[go: up one dir, main page]

CN104408622B - System and method for realizing electronic transaction confirmation based on independent cryptographic device - Google Patents

System and method for realizing electronic transaction confirmation based on independent cryptographic device Download PDF

Info

Publication number
CN104408622B
CN104408622B CN201410756742.7A CN201410756742A CN104408622B CN 104408622 B CN104408622 B CN 104408622B CN 201410756742 A CN201410756742 A CN 201410756742A CN 104408622 B CN104408622 B CN 104408622B
Authority
CN
China
Prior art keywords
transaction
user
transaction confirmation
terminal
authentication service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410756742.7A
Other languages
Chinese (zh)
Other versions
CN104408622A (en
Inventor
胡永涛
胥怡心
屈新春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Third Research Institute of the Ministry of Public Security
Original Assignee
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Third Research Institute of the Ministry of Public Security filed Critical Third Research Institute of the Ministry of Public Security
Priority to CN201410756742.7A priority Critical patent/CN104408622B/en
Publication of CN104408622A publication Critical patent/CN104408622A/en
Application granted granted Critical
Publication of CN104408622B publication Critical patent/CN104408622B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Buyer or seller confidence or verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明涉及一种基于独立密码设备实现电子交易确认的系统及方法,其中包括独立密码设备;用户智能终端,用以接收推送的支付消息并确认交易;交易确认终端,用以向用户提供选择商品或显示交易信息的操作界面并生成交易订单;认证服务平台;虚拟账户管理平台,用以管理用户虚拟账户以及接收所述的认证服务平台验证通过的订单信息向所述的用户智能终端推送支付请求并根据所述的用户智能终端的确认信息完成支付流程。采用该种结构的基于独立密码设备实现电子交易确认的系统及方法,采用硬件加密设备对交易数据进行数字签名从而保护交易过程和确认交易真实有效,提供安全性更高的支付解决方案,同时不失快捷性,具有更广泛的应用范围。

Figure 201410756742

The invention relates to a system and method for realizing electronic transaction confirmation based on an independent cryptographic device, which comprises an independent cryptographic device; a user intelligent terminal, which is used to receive a pushed payment message and confirm the transaction; and a transaction confirmation terminal, which is used to provide users with selected commodities Or an operation interface that displays transaction information and generates transaction orders; an authentication service platform; a virtual account management platform to manage user virtual accounts and receive order information verified by the authentication service platform to push payment requests to the user's smart terminal And the payment process is completed according to the confirmation information of the user intelligent terminal. The system and method for realizing electronic transaction confirmation based on an independent cryptographic device adopting this structure adopts the hardware encryption device to digitally sign the transaction data, thereby protecting the transaction process and confirming the authenticity of the transaction, providing a higher security payment solution, and at the same time not Loss of quickness, has a wider range of applications.

Figure 201410756742

Description

基于独立密码设备实现电子交易确认的系统及方法System and method for realizing electronic transaction confirmation based on independent cryptographic device

技术领域technical field

本发明涉及数字签名技术领域,尤其涉及O2O电子交易数字签名技术领域,具体是指一种基于独立密码设备实现电子交易确认的系统及方法。The invention relates to the technical field of digital signatures, in particular to the technical field of O2O electronic transaction digital signatures, in particular to a system and method for realizing electronic transaction confirmation based on an independent cryptographic device.

背景技术Background technique

“O2O”(线上线下融合)作为国内一种新兴商业模式越来越受到人们的欢迎,电子交易确认(例如电子商务的支付或物流的签收)是O2O商业模式中一个非常重要的环节,也越来越受到商家的重视。利用二维码进行电子交易确认是目前一种非常流行的手段。在该方案下,商家可把商品种类、价格和商户账号等交易信息汇编成一个二维码,并印刷在各种报纸、杂志、广告、图书等载体上发布,甚至在地铁站的广告墙上也可以看到印着二维码的商品。用户通过手机客户端扫拍感兴趣的商品的二维码,便可与商家账户进行支付结算等。最后,商家根据支付交易信息中的用户收货、联系信息,就可以进行商品配送,完成交易。"O2O" (online and offline integration) is becoming more and more popular as a new business model in China. Electronic transaction confirmation (such as e-commerce payment or logistics receipt) is a very important link in the O2O business model. More and more attention is paid by businessmen. The use of QR codes for electronic transaction confirmation is a very popular method at present. Under this scheme, merchants can compile transaction information such as commodity types, prices, and merchant account numbers into a QR code, which can be printed and published on various newspapers, magazines, advertisements, books and other carriers, and even on the advertising walls of subway stations. You can also see products with QR codes printed on them. The user can scan the QR code of the product of interest through the mobile phone client, and then make payment and settlement with the merchant account. Finally, the merchant can deliver the goods and complete the transaction according to the user's receipt and contact information in the payment transaction information.

但是使用二维码进行支付结算存在以下几个问题:However, using QR code for payment and settlement has the following problems:

首先用户无法确定通过看到的二维码是连向合法的商户。这是因为二维码技术原理简单,实现门槛很低,互联网上充斥着大量的二维码生成器软件,任何人都可以按照自己的意图将链接、程序代码等信息生成二维码,而人们无法通过视读的方法了解二维码隐含的内容,这就给不法分子提供了可乘之机,他们可以伪造二维码或将带有木马病毒的网站链接嵌入二维码中,一旦有人扫码就会不知不觉下载木马程序到自己的移动终端中,从而泄露用户的隐私信息,甚至给用户造成经济损失。First of all, users cannot be sure that the QR code they see is connected to a legitimate merchant. This is because the principle of QR code technology is simple and the threshold for implementation is very low. The Internet is flooded with a large number of QR code generator software. Anyone can generate a QR code from information such as links and program codes according to their own intentions. It is impossible to understand the hidden content of the QR code by visual reading, which provides an opportunity for criminals to forge the QR code or embed a website link with a Trojan virus into the QR code. Scanning the code will unknowingly download the Trojan horse program to your mobile terminal, thereby revealing the user's private information and even causing economic losses to the user.

