不脱离发明的精神和范围下所作出的均等变换和修改,都应涵盖在本发明的范围内。The specific embodiments of the invention have been described in detail above, but the present invention is not limited to the specific embodiments described above, which are only examples. For those skilled in the art, any equivalent modifications and substitutions to the system are also within the scope of the present invention. Therefore, equivalent changes and modifications made without departing from the spirit and scope of the invention shall fall within the scope of the present invention.

Claims (10)

1. the online payment system of the prepaid card of identity-based certification, is characterized in that, comprising:
Client, payment management equipment, and management service platform;
Built-in first authentication module of described client and the first NFC module, and obtain token information by described authentication module, payment information and described token information are sent to described payment management equipment by described NFC module simultaneously;
Built-in second NFC module of described payment management equipment, is received the information of described client transmission, described payment information and described token information is sent to described management service platform, to realize the response of described payment information simultaneously by described second NFC module;
Built-in second authentication module of described management service platform, for generating and token information described in certification, is managed and authenticated information and prepaid card information by described second authentication module simultaneously.
2. the online payment system of the prepaid card of identity-based certification as claimed in claim 1, it is characterized in that, described management service platform comprises: management server, certificate server, and prepaid card management equipment;
Built-in described second authentication module of described management server, receives user profile and the prepaid card information of the transmission of described client, is sent to described certificate server and described prepaid card management equipment respectively;
Described certificate server, before system pays, generates described token information; In payment process, for user profile described in certification and described token information;
Described prepaid card management equipment, for managing and prepaid card information described in certification.
3. the online payment system of the prepaid card of identity-based certification as claimed in claim 1 or 2, is characterized in that: described user profile comprises the identification information for unique identification user.
4. the online payment system of the prepaid card of identity-based certification as claimed in claim 2, is characterized in that: described payment management equipment comprises POS, and described POS comprises NFC reader.
5. a prepaid card online payment method for identity-based certification, be applied to as arbitrary in claim 1-4 as described in the online payment system of prepaid card of identity-based certification, it is characterized in that, specifically comprise:
The described user profile that S1 obtains based on described client, realizes the mutual certification of described client and described certificate server;
Certificate server described in S2 realizes the legitimacy certification of described prepaid card information, and described prepaid card management equipment realizes the correctness certification of described prepaid card information;
Described in S3, client-requested described in authentication server response generates corresponding token information;
Payment management equipment described in S4 sends described payment request to described client;
Described payment information and described token information are sent to described certificate server via described payment management equipment and described prepaid card management equipment by client described in S5;
Certificate server described in S6 realizes the certification of token information, described authentication result and described payment request is sent to prepaid card management equipment simultaneously;
Described in S7, prepaid card management equipment completes delivery operation, payment response is sent to payment management equipment simultaneously.
6. the prepaid card online payment method of identity-based certification as claimed in claim 5, it is characterized in that, in step S1, based on the described user profile that described client obtains, realize in the mutual certification of described client and described certificate server: in described client and described certificate server, form identical session key according to described user profile respectively, to realize the information interaction between described client and described management service platform.
7. the prepaid card online payment method of identity-based certification as claimed in claim 5, it is characterized in that, in step S2, described certificate server realizes the legitimacy certification of described prepaid card information, described prepaid card management equipment realizes, in the correctness certification of described prepaid card information, specifically comprising:
It is the first enciphered message that described prepaid card information and described session key are encrypted by described client, extract the first summary info in described prepaid card information simultaneously, subsequently described first enciphered message is sent to described management server together with described first summary info;
Described firstth enciphered message received and the first summary info are sent to described certificate server by described management server;
Described certificate server uses the described session key generated to be decrypted described first enciphered message and obtains prepaid card information, and then obtain the second summary info of described prepaid card information, subsequently described second summary info and the first summary info received are compared, realize the certification of described prepaid card information legitimacy; Finally the prepaid card information received is sent to described prepaid card management equipment together with user profile;
Described prepaid card management equipment according to described in receive user profile and obtain the user be preset in equipment matched, subsequently the prepaid card information that the described prepaid card information received and described user comprise is compared, realize the certification of described prepaid card information correctness.
8. the prepaid card online payment method of identity-based certification as claimed in claim 5, is characterized in that, in step S3, described in described authentication server response, client-requested generates in corresponding token information, specifically comprises:
It is the second enciphered message that described client token solicited message and described session key are encrypted, extract the 3rd summary info in described token request information simultaneously, subsequently described second enciphered message is sent to described management server together with described 3rd summary info;
Described second enciphered message received and the 3rd summary info are sent to described certificate server by described management server;
Described certificate server uses the described session key generated to be decrypted described second enciphered message and obtains token request information, and then obtain the 4th summary info of described token request information, subsequently described 3rd summary info and the 4th summary info received are compared, realize the certification of described token request information legitimacy; Finally generate corresponding token information according to the token request of described client.
9. the prepaid card online payment method of identity-based certification as claimed in claim 5, it is characterized in that, in step s 6, described certificate server realizes the certification of token information, described authentication result and described payment request are sent to prepaid card management equipment simultaneously, specifically comprise:
Described payment management equipment sends the request of payment to described client;
It is the 3rd enciphered message that described token information, payment information and described session key are encrypted by described client, extract the 5th summary info in described token information and described payment information simultaneously, subsequently described 3rd enciphered message and described 5th summary info are sent to described payment management equipment;
Described 3rd enciphered message and described 5th summary info are sent to described prepaid card management equipment by described payment management equipment;
Described 3rd enciphered message received and described 5th summary info are sent to described certificate server by described prepaid card management equipment;
The described session key that described certificate server generates is decrypted the 3rd enciphered message and obtains token information and payment information, and then obtain the 6th summary info, subsequently described 6th summary info and the 5th summary info received are compared, realize the certification of described token request information legitimacy; Finally the described token information received and the token information self generated are compared, complete the comparison of described token information.
10. the prepaid card online payment method of identity-based certification as claimed in claim 5, is characterized in that, in step S7, described prepaid card management equipment completes delivery operation, payment response is sent to payment management equipment, in specifically comprising simultaneously:
After described token information authentication success, be sent to described prepaid card management equipment by described authentication result and payment information;
After described prepaid card management equipment receives authentication result and described payment information, payment response is carried out according to the payment information received, described payment response is sent to described payment management equipment simultaneously, completes the delivery operation of the online payment system of described prepaid card.
CN201410531823.7A 2014-10-11 2014-10-11 The online payment system of prepaid card and its method of payment of identity-based certification Expired - Fee Related CN104240074B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410531823.7A CN104240074B (en) 2014-10-11 2014-10-11 The online payment system of prepaid card and its method of payment of identity-based certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410531823.7A CN104240074B (en) 2014-10-11 2014-10-11 The online payment system of prepaid card and its method of payment of identity-based certification

