[go: up one dir, main page]

TW202437168A - Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals - Google Patents

Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals Download PDF

Info

Publication number
TW202437168A
TW202437168A TW112107636A TW112107636A TW202437168A TW 202437168 A TW202437168 A TW 202437168A TW 112107636 A TW112107636 A TW 112107636A TW 112107636 A TW112107636 A TW 112107636A TW 202437168 A TW202437168 A TW 202437168A
Authority
TW
Taiwan
Prior art keywords
mobile device
point
management system
payment
sale host
Prior art date
Application number
TW112107636A
Other languages
Chinese (zh)
Other versions
TWI834510B (en
Inventor
陸本立
林士弘
石翔文
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW112107636A priority Critical patent/TWI834510B/en
Application granted granted Critical
Publication of TWI834510B publication Critical patent/TWI834510B/en
Publication of TW202437168A publication Critical patent/TW202437168A/en

Links

Images

Landscapes

  • Cash Registers Or Receiving Machines (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention uses mobile devices to replace payment terminals in traditional point-of-sale (POS) systems. The mobile device and the POS host register with the device management system, and provide a secure connection channel between the mobile device and the POS host through pairing. Next, the mobile device obtains the payment information of the customer to perform a payment transaction, and then sends the results of the transaction to the POS host to quickly and safely complete the checkout.

Description

以行動裝置作為支付終端之支付系統、支付方法與電腦可讀取儲存媒體 Payment system, payment method and computer-readable storage medium using mobile device as payment terminal

本發明係有關銷售點(point of sale,POS)系統之支付技術,且特別係有關一種以行動裝置作為支付終端之支付系統、支付方法與電腦可讀取儲存媒體。 The present invention relates to payment technology for point of sale (POS) systems, and in particular to a payment system, a payment method and a computer-readable storage medium using a mobile device as a payment terminal.

習知的銷售點系統包括支付終端和銷售點主機(可簡稱為POS機)。顧客在購物消費時,可透過支付終端完成交易結帳,而POS機則用於輔助店家完成進銷存管理。目前,支付終端與POS機通常以RS232、通用序列匯流排(Universal Serial Bus,USB)等有線方式互連,或以藍芽(Bluetooth)等無線方式互連,因此傳輸距離有限,且支付終端必須先通過銀行之硬體認證方能使用。另外,在低成本的要求下,在多樓層或戶外等應用場景的限制下,且在只有一台POS機的狀況下,店家無法簡單地擴充支付終端的數量。 The known point-of-sale system includes a payment terminal and a point-of-sale host (abbreviated as a POS machine). When customers shop, they can complete the transaction checkout through the payment terminal, while the POS machine is used to assist the store to complete the inventory management. At present, the payment terminal and the POS machine are usually connected by wired methods such as RS232, Universal Serial Bus (USB), or wireless methods such as Bluetooth. Therefore, the transmission distance is limited, and the payment terminal must first pass the bank's hardware certification before it can be used. In addition, under the requirement of low cost, under the limitation of application scenarios such as multiple floors or outdoors, and when there is only one POS machine, the store cannot simply expand the number of payment terminals.

為解決上述問題,本發明提供一種支付方法,係由行動裝置、裝置管理系統及銷售點主機執行,該支付方法包括:令該行動裝置與該銷售點主機分別向該裝置管理系統註冊,以在該裝置管理系統登記該行動裝置與該銷售點主機之識別碼與公鑰;令該行動裝置與該銷售點主機透過該裝置管理系統進行配對,以取得對方之識別碼與公鑰,俾建立該行動裝置與該銷售點主機之間的安全連線通道;由該行動裝置擷取顧客之支付資料,以向交易系統傳送該支付資料,俾依據該支付資料令該交易系統進行支付交易及取得該支付交易之交易結果;以及該行動裝置透過該安全連線通道將該交易結果傳送至該銷售點主機。 To solve the above problems, the present invention provides a payment method, which is executed by a mobile device, a device management system and a point-of-sale host. The payment method includes: registering the mobile device and the point-of-sale host with the device management system respectively to register the identification code and public key of the mobile device and the point-of-sale host in the device management system; pairing the mobile device and the point-of-sale host through the device management system; The mobile device obtains the other party's identification code and public key to establish a secure connection channel between the mobile device and the point-of-sale host; the mobile device captures the customer's payment information to transmit the payment information to the transaction system, so that the transaction system can perform a payment transaction based on the payment information and obtain the transaction result of the payment transaction; and the mobile device transmits the transaction result to the point-of-sale host through the secure connection channel.

本發明另提供一種電腦可讀取儲存媒體,係儲存有指令,該指令由行動裝置、裝置管理系統及銷售點主機讀取,以執行上述之支付方法。 The present invention also provides a computer-readable storage medium that stores instructions that are read by a mobile device, a device management system, and a point-of-sale host to execute the above-mentioned payment method.

本發明又提供一種支付系統,包括裝置管理系統、銷售點主機與行動裝置,其中:該裝置管理系統用於接受該行動裝置與該銷售點主機之註冊,以儲存該行動裝置與該銷售點主機之識別碼與公鑰;該銷售點主機用於透過該裝置管理系統與該行動裝置配對,以取得該行動裝置之識別碼與公鑰,俾建立該行動裝置與該銷售點主機之間的安全連線通道;以及,該行動裝置用於透過該裝置管理系統與該銷售點主機配對,以取得該銷售點主機之識別碼與公鑰,俾建立該安全連線通道,及擷取顧客之支付資料,以向交易系統傳送該支付資料,進行支付交易及取得該支付交易之交易結果,再透過該安全連線通道將該交易結果傳送至該銷售點主機。 The present invention also provides a payment system, including a device management system, a point-of-sale host, and a mobile device, wherein: the device management system is used to accept the registration of the mobile device and the point-of-sale host to store the identification code and public key of the mobile device and the point-of-sale host; the point-of-sale host is used to pair with the mobile device through the device management system to obtain the identification code and public key of the mobile device to establish a connection between the mobile device and the point-of-sale host. The mobile device is used to pair with the point-of-sale host through the device management system to obtain the identification code and public key of the point-of-sale host to establish the secure connection channel and capture the customer's payment information to transmit the payment information to the transaction system, conduct payment transactions and obtain the transaction results of the payment transactions, and then transmit the transaction results to the point-of-sale host through the secure connection channel.

