[go: up one dir, main page]

CN104361490B - A kind of method of payment and system of sensitive information markization - Google Patents

A kind of method of payment and system of sensitive information markization Download PDF

Info

Publication number
CN104361490B
CN104361490B CN201410609082.XA CN201410609082A CN104361490B CN 104361490 B CN104361490 B CN 104361490B CN 201410609082 A CN201410609082 A CN 201410609082A CN 104361490 B CN104361490 B CN 104361490B
Authority
CN
China
Prior art keywords
information
identification
card number
payment
merchant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410609082.XA
Other languages
Chinese (zh)
Other versions
CN104361490A (en
Inventor
谈剑锋
梅庆
杨党团
尤磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hainan Kechuang Weiye Information Technology Co ltd
Original Assignee
Shanghai Peoplenet Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Peoplenet Security Technology Co Ltd filed Critical Shanghai Peoplenet Security Technology Co Ltd
Priority to CN201410609082.XA priority Critical patent/CN104361490B/en
Publication of CN104361490A publication Critical patent/CN104361490A/en
Application granted granted Critical
Publication of CN104361490B publication Critical patent/CN104361490B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/16Payments settled via telecommunication systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明提供了一种敏感信息标识化的支付方法,包括:S1将敏感信息和标识信息在标识化服务器上注册并建立对应关系;S2交易平台获取所述敏感信息和生成支付信息;S3所述交易平台向所述标识化服务器发送所述敏感信息,获取所述标识信息;S4所述交易平台发送所述标识信息和所述支付信息发送至支付平台;S5所述支付平台发送所述标识信息至所述标识化服务器,获取卡号信息;S6所述支付平台根据所述支付信息和所述卡号信息完成交易,返回交易结果。本发明通过对敏感信息标识化,进行网络安全支付,采用的标识兼容了现有银行卡号的数据结构,现有的商户系统和支付系统只需变动少量接口,即可实现银行卡支付过程的标识化,具有更优的技术效果。

The present invention provides a payment method for identifying sensitive information, including: S1 registering sensitive information and identifying information on an identifying server and establishing a corresponding relationship; S2 trading platform acquiring the sensitive information and generating payment information; S3 The transaction platform sends the sensitive information to the identification server to obtain the identification information; S4 the transaction platform sends the identification information and the payment information to the payment platform; S5 the payment platform sends the identification information Go to the identification server to obtain card number information; S6 The payment platform completes the transaction according to the payment information and the card number information, and returns a transaction result. The invention carries out network security payment by identifying sensitive information, and the adopted identification is compatible with the data structure of the existing bank card number, and the existing merchant system and payment system only need to change a small number of interfaces to realize the identification of the bank card payment process , with better technical effects.

Description

一种敏感信息标识化的支付方法及系统A payment method and system for identifying sensitive information

技术领域technical field

本发明涉及网络安全领域,尤其涉及网络安全支付方法及系统。The invention relates to the field of network security, in particular to a network security payment method and system.

背景技术Background technique

网上支付是电子商务的基础,电子支付的普遍应用推动了电子商务的快速发展,但也带来了个人敏感信息特别是银行卡信息泄露的问题。Online payment is the foundation of e-commerce. The widespread application of electronic payment has promoted the rapid development of e-commerce, but it has also brought about the leakage of personal sensitive information, especially bank card information.

为解决信息泄露问题,在网上支付环节普遍采用了各种加密措施和算法,包括对称加密、非对称加密等措施,但由于网上支付环节众多,包括商家、支付通道方、银行等,密钥的使用、保护和管理成为网上信息保护的短板,特别是要实现个人账户信息这样的敏感信息的端到端加密尤其困难。In order to solve the problem of information leakage, various encryption measures and algorithms are generally used in the online payment link, including symmetric encryption, asymmetric encryption and other measures. Use, protection, and management have become the short boards of online information protection, especially to achieve end-to-end encryption of sensitive information such as personal account information.

以比较敏感的银行卡号信息为例,在实际网上购物环境中:1、银行卡信息至少需要经过电商、支付公司、收单行、发卡行等几个环节,出于商业考虑比如可能的退款等,电商和支付公司经常也需要保留银行卡信息2、整个环节如果采用点到点加密来实现端到端效果,那么密钥的保管和使用将会变得非常复杂和昂贵,并且极易出现漏洞。Taking the more sensitive bank card number information as an example, in the actual online shopping environment: 1. Bank card information needs to go through at least several links such as e-commerce, payment companies, acquiring banks, and card issuing banks. For commercial considerations, such as possible refunds etc. E-commerce and payment companies often also need to keep bank card information. 2. If point-to-point encryption is used to achieve end-to-end effects throughout the process, the storage and use of keys will become very complicated and expensive, and it will be extremely easy to There is a loophole.

发明内容Contents of the invention

在实际应用中,对信用卡号、身份证号等敏感数据进行加密非常必要,然而使用传统分组密码通常会扩展数据,使数据长度和类型发生变化,需要修改数据库结构或应用程序来适应这些变化,成本非常高。In practical applications, it is very necessary to encrypt sensitive data such as credit card numbers and ID numbers. However, using traditional block ciphers usually expands the data and changes the length and type of data. It is necessary to modify the database structure or application to adapt to these changes. The cost is very high.

标记化技术工作原理:用一个特殊的值或者标识来代替银行卡数据或者金融账户记录。标记化方法相比端到端加密方法实现起来更加灵活、更加可行。如果使用这一技术,那么在很多情况下实际传输的就不是真正的银行卡数据,这也就排除了信息泄露的可能性。这种标识可以无限制的存储,并且能够把这个值保留下来并在交易中继续使用,或者允许在这之后使用这些数据进行统计、分析、挖掘等。How tokenization works: Replace bank card data or financial account records with a special value or identifier. The tokenization approach is more flexible and feasible to implement than the end-to-end encryption approach. If this technology is used, then in many cases what is actually transmitted is not the real bank card data, which also excludes the possibility of information leakage. This kind of identification can be stored unlimitedly, and this value can be retained and continued to be used in transactions, or allow the data to be used for statistics, analysis, mining, etc. afterwards.

为此,本发明提供了一种敏感信息标识化的支付方法,包括:To this end, the present invention provides a payment method for identifying sensitive information, including:

S1将敏感信息和标识信息在标识化服务器上注册并建立对应关系;S1 registers sensitive information and identification information on the identification server and establishes a corresponding relationship;

S2交易平台获取敏感信息和生成支付信息;S2 trading platform obtains sensitive information and generates payment information;

S3所述交易平台向标识化服务器发送所述敏感信息,获取标识信息;S3, the transaction platform sends the sensitive information to the identification server to obtain the identification information;

S4所述交易平台发送所述标识信息和所述支付信息发送至支付平台;S4, the transaction platform sends the identification information and the payment information to the payment platform;

S5所述支付平台发送所述标识信息至所述标识化服务器,获取所述敏感信息;S5 The payment platform sends the identification information to the identification server to obtain the sensitive information;

S6所述支付平台根据所述支付信息和所述敏感信息完成交易,返回交易结果。S6 The payment platform completes the transaction according to the payment information and the sensitive information, and returns a transaction result.

进一步优选地,所述敏感信息包括商户号、卡号、有效期、CVV码。Further preferably, the sensitive information includes merchant number, card number, expiration date, and CVV code.

进一步优选地,步骤S1所述标识化服务器对所述敏感信息和所述标识信息注册,具体包括:Further preferably, the identification server in step S1 registers the sensitive information and the identification information, specifically including:

S11根据所述卡号和所述商户号生成所述标识信息并存储;S11 generating and storing the identification information according to the card number and the merchant number;

S12生成标识表和卡号表存储,并将所述标识表和所述卡号表进行绑定;S12 generates an identification table and a card number table for storage, and binds the identification table and the card number table;

S13根据卡号和商户号查找所述标识信息;S13 searches for the identification information according to the card number and the merchant number;

S14根据所述标识信息和所述商户号查找所述卡号信息。S14 Searches for the card number information according to the identification information and the merchant number.