其次,商户无法确保合法交易不被抵赖。由于二维码支付通常不要求用户使用数字签名技术提交订单信息,所以商户无法确保合法交易不被抵赖。Second, merchants cannot ensure that legitimate transactions are not denied. Since QR code payment usually does not require users to submit order information using digital signature technology, merchants cannot ensure that legitimate transactions are not denied.

由此可见二维码支付虽然方便快捷,但对交易双方的保护都稍显不足。It can be seen that although QR code payment is convenient and fast, the protection for both parties of the transaction is slightly insufficient.

发明内容SUMMARY OF THE INVENTION

本发明的目的是克服了上述现有技术的缺点,提供了一种能够实现的采用硬件加密设备对交易数据进行数字签名从而保护交易过程和确认交易真实有效、提供安全性更高的支付解决方案、同时不失快捷性、具有更广泛应用范围的基于独立密码设备实现电子交易确认的系统及方法。The purpose of the present invention is to overcome the shortcomings of the above-mentioned prior art, and to provide a payment solution that can be realized by adopting a hardware encryption device to digitally sign the transaction data, thereby protecting the transaction process and confirming the authenticity of the transaction and providing higher security. , A system and method for realizing electronic transaction confirmation based on an independent cryptographic device without losing speed and having a wider range of applications.

为了实现上述目的,本发明的基于独立密码设备实现电子交易确认的系统及方法具有如下构成:In order to achieve the above object, the system and method for realizing electronic transaction confirmation based on an independent cryptographic device of the present invention have the following constitutions:

该基于独立密码设备实现电子交易确认的系统,其主要特点是,所述的系统包括:The main features of the system for realizing electronic transaction confirmation based on an independent cryptographic device are that the system includes:

独立密码设备,用以存储用户私钥和进行数字签名计算;An independent cryptographic device to store the user's private key and perform digital signature calculations;

用户智能终端,用以接收虚拟账户管理平台推送的支付消息并确认交易;The user's intelligent terminal is used to receive the payment message pushed by the virtual account management platform and confirm the transaction;

交易确认终端,用以向用户提供选择商品或显示交易信息的操作界面并生成交易订单;The transaction confirmation terminal is used to provide the user with an operation interface for selecting commodities or displaying transaction information and generating transaction orders;

认证服务平台,用以注册和管理所述的独立密码设备和交易确认终端,以及保存用于验证数字签名的公钥证书链、独立密码设备与用户智能终端的绑定信息和用户的虚拟账户与独立密码设备的绑定关系;The authentication service platform is used to register and manage the said independent cryptographic device and transaction confirmation terminal, and to save the public key certificate chain used to verify the digital signature, the binding information between the independent cryptographic device and the user's smart terminal, and the user's virtual account and Binding relationship of independent cryptographic devices;

虚拟账户管理平台,用以管理用户虚拟账户和处理支付请求以及接收所述的认证服务平台验证通过的订单信息向所述的用户智能终端推送支付请求并根据所述的用户智能终端的确认信息完成支付流程。The virtual account management platform is used to manage user virtual accounts, process payment requests, and receive order information verified by the authentication service platform to push payment requests to the user intelligent terminal and complete the confirmation information according to the user intelligent terminal. payment process.

较佳地,所述的独立密码设备包括中央处理器、安全存储器、密码协处理器和与所述的交易确认终端的通信接口。Preferably, the independent cryptographic device includes a central processing unit, a secure memory, a cryptographic co-processor and a communication interface with the transaction confirmation terminal.

较佳地,所述的交易确认终端为一PC机或嵌入式自助终端。Preferably, the transaction confirmation terminal is a PC or an embedded self-service terminal.

较佳地,所述的电子交易为O2O电子交易。Preferably, the electronic transaction is O2O electronic transaction.

较佳地,所述的用户智能终端为用户移动终端,所述的认证服务平台还存储所述的独立密码设备与用户虚拟账户和用户手机号的绑定信息。Preferably, the user's intelligent terminal is a user's mobile terminal, and the authentication service platform also stores the binding information of the independent password device, the user's virtual account and the user's mobile phone number.

本发明还涉及一种根据所述的系统基于独立密码设备实现电子交易确认的方法,其主要特点是,所述的方法包括以下步骤:The present invention also relates to a method for realizing electronic transaction confirmation based on an independent cryptographic device according to the system, the main feature of which is that the method comprises the following steps:

(1)所述的交易确认终端根据用户对商品的选择生成交易订单或显示用户的账单信息;(1) The described transaction confirmation terminal generates a transaction order or displays the user's billing information according to the user's selection of commodities;

(2)所述的交易确认终端将交易订单信息发送至所述的独立密码设备;(2) The transaction confirmation terminal sends the transaction order information to the independent cryptographic device;

(3)所述的独立密码设备根据所述的交易订单生成数字签名并连同其标识信息返回给所述的交易确认终端;(3) The independent cryptographic device generates a digital signature according to the transaction order and returns it to the transaction confirmation terminal together with its identification information;

(4)所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单发送至所述的认证服务平台;(4) The transaction confirmation terminal sends the transaction order including the independent cryptographic device identification information and digital signature data to the authentication service platform;

(5)所述的认证服务平台验证所述的交易确认终端的身份和所述的数字签名;(5) The authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature;

(6)所述的认证服务平台将通过验证的交易订单信息发送至所述的虚拟账户管理平台;(6) The authentication service platform sends the verified transaction order information to the virtual account management platform;

(7)所述的虚拟账户管理平台根据通过验证的交易订单信息生成支付请求并发送至所述的用户智能终端;(7) The virtual account management platform generates a payment request according to the verified transaction order information and sends it to the user intelligent terminal;

(8)所述的虚拟账户管理平台将所述的用户智能终端的用户支付确认信息发送至所述的认证服务平台;(8) The virtual account management platform sends the user payment confirmation information of the user intelligent terminal to the authentication service platform;

(9)所述的认证服务平台将用户支付确认信息转发给所述的交易确认终端;(9) The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal;

(10)所述的交易确认终端显示交易结果。(10) The transaction confirmation terminal displays the transaction result.