本發明提供裝置管理系統進行行動裝置與銷售點主機的驗證和配對,以提供行動裝置與銷售點主機更快速及安全的連線。 The present invention provides a device management system to perform authentication and pairing between mobile devices and point-of-sale hosts, thereby providing a faster and more secure connection between mobile devices and point-of-sale hosts.

此外,與傳統銷售點系統的支付終端相比,行動裝置的使用與擴充更加便利,且能在更遠的距離傳送資料至銷售點主機。另外,雲端銷售點主機與傳統的銷售點主機皆可應用本發明之技術方案。 In addition, compared with the payment terminals of traditional point-of-sale systems, mobile devices are more convenient to use and expand, and can transmit data to the point-of-sale host at a longer distance. In addition, both cloud point-of-sale hosts and traditional point-of-sale hosts can apply the technical solution of the present invention.

10:行動裝置 10: Mobile devices

11:註冊模組 11: Register module

12:資料加解密模組 12: Data encryption and decryption module

13:裝置配對模組 13: Device pairing module

14:資料擷取模組 14: Data acquisition module

20:裝置管理系統 20: Device management system

21:註冊驗證模組 21: Register verification module

22:資料加解密模組 22: Data encryption and decryption module

23:配對驗證模組 23: Pairing verification module

30:銷售點主機 30: Point of sale host

31:註冊模組 31:Register module

32:資料加解密模組 32: Data encryption and decryption module

33:裝置配對模組 33: Device pairing module

34:資料處理模組 34: Data processing module

40:交易系統 40: Trading system

41:電支模組 41: Electric support module

42:信用卡模組 42: Credit card module

50:顧客 50: Customers

S11~S16,S21~S26,S31~S36:步驟 S11~S16,S21~S26,S31~S36: Steps

圖1為本發明一實施例的一種支付系統的架構示意圖。 Figure 1 is a schematic diagram of the architecture of a payment system in an embodiment of the present invention.

圖2至圖4為本發明一實施例的一種支付方法的流程示意圖。 Figures 2 to 4 are schematic diagrams of a payment method according to an embodiment of the present invention.

以下藉由特定的具體實施例說明本發明之實施方式,在本技術領域具有通常知識者可由本說明書所揭示之內容輕易地瞭解本發明之其他優點及功效。 The following is a specific embodiment to illustrate the implementation of the present invention. Those with ordinary knowledge in this technical field can easily understand other advantages and effects of the present invention from the content disclosed in this specification.

圖1為本發明一實施例的一種支付系統的架構示意圖。如圖1所示,該支付系統包括行動裝置10、裝置管理系統20、銷售點主機(簡稱為POS機)30、以及交易系統40。 FIG1 is a schematic diagram of the architecture of a payment system according to an embodiment of the present invention. As shown in FIG1 , the payment system includes a mobile device 10, a device management system 20, a point of sale host (POS for short) 30, and a transaction system 40.

在一實施例中,行動裝置10可為手機或平板電腦。行動裝置10與POS機30設置在店家的營業場所中,而裝置管理系統20與交易系統40則設置在店家的營業場所之外,且透過網際網路、雲端網路或類似的電腦通訊網路通訊連接行動裝置10與POS機30。 In one embodiment, the mobile device 10 can be a mobile phone or a tablet computer. The mobile device 10 and the POS machine 30 are set up in the business premises of the store, while the device management system 20 and the transaction system 40 are set up outside the business premises of the store, and the mobile device 10 and the POS machine 30 are connected to each other through the Internet, cloud network or similar computer communication network.

在一實施例中,行動裝置10包括註冊模組11、資料加解密模組12、裝置配對模組13、以及資料擷取模組14;裝置管理系統20包括註冊驗證模組21、資料加解密模組22、以及配對驗證模組23;POS機30包括註 冊模組31、資料加解密模組32、裝置配對模組33、以及資料處理模組34;交易系統40包括電支模組41及信用卡模組42。 In one embodiment, the mobile device 10 includes a registration module 11, a data encryption and decryption module 12, a device pairing module 13, and a data acquisition module 14; the device management system 20 includes a registration verification module 21, a data encryption and decryption module 22, and a pairing verification module 23; the POS machine 30 includes a registration module 31, a data encryption and decryption module 32, a device pairing module 33, and a data processing module 34; the transaction system 40 includes an electric payment module 41 and a credit card module 42.

行動裝置10的註冊模組11通訊連接資料加解密模組12及註冊驗證模組21。資料加解密模組12通訊連接註冊模組11、裝置配對模組13及資料擷取模組14。裝置配對模組13通訊連接資料加解密模組12及配對驗證模組23。資料擷取模組14通訊連接資料加解密模組12、資料處理模組34及交易系統40。 The registration module 11 of the mobile device 10 is connected to the data encryption and decryption module 12 and the registration verification module 21. The data encryption and decryption module 12 is connected to the registration module 11, the device pairing module 13 and the data acquisition module 14. The device pairing module 13 is connected to the data encryption and decryption module 12 and the pairing verification module 23. The data acquisition module 14 is connected to the data encryption and decryption module 12, the data processing module 34 and the transaction system 40.

裝置管理系統20的註冊驗證模組21通訊連接連接註冊模組11、資料加解密模組22及註冊模組31。資料加解密模組22通訊連接註冊驗證模組21及配對驗證模組23。配對驗證模組23通訊連接裝置配對模組13、資料加解密模組22及裝置配對模組33。 The registration verification module 21 of the device management system 20 is connected to the registration module 11, the data encryption and decryption module 22 and the registration module 31. The data encryption and decryption module 22 is connected to the registration verification module 21 and the pairing verification module 23. The pairing verification module 23 is connected to the device pairing module 13, the data encryption and decryption module 22 and the device pairing module 33.