进一步优选地,在所述步骤S12中,生成含有所述标识信息的标识表和含有所述卡号的卡号表具体过程为:所述标识化服务器采用第一算法结合第一密钥加密卡号信息并存储,所述卡号信息包括所述卡号、卡号类型、卡bin、有效期和CVV代码,对加密后的所述卡号信息分配一个对应的卡号ID生成卡号表;Further preferably, in the step S12, the specific process of generating the identification table containing the identification information and the card number table containing the card number is as follows: the identification server encrypts the card number information using the first algorithm combined with the first key and Store, the card number information includes the card number, card number type, card bin, validity period and CVV code, assign a corresponding card number ID to the encrypted card number information to generate a card number table;

所述标识化服务器存储第一信息,所述第一信息包括所述标识信息、所述商户号、卡号密文和所述卡号ID,所述卡号密文为所述标识化服务器采用第二算法结合第二密钥加密所述卡号生成;对所述第一信息分配一个对应的标识ID生成所述标识表;The identification server stores first information, and the first information includes the identification information, the merchant number, the card number ciphertext and the card number ID, and the card number ciphertext is the second algorithm adopted by the identification server. Encrypting the card number in conjunction with the second key to generate; assigning a corresponding identification ID to the first information to generate the identification table;

通过所述卡号ID绑定所述标识表和所述卡号表;Binding the identification table and the card number table through the card number ID;

所述根据卡号和商户号查找所述标识信息具体过程为:所述标识化服务器采用第二算法结合第二密钥加密所述卡号生成卡号密文,在所述标识表中查找与商户号和所述卡号密文相对应的所述标识信息;The specific process of searching the identification information according to the card number and merchant number is as follows: the identification server adopts the second algorithm combined with the second key to encrypt the card number to generate the ciphertext of the card number, and searches the identification table for the identification information corresponding to the merchant number and the merchant number. The identification information corresponding to the ciphertext of the card number;

所述根据所述标识信息和所述商户号查找所述卡号具体过程为:所述标识化服务器在所述标识表中查找与所述标识信息和所述商户号对应的所述卡号ID;所述标识化服务器在所述卡号表中查找与所述卡号ID对应的加密后的所述卡号信息,并采用所述第一算法结合第一密钥解密,获得所述卡号信息。The specific process of searching the card number according to the identification information and the merchant number is: the identification server searches the identification table for the card number ID corresponding to the identification information and the merchant number; The identification server searches the card number table for the encrypted card number information corresponding to the card number ID, and decrypts it using the first algorithm combined with a first key to obtain the card number information.

进一步优选地,所述步骤S3具体为:Further preferably, the step S3 is specifically:

所述交易平台向所述标识化服务器发送所述商户号和所述卡号获取所述标识信息,所述标识化服务器响应请求,采用所述第二算法结合所述第二密钥对接收到的所述卡号进行加密生成所述卡号密文;所述标识化服务器在存储的所述标识表中查找和所述商户号、所述卡号密文相对应的所述标识信息,将查找到的所述标识信息返回给所述交易平台。The transaction platform sends the merchant number and the card number to the identification server to obtain the identification information, and the identification server responds to the request by using the second algorithm combined with the received second key pair The card number is encrypted to generate the card number ciphertext; the identification server searches the stored identification table for the identification information corresponding to the merchant number and the card number ciphertext, and uses the found The above identification information is returned to the transaction platform.

进一步优选地,所述步骤S5具体为:Further preferably, the step S5 is specifically:

所述支付平台接收到所述支付信息和所述标识信息,将所述标识信息和所述商户号发送给所述标识化服务器;所述标识化服务器在所述标识表中查找与所述标识信息和所述商户号对应的所述卡号ID;查找到对应的所述卡号ID后,所述标识化服务器在所述卡号表中查找与所述卡号ID对应的加密后的所述卡号信息;所述标识化服务器解密查找到的加密的所述卡号信息,将解密后的所述卡号信息返回至所述支付平台。The payment platform receives the payment information and the identification information, and sends the identification information and the merchant number to the identification server; the identification server looks up the identification information in the identification table. Information and the card number ID corresponding to the merchant number; after finding the corresponding card number ID, the identification server looks up the encrypted card number information corresponding to the card number ID in the card number table; The identification server decrypts the found encrypted card number information, and returns the decrypted card number information to the payment platform.

进一步优选地,所述交易平台包括支付网关和标识前置接口;所述支付网关获取所述敏感信息和所述支付信息;所述标识前置接口校验商户身份合法性。Further preferably, the transaction platform includes a payment gateway and a front-end identification interface; the payment gateway obtains the sensitive information and the payment information; and the front-end identification interface verifies the legality of the identity of the merchant.

进一步优选地,在步骤S3到步骤S4中,所述支付网关将获取的所述敏感信息和所述支付信息发送至所述标识前置接口,由所述标识前置接口向所述标识化服务器发送获取所述标识信息请求,并将所述支付信息和所述标识化服务器返回的所述标识信息发送至所述支付平台。Further preferably, in steps S3 to S4, the payment gateway sends the obtained sensitive information and the payment information to the identification front interface, and the identification front interface sends the identification server Sending a request to obtain the identification information, and sending the payment information and the identification information returned by the identification server to the payment platform.

进一步优选地,在步骤S3到步骤S4中,所述支付网关获取所述敏感信息和所述支付信息,并通过标识前置接口向标识化服务器发送获取所述标识信息请求,并将所述支付信息和所述标识化服务器返回的所说标识信息发送至所述支付平台。Further preferably, in steps S3 to S4, the payment gateway obtains the sensitive information and the payment information, and sends a request for obtaining the identification information to the identification server through the identification front interface, and sends the payment The information and the identification information returned by the identification server are sent to the payment platform.

本发明获取标识信息和完成标识信息与敏感信息替换可通过支付网关或标识前置接口完成,通过提供两种实施方式,能够适应不同改造需求。In the present invention, the acquisition of identification information and the replacement of identification information and sensitive information can be completed through the payment gateway or the front interface of the identification. By providing two implementation modes, it can adapt to different transformation requirements.

本发明还提供一种敏感信息标识化的支付系统,包括一标识化服务器端、交易端和支付端,所述标识化服务器端包括:The present invention also provides a sensitive information marked payment system, including a marked server end, a transaction end and a payment end, and the marked server end includes:

一标识信息生成模块,根据敏感信息生成标识信息;An identification information generation module, which generates identification information according to sensitive information;

一注册模块,绑定所述敏感信息和所述标识信息;A registration module, binding the sensitive information and the identification information;

一查找模块,根据所述敏感信息查找所述标识信息,以及根据所述标识信息查找所述敏感信息;A searching module, searching for the identification information according to the sensitive information, and searching for the sensitive information according to the identification information;

一发送模块,发送所述标识信息至所述交易端,以及发送所述敏感信息至所述支付端;A sending module, sending the identification information to the transaction end, and sending the sensitive information to the payment end;

所述交易端包括:The transaction terminal includes:

一交易模块,获取敏感信息和生成支付信息;A transaction module, which acquires sensitive information and generates payment information;

一标识信息获取模块,向所述标识化服务器端发送标识信息获取请求,获取所述标识信息;An identification information acquisition module, which sends an identification information acquisition request to the identification server to obtain the identification information;

一标识信息替换模块,将所述敏感信息替换为所述标识信息,发送所述标识信息和所述支付信息给所述支付端;An identification information replacement module, which replaces the sensitive information with the identification information, and sends the identification information and the payment information to the payment terminal;

所述支付端包括:The payment terminal includes:

一敏感信息获取模块,向所述标识化服务器端发送所述标识信息,获取所述敏感信息;A sensitive information acquisition module, which sends the identification information to the identification server to acquire the sensitive information;

一支付模块,根据所述支付信息和所述敏感信息进行支付,完成交易;A payment module, making payment according to the payment information and the sensitive information, and completing the transaction;

一交易结果返回模块,将交易结果返回至所述交易端。A transaction result returning module, which returns the transaction result to the transaction terminal.

本发明采用的标识信息兼容了现有银行卡号的数据结构,现有的商户系统和支付系统只需变动少量接口,即可实现银行卡支付过程的标识化,省去了密钥保管,过程简单,具有更优的技术效果。The identification information adopted by the present invention is compatible with the data structure of the existing bank card number, and the existing merchant system and payment system only need to change a small amount of interfaces to realize the identification of the bank card payment process, eliminating the need for key storage, and the process is simple , with a better technical effect.

附图说明Description of drawings

下面结合附图和具体实施方式对本发明作进一步详细说明:Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

图1为本发明的一种敏感信息标识化的支付方法步骤流程示意图;Fig. 1 is a schematic flow chart of a payment method for identifying sensitive information according to the present invention;

图2为本发明一种敏感信息标识化的支付方法另一实施例二步骤流程示意图;Fig. 2 is a schematic flow chart of the second step of another embodiment of a payment method for identifying sensitive information according to the present invention;

图3为本发明一种敏感信息标识化的支付方法另一实施例三步骤流程示意图;Fig. 3 is a three-step flowchart of another embodiment of a sensitive information identification payment method according to the present invention;

图4为本发明的一种敏感信息标识化的支付系统结构框图。Fig. 4 is a structural block diagram of a sensitive information identification payment system according to the present invention.