较佳地,所述的步骤(1)和(2)之间,还包括以下步骤:Preferably, between the described steps (1) and (2), the following steps are also included:

(1-1)所述的交易确认终端提示用户连接独立密码设备和输入独立密码设备的脱机口令。(1-1) The described transaction confirmation terminal prompts the user to connect to the independent cryptographic device and input the offline password of the independent cryptographic device.

较佳地,所述的认证服务平台还存储独立密码设备与用户的虚拟账号的绑定关系以及与所述的交易确认终端有安全通道,所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单发送至所述的认证服务平台,具体为:Preferably, the authentication service platform also stores the binding relationship between the independent cryptographic device and the user's virtual account and has a secure channel with the transaction confirmation terminal, and the transaction confirmation terminal will contain the identification information of the independent cryptographic device and the user's virtual account. Transaction orders including digital signature data are sent to the authentication service platform, specifically:

所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单通过所述的安全通道发送至所述的认证服务平台;The transaction confirmation terminal sends the transaction order including the identification information of the independent cryptographic device and the digital signature data to the authentication service platform through the secure channel;

所述的认证服务平台将用户支付确认信息转发给所述的交易确认终端,具体为:The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal, specifically:

所述的认证服务平台将用户支付确认信息通过所述的安全通道转发给所述的交易确认终端。The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal through the secure channel.

较佳地,所述的认证服务平台验证所述的交易确认终端的身份和所述的数字签名,包括以下步骤:Preferably, the authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature, including the following steps:

(5-1)所述的认证服务平台验证所述的交易确认终端的身份,如果所述的交易确认终端为已注册设备,则继续步骤(5-2),否则继续步骤(5-3);(5-1) The authentication service platform verifies the identity of the transaction confirmation terminal, if the transaction confirmation terminal is a registered device, proceed to step (5-2), otherwise proceed to step (5-3) ;

(5-2)所述的认证服务平台验证所述的交易确认终端发送的交易订单中的数字签名,如果数字签名验证通过,则继续步骤(6),否则继续步骤(5-3);(5-2) The authentication service platform verifies the digital signature in the transaction order sent by the transaction confirmation terminal, and if the digital signature verification passes, proceed to step (6), otherwise proceed to step (5-3);

(5-3)所述的认证服务平台发送交易失败信息至所述的交易确认终端,然后继续步骤(10)。(5-3) The authentication service platform sends transaction failure information to the transaction confirmation terminal, and then proceeds to step (10).

采用了该发明中的基于独立密码设备实现电子交易确认的系统及方法,具有如下有益效果:The system and method for realizing electronic transaction confirmation based on an independent cryptographic device in the invention have the following beneficial effects:

本发明通过使用独立密码设备在线下实现对交易数据的确认,并将确认数据推送给线上账号系统,由线上账号系统完成支付,从而达到保护交易与确认数据真实有效。该发明中的独立密码设备可以是但不限于智能IC卡且需要先绑定用户的虚拟账号。使用该系统和方法可以提供比二维码支付安全性更高的支付解决方案,同时不失快捷性;本发明采用经过注册登记的O2O交易确认终端向用户提供商品或显示订单信息,在该环境下可以有效避免二维码被伪造和嵌入木马病毒所带来的交易风险;使用独立密码设备对交易订单通过数字签名技术进行线下确认,可以防止订单被伪造、篡改和下订单人抵赖,将独立密码设备与用户虚拟账户和手机号绑定,可以安全快捷的完成支付流程,用户体验好,具有更广泛的应用范围。The invention realizes the confirmation of transaction data offline by using an independent cryptographic device, and pushes the confirmation data to the online account system, and the online account system completes the payment, so as to protect the authenticity and effectiveness of the transaction and confirmation data. The independent cryptographic device in this invention can be, but is not limited to, a smart IC card and needs to bind the user's virtual account first. Using the system and method can provide a payment solution with higher security than two-dimensional code payment without losing speed; the present invention adopts the registered O2O transaction confirmation terminal to provide users with commodities or display order information, and in this environment It can effectively avoid the transaction risks caused by the forgery of the QR code and the embedded Trojan virus; the use of an independent cryptographic device to confirm the transaction order offline through digital signature technology can prevent the order from being forged, tampered with and the person placing the order denies. The independent password device is bound to the user's virtual account and mobile phone number, which can complete the payment process safely and quickly, with a good user experience and a wider range of applications.

附图说明Description of drawings

图1为本发明的基于独立密码设备实现电子交易确认的系统的结构示意图。FIG. 1 is a schematic structural diagram of a system for realizing electronic transaction confirmation based on an independent cryptographic device of the present invention.

图2为本发明的基于独立密码设备实现电子交易确认的方法的流程图。FIG. 2 is a flowchart of a method for realizing electronic transaction confirmation based on an independent cryptographic device according to the present invention.

具体实施方式Detailed ways

为了能够更清楚地描述本发明的技术内容,下面结合具体实施例来进行进一步的描述。In order to describe the technical content of the present invention more clearly, further description will be given below with reference to specific embodiments.