POS機30的註冊模組31通訊連接註冊驗證模組21及資料加解密模組32。資料加解密模組32通訊連接註冊模組31、裝置配對模組33及資料處理模組34。裝置配對模組33通訊連接配對驗證模組23及資料加解密模組32。資料處理模組34通訊連接資料擷取模組14及資料加解密模組32。 The registration module 31 of the POS machine 30 is connected to the registration verification module 21 and the data encryption and decryption module 32. The data encryption and decryption module 32 is connected to the registration module 31, the device pairing module 33 and the data processing module 34. The device pairing module 33 is connected to the pairing verification module 23 and the data encryption and decryption module 32. The data processing module 34 is connected to the data acquisition module 14 and the data encryption and decryption module 32.

交易系統40的電支模組41及信用卡模組42均通訊連接資料擷取模組14。 The electronic payment module 41 and the credit card module 42 of the transaction system 40 are both connected to the data acquisition module 14.

圖1中的各模組均可為軟體、硬體或韌體;若為硬體,則行動裝置10的模組可為具有資料處理與運算能力之處理單元或處理器,其餘模組則可為具有資料處理與運算能力之處理單元、處理器、電腦或伺服器;若某一模組為軟體或韌體,則可包括處理單元、處理器、電腦或伺服器可執行之指令。 Each module in FIG. 1 may be software, hardware or firmware; if it is hardware, the module of the mobile device 10 may be a processing unit or processor with data processing and computing capabilities, and the remaining modules may be a processing unit, processor, computer or server with data processing and computing capabilities; if a module is software or firmware, it may include instructions that can be executed by the processing unit, processor, computer or server.

圖2為本發明一實施例的一種支付方法的流程示意圖,此支付方法可由圖1所示的支付系統執行,以下說明圖2流程。 Figure 2 is a schematic diagram of a payment method according to an embodiment of the present invention. This payment method can be executed by the payment system shown in Figure 1. The process of Figure 2 is described below.

首先,在步驟S11,行動裝置10與POS機30分別向裝置管理系統20註冊。 First, in step S11, the mobile device 10 and the POS machine 30 are registered with the device management system 20 respectively.

然後,在步驟S12,透過裝置管理系統20之協助,行動裝置10與POS機30進行配對。 Then, in step S12, with the assistance of the device management system 20, the mobile device 10 is paired with the POS machine 30.

在步驟S13,當店家的顧客50需要付款或結帳時,行動裝置10取得顧客50的支付資料,該支付資料可來自顧客50的信用卡或來自顧客50的手機所顯示的快速反應碼(quick response code,QR code)。 In step S13, when the store customer 50 needs to pay or check out, the mobile device 10 obtains the payment information of the customer 50, which can come from the customer 50's credit card or from the quick response code (QR code) displayed on the customer's mobile phone.

在步驟S14,行動裝置10將該支付資料傳送至交易系統40,以進行支付交易,並取得交易系統40回傳的交易結果。 In step S14, the mobile device 10 transmits the payment data to the transaction system 40 to perform the payment transaction and obtains the transaction result returned by the transaction system 40.

接著,在步驟S15,行動裝置10將該交易結果傳送至POS機30。 Then, in step S15, the mobile device 10 transmits the transaction result to the POS machine 30.

最後,在步驟S16,POS機30處理該交易結果。 Finally, in step S16, the POS machine 30 processes the transaction result.

圖3繪示步驟S11的註冊流程,對於行動裝置10,其註冊流程包括下列步驟。 FIG3 shows the registration process of step S11. For the mobile device 10, the registration process includes the following steps.

首先,在步驟S21,行動裝置10的註冊模組11向裝置管理系統20發出註冊請求,該註冊請求包括行動裝置10的識別碼。裝置管理系統20收到該註冊請求後,將該註冊請求送至註冊驗證模組21處理。 First, in step S21, the registration module 11 of the mobile device 10 sends a registration request to the device management system 20, and the registration request includes the identification code of the mobile device 10. After receiving the registration request, the device management system 20 sends the registration request to the registration verification module 21 for processing.

接著,在步驟S22,註冊驗證模組21用亂數產生一次性密碼(one-time password,OTP),再使用該一次性密碼驗證行動裝置10的使用者身分。 Next, in step S22, the registration verification module 21 generates a one-time password (OTP) using random numbers, and then uses the one-time password to verify the user identity of the mobile device 10.

詳言之,裝置管理系統20的註冊驗證模組21根據行動裝置10的使用者事先提供的通訊門號,用簡訊將該一次性密碼與裝置管理系統20規定的時限發送至行動裝置10。使用者可透過行動裝置10的註冊模組11的使用者介面輸入該一次性密碼,註冊模組11會透過網路將該一次性密碼傳回裝置管理系統20的註冊驗證模組21。 Specifically, the registration verification module 21 of the device management system 20 sends the one-time password and the time limit specified by the device management system 20 to the mobile device 10 via SMS according to the communication number provided in advance by the user of the mobile device 10. The user can enter the one-time password through the user interface of the registration module 11 of the mobile device 10, and the registration module 11 will return the one-time password to the registration verification module 21 of the device management system 20 through the network.

若註冊驗證模組21在該時限內接收到行動裝置10傳回的該一次性密碼,則判定行動裝置10通過身分驗證。反之,若註冊驗證模組21未在該時限內接收到行動裝置10傳回的一次性密碼,或接收到的行動裝置10傳回的一次性密碼與註冊驗證模組21先前發送者不一致,則判定行動裝置10未通過身分驗證。 If the registration verification module 21 receives the one-time password returned by the mobile device 10 within the time limit, the mobile device 10 is determined to have passed the identity verification. On the contrary, if the registration verification module 21 does not receive the one-time password returned by the mobile device 10 within the time limit, or the one-time password received from the mobile device 10 is inconsistent with the one previously sent by the registration verification module 21, the mobile device 10 is determined to have failed the identity verification.