具体实施方式Detailed ways

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面结合附图和实施例对本发明进行具体的描述。下面描述中的附图仅仅是本发明的一些实施例。对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be specifically described below in conjunction with the accompanying drawings and embodiments. The drawings in the following description are only some embodiments of the invention. For those skilled in the art, other drawings can also be obtained based on these drawings without creative effort.

如图1所示为本发明的敏感信息标识化的支付方法步骤流程示意图,作为本发明的具体实施例一,本发明提供了一种敏感信息标识化的支付方法,包括:As shown in Fig. 1, it is a schematic flow chart of the payment method for marking sensitive information of the present invention. As a specific embodiment 1 of the present invention, the present invention provides a payment method for marking sensitive information, including:

S1将敏感信息和标识信息在标识化服务器上注册并建立对应关系;S1 registers sensitive information and identification information on the identification server and establishes a corresponding relationship;

S2交易平台获取敏感信息和生成支付信息;S2 trading platform obtains sensitive information and generates payment information;

S3所述交易平台向标识化服务器发送所述敏感信息,获取标识信息;S3, the transaction platform sends the sensitive information to the identification server to obtain the identification information;

S4所述交易平台发送所述标识信息和所述支付信息发送至支付平台;S4, the transaction platform sends the identification information and the payment information to the payment platform;

S5所述支付平台发送所述标识信息至所述标识化服务器,获取所述敏感信息;S5 The payment platform sends the identification information to the identification server to obtain the sensitive information;

S6所述支付平台根据所述支付信息和所述敏感信息完成交易,返回交易结果。S6 The payment platform completes the transaction according to the payment information and the sensitive information, and returns a transaction result.

具体的,其中所述敏感信息包括商户号、卡号、有效期、CVV码。Specifically, the sensitive information includes merchant number, card number, validity period, and CVV code.

本发明中的步骤S1所述标识化服务器对所述敏感信息和所述标识信息注册,具体包括以下四个步骤:The identification server in step S1 of the present invention registers the sensitive information and the identification information, specifically including the following four steps:

S11根据所述卡号和所述商户号生成所述标识信息并存储;S11 generating and storing the identification information according to the card number and the merchant number;

S12生成标识表和卡号表存储,并将所述标识表和所述卡号表进行绑定;S12 generates an identification table and a card number table for storage, and binds the identification table and the card number table;

S13根据卡号和商户号查找所述标识信息;S13 searches for the identification information according to the card number and the merchant number;

S14根据所述标识信息和所述商户号查找所述卡号。S14 Searches for the card number according to the identification information and the merchant number.

具体的,步骤S12生成含有标识信息的标识表和含有卡号的卡号表具体过程为:标识化服务器采用第一算法结合第一密钥加密卡号信息并存储,卡号信息包括卡号、卡号类型、卡bin、有效期和CVV代码,对加密后的卡号信息分配一个对应的卡号ID生成卡号表。Specifically, step S12 generates the identification table containing the identification information and the card number table containing the card number. The specific process is: the identification server adopts the first algorithm combined with the first key to encrypt and store the card number information. , validity period and CVV code, and assign a corresponding card number ID to the encrypted card number information to generate a card number table.

标识化服务器存储第一信息,第一信息包括标识信息、商户号、卡号密文和卡号ID,卡号密文为标识化服务器采用第二算法结合第二密钥加密所述卡号生成;对第一信息分配一个对应的标识ID生成标识表。The identification server stores the first information, and the first information includes identification information, merchant number, card number ciphertext and card number ID, and the card number ciphertext is generated by the identification server using the second algorithm in combination with the second key to encrypt the card number; for the first The information is assigned a corresponding identification ID to generate an identification table.

通过卡号ID绑定标识表和卡号表。The identification table and the card number table are bound by the card number ID.

步骤S13根据卡号和商户号查找标识信息具体过程为:标识化服务器采用第二算法结合第二密钥加密所述卡号生成卡号密文,在标识表中查找与商户号和卡号密文相对应的标识信息。Step S13 The specific process of searching for the identification information according to the card number and the merchant number is as follows: the identification server adopts the second algorithm combined with the second key to encrypt the card number to generate a card number ciphertext, and searches the identification table for the ciphertext corresponding to the merchant number and the card number. Identification information.

步骤S14根据标识信息和商户号查找卡号具体过程为:标识化服务器在标识表中查找与标识信息和商户号对应的卡号ID,标识化服务器在卡号表中查找与卡号ID对应的加密后的卡号信息,并采用第一算法结合第一密钥解密,获得卡号信息。The specific process of step S14 searching for the card number according to the identification information and the merchant number is as follows: the identification server searches the identification table for the card number ID corresponding to the identification information and the merchant number, and the identification server searches the card number table for the encrypted card number corresponding to the card number ID The information is decrypted by using the first algorithm combined with the first key to obtain the card number information.

对上述步骤S1具体阐述,标识信息用Token表示。标识化服务器对敏感信息和标识信息进行注册的过程为:To elaborate on the above step S1, the identification information is represented by Token. The process for the identification server to register sensitive information and identification information is as follows:

1、从token池中取出用于预生成的token,token是通过加密机生成的安全随机数,用于与token bin拼接生成Token。1. Take out the pre-generated token from the token pool. The token is a secure random number generated by an encryption machine, which is used to splicing with the token bin to generate a token.

2、将token与token bin、对应卡号后四位拼接成完整的Token,其中,token bin类似与银行卡bin(标识发卡行)起到交易路由的作用。Token是一种带格式字符的标记置换,通过将Token与卡号建立映射关系表,通过映射表才能从中找出对应关系中的原始值。拼接后的Token完整格式为token bin+token+卡号后四位。2. Splicing the token, token bin, and the last four digits of the corresponding card number into a complete Token, among which, the token bin is similar to the bank card bin (identifying the card issuing bank) and plays the role of transaction routing. Token is a tag replacement with formatted characters. By establishing a mapping relationship table between Token and card number, the original value in the corresponding relationship can be found through the mapping table. The complete format of the spliced Token is token bin+token+the last four digits of the card number.

3、在数据库中建立一张卡号表。标识化服务器采用第一算法结合第一密钥加密卡号信息并存储,其中,卡号信息包括卡号、卡号类型(信用卡、借记卡等)、卡bin、有效期、CVV码,对加密后的卡号信息分配一个对应的卡号ID生成卡号表。本发明中的第一算法不作限定,凡是能实现加密功能的算法均可。3. Create a card number table in the database. The identification server uses the first algorithm combined with the first key to encrypt and store the card number information, wherein the card number information includes the card number, card number type (credit card, debit card, etc.), card bin, validity period, and CVV code, and the encrypted card number information Assign a corresponding card number ID to generate a card number table. The first algorithm in the present invention is not limited, and any algorithm that can realize the encryption function is acceptable.

4、在数据库中建立一张标识表(Token表)。标识化服务器存储所有第一信息,第一信息包括标识信息Token、商户号、卡号密文和卡号ID,并给第一信息分配一个对应的标识ID生成Token表。4. Create an identification table (Token table) in the database. The identification server stores all the first information, the first information includes identification information Token, merchant number, card number ciphertext and card number ID, and assigns a corresponding identification ID to the first information to generate a Token table.

具体的,其中,卡号密文为标识化服务器采用第二加密算法和第二密钥加密对应卡号生成的。本发明中的第二加密算法优选使用MD5算法加密卡号生成卡号MD5,因为MD5算法具有数据长度较小的优点,但是加密算法不限于MD5算法,还可以包括sha1等加密算法。Specifically, the ciphertext of the card number is generated by the identification server using the second encryption algorithm and the second key to encrypt the corresponding card number. The second encryption algorithm in the present invention preferably uses the MD5 algorithm to encrypt the card number to generate the card number MD5, because the MD5 algorithm has the advantage that the data length is small, but the encryption algorithm is not limited to the MD5 algorithm, and can also include encryption algorithms such as sha1.