Publications (2)

Publication Number Publication Date
CN104240074A true CN104240074A (en) 2014-12-24
CN104240074B CN104240074B (en) 2018-02-13

Family

ID=52228094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410531823.7A Expired - Fee Related CN104240074B (en) 2014-10-11 2014-10-11 The online payment system of prepaid card and its method of payment of identity-based certification

Country Status (1)

Country Link
CN (1) CN104240074B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104574060A (en) * 2015-01-09 2015-04-29 艾体威尔电子技术(北京)有限公司 On-line payment method and system based on NFC token
CN105187937A (en) * 2015-08-12 2015-12-23 上海众人网络安全技术有限公司 Shopping system and method based on smartphone
CN105550877A (en) * 2015-12-21 2016-05-04 北京智付融汇科技有限公司 Payment method and apparatus
CN105635168A (en) * 2016-01-25 2016-06-01 恒宝股份有限公司 Off-line transaction device and security key using method thereof
CN105959109A (en) * 2016-06-28 2016-09-21 来谊金融信息科技(上海)股份有限公司 Host card simulation based key storage method and payment method
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
CN107153957A (en) * 2016-03-06 2017-09-12 神州黑鹰(上海)信息科技有限公司 The management system of universal single-use prepaid card
CN108805539A (en) * 2018-02-09 2018-11-13 深圳市微付充科技有限公司 A kind of method of payment, mobile device and storage device that Intrusion Detection based on host snap gauge is quasi-
CN105023182B (en) * 2015-08-12 2019-03-08 上海众人网络安全技术有限公司 A kind of purchase system and method based on Intelligent bracelet
CN109949037A (en) * 2019-03-26 2019-06-28 深圳市元征科技股份有限公司 A kind of method of payment and relevant device based on net card
CN112016918A (en) * 2019-05-30 2020-12-01 小米数字科技有限公司 Signature writing method, signature verification device and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100318783A1 (en) * 2009-06-10 2010-12-16 Ashwin Raj Service activation using algorithmically defined key
CN101933246A (en) * 2008-01-30 2010-12-29 电子湾有限公司 One-step near field communication transaction
US20130061051A1 (en) * 2011-09-07 2013-03-07 Pantech Co., Ltd. Method for authenticating electronic transaction, server, and terminal
CN103067335A (en) * 2011-10-18 2013-04-24 中国移动通信集团公司 Method for realizing information interaction as non-contact mode, correlation equipment and system
CN103457913A (en) * 2012-05-30 2013-12-18 阿里巴巴集团控股有限公司 Data processing method, communication terminals, server and system
CN103501191A (en) * 2013-08-21 2014-01-08 王越 Mobile payment device and method thereof based on NFC technology

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101933246A (en) * 2008-01-30 2010-12-29 电子湾有限公司 One-step near field communication transaction
US20100318783A1 (en) * 2009-06-10 2010-12-16 Ashwin Raj Service activation using algorithmically defined key
US20130061051A1 (en) * 2011-09-07 2013-03-07 Pantech Co., Ltd. Method for authenticating electronic transaction, server, and terminal
CN103067335A (en) * 2011-10-18 2013-04-24 中国移动通信集团公司 Method for realizing information interaction as non-contact mode, correlation equipment and system
CN103457913A (en) * 2012-05-30 2013-12-18 阿里巴巴集团控股有限公司 Data processing method, communication terminals, server and system
CN103501191A (en) * 2013-08-21 2014-01-08 王越 Mobile payment device and method thereof based on NFC technology