数字签名是非对称密钥加密技术与数字摘要技术的应用。简单地说,所谓数字签名就是附加在数据单元上的一些数据,或是对数据单元所作的密码变换。这种数据或变换允许数据单元的接收者用以确认数据单元的来源和数据单元的完整性并保护数据,防止被人(例如接收者)进行伪造。它是对电子形式的消息进行签名的一种方法,一个签名消息能在一个通信网络中传输。该技术能保证信息传输的完整性、进行发送者的身份认证、防止交易中的抵赖发生,因此广泛应用于包括O2O支付在内的电子商务交易过程中。采用数字签名技术的支付方案其安全性高于二维码支付。数字签名需要在进行签名的设备中存储一对公私钥对,然后使用其中的私钥对数据进行计算产生数字签名值,因此私钥的安全对数字签名格外重要,不能保存在开放的系统环境中,如手机等移动终端,而应该存储在专用的硬件密码设备里,数字签名计算也在密码设备中完成,这样才能最大限度的保护数字签名过程的安全性。Digital signature is the application of asymmetric key encryption technology and digital digest technology. Simply put, the so-called digital signature is some data attached to the data unit, or a cryptographic transformation made on the data unit. This data or transformation allows the recipient of the data unit to confirm the origin of the data unit and the integrity of the data unit and to protect the data from forgery by a person (eg, the recipient). It is a method of signing messages in electronic form, and a signed message can be transmitted over a communication network. This technology can ensure the integrity of information transmission, carry out the identity authentication of the sender, and prevent the occurrence of denial in the transaction, so it is widely used in the e-commerce transaction process including O2O payment. The security of the payment scheme using digital signature technology is higher than that of QR code payment. Digital signature needs to store a pair of public and private key pairs in the signing device, and then use the private key to calculate the data to generate a digital signature value. Therefore, the security of the private key is particularly important for digital signatures and cannot be stored in an open system environment. , such as mobile terminals such as mobile phones, should be stored in a dedicated hardware cryptographic device, and the digital signature calculation is also completed in the cryptographic device, so as to maximize the security of the digital signature process.

为了实现本发明的目的,本发明的基于独立密码设备实现电子交易确认的系统包括:In order to achieve the purpose of the present invention, the system for realizing electronic transaction confirmation based on an independent cryptographic device of the present invention includes:

独立密码设备,用以存储用户私钥和进行数字签名计算;由于独立密码设备与用户智能终端是相互独立分开的,即使用户智能终端丢失也不会造成安全威胁;Independent cryptographic device, used to store the user's private key and perform digital signature calculation; since the independent cryptographic device and the user's smart terminal are independent of each other, even if the user's smart terminal is lost, it will not pose a security threat;

用户智能终端,用以接收虚拟账户管理平台推送的支付消息并确认交易;The user's intelligent terminal is used to receive the payment message pushed by the virtual account management platform and confirm the transaction;

交易确认终端,用以向用户提供选择商品或显示交易信息的操作界面并生成交易订单;The transaction confirmation terminal is used to provide the user with an operation interface for selecting commodities or displaying transaction information and generating transaction orders;

认证服务平台,用以注册和管理所述的独立密码设备和交易确认终端,以及保存用于验证数字签名的公钥证书链、独立密码设备与用户智能终端的绑定信息和用户的虚拟账户与独立密码设备的绑定关系;这样,认证服务平台即可以当交易确认终端生成交易订单后,对交易订单中包含的各项信息进行确认验证;The authentication service platform is used to register and manage the said independent cryptographic device and transaction confirmation terminal, and to save the public key certificate chain used to verify the digital signature, the binding information between the independent cryptographic device and the user's smart terminal, and the user's virtual account and The binding relationship of independent cryptographic devices; in this way, the authentication service platform can confirm and verify the various information contained in the transaction order after the transaction confirmation terminal generates the transaction order;

虚拟账户管理平台,用以管理用户虚拟账户和处理支付请求以及接收所述的认证服务平台验证通过的订单信息向所述的用户智能终端推送支付请求并根据所述的用户智能终端的确认信息完成支付流程。The virtual account management platform is used to manage user virtual accounts, process payment requests, and receive order information verified by the authentication service platform to push payment requests to the user intelligent terminal and complete the confirmation information according to the user intelligent terminal. payment process.

在一种较佳的实施方式中,所述的独立密码设备包括中央处理器、安全存储器、密码协处理器和与所述的交易确认终端的通信接口。In a preferred embodiment, the independent cryptographic device includes a central processing unit, a secure memory, a cryptographic co-processor and a communication interface with the transaction confirmation terminal.

在另一种较佳的实施方式中,所述的交易确认终端为一PC机或嵌入式自助终端。In another preferred embodiment, the transaction confirmation terminal is a PC or an embedded self-service terminal.

在另一种较佳的实施方式中,所述的电子交易为O2O电子交易。然而很显然的,在实际应用中,本发明可以应用于各种电子交易平台中。In another preferred embodiment, the electronic transaction is an O2O electronic transaction. However, it is obvious that in practical applications, the present invention can be applied to various electronic trading platforms.

在一种较佳的实施方式中,所述的用户智能终端为用户移动终端,所述的认证服务平台还存储所述的独立密码设备与用户虚拟账户和用户手机号的绑定信息。在实际应用中,用户智能终端也可以是个人电脑、平板电脑等个人设备。In a preferred embodiment, the user's intelligent terminal is a user's mobile terminal, and the authentication service platform also stores the binding information of the independent password device, the user's virtual account and the user's mobile phone number. In practical applications, the user's intelligent terminal may also be a personal device such as a personal computer and a tablet computer.

本发明还涉及一种根据所述的系统基于独立密码设备实现电子交易确认的方法,包括以下步骤:The present invention also relates to a method for realizing electronic transaction confirmation based on an independent cryptographic device according to the system, comprising the following steps:

(1)所述的交易确认终端根据用户对商品的选择生成交易订单或显示用户的账单信息;(1) The described transaction confirmation terminal generates a transaction order or displays the user's billing information according to the user's selection of commodities;

(2)所述的交易确认终端将交易订单信息发送至所述的独立密码设备;(2) The transaction confirmation terminal sends the transaction order information to the independent cryptographic device;

(3)所述的独立密码设备根据所述的交易订单生成数字签名并连同其标识信息返回给所述的交易确认终端;(3) The independent cryptographic device generates a digital signature according to the transaction order and returns it to the transaction confirmation terminal together with its identification information;

(4)所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单发送至所述的认证服务平台;(4) The transaction confirmation terminal sends the transaction order including the independent cryptographic device identification information and digital signature data to the authentication service platform;

(5)所述的认证服务平台验证所述的交易确认终端的身份和所述的数字签名;(5) The authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature;

(6)所述的认证服务平台将通过验证的交易订单信息发送至所述的虚拟账户管理平台;(6) The authentication service platform sends the verified transaction order information to the virtual account management platform;

(7)所述的虚拟账户管理平台根据通过验证的交易订单信息生成支付请求并发送至所述的用户智能终端;(7) The virtual account management platform generates a payment request according to the verified transaction order information and sends it to the user intelligent terminal;

(8)所述的虚拟账户管理平台将所述的用户智能终端的用户支付确认信息发送至所述的认证服务平台;(8) The virtual account management platform sends the user payment confirmation information of the user intelligent terminal to the authentication service platform;

(9)所述的认证服务平台将用户支付确认信息转发给所述的交易确认终端;(9) The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal;

(10)所述的交易确认终端显示交易结果。(10) The transaction confirmation terminal displays the transaction result.