具体的,其中,商户号为电商如京东、淘宝,苏宁等组织机构的代码或是在银联登记的编号。每个电商不同,其对应的商户号也不同,同一个银行卡号在不同的电商平台生成的Token不同。在根据卡号查询卡号在某电商平台使用的Token时,先商户号也必须作为查询条件,即先根据卡号和密钥进行加密计算出卡号MD5,根据卡号MD5和商户号可查找到相应的Token。Specifically, the merchant number is the code of an e-commerce organization such as JD.com, Taobao, and Suning, or a number registered with UnionPay. Each e-commerce company is different, and its corresponding merchant ID is also different. The same bank card number generates different Tokens on different e-commerce platforms. When querying the Token used by the card number on an e-commerce platform based on the card number, the merchant number must also be used as the query condition, that is, the card number MD5 is first encrypted and calculated according to the card number and the key, and the corresponding Token can be found according to the card number MD5 and the merchant number .

具体的,Token表中还存储有卡号ID,通过卡号ID与卡号表进行绑定。Specifically, the card number ID is also stored in the Token table, and the card number ID is bound to the card number table.

具体的,Token表中还存储有Token有效期,用于检测Token是否过期。Specifically, the validity period of the Token is also stored in the Token table, which is used to detect whether the Token has expired.

具体的,Token表还存储有token key和token value。在实际支付过程中,响应获取Token请求时传递的标识信息Token就是token key和tokenvalue两个值。token key是带*隐藏的Token值,key将Token前后各留四位中间部分用*表示,就像网银或手机显示的账号一样,中间几都是用*代替只留前后四位,如6120******3758,用于在显示时隐藏部分值供用户确认。tokenvalue是在实际过程中传递的完整的值,用于发送给支付平台进行支付。Token表还存储有token有效期,用于检查预生成的token是否过期。Specifically, the Token table also stores a token key and a token value. In the actual payment process, the identification information Token passed in response to the Token request is the two values of token key and tokenvalue. The token key is the Token value hidden with *. The key will leave four digits in the middle of the Token and use * to represent it, just like the account number displayed on the online banking or mobile phone. *****3758, used to hide some values for user confirmation when displayed. tokenvalue is the complete value passed in the actual process, which is used to send to the payment platform for payment. The token table also stores the validity period of the token, which is used to check whether the pre-generated token has expired.

在步骤S13中,当交易平台向标识化服务器发送获取Token请求时,首先交易平台向标识化服务器发送敏感信息,包括商户号、卡号等信息。标识化服务器接收到敏感信息,采用MD5加密算法结合第一密钥加密卡号生成卡号密文即卡号MD5。标识化服务器在Token表中查找与接收到的商户号和卡号密文相对应的标识ID,获取此标识ID存储的第一信息,将第一信息中的Token,包括token key和token value返回给交易平台。In step S13, when the transaction platform sends a Token acquisition request to the identification server, the transaction platform first sends sensitive information to the identification server, including merchant number, card number and other information. The identification server receives the sensitive information, and uses the MD5 encryption algorithm combined with the first key to encrypt the card number to generate the ciphertext of the card number, that is, the card number MD5. The identification server looks up the identification ID corresponding to the received merchant number and card number ciphertext in the Token table, obtains the first information stored in this identification ID, and returns the Token in the first information, including token key and token value, to trading platform.

在步骤S14中,当支付平台向标识化服务器发送获取卡号信息的请求时,支付平台向标识化服务器发送商户号和Token。标识化服务器在Token表中查找与接收到的Token和商户号对应的卡号ID。标识化服务器根据对应的卡号ID在卡号表中进行查找匹配的卡号ID,获得当前卡号ID对应的加密后的卡号信息。标识化服务器再采用第一算法结合第一密钥进行解密,获得卡号信息,包括卡号、卡号类型(信用卡、借记卡等)、卡bin、有效期、CVV码。标识化服务器将获得的卡号信息返回给支付平台。In step S14, when the payment platform sends a request for obtaining card number information to the identification server, the payment platform sends the merchant number and Token to the identification server. The identification server looks up the card number ID corresponding to the received Token and merchant number in the Token table. The identification server searches for the matching card number ID in the card number table according to the corresponding card number ID, and obtains the encrypted card number information corresponding to the current card number ID. The identification server uses the first algorithm combined with the first key to decrypt to obtain the card number information, including card number, card number type (credit card, debit card, etc.), card bin, validity period, and CVV code. The identification server returns the obtained card number information to the payment platform.

至此,标识化服务器将敏感信息与对应标识信息Token建立了对应关系,完成了初始化注册。So far, the identification server has established a corresponding relationship between the sensitive information and the corresponding identification information Token, and completed the initial registration.

下面对本发明实施例一的具体过程进行阐述。The specific process of Embodiment 1 of the present invention will be described below.

在进行支付过程前,首先在标识化服务器内完成敏感信息与对应Token的注册,注册过程参阅上面所述步骤S1的详细过程,在此不再赘述。Before the payment process, the registration of sensitive information and corresponding Token is first completed in the identification server. For the registration process, refer to the detailed process of step S1 mentioned above, and will not be repeated here.

完成注册后,进行支付过程中。After completing the registration, proceed to the payment process.

步骤S2:用户通过用户浏览器浏览商品并选择商品加入购物车结算,电商平台生成订单信息发送给交易平台,交易平台根据订单信息生成支付信息。其中,电商平台包括淘宝、京东、苏宁等。Step S2: The user browses products through the user browser and selects products to add to the shopping cart for settlement. The e-commerce platform generates order information and sends it to the transaction platform. The transaction platform generates payment information based on the order information. Among them, e-commerce platforms include Taobao, JD.com, Suning, etc.

交易平台向电商平台给出页面重定向,在浏览器上显示用户输入用于支付的敏感信息。用户通过重定向网页输入卡号等敏感信息发送给交易平台。The trading platform redirects the page to the e-commerce platform, displaying on the browser the sensitive information entered by the user for payment. The user enters sensitive information such as the card number through the redirection web page and sends it to the trading platform.

步骤S3交易平台向标识化服务器发送一条获取Token的请求以及商户号和卡号。Step S3: The trading platform sends a request for obtaining Token, merchant number and card number to the identification server.

标识化服务器响应获取Token的请求,对接收到的卡号进行计算生成卡号密文即卡号MD5。标识化服务器在存储的标识表中查找和商户号、卡号MD5相对应的Token。若查找所述Token不存在,则生成新的Token,并分配一个标识ID存储在标识表中。The identification server responds to the request to obtain the Token, and calculates the received card number to generate the ciphertext of the card number, that is, the card number MD5. The identification server looks up the Token corresponding to the merchant number and the MD5 of the card number in the stored identification table. If it is found that the Token does not exist, a new Token is generated, and an identification ID is assigned and stored in the identification table.

若所述Token存在,则检查所述Token有效期是否过期,若所述Token过期则生成新的Token;若所述Token未过期,则将查找到的Token返回给所述交易平台。其中Token包括token key和token value两个值,token key是带*隐藏的Token值,token value是在实际过程中传递的完整的Token值。If the Token exists, check whether the validity period of the Token has expired, and generate a new Token if the Token expires; if the Token has not expired, return the found Token to the trading platform. The token includes two values: token key and token value, token key is the token value hidden with *, and token value is the complete token value passed in the actual process.

步骤S4交易平台获得返回的Token,并将Token和支付信息发送给支付平台。本发明中,支付平台包括银联在线和银行系统。Step S4 The trading platform obtains the returned Token, and sends the Token and payment information to the payment platform. In the present invention, the payment platform includes UnionPay Online and the banking system.

步骤S5支付平台接收到Token和支付信息,将Token和商户号发送给标识化服务器。标识化服务器在存储的标识表中查找与Token和商户号对应的卡号ID。查找到对应的卡号ID后,标识化服务器在存储的卡号表中查找与卡号ID对应的加密后的卡号信息。标识化服务器对此加密后的卡号信息进行解密,得到具体的卡号信息,并将卡号信息返回至支付平台。Step S5 The payment platform receives the Token and payment information, and sends the Token and merchant number to the identification server. The identification server looks up the card number ID corresponding to the Token and the merchant number in the stored identification table. After finding the corresponding card number ID, the identification server looks up the encrypted card number information corresponding to the card number ID in the stored card number table. The identification server decrypts the encrypted card number information to obtain specific card number information, and returns the card number information to the payment platform.

步骤S6支付平台获得返回的卡号信息,根据支付信息和卡号信息进行支付,完成交易并向交易平台返回交易结果。Step S6: The payment platform obtains the returned card number information, makes payment according to the payment information and card number information, completes the transaction and returns the transaction result to the transaction platform.