在每一次身分驗證時,裝置管理系統20的註冊驗證模組21會用亂數產生此次驗證專用的一次性密碼,再透過4G或5G等行動通訊網路,以簡訊方式,將該一次性密碼發送至行動裝置10,而行動裝置10則透過網際網路、雲端網路或類似的電腦通訊網路將該一次性密碼傳回裝置管理系統20。每個一次性密碼只能用於一次身分驗證。 During each identity verification, the registration verification module 21 of the device management system 20 generates a one-time password for this verification using random numbers, and then sends the one-time password to the mobile device 10 via a mobile communication network such as 4G or 5G in the form of a text message. The mobile device 10 then transmits the one-time password back to the device management system 20 via the Internet, cloud network or similar computer communication network. Each one-time password can only be used for one identity verification.

此外,一次性密碼的發送與回傳係分別透過不同網路的不同傳送路徑,且一次性密碼的回傳有時間限制,藉此,可保障身分驗證的嚴謹與安全性。 In addition, the sending and return of the one-time password are respectively transmitted through different paths of different networks, and the return of the one-time password is time-limited, thereby ensuring the rigor and security of identity verification.

行動裝置10通過身分驗證後,在步驟S23,行動裝置10的註冊模組11透過資料加解密模組12產生行動裝置10的金鑰對,該金鑰對包括行動裝置10的公鑰與私鑰。反之,若行動裝置10未通過身分驗證,則中止圖3之註冊流程。 After the mobile device 10 passes the identity verification, in step S23, the registration module 11 of the mobile device 10 generates a key pair of the mobile device 10 through the data encryption and decryption module 12, and the key pair includes the public key and the private key of the mobile device 10. On the contrary, if the mobile device 10 fails the identity verification, the registration process of Figure 3 is terminated.

接著,在步驟S24,註冊模組11將行動裝置10的公鑰和識別碼發送至裝置管理系統20的註冊驗證模組21。 Next, in step S24, the registration module 11 sends the public key and identification code of the mobile device 10 to the registration verification module 21 of the device management system 20.

在步驟S25,註冊驗證模組21儲存行動裝置10的公鑰和識別碼。 In step S25, the registration verification module 21 stores the public key and identification code of the mobile device 10.

最後,在步驟S26,註冊驗證模組21自資料加解密模組22取得裝置管理系統20的公鑰,將該公鑰發送至行動裝置10,以完成註冊。 Finally, in step S26, the registration verification module 21 obtains the public key of the device management system 20 from the data encryption and decryption module 22, and sends the public key to the mobile device 10 to complete the registration.

另一方面,POS機30的註冊流程和行動裝置10相似,區別在於將行動裝置10、註冊模組11和資料加解密模組12分別替換為POS機30、註冊模組31和資料加解密模組32。 On the other hand, the registration process of the POS machine 30 is similar to that of the mobile device 10, except that the mobile device 10, the registration module 11 and the data encryption and decryption module 12 are replaced by the POS machine 30, the registration module 31 and the data encryption and decryption module 32 respectively.

另外,在步驟S22的身分驗證中,註冊驗證模組21用簡訊將一次性密碼與規定的時限發送至POS機30所綁定的手機,即POS機30的使用者的手機,且POS機30的使用者可透過POS機30的註冊模組31的使用者介面輸入該一次性密碼。行動裝置10與POS機30的註冊流程的其餘技術細節均相同。 In addition, in the identity verification of step S22, the registration verification module 21 sends the one-time password and the specified time limit to the mobile phone bound to the POS machine 30, that is, the mobile phone of the user of the POS machine 30, by SMS, and the user of the POS machine 30 can input the one-time password through the user interface of the registration module 31 of the POS machine 30. The rest of the technical details of the registration process of the mobile device 10 and the POS machine 30 are the same.

圖4繪示步驟S12的配對流程。 Figure 4 shows the pairing process of step S12.

首先,在步驟S31,POS機30的裝置配對模組33用亂數產生認證碼,並透過資料加解密模組32取得POS機30的簽章,再向裝置管理系統20發送初始配對請求,該初始配對請求包括POS機30的識別碼、該簽章和該認證碼。 First, in step S31, the device pairing module 33 of the POS machine 30 generates a verification code using random numbers, obtains the signature of the POS machine 30 through the data encryption and decryption module 32, and then sends an initial pairing request to the device management system 20. The initial pairing request includes the identification code of the POS machine 30, the signature, and the verification code.

裝置管理系統20收到該初始配對請求後,將該初始配對請求送至配對驗證模組23處理。配對驗證模組23透過資料加解密模組22驗證該簽章,且於確認該簽章無誤後儲存POS機30的識別碼和該認證碼。 After receiving the initial pairing request, the device management system 20 sends the initial pairing request to the pairing verification module 23 for processing. The pairing verification module 23 verifies the signature through the data encryption and decryption module 22, and stores the identification code of the POS machine 30 and the verification code after confirming that the signature is correct.

在步驟S32,行動裝置10的資料擷取模組14取得該認證碼和POS機30的識別碼。例如,使用者可令POS機30顯示一個快速反應碼,且該認證碼和POS機30的識別碼已編碼在該快速反應碼中,資料擷取模組14可透過行動裝置10附帶的攝影機掃描該快速反應碼,再取出其中的該認證碼和POS機30的識別碼。或者,資料擷取模組14可提供使用者介面,以供其使用者用人工輸入該認證碼和POS機30的識別碼。 In step S32, the data acquisition module 14 of the mobile device 10 obtains the authentication code and the identification code of the POS machine 30. For example, the user can make the POS machine 30 display a quick response code, and the authentication code and the identification code of the POS machine 30 are encoded in the quick response code. The data acquisition module 14 can scan the quick response code through the camera attached to the mobile device 10, and then extract the authentication code and the identification code of the POS machine 30. Alternatively, the data acquisition module 14 can provide a user interface for its user to manually input the authentication code and the identification code of the POS machine 30.