在一种较佳的实施方式中,所述的步骤(1)和(2)之间,还包括以下步骤:In a preferred embodiment, between the steps (1) and (2), the following steps are also included:

(1-1)所述的交易确认终端提示用户连接独立密码设备和输入独立密码设备的脱机口令。由脱机口令和数字签名对用户的交易安全进行双重保障,即使独立密码设备丢失,被别人获得后不知道其脱机口令也无法完成支付。(1-1) The described transaction confirmation terminal prompts the user to connect to the independent cryptographic device and input the offline password of the independent cryptographic device. The user's transaction security is double guaranteed by the offline password and digital signature. Even if the independent password device is lost, the payment cannot be completed without knowing the offline password after being obtained by others.

在一种较佳的实施方式中,所述的认证服务平台还存储独立密码设备与用户的虚拟账号的绑定关系以及与所述的交易确认终端有安全通道,所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单发送至所述的认证服务平台,具体为:In a preferred embodiment, the authentication service platform also stores the binding relationship between the independent cryptographic device and the user's virtual account and has a secure channel with the transaction confirmation terminal, and the transaction confirmation terminal will include Transaction orders including independent cryptographic device identification information and digital signature data are sent to the authentication service platform, specifically:

所述的交易确认终端将包含独立密码设备标识信息和数字签名数据在内的交易订单通过所述的安全通道发送至所述的认证服务平台;The transaction confirmation terminal sends the transaction order including the identification information of the independent cryptographic device and the digital signature data to the authentication service platform through the secure channel;

所述的认证服务平台将用户支付确认信息转发给所述的交易确认终端,具体为:The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal, specifically:

所述的认证服务平台将用户支付确认信息通过所述的安全通道转发给所述的交易确认终端。The authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal through the secure channel.

通过经过加密的安全通道,可以对电子交易进行全面的信息安全保护,防止黑客从传输通道中截获交易信息。Through the encrypted security channel, comprehensive information security protection for electronic transactions can be performed to prevent hackers from intercepting transaction information from the transmission channel.

在一种较佳的实施方式中,所述的认证服务平台验证所述的交易确认终端的身份和所述的数字签名,包括以下步骤:In a preferred embodiment, the authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature, including the following steps:

(5-1)所述的认证服务平台验证所述的交易确认终端的身份,如果所述的交易确认终端为已注册设备,则继续步骤(5-2),否则继续步骤(5-3);(5-1) The authentication service platform verifies the identity of the transaction confirmation terminal, if the transaction confirmation terminal is a registered device, proceed to step (5-2), otherwise proceed to step (5-3) ;

(5-2)所述的认证服务平台验证所述的交易确认终端发送的交易订单中的数字签名,如果数字签名验证通过,则继续步骤(6),否则继续步骤(5-3);(5-2) The authentication service platform verifies the digital signature in the transaction order sent by the transaction confirmation terminal, and if the digital signature verification passes, proceed to step (6), otherwise proceed to step (5-3);

(5-3)所述的认证服务平台发送交易失败信息至所述的交易确认终端,然后继续步骤(10)。(5-3) The authentication service platform sends transaction failure information to the transaction confirmation terminal, and then proceeds to step (10).

通过对交易确认终端身份的验证,用户只能在值得信赖的电子交易平台中进行交易,确保了用户不会被虚假的电子交易平台所欺骗。By verifying the identity of the transaction confirmation terminal, users can only conduct transactions in trusted electronic trading platforms, ensuring that users will not be deceived by false electronic trading platforms.

下面以本发明的基于独立密码设备实现电子交易的系统和方法应用于O2O电子交易中的一个具体实施例来对本发明的技术方案进行进一步的阐述:The technical scheme of the present invention is further elaborated below with a specific embodiment in which the system and method for realizing electronic transactions based on independent cryptographic devices of the present invention are applied to O2O electronic transactions:

本发明的基于独立密码设备实现电子交易确认的系统包括:用于存储用户私钥和进行数字签名计算的独立密码设备、用户的移动终端(如智能手机)、O2O交易确认终端、认证服务平台和虚拟账户管理平台。The system for realizing electronic transaction confirmation based on an independent cryptographic device of the present invention includes: an independent cryptographic device for storing the user's private key and performing digital signature calculation, the user's mobile terminal (such as a smart phone), an O2O transaction confirmation terminal, an authentication service platform and Virtual account management platform.

独立密码设备具备中央处理器、安全存储器、密码协处理器和与O2O交易确认终端的通信接口。用户将它与自己的虚拟账户绑定,绑定信息保存在认证服务平台中,用于对交易确认终端生成的订单数据进行数字签名。The independent cryptographic device is provided with a central processing unit, a secure memory, a cryptographic co-processor and a communication interface with the O2O transaction confirmation terminal. The user binds it with his own virtual account, and the binding information is stored in the authentication service platform, which is used to digitally sign the order data generated by the transaction confirmation terminal.

用户移动终端用于接收虚拟账户管理平台推送来的支付消息,用户可以在此终端上确认交易。The user's mobile terminal is used to receive payment messages pushed by the virtual account management platform, and the user can confirm the transaction on this terminal.