具体的,本发明中的交易端包括一支付网关和一标识前置接口,其中,支付网关用于获取敏感信息和生成支付信息,可以为电商自有的支付网关或第三方支付网关。标识前置接口检验接收到的支付信息和敏感信息的数据有效性,并验证签名信息,确认商户身份是否合法。Specifically, the transaction terminal in the present invention includes a payment gateway and an identification front interface, wherein the payment gateway is used to obtain sensitive information and generate payment information, and may be the e-commerce's own payment gateway or a third-party payment gateway. The identification front interface verifies the data validity of the received payment information and sensitive information, and verifies the signature information to confirm whether the identity of the merchant is legal.

对实施例一进行改进,得到优选的实施例二,其中在步骤S3到步骤S4中,支付网关将获取的敏感信息和支付信息发送至标识前置接口,由标识前置接口向标识化服务器发送获取Token请求,并将支付信息和标识化服务器返回的Token发送给支付平台。Embodiment 1 is improved to obtain preferred embodiment 2, wherein in steps S3 to S4, the payment gateway sends the acquired sensitive information and payment information to the identification front interface, and the identification front interface sends the information to the identification server Obtain the Token request, and send the payment information and the Token returned by the identification server to the payment platform.

如图2所示为本发明的另一个具体实施例二的流程,其中:As shown in Figure 2, it is the process flow of another specific embodiment 2 of the present invention, wherein:

步骤S1的详细过程同实施例1。The detailed process of step S1 is the same as that in embodiment 1.

步骤S2:用户通过用户浏览器浏览商品并选择商品加入购物车结算,电商平台根据用户的交易信息生成订单并签名发送给支付网关。支付网关接收到订单信息,对签名信息进行验证,根据订单信息生成支付信息,并给出页面重定向,在浏览器上显示用户输入用于支付的敏感信息。用户通过重定向网页输入卡号等敏感信息发送给支付网关。支付网关对敏感信息和支付信息进行签名。Step S2: The user browses the product through the user browser and selects the product to add to the shopping cart for settlement. The e-commerce platform generates an order according to the user's transaction information and sends it to the payment gateway with a signature. The payment gateway receives the order information, verifies the signature information, generates payment information according to the order information, and redirects the page to display the sensitive information entered by the user for payment on the browser. The user enters sensitive information such as the card number through the redirection web page and sends it to the payment gateway. The payment gateway signs sensitive and payment information.

S31到S41:支付网关发送敏感信息和支付信息给标识前置接口。标识前置接口检查数据有效性,验证签名信息,确认商户身份合法后,标识前置接口发送敏感信息和获取Token请求至标识化服务器。S31 to S41: the payment gateway sends sensitive information and payment information to the identification front interface. The identification front-end interface checks the validity of the data, verifies the signature information, and confirms that the identity of the merchant is legal. The identification front-end interface sends sensitive information and obtains Token requests to the identification server.

标识化服务器接收到标识前置接口发送的敏感信息和获取Token请求,对敏感信息中的卡号进行MD5计算得到卡号MD5。根据商户号和卡号MD5查找存储的Token。若所述Token不存在,则生成新的Token,并分配一个标识ID存储在标识表中。The identification server receives the sensitive information sent by the front-end interface of the identification and obtains the Token request, and performs MD5 calculation on the card number in the sensitive information to obtain the card number MD5. Find the stored Token based on the merchant number and card number MD5. If the Token does not exist, a new Token is generated, and an identification ID is assigned and stored in the identification table.

若所述Token存在,则检查所述Token有效期是否过期,若所述Token过期则生成新的Token;若所述Token未过期,则直接返回Token,其中Token包括token key和token value两个值,token key是带*隐藏的Token值,token value是在实际过程中传递的完整的Token值。If the Token exists, check whether the validity period of the Token has expired, and generate a new Token if the Token expires; if the Token has not expired, directly return the Token, wherein the Token includes two values of token key and token value, The token key is the Token value hidden with *, and the token value is the complete Token value passed in the actual process.

标识前置接口接收到标识化服务器返回的Token,将Token和支付信息发送给支付平台。The identification front interface receives the Token returned by the identification server, and sends the Token and payment information to the payment platform.

步骤S5支付平台接收到Token和支付信息,将Token和商户号发送给标识化服务器。标识化服务器在存储的标识表中查找与Token和商户号对应的卡号ID。查找到对应的卡号ID后,标识化服务器在存储的卡号表中查找与卡号ID对应的加密后的卡号信息。标识化服务器对此加密后的卡号信息进行解密,得到具体的卡号信息,并将卡号信息返回至支付平台。Step S5 The payment platform receives the Token and payment information, and sends the Token and merchant number to the identification server. The identification server looks up the card number ID corresponding to the Token and the merchant number in the stored identification table. After finding the corresponding card number ID, the identification server looks up the encrypted card number information corresponding to the card number ID in the stored card number table. The identification server decrypts the encrypted card number information to obtain specific card number information, and returns the card number information to the payment platform.

步骤S61:支付平台根据支付信息和返回的卡号信息进行支付,完成交易,返回交易结果给标识前置接口,由标识前置接口向支付网关主动返回交易结果。Step S61: The payment platform makes payment according to the payment information and the returned card number information, completes the transaction, returns the transaction result to the identification front interface, and the identification front interface actively returns the transaction result to the payment gateway.

在实施例二中,本发明对标识前置接口改造,使得标识前置接口获取Token完成Token请求处理工作,并由标识前置接口将获取的Token替换敏感信息,将支付信息和Token发送给支付平台。支付平台在完成支付后将交易结果返回给标识前置接口,由标识前置接口主动通知支付网关交易结果。In the second embodiment, the present invention transforms the identification front interface, so that the identification front interface acquires Token to complete the Token request processing work, and the identification front interface replaces the acquired Token with sensitive information, and sends the payment information and Token to the payment platform. After the payment is completed, the payment platform returns the transaction result to the identification front interface, and the identification front interface actively notifies the payment gateway of the transaction result.

对实施例一进行改进,得到优选的实施例三,其中在步骤S3到步骤S4中,支付网关获取所述敏感信息和所述支付信息,并通过标识前置接口向标识化服务器发送获取所述标识信息请求,并将所述支付信息和所述标识化服务器返回的所说标识信息发送至所述支付平台。Embodiment 1 is improved to obtain preferred embodiment 3, wherein in step S3 to step S4, the payment gateway obtains the sensitive information and the payment information, and sends to the identification server through the identification front interface to obtain the Identify the information request, and send the payment information and the identification information returned by the identification server to the payment platform.

如图3所示为本发明的另一个具体实施例三的流程,其中:As shown in Figure 3, it is the process of another specific embodiment 3 of the present invention, wherein:

步骤S1的详细过程同实施例1。The detailed process of step S1 is the same as that in embodiment 1.

步骤S2:用户通过用户浏览器浏览商品并选择商品加入购物车结算,电商平台根据用户的交易信息生成订单并签名发送给支付网关。支付网关接收到订单信息,对签名信息进行验证,根据订单信息生成支付信息,并给出页面重定向,在浏览器上显示用户输入用于支付的敏感信息。用户通过重定向网页输入卡号等敏感信息发送给支付网关。支付网关对敏感信息和支付信息进行签名。Step S2: The user browses the product through the user browser and selects the product to add to the shopping cart for settlement. The e-commerce platform generates an order according to the user's transaction information and sends it to the payment gateway with a signature. The payment gateway receives the order information, verifies the signature information, generates payment information according to the order information, and redirects the page to display the sensitive information entered by the user for payment on the browser. The user enters sensitive information such as the card number through the redirection web page and sends it to the payment gateway. The payment gateway signs sensitive and payment information.

步骤S32到步骤S42:支付网关发送敏感信息和一条获取Token请求至标识前置接口,通过标识前置接口检查数据有效性,验证签名信息,确认商户身份合法。由标识前置接口转发敏感信息和获取Token请求至标识化服务器。Step S32 to Step S42: The payment gateway sends sensitive information and a Token acquisition request to the identification front interface, checks the validity of the data through the identification front interface, verifies the signature information, and confirms that the merchant's identity is legal. Sensitive information and token acquisition requests are forwarded to the identification server by the identification front interface.

标识化服务器接收到支付网关发送的敏感信息和获取Token的请求,对敏感信息中的卡号进行MD5计算得到卡号MD5。根据商户号和卡号MD5查找存储的Token。若所述Token不存在,则生成新的Token,并分配一个标识ID存储在标识表中。The identification server receives the sensitive information sent by the payment gateway and the request to obtain Token, and performs MD5 calculation on the card number in the sensitive information to obtain the card number MD5. Find the stored Token based on the merchant number and card number MD5. If the Token does not exist, a new Token is generated, and an identification ID is assigned and stored in the identification table.

若所述Token存在,则检查所述Token有效期是否过期,若所述Token过期则生成新的Token;若所述Token未过期,则直接返回Token,其中Token包括token key和token value两个值,token key是带*隐藏的Token值,token value是在实际过程中传递的完整的Token值。If the Token exists, check whether the validity period of the Token has expired, and generate a new Token if the Token expires; if the Token has not expired, directly return the Token, wherein the Token includes two values of token key and token value, The token key is the Token value hidden with *, and the token value is the complete Token value passed in the actual process.

标识化服务器通过标识前置接口向支付网关返回标识信息。支付网关接收到返回的标识信息,将所述标识信息和支付信息发送给支付平台。The identification server returns the identification information to the payment gateway through the identification front interface. The payment gateway receives the returned identification information, and sends the identification information and payment information to the payment platform.

步骤S5支付平台接收到Token和支付信息,将Token和商户号发送给标识化服务器。标识化服务器在存储的标识表中查找与Token和商户号对应的卡号ID。查找到对应的卡号ID后,标识化服务器在存储的卡号表中查找与卡号ID对应的加密后的卡号信息。标识化服务器对此加密后的卡号信息进行解密,得到具体的卡号信息,并将卡号信息返回至支付平台。Step S5 The payment platform receives the Token and payment information, and sends the Token and merchant number to the identification server. The identification server looks up the card number ID corresponding to the Token and the merchant number in the stored identification table. After finding the corresponding card number ID, the identification server looks up the encrypted card number information corresponding to the card number ID in the stored card number table. The identification server decrypts the encrypted card number information to obtain specific card number information, and returns the card number information to the payment platform.

步骤S62:支付平台根据支付信息和返回的卡号信息进行支付,完成交易,直接返回交易结果给支付网关。Step S62: The payment platform makes payment according to the payment information and the returned card number information, completes the transaction, and directly returns the transaction result to the payment gateway.

在实施例三中,本发明对支付网关改造,使得支付网关获取Token完成Token请求处理工作,并由支付网关将获取的Token替换敏感信息,将支付信息和Token发送给支付平台。支付平台在完成支付后将交易结果返回给支付网关。In the third embodiment, the present invention transforms the payment gateway so that the payment gateway acquires Token to complete the Token request processing work, and the payment gateway replaces the acquired Token with sensitive information, and sends the payment information and Token to the payment platform. After the payment is completed, the payment platform returns the transaction result to the payment gateway.

本发明还提供了一种敏感信息标识化的支付系统,如图4所示为一种敏感信息标识化的支付系统结构框图,包括一标识化服务器端、交易端和支付端,其中:The present invention also provides a sensitive information marked payment system, as shown in Figure 4, a structural block diagram of a sensitive information marked payment system, including a marked server end, transaction end and payment end, wherein:

所述标识化服务器端包括:The identification server includes:

一标识信息生成模块,根据敏感信息生成标识信息;An identification information generation module, which generates identification information according to sensitive information;

一注册模块,绑定所述敏感信息和所述标识信息;A registration module, binding the sensitive information and the identification information;

一查找模块,根据所述敏感信息查找所述标识信息,以及根据所述标识信息查找所述敏感信息;A searching module, searching for the identification information according to the sensitive information, and searching for the sensitive information according to the identification information;

一发送模块,发送所述标识信息至所述交易端,以及发送所述敏感信息至所述支付端;A sending module, sending the identification information to the transaction end, and sending the sensitive information to the payment end;

所述交易端包括:The transaction terminal includes:

一交易模块,获取敏感信息,以及根据订单信息生成支付信息;A transaction module, which acquires sensitive information and generates payment information based on order information;

一标识信息获取模块,向所述标识化服务器端发送标识信息获取请求,获取所述标识信息;An identification information acquisition module, which sends an identification information acquisition request to the identification server to obtain the identification information;

一标识信息替换模块,将所述敏感信息替换为所述标识信息,发送所述标识信息和所述支付信息给所述支付端;An identification information replacement module, which replaces the sensitive information with the identification information, and sends the identification information and the payment information to the payment terminal;

所述支付端包括:The payment terminal includes:

一敏感信息获取模块,向所述标识化服务器端发送所述标识信息,获取A sensitive information acquisition module, which sends the identification information to the identification server, and acquires

所述敏感信息;said sensitive information;

一支付模块,根据所述支付信息和所述敏感信息进行支付,完成交易;A payment module, making payment according to the payment information and the sensitive information, and completing the transaction;

一交易结果返回模块,将交易结果返回至所述交易端。A transaction result returning module, which returns the transaction result to the transaction terminal.

具体的,敏感信息包括商户号、卡号、有效期、CVV码等。Specifically, sensitive information includes merchant number, card number, expiration date, CVV code, etc.

具体的,本发明中的交易端包括支付网关和标识前置接口,其中,支付网关为电商自有或第三方支付网关。Specifically, the transaction terminal in the present invention includes a payment gateway and an identification front interface, wherein the payment gateway is an e-commerce company's own or a third-party payment gateway.

本发明中的支付端包括银联在线和银行系统,本发明的应用场景包括电商——银行系统支付、电商——银联在线支付、电商(含支付网关)——银联在线支付、电商(含支付网关)——银行系统支付、电商——第三方支付网关——银联在线支付、电商——第三方支付网关——银行系统支付。The payment terminal in the present invention includes UnionPay Online and the banking system, and the application scenarios of the present invention include e-commerce—bank system payment, e-commerce—UnionPay online payment, e-commerce (including payment gateway)——UnionPay online payment, e-commerce (Including payment gateway) - banking system payment, e-commerce - third-party payment gateway - UnionPay online payment, e-commerce - third-party payment gateway - banking system payment.

其中,对于电商(含支付网关)——银联在线支付和电商(含支付网关)——银行系统支付,电商首先将生成的订单信息通过内部接口发送给支付网关,在自有支付网关界面获取敏感信息,以及生成支付信息通过外部接口将支付信息和敏感信息发送给银联或银行系统处理。Among them, for e-commerce (including payment gateway) - UnionPay online payment and e-commerce (including payment gateway) - bank system payment, e-commerce firstly sends the generated order information to the payment gateway through the internal interface, and the self-owned payment gateway The interface acquires sensitive information and generates payment information, and sends the payment information and sensitive information to UnionPay or the banking system through the external interface for processing.

对于电商——第三方支付网关——银联在线支付和电商——第三方支付网关——银行系统支付,电商将生成的订单签名信息通过外部接口发送给第三方支付网关,第三方支付网关获取敏感信息,以及根据订单信息生成支付信息,将支付信息和敏感信息发送至银联或银行系统处理。For e-commerce - third-party payment gateway - UnionPay online payment and e-commerce - third-party payment gateway - banking system payment, the e-commerce will send the generated order signature information to the third-party payment gateway through the external interface, and the third-party payment The gateway obtains sensitive information, generates payment information based on the order information, and sends the payment information and sensitive information to UnionPay or the banking system for processing.

以上对发明的具体实施例进行了详细描述,但本发明并不限制于以上描述的具体实施例,其只是作为范例。对于本领域技术人员而言,任何对该系统进行的等同修改和替代也都在本发明的范畴之中。因此,在不脱离发明的精神和范围下所作出的均等变换和修改,都应涵盖在本发明的范围内。The specific embodiments of the invention have been described in detail above, but the present invention is not limited to the specific embodiments described above, which are only examples. For those skilled in the art, any equivalent modifications and substitutions to the system are also within the scope of the present invention. Therefore, equivalent changes and modifications made without departing from the spirit and scope of the invention shall fall within the scope of the present invention.