接著,在步驟S33,行動裝置10的裝置配對模組13透過資料加解密模組12取得行動裝置10的簽章,再向裝置管理系統20發送配對請求,該配對請求包括行動裝置10的識別碼、該簽章、該認證碼和POS機30的識別碼。 Next, in step S33, the device pairing module 13 of the mobile device 10 obtains the signature of the mobile device 10 through the data encryption and decryption module 12, and then sends a pairing request to the device management system 20. The pairing request includes the identification code of the mobile device 10, the signature, the authentication code and the identification code of the POS machine 30.

裝置管理系統20收到該配對請求後,將該配對請求送至配對驗證模組23處理。配對驗證模組23透過資料加解密模組22驗證該簽章,確認該簽章無誤後,再用該認證碼和POS機30的識別碼查詢先前是否已收到來自POS機30的初始配對請求(即查詢先前是否已儲存該認證碼和POS機30的識別碼)。 After receiving the pairing request, the device management system 20 sends the pairing request to the pairing verification module 23 for processing. The pairing verification module 23 verifies the signature through the data encryption and decryption module 22. After confirming that the signature is correct, it uses the authentication code and the identification code of the POS machine 30 to check whether the initial pairing request from the POS machine 30 has been received before (that is, to check whether the authentication code and the identification code of the POS machine 30 have been stored before).

若先前未收到該初始配對請求,則配對驗證模組23拒絕行動裝置10的配對請求,以中斷圖4的配對流程。若先前已收到來自POS機30的初始配對請求,則配對驗證模組23儲存行動裝置10的識別碼。 If the initial pairing request has not been received before, the pairing verification module 23 rejects the pairing request of the mobile device 10 to interrupt the pairing process of Figure 4. If the initial pairing request from the POS machine 30 has been received before, the pairing verification module 23 stores the identification code of the mobile device 10.

然後,在步驟S34,配對驗證模組23用POS機30的識別碼查詢到POS機30的公鑰,並透過資料加解密模組22取得裝置管理系統20的簽章,再將配對結果傳回行動裝置10,此配對結果包括該簽章和POS機30的識別碼與公鑰。 Then, in step S34, the pairing verification module 23 uses the identification code of the POS machine 30 to query the public key of the POS machine 30, and obtains the signature of the device management system 20 through the data encryption and decryption module 22, and then returns the pairing result to the mobile device 10. This pairing result includes the signature and the identification code and public key of the POS machine 30.

行動裝置10接收到該配對結果後,將該配對結果送至裝置配對模組13處理。裝置配對模組13透過資料加解密模組12驗證該簽章,且於確認該簽章無誤後儲存POS機30的識別碼與公鑰。 After receiving the matching result, the mobile device 10 sends the matching result to the device matching module 13 for processing. The device matching module 13 verifies the signature through the data encryption and decryption module 12, and stores the identification code and public key of the POS machine 30 after confirming that the signature is correct.

接著,在步驟S35,POS機30的裝置配對模組33透過資料加解密模組32取得POS機30的簽章,再向裝置管理系統20發送配對結果請求,以取得步驟S31的初始配對請求所對應的配對結果。 Next, in step S35, the device matching module 33 of the POS machine 30 obtains the signature of the POS machine 30 through the data encryption and decryption module 32, and then sends a matching result request to the device management system 20 to obtain the matching result corresponding to the initial matching request in step S31.

該配對結果請求包括POS機30的識別碼、該簽章和該認證碼。裝置管理系統20收到該配對結果請求後,將該配對結果請求送至配對驗證模組23處理。 The matching result request includes the identification code of the POS machine 30, the signature and the verification code. After receiving the matching result request, the device management system 20 sends the matching result request to the matching verification module 23 for processing.

最後,在步驟S36,配對驗證模組23透過資料加解密模組22驗證該簽章,且於確認該簽章無誤後透過資料加解密模組22取得裝置管理系統20的簽章,再向POS機30發送配對結果。該配對結果包括該簽章和行動裝置10的識別碼和公鑰。 Finally, in step S36, the pairing verification module 23 verifies the signature through the data encryption and decryption module 22, and after confirming that the signature is correct, obtains the signature of the device management system 20 through the data encryption and decryption module 22, and then sends the pairing result to the POS machine 30. The pairing result includes the signature and the identification code and public key of the mobile device 10.

POS機30接收到該配對結果後,將該配對結果送至裝置配對模組33處理。裝置配對模組33透過資料加解密模組32驗證該簽章,且於確認該簽章無誤後儲存行動裝置10的識別碼和公鑰。 After receiving the matching result, the POS machine 30 sends the matching result to the device matching module 33 for processing. The device matching module 33 verifies the signature through the data encryption and decryption module 32, and stores the identification code and public key of the mobile device 10 after confirming that the signature is correct.

經過圖4的配對流程後,行動裝置10和POS機30已儲存對方的識別碼與公鑰,可用於驗證對方的簽章並確認對方身分,且能用對方的公鑰解密經過對方的私鑰加密的資料,藉以建立交換資料的安全連線通道。此外,該安全連線通道可用於在步驟S15傳送支付交易的交易結果。 After the pairing process in FIG. 4 , the mobile device 10 and the POS machine 30 have stored each other's identification code and public key, which can be used to verify each other's signature and confirm each other's identity, and can use each other's public key to decrypt the data encrypted by each other's private key to establish a secure connection channel for exchanging data. In addition, the secure connection channel can be used to transmit the transaction result of the payment transaction in step S15.

接續圖4流程,以下說明圖2流程中的步驟S13至S16。 Continuing with the process of Figure 4, the following describes steps S13 to S16 in the process of Figure 2.