O2O交易确认终端可以是台PC机,也可以是一个专用嵌入式自助终端,用于向用户提供选择商品或显示交易信息的操作界面,生成交易订单,通过安全网络通道发送给认证服务平台。另外可通过通信接口与独立密码设备相连,向密码设备提交订单数据数字签名请求并接收返回的数字签名值。The O2O transaction confirmation terminal can be a PC or a dedicated embedded self-service terminal, which is used to provide users with an operation interface to select commodities or display transaction information, generate transaction orders, and send them to the authentication service platform through a secure network channel. In addition, it can be connected to an independent cryptographic device through a communication interface, submit an order data digital signature request to the cryptographic device, and receive the returned digital signature value.

认证服务平台是个服务器系统,有三个主要功能。第一个功能是用于注册、管理独立密码设备和O2O交易确认终端。用户只有在认证服务平台上注册过的O2O交易确认终端上使用独立密码设备,交易流程才能被触发。认证服务平台另一个功能是保存用于验证数字签名的公钥证书链、独立密码设备与用户虚拟账户和用户手机号的绑定信息以及与O2O交易确认终端建立安全通道的私密数据。该设备最后一个重要功能是存放用户的虚拟账户与独立密码设备的绑定关系。The authentication service platform is a server system with three main functions. The first function is for registration, management of independent cryptographic devices and O2O transaction confirmation terminals. The transaction process can only be triggered if the user uses an independent cryptographic device on the O2O transaction confirmation terminal registered on the authentication service platform. Another function of the authentication service platform is to save the public key certificate chain used to verify the digital signature, the binding information between the independent cryptographic device and the user's virtual account and the user's mobile phone number, and the private data for establishing a secure channel with the O2O transaction confirmation terminal. The last important function of the device is to store the binding relationship between the user's virtual account and the independent password device.

虚拟账户管理平台是管理用户虚拟账户和处理支付请求的系统。用于接收认证服务平台验证通过的订单信息,向用户推送支付请求并根据用户的确认信息完成支付流程。The virtual account management platform is a system for managing user virtual accounts and processing payment requests. It is used to receive the order information verified by the authentication service platform, push the payment request to the user, and complete the payment process according to the user's confirmation information.

该具体实施例的实现O2O电子交易确认的系统结构如图1所示。The system structure for realizing O2O electronic transaction confirmation in this specific embodiment is shown in FIG. 1 .

该具体实施例的实现O2O电子交易确认的方法的流程如图2所示,包括以下步骤:The flow chart of the method for realizing O2O electronic transaction confirmation according to this specific embodiment is shown in Figure 2, and includes the following steps:

(1)用户(即交易支付方)在O2O交易确认终端选择所需商品,由O2O交易确认终端生成订单;(1) The user (that is, the transaction payer) selects the desired product at the O2O transaction confirmation terminal, and the O2O transaction confirmation terminal generates an order;

(2)O2O交易确认终端提示用户连接独立密码设备并输入独立密码设备的脱机口令;(2) The O2O transaction confirmation terminal prompts the user to connect to the independent cryptographic device and input the offline password of the independent cryptographic device;

(3)O2O支付交易确认终端将订单信息发送给独立密码设备,由独立密码设备对订单信息生成数字签名并连同其标识信息返回给O2O交易确认终端;(3) The O2O payment transaction confirmation terminal sends the order information to the independent cryptographic device, and the independent cryptographic device generates a digital signature on the order information and returns it to the O2O transaction confirmation terminal together with its identification information;

(4)O2O交易确认终端将包含独立密码设备标识信息和数字签名数据在内的订单信息通过安全通道发送到认证服务平台;(4) The O2O transaction confirmation terminal sends the order information including the independent cryptographic device identification information and digital signature data to the authentication service platform through a secure channel;

(5)认证服务平台验证O2O交易确认终端身份,检查其是否为注册设备;(5) The authentication service platform verifies the identity of the O2O transaction confirmation terminal and checks whether it is a registered device;

(6)检查通过后认证服务平台验证订单中的数字签名;(6) After the verification is passed, the verification service platform verifies the digital signature in the order;

(7)如果数字签名验证通过,认证服务平台将订单信息发送到独立密码设备关联的虚拟账户的管理平台;(7) If the verification of the digital signature is passed, the authentication service platform sends the order information to the management platform of the virtual account associated with the independent cryptographic device;

(8)虚拟账户管理平台根据订单信息生成支付请求并推送到用户的手机上;(8) The virtual account management platform generates a payment request according to the order information and pushes it to the user's mobile phone;

(9)用户在手机上确认支付请求;(9) The user confirms the payment request on the mobile phone;

(10)虚拟账户管理平台将接收到的用户支付确认信息发送给认证服务平台;(10) The virtual account management platform sends the received user payment confirmation information to the authentication service platform;

(11)认证服务平台通过安全通道将支付确认信息转发给O2O交易确认终端,由支付受理终端显示交易结果给用户。(11) The authentication service platform forwards the payment confirmation information to the O2O transaction confirmation terminal through the secure channel, and the payment acceptance terminal displays the transaction result to the user.