Claims (3)

1.一种敏感信息标识化的支付方法,其特征在于,包括:1. A payment method for identifying sensitive information, comprising: S1将敏感信息和标识信息在标识化服务器上注册并建立对应关系;所述敏感信息包括商户号、卡号、有效期、CVV码;S1 registers sensitive information and identification information on the identification server and establishes a corresponding relationship; the sensitive information includes merchant number, card number, validity period, and CVV code; S2交易平台获取所述敏感信息和生成支付信息;The S2 trading platform obtains the sensitive information and generates payment information; S3所述交易平台向所述标识化服务器发送所述敏感信息,获取所述标识信息;S3, the transaction platform sends the sensitive information to the identification server, and acquires the identification information; S4所述交易平台发送所述标识信息和所述支付信息发送至支付平台;S4, the transaction platform sends the identification information and the payment information to the payment platform; S5所述支付平台发送所述标识信息至所述标识化服务器,获取所述敏感信息;S5 The payment platform sends the identification information to the identification server to obtain the sensitive information; S6所述支付平台根据所述支付信息和所述敏感信息完成交易,返回交易结果;S6 The payment platform completes the transaction according to the payment information and the sensitive information, and returns a transaction result; 其中,所述交易平台包括支付网关和标识前置接口;所述支付网关获取所述敏感信息和生成所述支付信息;所述支付网关接收到订单信息,根据订单信息生成支付信息,并给出页面重定向;用户通过重定向网页输入敏感信息发送给支付网关;所述支付网关发送敏感信息和支付信息给标识前置接口;所述标识前置接口校验商户身份合法性;Wherein, the transaction platform includes a payment gateway and an identification front interface; the payment gateway obtains the sensitive information and generates the payment information; the payment gateway receives the order information, generates payment information according to the order information, and gives Page redirection; the user enters sensitive information through the redirection webpage and sends it to the payment gateway; the payment gateway sends the sensitive information and payment information to the identification front interface; the identification front interface verifies the legality of the identity of the merchant; 步骤S1所述标识化服务器对所述敏感信息和所述标识信息注册,具体包括:The identification server in step S1 registers the sensitive information and the identification information, specifically including: S11根据所述卡号和所述商户号生成所述标识信息并存储;S11 generating and storing the identification information according to the card number and the merchant number; S12生成含有所述标识信息的标识表和含有所述卡号的卡号表存储,并将所述标识表和所述卡号表进行绑定;S12 Generate an identification table containing the identification information and a card number table containing the card number for storage, and bind the identification table and the card number table; S13根据卡号和商户号查找所述标识信息;S13 searches for the identification information according to the card number and the merchant number; S14根据所述标识信息和所述商户号查找所述卡号;S14 searching for the card number according to the identification information and the merchant number; 在所述步骤S12中,生成含有所述标识信息的标识表和含有所述卡号的卡号表具体过程为:所述标识化服务器采用第一算法结合第一密钥加密卡号信息并存储,所述卡号信息包括所述卡号、卡号类型、卡bin、有效期和CVV代码,对加密后的所述卡号信息分配一个对应的卡号ID生成卡号表;In the step S12, the specific process of generating the identification table containing the identification information and the card number table containing the card number is as follows: the identification server uses the first algorithm combined with the first key to encrypt and store the card number information, and the The card number information includes the card number, card number type, card bin, validity period and CVV code, and a corresponding card number ID is assigned to the encrypted card number information to generate a card number table; 所述标识化服务器存储第一信息,所述第一信息包括所述标识信息、所述商户号、卡号密文和所述卡号ID,所述卡号密文为所述标识化服务器采用第二算法结合第二密钥加密所述卡号生成;对所述第一信息分配一个对应的标识ID生成所述标识表;The identification server stores first information, and the first information includes the identification information, the merchant number, the card number ciphertext and the card number ID, and the card number ciphertext is the second algorithm adopted by the identification server. Encrypting the card number in conjunction with the second key to generate; assigning a corresponding identification ID to the first information to generate the identification table; 通过所述卡号ID绑定所述标识表和所述卡号表;Binding the identification table and the card number table through the card number ID; 所述根据卡号和商户号查找所述标识信息具体过程为:所述标识化服务器采用第二算法结合第二密钥加密所述卡号生成卡号密文,在所述标识表中查找与商户号和所述卡号密文相对应的所述标识信息;The specific process of searching the identification information according to the card number and merchant number is as follows: the identification server adopts the second algorithm combined with the second key to encrypt the card number to generate the ciphertext of the card number, and searches the identification table for the identification information corresponding to the merchant number and the merchant number. The identification information corresponding to the ciphertext of the card number; 所述根据所述标识信息和所述商户号查找所述卡号具体过程为:所述标识化服务器在所述标识表中查找与所述标识信息和所述商户号对应的所述卡号ID;所述标识化服务器在所述卡号表中查找与所述卡号ID对应的加密后的所述卡号信息,并采用所述第一算法结合第一密钥解密,获得所述卡号信息。The specific process of searching the card number according to the identification information and the merchant number is: the identification server searches the identification table for the card number ID corresponding to the identification information and the merchant number; The identification server searches the card number table for the encrypted card number information corresponding to the card number ID, and uses the first algorithm and a first key to decrypt to obtain the card number information. 2.如权利要求1所述的一种敏感信息标识化的支付方法,其特征在于:2. A payment method for identifying sensitive information as claimed in claim 1, characterized in that: 在步骤S3到步骤S4中,所述支付网关将获取的所述敏感信息和所述支付信息发送至所述标识前置接口,由所述标识前置接口向所述标识化服务器发送获取所述标识信息请求,并将所述支付信息和所述标识化服务器返回的所述标识信息发送至所述支付平台。From step S3 to step S4, the payment gateway sends the obtained sensitive information and the payment information to the identification front interface, and the identification front interface sends to the identification server to obtain the identifying the information request, and sending the payment information and the identification information returned by the identification server to the payment platform. 3.一种敏感信息标识化的支付系统,包括一标识化服务器端、交易端和支付端,其特征在于:3. A payment system for marking sensitive information, including a marking server end, transaction end and payment end, characterized in that: 所述标识化服务器端包括:The identification server includes: 一标识信息生成模块,根据敏感信息生成标识信息;所述敏感信息包括商户号、卡号、有效期、CVV码;An identification information generation module generates identification information according to sensitive information; the sensitive information includes merchant number, card number, validity period, and CVV code; 一注册模块,绑定所述敏感信息和所述标识信息;A registration module, binding the sensitive information and the identification information; 一查找模块,根据所述敏感信息查找所述标识信息,以及根据所述标识信息查找所述敏感信息;A searching module, searching for the identification information according to the sensitive information, and searching for the sensitive information according to the identification information; 一发送模块,发送所述标识信息至所述交易端,以及发送所述敏感信息至所述支付端;A sending module, sending the identification information to the transaction end, and sending the sensitive information to the payment end; 所述交易端包括:The transaction terminal includes: 一交易模块,获取敏感信息和生成支付信息;A transaction module, which acquires sensitive information and generates payment information; 一标识信息获取模块,向所述标识化服务器端发送标识信息获取请求,获取所述标识信息;An identification information acquisition module, which sends an identification information acquisition request to the identification server to obtain the identification information; 一标识信息替换模块,将所述敏感信息替换为所述标识信息,发送所述标识信息和所述支付信息给所述支付端;An identification information replacement module, which replaces the sensitive information with the identification information, and sends the identification information and the payment information to the payment terminal; 所述支付端包括:The payment terminal includes: 一敏感信息获取模块,向所述标识化服务器端发送所述标识信息,获取所述敏感信息;A sensitive information acquisition module, which sends the identification information to the identification server to acquire the sensitive information; 一支付模块,根据所述支付信息和所述敏感信息进行支付,完成交易;A payment module, making payment according to the payment information and the sensitive information, and completing the transaction; 一交易结果返回模块,将交易结果返回至所述交易端;A transaction result return module, which returns the transaction result to the transaction terminal; 其中,所述交易端包括支付网关和标识前置接口;所述支付网关获取所述敏感信息和生成所述支付信息;所述支付网关接收到订单信息,根据订单信息生成支付信息,并给出页面重定向;用户通过重定向网页输入敏感信息发送给支付网关;所述支付网关发送敏感信息和支付信息给标识前置接口;所述标识前置接口校验商户身份合法性;Wherein, the transaction end includes a payment gateway and an identification front interface; the payment gateway obtains the sensitive information and generates the payment information; the payment gateway receives the order information, generates payment information according to the order information, and gives Page redirection; the user enters sensitive information through the redirection webpage and sends it to the payment gateway; the payment gateway sends the sensitive information and payment information to the identification front interface; the identification front interface verifies the legality of the identity of the merchant; 标识化服务器对所述敏感信息和所述标识信息注册,具体包括:The identification server registers the sensitive information and the identification information, specifically including: 根据所述卡号和所述商户号生成所述标识信息并存储;generating and storing the identification information according to the card number and the merchant number; 生成含有所述标识信息的标识表和含有所述卡号的卡号表存储,并将所述标识表和所述卡号表进行绑定;Generate an identification table containing the identification information and a card number table containing the card number for storage, and bind the identification table and the card number table; 根据卡号和商户号查找所述标识信息;Find the identification information according to the card number and merchant number; 根据所述标识信息和所述商户号查找所述卡号;Find the card number according to the identification information and the merchant number; 生成含有所述标识信息的标识表和含有所述卡号的卡号表具体过程为:所述标识化服务器采用第一算法结合第一密钥加密卡号信息并存储,所述卡号信息包括所述卡号、卡号类型、卡bin、有效期和CVV代码,对加密后的所述卡号信息分配一个对应的卡号ID生成卡号表;The specific process of generating the identification table containing the identification information and the card number table containing the card number is: the identification server adopts the first algorithm combined with the first key to encrypt and store the card number information, and the card number information includes the card number, Card number type, card bin, validity period and CVV code, assigning a corresponding card number ID to the encrypted card number information to generate a card number table; 所述标识化服务器存储第一信息,所述第一信息包括所述标识信息、所述商户号、卡号密文和所述卡号ID,所述卡号密文为所述标识化服务器采用第二算法结合第二密钥加密所述卡号生成;对所述第一信息分配一个对应的标识ID生成所述标识表;The identification server stores first information, and the first information includes the identification information, the merchant number, the card number ciphertext and the card number ID, and the card number ciphertext is the second algorithm adopted by the identification server. Encrypting the card number in conjunction with the second key to generate; assigning a corresponding identification ID to the first information to generate the identification table; 通过所述卡号ID绑定所述标识表和所述卡号表;Binding the identification table and the card number table through the card number ID; 所述根据卡号和商户号查找所述标识信息具体过程为:所述标识化服务器采用第一算法结合第一密钥加密所述卡号生成卡号密文,在所述标识表中查找与商户号和所述卡号密文相对应的所述标识信息;The specific process of searching the identification information according to the card number and the merchant number is: the identification server adopts the first algorithm combined with the first key to encrypt the card number to generate the ciphertext of the card number, and searches the identity table for the identification information related to the merchant number and the merchant number. The identification information corresponding to the ciphertext of the card number; 所述根据所述标识信息和所述商户号查找所述卡号具体过程为:所述标识化服务器在所述标识表中查找与所述标识信息和所述商户号对应的所述卡号ID;所述标识化服务器在所述卡号表中查找与所述卡号ID对应的加密后的所述卡号信息,并采用所述第一算法结合第一密钥解密,获得所述卡号信息。The specific process of searching the card number according to the identification information and the merchant number is: the identification server searches the identification table for the card number ID corresponding to the identification information and the merchant number; The identification server searches the card number table for the encrypted card number information corresponding to the card number ID, and decrypts it using the first algorithm combined with a first key to obtain the card number information.
CN201410609082.XA 2014-11-03 2014-11-03 A kind of method of payment and system of sensitive information markization Expired - Fee Related CN104361490B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410609082.XA CN104361490B (en) 2014-11-03 2014-11-03 A kind of method of payment and system of sensitive information markization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410609082.XA CN104361490B (en) 2014-11-03 2014-11-03 A kind of method of payment and system of sensitive information markization