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104574060A (en) * 2015-01-09 2015-04-29 艾体威尔电子技术(北京)有限公司 On-line payment method and system based on NFC token
CN106161032B (en) * 2015-04-24 2019-03-19 华为技术有限公司 A kind of identity authentication method and device
CN106161032A (en) * 2015-04-24 2016-11-23 华为技术有限公司 A kind of identity authentication method and device
CN105187937B (en) * 2015-08-12 2019-02-01 上海众人网络安全技术有限公司 A kind of purchase system and method based on smart phone
CN105187937A (en) * 2015-08-12 2015-12-23 上海众人网络安全技术有限公司 Shopping system and method based on smartphone
CN105023182B (en) * 2015-08-12 2019-03-08 上海众人网络安全技术有限公司 A kind of purchase system and method based on Intelligent bracelet
CN105550877A (en) * 2015-12-21 2016-05-04 北京智付融汇科技有限公司 Payment method and apparatus
CN105635168A (en) * 2016-01-25 2016-06-01 恒宝股份有限公司 Off-line transaction device and security key using method thereof
CN105635168B (en) * 2016-01-25 2019-01-22 恒宝股份有限公司 A kind of application method of offline transaction device and its security key
CN107153957A (en) * 2016-03-06 2017-09-12 神州黑鹰(上海)信息科技有限公司 The management system of universal single-use prepaid card
CN105959109A (en) * 2016-06-28 2016-09-21 来谊金融信息科技(上海)股份有限公司 Host card simulation based key storage method and payment method
CN108805539A (en) * 2018-02-09 2018-11-13 深圳市微付充科技有限公司 A kind of method of payment, mobile device and storage device that Intrusion Detection based on host snap gauge is quasi-
CN109949037A (en) * 2019-03-26 2019-06-28 深圳市元征科技股份有限公司 A kind of method of payment and relevant device based on net card
CN112016918A (en) * 2019-05-30 2020-12-01 小米数字科技有限公司 Signature writing method, signature verification device and storage medium
CN112016918B (en) * 2019-05-30 2024-06-25 小米数字科技有限公司 Signature writing method, signature verification method, device and storage medium

Also Published As

Publication number Publication date
CN104240074B (en) 2018-02-13

Similar Documents

Publication Publication Date Title
CN104240074B (en) The online payment system of prepaid card and its method of payment of identity-based certification
CN112602300B (en) System and method for password authentication of contactless cards
Chen et al. NFC mobile transactions and authentication based on GSM network
US10270587B1 (en) Methods and systems for electronic transactions using multifactor authentication
JP2022504072A (en) Systems and methods for cryptographic authentication of contactless cards
US20160117673A1 (en) System and method for secured transactions using mobile devices
CN103001773B (en) Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
US11636478B2 (en) Method of performing authentication for a transaction and a system thereof
US20230409845A1 (en) Systems and methods for data transmission using contactless cards
JP2022508010A (en) Systems and methods for cryptographic authentication of non-contact cards
US20130226812A1 (en) Cloud proxy secured mobile payments
US20150142666A1 (en) Authentication service
JP2022501875A (en) Systems and methods for cryptographic authentication of non-contact cards
JP2022502888A (en) Systems and methods for cryptographic authentication of non-contact cards
CN104318437B (en) Payment system and its method of payment in a kind of virtual prepayment card line
US20150142669A1 (en) Virtual payment chipcard service
CN104240073A (en) Offline payment method and offline payment system on basis of prepaid cards
CN112602104A (en) System and method for password authentication of contactless cards
CN106096947B (en) The half off-line anonymous method of payment based on NFC
JP2022508026A (en) Systems and methods for cryptographic authentication of non-contact cards
US20150142667A1 (en) Payment authorization system
JP2022501872A (en) Systems and methods for cryptographic authentication of non-contact cards
JP2022502891A (en) Systems and methods for cryptographic authentication of non-contact cards
CN113168631A (en) System and method for password authentication of contactless cards
JP2022501861A (en) Systems and methods for cryptographic authentication of non-contact cards

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160310

Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China

Applicant after: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4

Applicant before: SHANGHAI PEOPLENET TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241113

Address after: Room 503, Building 3, No. 6 Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province 364031

Patentee after: Xie Xinyong

Country or region after: China

Address before: 201821 211, room 4, 1411 Yecheng Road, Jiading Industrial Zone, Shanghai.

Patentee before: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20241120

Address after: Room 20-390, Beizhuanghu Village, Machikou Town, Changping District, Beijing 102299

Patentee after: Beijing Zhonglianxing Enterprise Management Co.,Ltd.

Country or region after: China

Address before: Room 503, Building 3, No. 6 Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province 364031

Patentee before: Xie Xinyong

Country or region before: China

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180213