采用了该发明中的基于独立密码设备实现电子交易确认的系统及方法,具有如下有益效果:The system and method for realizing electronic transaction confirmation based on an independent cryptographic device in the invention have the following beneficial effects:

本发明通过使用独立密码设备在线下实现对交易数据的确认,并将确认数据推送给线上账号系统,由线上账号系统完成支付,从而达到保护交易与确认数据真实有效。该发明中的独立密码设备可以是但不限于智能IC卡且需要先绑定用户的虚拟账号。使用该系统和方法可以提供比二维码支付安全性更高的支付解决方案,同时不失快捷性;本发明采用经过注册登记的O2O交易确认终端向用户提供商品或显示订单信息,在该环境下可以有效避免二维码被伪造和嵌入木马病毒所带来的交易风险;使用独立密码设备对交易订单通过数字签名技术进行线下确认,可以防止订单被伪造、篡改和下订单人抵赖,将独立密码设备与用户虚拟账户和手机号绑定,可以安全快捷的完成支付流程,用户体验好,具有更广泛的应用范围。The invention realizes the confirmation of transaction data offline by using an independent cryptographic device, and pushes the confirmation data to the online account system, and the online account system completes the payment, so as to protect the authenticity and effectiveness of the transaction and confirmation data. The independent cryptographic device in this invention can be, but is not limited to, a smart IC card and needs to bind the user's virtual account first. Using the system and method can provide a payment solution with higher security than two-dimensional code payment without losing speed; the present invention adopts the registered O2O transaction confirmation terminal to provide users with commodities or display order information, and in this environment It can effectively avoid the transaction risks caused by the forgery of the QR code and the embedded Trojan virus; the use of an independent cryptographic device to confirm the transaction order offline through digital signature technology can prevent the order from being forged, tampered with and the person placing the order denies. The independent password device is bound to the user's virtual account and mobile phone number, which can complete the payment process safely and quickly, with a good user experience and a wider range of applications.

在此说明书中,本发明已参照其特定的实施例作了描述。但是,很显然仍可以作出各种修改和变换而不背离本发明的精神和范围。因此,说明书和附图应被认为是说明性的而非限制性的。In this specification, the invention has been described with reference to specific embodiments thereof. However, it will be evident that various modifications and changes can still be made without departing from the spirit and scope of the invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims (8)

1. A system for effecting electronic transaction confirmation based on a stand-alone cryptographic device, said system comprising:
the independent password equipment is used for storing a user private key and performing digital signature calculation;
the user intelligent terminal is used for receiving the payment message pushed by the virtual account management platform and confirming the transaction;
the transaction confirmation terminal is used for providing an operation interface for selecting commodities or displaying transaction information for a user and generating a transaction order;
the authentication service platform is used for registering and managing the independent password equipment and the transaction confirmation terminal, storing a public key certificate chain for verifying a digital signature, binding information of the independent password equipment and the user intelligent terminal and a binding relation between the virtual account of the user and the independent password equipment, and storing the binding information of the independent password equipment, the virtual account of the user and the mobile phone number of the user;
the virtual account management platform is used for managing a user virtual account, processing a payment request, receiving order information verified by the authentication service platform, pushing the payment request to the user intelligent terminal and completing a payment process according to the confirmation information of the user intelligent terminal,
the electronic transaction is O2O electronic transaction;
the system realizes the electronic transaction confirmation operation based on the independent password equipment, wherein the electronic transaction confirmation operation carries out the following processing:
(1) the transaction confirmation terminal generates a transaction order or displays bill information of the user according to the selection of the user on the commodity;
(2) the transaction confirmation terminal sends the transaction order information to the virtual account management;
(3) the independent password equipment generates a digital signature according to the transaction order and returns the digital signature and the identification information of the digital signature to the transaction confirmation terminal;
(4) the transaction confirmation terminal sends a transaction order containing the identification information of the independent password equipment and the digital signature data to the authentication service platform;
(5) the authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature;
(6) the authentication service platform sends the verified transaction order information to the virtual account management platform;
(7) the virtual account management platform generates a payment request according to the verified transaction order information and sends the payment request to the user intelligent terminal;
(8) the virtual account management platform sends the user payment confirmation information of the user intelligent terminal to the authentication service platform;
(9) the authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal;
(10) and the transaction confirmation terminal displays a transaction result.
2. The system for enabling electronic transaction confirmation based on a stand-alone cryptographic device of claim 1, wherein the stand-alone cryptographic device comprises a central processing unit, a secure memory, a cryptographic coprocessor and a communication interface with the transaction confirmation terminal.
3. The system for realizing electronic transaction confirmation based on the independent password device as claimed in claim 1, wherein the transaction confirmation terminal is a PC or an embedded self-service terminal.
4. The system for enabling electronic transaction confirmation based on the independent password device of claim 1, wherein the user intelligent terminal is a user mobile terminal.
5. A method for realizing electronic transaction confirmation based on independent password equipment in the system according to any one of claims 1 to 4, characterized in that the method comprises the following steps:
(1) the transaction confirmation terminal generates a transaction order or displays bill information of the user according to the selection of the user on the commodity;
(2) the transaction confirmation terminal sends the transaction order information to the virtual account management;
(3) the independent password equipment generates a digital signature according to the transaction order and returns the digital signature and the identification information of the digital signature to the transaction confirmation terminal;
(4) the transaction confirmation terminal sends a transaction order containing the identification information of the independent password equipment and the digital signature data to the authentication service platform;
(5) the authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature;
(6) the authentication service platform sends the verified transaction order information to the virtual account management platform;
(7) the virtual account management platform generates a payment request according to the verified transaction order information and sends the payment request to the user intelligent terminal;
(8) the virtual account management platform sends the user payment confirmation information of the user intelligent terminal to the authentication service platform;
(9) the authentication service platform forwards the user payment confirmation information to the transaction confirmation terminal;
(10) and the transaction confirmation terminal displays a transaction result.
6. The method for realizing electronic transaction confirmation based on the independent password device as claimed in claim 5, wherein between the steps (1) and (2), further comprising the following steps:
(1-1) the transaction confirmation terminal prompts the user to connect the independent password device and to input the offline password of the independent password device.
7. The method for realizing electronic transaction confirmation based on the independent password device according to claim 5, wherein the authentication service platform further stores a binding relationship between the independent password device and a virtual account of a user and a secure channel with the transaction confirmation terminal, and the transaction confirmation terminal sends a transaction order containing identification information of the independent password device and digital signature data to the authentication service platform, specifically:
the transaction confirmation terminal sends a transaction order containing the identification information of the independent password equipment and the digital signature data to the authentication service platform through the secure channel;
the authentication service platform verifies and forwards the user payment confirmation information to the transaction confirmation terminal, and specifically comprises the following steps:
the authentication service platform forwards the payment confirmation information of the user to the transaction confirmation terminal through the secure channel.
8. The method for implementing electronic transaction confirmation based on independent password device as claimed in claim 5, wherein the authentication service platform verifies the identity of the transaction confirmation terminal and the digital signature, comprising the steps of:
(5-1) the authentication service platform verifies the identity of the transaction confirmation terminal, if the transaction confirmation terminal is a registered device, the step (5-2) is continued, otherwise, the step (5-3) is continued;
(5-2) the authentication service platform verifies the digital signature in the transaction order sent by the transaction confirmation terminal, if the digital signature is verified, the step (6) is continued, otherwise, the step (5-3) is continued;
(5-3) the authentication service platform sends transaction failure information to the transaction confirmation terminal, and then continues to the step (10).
CN201410756742.7A 2014-12-10 2014-12-10 System and method for realizing electronic transaction confirmation based on independent cryptographic device Active CN104408622B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410756742.7A CN104408622B (en) 2014-12-10 2014-12-10 System and method for realizing electronic transaction confirmation based on independent cryptographic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410756742.7A CN104408622B (en) 2014-12-10 2014-12-10 System and method for realizing electronic transaction confirmation based on independent cryptographic device