在步驟S13,顧客50向行動裝置10結帳,行動裝置10啟動支付應用程式,該支付應用程式令資料擷取模組14取得顧客50的支付資料。例如,資料擷取模組14可透過行動裝置10的近場通信(Near Field Communication,NFC)感應功能擷取顧客50的信用卡晶片中的支付資料。或者,資料擷取模組14可透過行動裝置10的攝影機掃描顧客50的手機所顯示的電子支付快速反應碼,以取得已編碼在該電子支付快速反應碼中的支付資料。 In step S13, the customer 50 checks out on the mobile device 10, and the mobile device 10 activates the payment application, which instructs the data capture module 14 to obtain the payment information of the customer 50. For example, the data capture module 14 can capture the payment information in the credit card chip of the customer 50 through the Near Field Communication (NFC) sensing function of the mobile device 10. Alternatively, the data capture module 14 can scan the electronic payment quick response code displayed on the mobile phone of the customer 50 through the camera of the mobile device 10 to obtain the payment information encoded in the electronic payment quick response code.

在步驟S14,行動裝置10的該支付應用程式向交易系統40傳送該支付資料。交易系統40根據該支付資料的類型,使用電支模組41或信用卡模組42進行支付交易,再將交易結果傳回行動裝置10。 In step S14, the payment application of the mobile device 10 transmits the payment data to the transaction system 40. The transaction system 40 uses the payment module 41 or the credit card module 42 to perform the payment transaction according to the type of the payment data, and then transmits the transaction result back to the mobile device 10.

在步驟S15,行動裝置10的該支付應用程式透過資料加解密模組12取得行動裝置10的簽章,並透過資料加解密模組12用行動裝置10的私鑰加密該交易結果,再將行動裝置10的識別碼、該簽章和加密之交易結果傳送至POS機30。 In step S15, the payment application of the mobile device 10 obtains the signature of the mobile device 10 through the data encryption and decryption module 12, and encrypts the transaction result with the private key of the mobile device 10 through the data encryption and decryption module 12, and then transmits the identification code of the mobile device 10, the signature and the encrypted transaction result to the POS machine 30.

最後,在步驟S16,POS機30的資料加解密模組32用行動裝置10的識別碼查詢並取得行動裝置10的公鑰,用該公鑰驗證行動裝置10的簽章,以確認行動裝置10傳送的資料未被竄改,確認簽章無誤後,用行動裝置10的公鑰解密取得交易結果。接著,資料處理模組34儲存並處理已解密的交易結果。 Finally, in step S16, the data encryption and decryption module 32 of the POS machine 30 uses the identification code of the mobile device 10 to query and obtain the public key of the mobile device 10, and uses the public key to verify the signature of the mobile device 10 to confirm that the data transmitted by the mobile device 10 has not been tampered with. After confirming that the signature is correct, the public key of the mobile device 10 is used to decrypt and obtain the transaction result. Then, the data processing module 34 stores and processes the decrypted transaction result.

前述之各流程的各步驟中,行動裝置10、裝置管理系統20及POS機30的簽章的簽署對象分別為行動裝置10、裝置管理系統20及POS機30的識別碼。傳送簽章時,該簽章的傳送端為行動裝置10、裝置管理系統20 及POS機30中之一者,該簽章的接收端為行動裝置10、裝置管理系統20及POS機30中之另一者。該簽章的接收端可用傳送端的公鑰驗證該簽章,若驗證無誤,表示傳送端的身分正確,流程可繼續進行。若驗證有誤,則接收端可中止流程。 In each step of the aforementioned processes, the signing objects of the signatures of the mobile device 10, the device management system 20 and the POS machine 30 are the identification codes of the mobile device 10, the device management system 20 and the POS machine 30 respectively. When transmitting the signature, the transmitting end of the signature is one of the mobile device 10, the device management system 20 and the POS machine 30, and the receiving end of the signature is the other of the mobile device 10, the device management system 20 and the POS machine 30. The receiving end of the signature can verify the signature with the public key of the transmitting end. If the verification is correct, it means that the identity of the transmitting end is correct and the process can continue. If the verification is incorrect, the receiving end can terminate the process.

本發明的行動裝置安裝有經過銀行認證的支付應用程式,以取代傳統POS系統的支付終端,店家需要擴充支付終端時,增加行動裝置以擴充支付終端,比添購經過銀行的硬體認證的傳統支付終端更方便迅速,且更能減少設備成本。 The mobile device of the present invention is installed with a bank-certified payment application to replace the payment terminal of the traditional POS system. When the store needs to expand the payment terminal, adding a mobile device to expand the payment terminal is more convenient and faster than purchasing a traditional payment terminal that has been certified by the bank's hardware, and it can also reduce equipment costs.

另外,行動裝置可透過無線網路或近距離無線通信等方式跟POS機連線,藉此延長POS系統裝置間的連線距離,且無線的行動裝置能靈活移動,以提高店家與顧客使用的便利性。 In addition, mobile devices can be connected to POS machines through wireless networks or near-field wireless communications, thereby extending the connection distance between POS system devices. Wireless mobile devices can be moved flexibly to improve the convenience of use for stores and customers.

此外,本發明的行動裝置及POS機會向裝置管理系統註冊以驗證使用者身分,並透過配對建立交換資料的安全連線通道,能確保裝置間連線的安全,且能使POS系統更安全地運作。 In addition, the mobile device and POS machine of the present invention will register with the device management system to verify the user's identity, and establish a secure connection channel for exchanging data through pairing, which can ensure the security of the connection between devices and enable the POS system to operate more securely.

在一實施例中,本發明另提供一種電腦可讀取儲存媒體。該電腦可讀取儲存媒體包括至少一個儲存有指令的記憶體、軟碟、硬碟及/或光碟。該指令可由前述之行動裝置、裝置管理系統及POS機讀取,以執行上述之支付方法。 In one embodiment, the present invention further provides a computer-readable storage medium. The computer-readable storage medium includes at least one memory, floppy disk, hard disk and/or optical disk storing instructions. The instructions can be read by the aforementioned mobile device, device management system and POS machine to execute the above-mentioned payment method.

上述實施形態僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何在本技術領域具有通常知識者均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。因此,本發明之權利保護範圍,應如後述之申請專利範圍所列。 The above implementation forms are only illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Anyone with common knowledge in this technical field may modify and change the above implementation forms without violating the spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be as listed in the scope of the patent application described below.

10:行動裝置 10: Mobile devices

20:裝置管理系統 20: Device management system

30:銷售點主機 30: Point of sale host

40:交易系統 40: Trading system

50:顧客 50: Customers

S11~S16:步驟 S11~S16: Steps

Claims (10)

一種支付方法,係由行動裝置、裝置管理系統及銷售點主機執行,該支付方法包括: A payment method is performed by a mobile device, a device management system, and a point-of-sale host, the payment method comprising: 令該行動裝置與該銷售點主機分別向該裝置管理系統註冊,以在該裝置管理系統登記該行動裝置與該銷售點主機之識別碼與公鑰; Request the mobile device and the point-of-sale host to register with the device management system respectively, so as to register the identification code and public key of the mobile device and the point-of-sale host in the device management system; 令該行動裝置與該銷售點主機透過該裝置管理系統進行配對,以取得對方之識別碼與公鑰,俾建立該行動裝置與該銷售點主機之間的安全連線通道; Allow the mobile device to pair with the point-of-sale host through the device management system to obtain the other party's identification code and public key, so as to establish a secure connection channel between the mobile device and the point-of-sale host; 由該行動裝置擷取顧客之支付資料,以向交易系統傳送該支付資料,俾依據該支付資料令該交易系統進行支付交易及取得該支付交易之交易結果;以及 The mobile device captures the customer's payment information and transmits the payment information to the transaction system so that the transaction system can perform a payment transaction based on the payment information and obtain the transaction result of the payment transaction; and 該行動裝置透過該安全連線通道將該交易結果傳送至該銷售點主機。 The mobile device transmits the transaction result to the point-of-sale host through the secure connection channel. 如請求項1所述之支付方法,其中,該行動裝置與該銷售點主機之註冊包括: The payment method as described in claim 1, wherein the registration of the mobile device and the point-of-sale host comprises: 由該裝置管理系統向註冊裝置發送一次性密碼,其中,該註冊裝置係該行動裝置或該銷售點主機; The device management system sends a one-time password to the registered device, wherein the registered device is the mobile device or the point-of-sale host; 若該裝置管理系統在規定時限內接收到該註冊裝置回傳之該一次性密碼,則判定該註冊裝置通過驗證,若否,則判定該註冊裝置未通過驗證;以及 If the device management system receives the one-time password sent back by the registered device within the specified time limit, it is determined that the registered device has passed the verification; if not, it is determined that the registered device has not passed the verification; and 僅於該註冊裝置通過驗證後,將該註冊裝置之識別碼與公鑰發送至該裝置管理系統。 Only after the registered device passes the verification, the identification code and public key of the registered device will be sent to the device management system. 如請求項2所述之支付方法,其中,該裝置管理系統係透過行動通訊網路將該一次性密碼發送至該註冊裝置,以供該註冊裝置透過電腦通訊網路將該一次性密碼回傳至該裝置管理系統。 The payment method as described in claim 2, wherein the device management system sends the one-time password to the registered device via a mobile communication network, so that the registered device returns the one-time password to the device management system via a computer communication network. 如請求項2所述之支付方法,其中,該行動裝置與該銷售點主機之註冊復包括: The payment method as described in claim 2, wherein the registration of the mobile device and the point-of-sale host includes: 於該裝置管理系統接收到該註冊裝置所發送之識別碼與公鑰後,將該裝置管理系統之公鑰發送至該註冊裝置,以供該註冊裝置於後續流程中驗證該裝置管理系統之簽章。 After the device management system receives the identification code and public key sent by the registered device, it sends the public key of the device management system to the registered device so that the registered device can verify the signature of the device management system in the subsequent process. 如請求項1所述之支付方法,其中,該行動裝置與該銷售點主機之配對包括: The payment method as described in claim 1, wherein the pairing of the mobile device and the point-of-sale host comprises: 由該銷售點主機產生認證碼,再將該認證碼與該銷售點主機之識別碼發送至該裝置管理系統; The point-of-sale host generates an authentication code, and then sends the authentication code and the identification code of the point-of-sale host to the device management system; 令該行動裝置自該銷售點主機或該行動裝置之使用者介面取得該認證碼與該銷售點主機之識別碼,再根據該認證碼與該銷售點主機之識別碼自該裝置管理系統取得該銷售點主機之公鑰;以及 Allow the mobile device to obtain the authentication code and the identification code of the point-of-sale host from the point-of-sale host or the user interface of the mobile device, and then obtain the public key of the point-of-sale host from the device management system based on the authentication code and the identification code of the point-of-sale host; and 令該銷售點主機自該裝置管理系統取得該行動裝置之識別碼與公鑰。 The point-of-sale host obtains the identification code and public key of the mobile device from the device management system. 如請求項5所述之支付方法,其中,該行動裝置與該銷售點主機之配對復包括: The payment method as described in claim 5, wherein the pairing of the mobile device and the point-of-sale host further comprises: 令該銷售點主機將該認證碼與該銷售點主機之識別碼編碼在快速反應碼中,以顯示該快速反應碼;以及 causing the point-of-sale host to encode the authentication code and the identification code of the point-of-sale host in a quick response code to display the quick response code; and 令該行動裝置掃描該快速反應碼,以自該快速反應碼取得該認證碼與該銷售點主機之識別碼。 The mobile device is instructed to scan the quick response code to obtain the authentication code and the identification code of the point-of-sale host from the quick response code. 如請求項1所述之支付方法,復包括: The payment method as described in claim 1 further includes: 令該行動裝置透過近場通信感應功能自該顧客之信用卡的晶片擷取該支付資料;或 Allow the mobile device to capture the payment information from the chip of the customer’s credit card through near field communication sensing; or 令該行動裝置透過攝影機掃描該顧客之手機所顯示的電子支付快速反應碼,以擷取已編碼在該電子支付快速反應碼中之該支付資料。 The mobile device is used to scan the electronic payment quick response code displayed on the customer's mobile phone through a camera to capture the payment information encoded in the electronic payment quick response code. 如請求項1所述之支付方法,復包括: The payment method as described in claim 1 further includes: 令該行動裝置與該銷售點主機互相使用對方之識別碼與公鑰驗證對方之簽章及確認對方之身分,且互相使用對方之公鑰解密係經過對方之私鑰加密的資料,以建立該安全連線通道。 The mobile device and the point-of-sale host use each other's identification code and public key to verify each other's signature and confirm each other's identity, and use each other's public key to decrypt data encrypted by each other's private key to establish the secure connection channel. 一種電腦可讀取儲存媒體,係儲存有指令,該指令由行動裝置、裝置管理系統及銷售點主機讀取,以執行如請求項1至8之任一者所述之支付方法。 A computer-readable storage medium stores instructions that are read by a mobile device, a device management system, and a point-of-sale host to execute a payment method as described in any one of claims 1 to 8. 一種支付系統,包括裝置管理系統、銷售點主機與行動裝置,其中: A payment system includes a device management system, a point-of-sale host and a mobile device, wherein: 該裝置管理系統用於接受該行動裝置與該銷售點主機之註冊,以儲存該行動裝置與該銷售點主機之識別碼與公鑰; The device management system is used to accept the registration of the mobile device and the point-of-sale host to store the identification code and public key of the mobile device and the point-of-sale host; 該銷售點主機用於透過該裝置管理系統與該行動裝置配對,以取得該行動裝置之識別碼與公鑰,俾建立該行動裝置與該銷售點主機之間的安全連線通道;以及 The point-of-sale host is used to pair with the mobile device through the device management system to obtain the identification code and public key of the mobile device so as to establish a secure connection channel between the mobile device and the point-of-sale host; and 該行動裝置用於透過該裝置管理系統與該銷售點主機配對,以取得該銷售點主機之識別碼與公鑰,俾建立該安全連線通道,及擷取顧客之支付資料,以向交易系統傳送該支付資料,進行支付交易及取得該支付交易之交易結果,再透過該安全連線通道將該交易結果傳送至該銷售點主機。 The mobile device is used to pair with the point-of-sale host through the device management system to obtain the identification code and public key of the point-of-sale host, so as to establish the secure connection channel and capture the customer's payment information to transmit the payment information to the transaction system, conduct the payment transaction and obtain the transaction result of the payment transaction, and then transmit the transaction result to the point-of-sale host through the secure connection channel.
TW112107636A 2023-03-02 2023-03-02 Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals TWI834510B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112107636A TWI834510B (en) 2023-03-02 2023-03-02 Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112107636A TWI834510B (en) 2023-03-02 2023-03-02 Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals

Publications (2)

Publication Number Publication Date
TWI834510B TWI834510B (en) 2024-03-01
TW202437168A true TW202437168A (en) 2024-09-16

Family

ID=91269575

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112107636A TWI834510B (en) 2023-03-02 2023-03-02 Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals

Country Status (1)

Country Link
TW (1) TWI834510B (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104463576A (en) * 2014-11-26 2015-03-25 深圳市智惠付信息技术有限公司 NFC mobile payment communication method based on online payment
CN107292606A (en) * 2017-07-27 2017-10-24 中国银联股份有限公司 A kind of method of payment and device
CN107679847B (en) * 2017-09-07 2021-05-11 广东工业大学 A mobile transaction privacy protection method based on near field communication two-way identity authentication
US11551208B2 (en) * 2018-10-04 2023-01-10 Verifone, Inc. Systems and methods for point-to-point encryption compliance

Also Published As

Publication number Publication date
TWI834510B (en) 2024-03-01

Similar Documents

Publication Publication Date Title
CN105339963B (en) System and method for connecting a device to a user account
CN113014400B (en) Secure authentication of users and mobile devices
KR101815430B1 (en) Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
US11108558B2 (en) Authentication and fraud prevention architecture
US9886688B2 (en) System and method for secure transaction process via mobile device
US8621595B2 (en) System and method for authenticating a network gateway
US20160117673A1 (en) System and method for secured transactions using mobile devices
US20150066778A1 (en) Digital card-based payment system and method
KR101562363B1 (en) Relieved Card Operating System and Method
KR20140125449A (en) Transaction processing system and method
US20140172741A1 (en) Method and system for security information interaction based on internet
JP6667498B2 (en) Remote transaction system, method and POS terminal
US20200097937A1 (en) Token-based open-loop stored-value card network
KR101780186B1 (en) Method and Apparatus for Authenticating Mobile Payment
US20140258046A1 (en) Method for managing a transaction
CN103077460A (en) System and method for financial certificate transaction by mobile device
US20090015374A1 (en) User authentication system and method
KR20150106198A (en) Method, server and device for certification
WO2020058861A1 (en) A payment authentication device, a payment authentication system and a method of authenticating payment
TWI834510B (en) Payment system, payment method and computer-readable storage medium using mobiles devices as payment terminals
KR20220063107A (en) Method for servicing mobile payment using qr code and payment server using them
US12124830B2 (en) Method and system for configuring a mobile point-of-sales application
EP4191496A1 (en) Devices, methods and a system for secure electronic payment transactions
EP4123539A1 (en) Methods and system for operating a mpos application, using a sim
US20250112902A1 (en) Secure and privacy preserving message routing system