Publications (2)

Publication Number Publication Date
CN104361490A CN104361490A (en) 2015-02-18
CN104361490B true CN104361490B (en) 2018-04-24

Family

ID=52528748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410609082.XA Expired - Fee Related CN104361490B (en) 2014-11-03 2014-11-03 A kind of method of payment and system of sensitive information markization

Country Status (1)

Country Link
CN (1) CN104361490B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106033461A (en) * 2015-03-19 2016-10-19 阿里巴巴集团控股有限公司 Sensitive information query method and apparatus
CN105654299A (en) * 2015-12-31 2016-06-08 深圳前海微众银行股份有限公司 Mobile payment method, and cloud payment platform and system
CN109313755A (en) * 2016-06-15 2019-02-05 万事达卡国际公司 System and method for bridging transactions between EFT payment networks and payment card networks
CN106875175B (en) * 2016-06-28 2020-07-24 阿里巴巴集团控股有限公司 Method and device convenient for payment subject expansion
CN106302454A (en) * 2016-08-15 2017-01-04 北京奇虎科技有限公司 Sensitive data recognition methods and device
CN106779698B (en) * 2016-11-17 2021-01-26 飞天诚信科技股份有限公司 Method, system and device for distributing payment mark and safely paying payment mark
CN107330693A (en) * 2017-06-21 2017-11-07 重庆小犀智能科技有限公司 A kind of bit coin wallet and mode of payment for supporting bit coin address aliases
CN108090768A (en) * 2017-11-14 2018-05-29 阿里巴巴集团控股有限公司 The method and device that a kind of business performs
CN109359990B (en) * 2018-09-27 2020-10-16 腾讯科技(深圳)有限公司 Network transaction system, transaction order processing method, device, equipment and medium
US11093911B2 (en) * 2018-09-28 2021-08-17 Paypal, Inc. Systems, methods, and computer program products providing an identity-storing browser
CN116263918A (en) * 2021-12-14 2023-06-16 银联国际有限公司 Password-free login data processing method and password-free login data processing system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103561042A (en) * 2013-11-18 2014-02-05 中国银行股份有限公司 Method and device for processing cross-regional important data

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8584251B2 (en) * 2009-04-07 2013-11-12 Princeton Payment Solutions Token-based payment processing system
US9558494B2 (en) * 2010-04-19 2017-01-31 Tokenex, L.L.C. Devices, systems, and methods for tokenizing sensitive information
US20130254102A1 (en) * 2012-03-20 2013-09-26 First Data Corporation Systems and Methods for Distributing Tokenization and De-Tokenization Services

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103561042A (en) * 2013-11-18 2014-02-05 中国银行股份有限公司 Method and device for processing cross-regional important data

Also Published As

Publication number Publication date
CN104361490A (en) 2015-02-18

Similar Documents

Publication Publication Date Title
CN104361490B (en) A kind of method of payment and system of sensitive information markization
US20220222663A1 (en) Systems and methods for multi-merchant tokenization
US11250391B2 (en) Token check offline
US9165321B1 (en) Optimistic receipt flow
US11651352B2 (en) Digital asset distribution by transaction device
US11341464B2 (en) Purchase transaction system with encrypted payment card data
US20210352071A1 (en) Systems and methods for third-party interoperability in secure network transactions using tokenized data
CN104011760B (en) Method for generating disposable code
US20150363768A1 (en) System and method for rendering virtual currency related services
JP2020522806A (en) Systems and methods for online payment processing using secure inline frames
TW201516904A (en) On-line account settlement method, related apparatus and system thereof
US11823140B2 (en) Server and method for sending a transaction receipt via a push notification
US11256675B2 (en) Method and system for creating rapid searchable altered data in a database
CN112074835B (en) Techniques for performing safe operations
US12028458B2 (en) Systems and methods for user identity
CN102868712A (en) Method and system for data transmission
KR101957186B1 (en) An aggregator system having a platform for engaging mobile device users
AU2016333154B2 (en) Method for authenticating and authorising a transaction using a portable device
WO2021114495A1 (en) Supply chain transaction privacy protection system and method based on blockchain, and related device
CN105051769A (en) A method and system for transferring data
CN106462893A (en) Method and device for searching for electronic transaction certificate, and network search engine
CN116664117A (en) Resource transfer method and device
CN114424200B (en) Method, system, and computer program product for securely rendering sensitive data
CN110365646B (en) Method and apparatus for associating an entity to a first server
CN120181849A (en) Payment method, device, apparatus, storage medium and computer program product

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20160309

Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China

Applicant after: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4

Applicant before: SHANGHAI PEOPLENET TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240805

Address after: Room 503, Building 3, No. 6, Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province, 364000

Patentee after: Xie Xinyong

Country or region after: China

Address before: 201821 211, room 4, 1411 Yecheng Road, Jiading Industrial Zone, Shanghai.

Patentee before: SHANGHAI PEOPLENET SECURITY TECHNOLOGY Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240823

Address after: 570100 Room C, 12th Floor, Beijing Building, No. 56 Guomao Avenue, Jinmao Street, Longhua District, Haikou City, Hainan Province

Patentee after: Hainan Kechuang Weiye Information Technology Co.,Ltd.

Country or region after: China

Address before: Room 503, Building 3, No. 6, Xicheng Xi'an North Road, Xinluo District, Longyan City, Fujian Province, 364000

Patentee before: Xie Xinyong

Country or region before: China

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180424