Publications (2)

Publication Number Publication Date
CN104408622A CN104408622A (en) 2015-03-11
CN104408622B true CN104408622B (en) 2020-09-11

Family

ID=52646251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410756742.7A Active CN104408622B (en) 2014-12-10 2014-12-10 System and method for realizing electronic transaction confirmation based on independent cryptographic device

Country Status (1)

Country Link
CN (1) CN104408622B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104636911A (en) * 2015-02-13 2015-05-20 深圳支付界科技有限公司 Clear-text-free password input method and system
CN105160531B (en) * 2015-08-31 2019-04-26 北京智付融汇科技有限公司 Transaction data information processing method and device
CN105574716A (en) * 2016-02-02 2016-05-11 惠州学院 Intelligent electronic network payment interface and method
EP3387576B1 (en) * 2016-07-14 2020-12-16 Huawei Technologies Co., Ltd. Apparatus and method for certificate enrollment
CN110383318B (en) * 2017-03-07 2022-10-18 万事达卡国际公司 Method and system for recording point-to-point transaction processing
CN108615154B (en) * 2018-05-01 2023-04-18 浙江浩安信息技术有限公司 Block chain digital signature system based on hardware encryption protection and using process
CN108711055B (en) * 2018-05-03 2022-02-25 中国工商银行股份有限公司 Security authentication method, security authentication equipment and system
CN108897631A (en) * 2018-06-27 2018-11-27 杭州贝店科技有限公司 Information push method, device, equipment and storage medium
CN109255615A (en) * 2018-09-25 2019-01-22 韩建龙 A kind of method of mobile payment
CN110610367B (en) * 2019-08-29 2023-09-05 深圳市元征科技股份有限公司 Transaction data payment method and device, electronic equipment and server

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7533047B2 (en) * 2005-05-03 2009-05-12 International Business Machines Corporation Method and system for securing card payment transactions using a mobile communication device
US20080046362A1 (en) * 2006-08-15 2008-02-21 Frank Easterly Method of making secure on-line financial transactions
CN101211436B (en) * 2006-12-29 2012-03-21 盛大计算机(上海)有限公司 Electronic commerce safe trading platform and its method
US7958057B2 (en) * 2007-03-28 2011-06-07 King Fahd University Of Petroleum And Minerals Virtual account based new digital cash protocols with combined blind digital signature and pseudonym authentication
CN101685512A (en) * 2008-09-28 2010-03-31 中国银联股份有限公司 Computer, payment system and method thereof for realizing on-line payment
CN101739624A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment network system
CN101477662A (en) * 2009-02-16 2009-07-08 张辉 Network payment system, apparatus and method based on USBKEY
CN103164911B (en) * 2011-12-09 2016-02-03 国民技术股份有限公司 A kind of Swiping-card payment system and method
CN102790767B (en) * 2012-07-03 2015-07-08 北京神州绿盟信息安全科技股份有限公司 Information safety control method, information safety display equipment and electronic trading system

Also Published As

Publication number Publication date
CN104408622A (en) 2015-03-11

Similar Documents

Publication Publication Date Title
CN104408622B (en) System and method for realizing electronic transaction confirmation based on independent cryptographic device
JP5766199B2 (en) Secure mobile payment processing
JP6072734B2 (en) Reliable transaction provision method with watermarked document display certification
CN103903141B (en) A kind of O2O safe payment methods, system and a kind of POS terminal
CN104573547B (en) Information interaction safety precaution system and operation implementation method thereof
CN101221641B (en) On-line trading method and its safety affirmation equipment
CN102801710A (en) Networked transaction method and system
CN108234385A (en) A kind of method for authenticating user identity and device
CN103971242A (en) Method and system for confirming data in safety device
CN101969640A (en) Computing key generating method for mobile terminal equipment
US20240135764A1 (en) Token based secure access to a locker system
CN103268436A (en) Method and system for touch-screen based graphical password authentication in mobile payment
CN102184353A (en) Method for preventing online payment data from being intercepted
CN102761556A (en) Method to protect communication security and privacy function of mobile client
CN103959312A (en) Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal
CN104751364A (en) Security certification type trans-regional direct-selling bank alliance transaction method and system
CN103065241A (en) Cloud credit card transaction system and transaction method thereof
CN106330888B (en) The method and device of payment safety in a kind of guarantee the Internet line
CN102609842B (en) A kind of payment cipher device based on hardware signature equipment and application process thereof
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing
CN102724180A (en) Method and system for preventing signature information of universal serial bus (USB) key from being falsified
CN113783690A (en) Tender inviting method and device based on authentication
KR102263220B1 (en) E-commerce Payment Method using Block Chain
CN104282096A (en) Method for achieving digital signature and POS terminal used for achieving digital signature
CN104268780A (en) Trade order confirmation method and device and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant