+

CN101561956A - Method and system for information interaction - Google Patents

Method and system for information interaction Download PDF

Info

Publication number
CN101561956A
CN101561956A CNA2009100856177A CN200910085617A CN101561956A CN 101561956 A CN101561956 A CN 101561956A CN A2009100856177 A CNA2009100856177 A CN A2009100856177A CN 200910085617 A CN200910085617 A CN 200910085617A CN 101561956 A CN101561956 A CN 101561956A
Authority
CN
China
Prior art keywords
mobile phone
payer
payment system
account
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2009100856177A
Other languages
Chinese (zh)
Inventor
李力争
刘道斌
杨木祥
刘宏伟
姚彬
王四军
刘福桦
窦永金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Potevio Institute of Technology Co Ltd
Original Assignee
Potevio Institute of Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Potevio Institute of Technology Co Ltd filed Critical Potevio Institute of Technology Co Ltd
Priority to CNA2009100856177A priority Critical patent/CN101561956A/en
Publication of CN101561956A publication Critical patent/CN101561956A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明公开了信息交互的方法及系统。其中,该方法包括:商务平台接收个人计算机发送的订单信息,通过互联网向支付系统发送交易请求,该交易请求包括订单信息,支付方信息包括支付方手机标识;支付系统向支付方手机标识对应的手机发送未确认交易消息,该未确认交易消息中包括订单信息;支付系统接收手机返回的交易确认消息;支付系统对所述支付方账号和密码进行验证后,将确认消息中包括的购买金额从支付方账号转移到收费方账号。将信息交互通过两种网络渠道完成,具体地,现有技术中通过互联网进行交互的信息在本发明中需要手机进行确认后才能进行相应的处理,从而,提高了信息交互的安全性。

Figure 200910085617

The invention discloses an information interaction method and system. Wherein, the method includes: the business platform receives the order information sent by the personal computer, and sends a transaction request to the payment system through the Internet, the transaction request includes the order information, and the payer information includes the payer mobile phone identification; The mobile phone sends an unconfirmed transaction message, which includes order information; the payment system receives the transaction confirmation message returned by the mobile phone; after the payment system verifies the payer account and password, it transfers the purchase amount included in the confirmation message from The account of the payer is transferred to the account of the payer. The information exchange is completed through two network channels. Specifically, the information exchanged through the Internet in the prior art needs to be confirmed by the mobile phone before corresponding processing can be performed in the present invention, thereby improving the security of information exchange.

Figure 200910085617

Description

信息交互的方法及系统 Method and system for information exchange

技术领域 technical field

本发明涉及网络通信技术,尤其涉及信息交互的方法及系统。The present invention relates to network communication technology, in particular to a method and system for information interaction.

背景技术 Background technique

在双方通过互联网进行信息交互的过程中,常出现交互的信息被窃取,引起信息交互安全性低的问题。下面以网上交易过程中双方通过互联网交互的信息被窃取为例进行说明。In the process of information exchange between the two parties through the Internet, the exchanged information is often stolen, which causes the problem of low security of information exchange. The following takes an example of the theft of information exchanged by both parties through the Internet during an online transaction.

随着网络的大规模普及,各个银行逐渐开启自己的网络银行系统,有些网络银行系统仅局限于账户信息查询,有些则包含转账付款等网上交易功能,还有的已经涉及贷款、投资等方面的内容。下面对网上交易的支付流程进行详细说明,该流程包括以下步骤:With the large-scale popularization of the Internet, various banks have gradually opened their own online banking systems. Some online banking systems are limited to account information inquiries, some include online transaction functions such as transfer payments, and some have already involved loans, investments, etc. content. The following is a detailed description of the payment process for online transactions, which includes the following steps:

步骤101,商务平台对用户进行身份认证。Step 101, the business platform authenticates the identity of the user.

商务平台接收个人计算机(PC,Personal Computer)通过互联网(Internet)发送的登录请求,根据登录请求包含的用户名和密码对用户进行身份认证。同时,PC还可对商务平台提供的相关商务网站进行认证。The business platform receives a login request sent by a personal computer (PC, Personal Computer) through the Internet (Internet), and authenticates the user according to the username and password included in the login request. At the same time, the PC can also authenticate the relevant business websites provided by the business platform.

步骤102,PC登录商务平台。Step 102, the PC logs into the business platform.

步骤103,PC向商务平台发送订单信息。In step 103, the PC sends order information to the business platform.

该订单信息包括用户所选的购买物品、购买金额和收费方账号。The order information includes the purchase item selected by the user, the purchase amount and the account number of the charging party.

步骤104,商务平台向支付系统发送交易请求。Step 104, the business platform sends a transaction request to the payment system.

该交易请求包括订单信息。支付系统中存储了账号与存储金额之间的对应关系。The transaction request includes order information. The corresponding relationship between the account number and the stored amount is stored in the payment system.

步骤105,支付系统接收PC发送的支付方账号和密码,对该账号和密码进行验证后,将订单信息包含的购买金额从支付方账号转移到收费方账号。Step 105, the payment system receives the account number and password of the payer sent by the PC, and after verifying the account number and password, transfers the purchase amount contained in the order information from the account number of the payer to the account number of the payer.

对支付方账号和密码进行验证的过程包括:支付系统提取出保存的与PC发送的账号对应的密码,将提取的密码与PC发送的密码进行比较,如果相同,则验证成功,如果不相同,则验证失败。The process of verifying the account number and password of the payer includes: the payment system extracts the stored password corresponding to the account number sent by the PC, and compares the extracted password with the password sent by the PC. If they are the same, the verification is successful; then verification fails.

不法分子借助网络银行上的交易,盗取用户的账号和密码,从而大量盗窃用户资金。常见的盗窃用户的账号和密码的方法通过木马程序完成,比如,黑客首先在PC系统注入木马程序,驻留在中招PC系统里的监控系统就可以截取系统及用户上网时打开的网络银行账号和密码窗口。也就是,当用户在网络银行程序里输入支付方账号和密码时,计算机就会自动将相关信息的编码发送给黑客,黑客再据此进行反读取以破译,再用破译的支付方账号和密码来盗窃用户的资金;另外,当用户在网络银行程序里输入收费方账号时,计算机还可能修改收费方账号,或者同时修改收费方账号和购买金额,以盗窃用户的资金。Criminals steal users' account numbers and passwords by means of online banking transactions, thereby stealing a large amount of users' funds. Common methods of stealing user accounts and passwords are accomplished through Trojan horse programs. For example, a hacker first injects a Trojan horse program into the PC system, and the monitoring system residing in the PC system can intercept the system and the online bank account opened by the user when surfing the Internet. and password window. That is, when the user enters the account number and password of the payer in the online banking program, the computer will automatically send the code of the relevant information to the hacker, and the hacker will read it back to decipher it, and then use the deciphered account number and password of the payer In addition, when the user enters the account number of the payer in the online banking program, the computer may also modify the account number of the payer, or modify the account number and purchase amount of the payer at the same time, so as to steal the user's funds.

现有的通过互联网实现的支付流程中,支付系统首先接收PC通过商务平台发送的包含订单信息的交易请求,再接收PC发送的支付方账号和密码,然后进行购买金额转移处理。在该流程中,由于PC发送给支付系统的信息很可能被修改,导致支付系统的购买金额转移处理出现错误。In the existing payment process realized through the Internet, the payment system first receives the transaction request containing the order information sent by the PC through the business platform, and then receives the payer account number and password sent by the PC, and then transfers the purchase amount. In this process, since the information sent by the PC to the payment system is likely to be modified, an error occurs in the transfer processing of the payment system's purchase amount.

可见,现有的通过互联网进行信息交互的方案具有安全性低的缺点。It can be seen that the existing solutions for information exchange through the Internet have the disadvantage of low security.

发明内容 Contents of the invention

本发明提供一种信息交互的方法,该方法能够提高信息交互的安全性。The invention provides a method for information interaction, which can improve the security of information interaction.

本发明提供一种信息交互的系统,该系统能够提高信息交互的安全性。The invention provides an information interaction system, which can improve the security of information interaction.

一种信息交互的方法,该方法包括:A method for information interaction, the method comprising:

商务平台接收个人计算机发送的订单信息,通过互联网向支付系统发送交易请求,该交易请求包括订单信息,该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,支付方信息包括支付方手机标识;The business platform receives the order information sent by the personal computer, and sends a transaction request to the payment system through the Internet. The transaction request includes order information. Fang mobile phone ID;

支付系统向支付方手机标识对应的手机发送未确认交易消息,该未确认交易消息中包括订单信息;The payment system sends an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer, and the unconfirmed transaction message includes order information;

支付系统接收手机返回的交易确认消息,该交易确认消息中包括购买金额、收费方账号、支付方账号和密码;The payment system receives the transaction confirmation message returned by the mobile phone, the transaction confirmation message includes the purchase amount, account number of the charging party, account number of the paying party and password;

支付系统对所述支付方账号和密码进行验证后,将确认消息中包括的购买金额从支付方账号转移到收费方账号。After the payment system verifies the account number and password of the payer, the purchase amount included in the confirmation message is transferred from the account number of the payer to the account number of the payer.

一种信息交互的系统,该系统包括商务平台、支付系统和手机;An information interaction system, the system includes a business platform, a payment system and a mobile phone;

所述商务平台,用于接收个人计算机发送的订单信息,通过互联网向支付系统发送交易请求,该交易请求包括订单信息,该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,所述支付方信息包括支付方手机标识,;The business platform is used to receive the order information sent by the personal computer, and send a transaction request to the payment system through the Internet, the transaction request includes order information, and the order information includes purchased items, purchase amount, payer information and charge party account number, The payer information includes the payer mobile phone identifier;

所述支付系统,用于向支付方手机标识对应的手机发送未确认交易消息,该未确认交易消息中包括订单信息;接收手机返回交易确认消息,该交易确认消息中包括购买金额、收费方账号、支付方账号和密码;支付系统对所述支付方账号和密码进行验证后,将确认消息中包括的购买金额从支付方账号转移到收费方账号;The payment system is used to send an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer, the unconfirmed transaction message includes order information; the receiving mobile phone returns a transaction confirmation message, the transaction confirmation message includes the purchase amount, the account number of the charging party . Payer account number and password; after the payment system verifies the payer account number and password, transfer the purchase amount included in the confirmation message from the payer account to the charge party account;

所述手机,用于接收支付系统发送的未确认交易消息,向支付系统返回交易确认消息。The mobile phone is used to receive an unconfirmed transaction message sent by the payment system, and return a transaction confirmation message to the payment system.

从上述方案可以看出,本发明中,商务平台通过互联网向支付系统发送交易请求;支付系统向支付方手机标识对应的手机发送未确认交易消息,接收手机返回的交易确认消息,该交易确认消息中包括购买金额、收费方账号、支付方账号和密码;然后,支付系统对支付方账号和密码进行验证后,将购买金额从支付方账号转移到收费方账号。本发明通过互联网向支付系统发送交易请求,再通过手机移动网与手机进行交易确认和费用支付。将信息交互通过两种网络渠道完成,通过互联网进行交互的信息需要手机进行确认后才能进行相应的处理,从而,提高了信息交互的安全性。It can be seen from the above scheme that in the present invention, the business platform sends a transaction request to the payment system through the Internet; the payment system sends an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer, and receives the transaction confirmation message returned by the mobile phone. Including the purchase amount, the account number of the payer, the account number of the payer, and the password; then, after the payment system verifies the account number and password of the payer, the purchase amount is transferred from the account number of the payer to the account number of the payer. The invention sends a transaction request to the payment system through the Internet, and then performs transaction confirmation and fee payment through the mobile phone network and the mobile phone. The information exchange is completed through two network channels, and the information exchanged through the Internet needs to be confirmed by the mobile phone before it can be processed accordingly, thereby improving the security of the information exchange.

附图说明 Description of drawings

图1为现有技术中信息交互的方法流程图;FIG. 1 is a flowchart of a method for information interaction in the prior art;

图2为本发明信息交互的方法示意性流程图;Fig. 2 is a schematic flowchart of a method for information interaction in the present invention;

图3为本发明信息交互的方法流程图实例一;Fig. 3 is a flow chart example 1 of the method of information interaction in the present invention;

图4为本发明信息交互的方法流程图实例二。FIG. 4 is the second example of the flow chart of the method for information interaction in the present invention.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和优点更加清楚明白,下面结合实施例和附图,对本发明进一步详细说明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the embodiments and accompanying drawings.

现有技术中,信息交互通过互联网完成,本发明为了提高信息交互的安全性,使信息交互通过两种网络渠道完成。为了便于说明,这里将进行信息交互的双方用A方和B方表示。具体地,A方接收B方发送的信息处理请求后,将该信息处理请求包括的内容通过手机移动网发送给第三方,第三方对其确认无误后返回确认信息,A方接收确认信息后进行相应的处理。本发明中,将双方通过互联网进行交互的信息,通过手机移动网发送给第三方确认后再进行相应的处理,如果不法分子修改了通过互联网进行交互的信息,则第三方不对其进行确认,也就不再进行后续的处理。从而,提高了信息交互的有效性和安全性。In the prior art, the information exchange is completed through the Internet. In order to improve the security of the information exchange, the present invention enables the information exchange to be completed through two network channels. For the convenience of description, the two parties performing information exchange are denoted as party A and party B here. Specifically, after Party A receives the information processing request sent by Party B, it sends the content included in the information processing request to a third party through the mobile phone network, and the third party confirms that it is correct and returns a confirmation message. Treat accordingly. In the present invention, the information exchanged by both parties through the Internet is sent to the third party through the mobile phone mobile network for confirmation, and then corresponding processing is performed. If criminals modify the information exchanged through the Internet, the third party does not confirm it, nor No further processing will be performed. Thus, the effectiveness and security of information exchange are improved.

进行交互的信息包括多种,下面以网上交易过程中传输的信息为例进行说明。具体地,首先PC通过互联网向支付系统发送交易请求,该交易请求包括订单信息,该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,支付方信息包括支付方手机标识;支付系统再通过手机移动网与手机进行交易确认,支付系统接收手机发送的交易确认消息后再进行费用转移处理,该交易确认消息中包括已经确认的购买金额、收费方账号、支付方账号和密码。由于对通过两种网络完成的信息交互过程很难做到同步跟踪,例如,假设计算机发送给支付系统的交易请求中包含的收费方账号被修改,但由于后续支付系统需要与手机之间进行交易确认,一旦支付方发现收费方账号或购买金额被修改,则不会对订单信息进行确认,将使交易终止。从而,提高了信息交互的安全性。There are many kinds of information to be interacted with, and the information transmitted during the online transaction is taken as an example below for illustration. Specifically, firstly, the PC sends a transaction request to the payment system through the Internet, the transaction request includes order information, the order information includes purchased items, purchase amount, payer information, and the account number of the payer, and the payer information includes the payer mobile phone identification; The system then confirms the transaction with the mobile phone through the mobile phone network. The payment system receives the transaction confirmation message sent by the mobile phone and then proceeds to transfer the fee. The transaction confirmation message includes the confirmed purchase amount, the account number of the charging party, the account number of the paying party and the password. It is difficult to track the information interaction process completed through the two networks simultaneously. For example, suppose the account number of the payer included in the transaction request sent by the computer to the payment system is modified, but because the subsequent payment system needs to conduct transactions with the mobile phone Confirmation, once the payer discovers that the account number of the payer or the purchase amount has been modified, the order information will not be confirmed and the transaction will be terminated. Therefore, the security of information exchange is improved.

手机发送给支付系统的交易确认消息中的内容一般不能被更改,为了进一步提高信息交互的安全性,对于未来可能出现的交易确认消息中内容被非法更改的情况,例如,对于交易确认消息中的购买金额或收费方账号被更该的情况,本发明中支付系统在进行费用转移处理之前,将订单信息包括的购买金额和收费方账号,与交易确认消息中包括的购买金额和收费方账号进行比较,如果相同,才进行费用转移处理;否则,不进行费用转移处理。The content of the transaction confirmation message sent by the mobile phone to the payment system generally cannot be changed. In order to further improve the security of information interaction, for future possible situations where the content of the transaction confirmation message is illegally changed, for example, for the In the case where the purchase amount or the account number of the charge party is changed, the payment system in the present invention compares the purchase amount and account number of the charge party included in the order information with the purchase amount and account number of the charge party included in the transaction confirmation message before performing the fee transfer process. If they are the same, the fee transfer processing is performed; otherwise, the fee transfer processing is not performed.

本发明还在支付方手机上设置智能存储卡,通过智能存储卡与支付系统进行身份认证、签名认证等。参见图2,为本发明信息交互的方法示例性流程图,该流程包括以下步骤:In the present invention, an intelligent memory card is also installed on the mobile phone of the payer, and identity authentication, signature authentication, etc. are performed through the intelligent memory card and the payment system. Referring to Fig. 2, it is an exemplary flow chart of the method for information interaction of the present invention, and the process includes the following steps:

步骤201,商务平台通过互联网接收个人计算机发送的订单信息。Step 201, the business platform receives the order information sent by the personal computer through the Internet.

该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,该支付方信息包括支付方手机标识。The order information includes purchased items, purchase amount, information of the payer and account number of the payer, and the information of the payer includes the mobile phone identifier of the payer.

步骤202,商务平台通过互联网向支付系统发送交易请求。Step 202, the business platform sends a transaction request to the payment system through the Internet.

该交易请求包括订单信息。The transaction request includes order information.

步骤203,支付系统通过手机移动网向支付方手机标识对应的手机发送未确认交易消息。Step 203, the payment system sends an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer through the mobile phone network.

该未确认交易消息中包括订单信息。The unconfirmed transaction message includes order information.

本步骤可以是支付系统接收交易请求后由支付系统自动触发的;也可以是支付系统接收手机发送的未确认交易消息下发请求后触发的,也就是由手机触发的。对于由手机触发的情况,手机在向支付系统发送未确认交易消息下发请求之前,需要先登录支付系统。可选地,在支付系统接收手机登录之前,支付系统与智能存储卡之间进行身份认证,以提高安全性。This step can be automatically triggered by the payment system after receiving the transaction request; it can also be triggered after the payment system receives the unconfirmed transaction message sending request sent by the mobile phone, that is, triggered by the mobile phone. For the situation triggered by the mobile phone, the mobile phone needs to log in to the payment system before sending an unconfirmed transaction message to the payment system to issue a request. Optionally, before the payment system receives the mobile phone login, identity authentication is performed between the payment system and the smart memory card to improve security.

支付系统与智能存储卡之间进行身份认证的实现方法有多种。这里以采用根证书进行身份认证的方式为例进行说明。支付系统中存储了用户所开的账号与相应密码之间的对应关系,支付系统中设置认证中心,在开户的过程中,支付系统将认证中心采用的根证书通知给用户以将该根证书保存到智能存储卡中。进行身份认证时,智能存储卡接收支付系统发送的支付系统证书,用根证书对支付系统证书进行验证,如果验证通过,则智能存储卡通过对支付系统的认证;支付系统接收智能存储卡发送的智能存储卡证书,用根证书对智能存储卡证书进行验证,如果验证通过,则支付系统通过对智能存储卡的认证。There are many ways to implement identity authentication between the payment system and the smart memory card. Here, the method of using the root certificate for identity authentication is taken as an example for illustration. The payment system stores the corresponding relationship between the account number opened by the user and the corresponding password. The authentication center is set up in the payment system. During the account opening process, the payment system notifies the user of the root certificate adopted by the authentication center to save the root certificate. to the Smart Memory Card. When performing identity authentication, the smart storage card receives the payment system certificate sent by the payment system, and uses the root certificate to verify the payment system certificate. If the verification is passed, the smart storage card passes the authentication of the payment system; the payment system receives the payment system certificate sent by the smart storage card. The smart memory card certificate uses the root certificate to verify the smart memory card certificate, and if the verification is passed, the payment system passes the authentication of the smart memory card.

步骤204,支付系统接收手机返回的交易确认消息。Step 204, the payment system receives the transaction confirmation message returned by the mobile phone.

该交易确认消息中包括购买金额、收费方账号、支付方账号和密码。The transaction confirmation message includes the purchase amount, the account number of the charging party, the account number of the paying party, and the password.

步骤205,支付系统对交易确认消息包括的支付方账号和密码进行验证后,将交易确认消息包括的购买金额从支付方账号转移到收费方账号。Step 205: After the payment system verifies the account number and password of the payer included in the transaction confirmation message, it transfers the purchase amount included in the transaction confirmation message from the account of the payer to the account of the payer.

下面通过图3和图4的流程对本发明方法进行举例说明,图3为支付系统接收商务平台发送的交易请求后自动触发后续流程的情况,图4为支付系统接收商务平台发送的交易请求后由手机触发后续流程的情况。The method of the present invention is illustrated below through the flow charts in Figures 3 and 4. Figure 3 shows the situation in which the payment system automatically triggers the subsequent process after receiving the transaction request sent by the business platform, and Figure 4 shows that the payment system receives the transaction request sent by the business platform. The case where the mobile phone triggers the follow-up process.

参见图3,为本发明进行信息交互的方法流程图实例一,该流程包括以下步骤:Referring to Fig. 3, it is an example 1 of the flow chart of the method for information interaction in the present invention, and the process includes the following steps:

步骤301,商务平台对用户进行身份认证。Step 301, the business platform authenticates the identity of the user.

商务平台接收PC通过互联网发送的登录请求,根据登录请求包含的用户名和密码对用户进行身份认证。同时,PC还可对商务平台提供的相关商务网站进行认证。The business platform receives the login request sent by the PC through the Internet, and authenticates the user according to the user name and password included in the login request. At the same time, the PC can also authenticate the relevant business websites provided by the business platform.

步骤302,PC登录商务平台。In step 302, the PC logs into the business platform.

步骤303,PC向商务平台发送订单信息。In step 303, the PC sends order information to the business platform.

该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,该支付方信息包括支付方手机标识。The order information includes purchased items, purchase amount, information of the payer and account number of the payer, and the information of the payer includes the mobile phone identifier of the payer.

步骤304,商务平台向支付系统发送交易请求。Step 304, the business platform sends a transaction request to the payment system.

该交易请求包括订单信息。The transaction request includes order information.

步骤305,手机向支付系统发送登录请求,并与手机上的智能存储卡之间进行身份认证。Step 305, the mobile phone sends a login request to the payment system, and performs identity authentication with the smart memory card on the mobile phone.

本步骤所述进行身份认证可采用根证书认证方式。The root certificate authentication method can be used for identity authentication described in this step.

本步骤中,手机执行手机客户端程序访问支付系统,启动手机上的智能存储卡与支付系统之间的身份认证流程,经过严格的身份认证后建立手机与支付系统之间的安全数据传输通道。In this step, the mobile phone executes the mobile client program to access the payment system, starts the identity authentication process between the smart memory card on the mobile phone and the payment system, and establishes a secure data transmission channel between the mobile phone and the payment system after strict identity authentication.

本步骤所述认证过程为可选。The authentication process described in this step is optional.

步骤306,手机登录支付系统。Step 306, the mobile phone logs into the payment system.

步骤307,手机向支付系统发送未确认交易消息下发请求,该未确认交易下发请求包括订单信息的关联信息;然后支付系统根据订单信息的关联信息获取保存的订单信息,向手机发送包括订单信息的未确认交易消息。所述订单信息的关联信息可以是与订单信息关联的订单号等。Step 307, the mobile phone sends an unconfirmed transaction message delivery request to the payment system, and the unconfirmed transaction delivery request includes the related information of the order information; then the payment system obtains the stored order information according to the related information of the order information, and sends the message to the mobile phone including the order information. Unconfirmed transaction messages for information. The associated information of the order information may be an order number associated with the order information and the like.

步骤308,手机对订单信息进行确认。Step 308, the mobile phone confirms the order information.

步骤309,手机向支付系统发送确认交易消息。Step 309, the mobile phone sends a transaction confirmation message to the payment system.

该交易确认消息中包括购买金额、收费方账号、支付方账号和密码。The transaction confirmation message includes the purchase amount, the account number of the charging party, the account number of the paying party, and the password.

为了进一步提高信息交互的安全性,本步骤可对确认交易消息按照与支付系统约定的方式进行加密,将加密后的确认交易消息发送给支付系统,相应地,支付系统接收后需要按照约定方式对其进行解密。In order to further improve the security of information interaction, this step can encrypt the confirmation transaction message according to the method agreed with the payment system, and send the encrypted confirmation transaction message to the payment system. It decrypts.

步骤310,支付系统对交易确认消息包括的支付方账号和密码进行验证后,将交易确认消息中包含的购买金额从支付方账号转移到收费方账号。Step 310: After the payment system verifies the account number and password of the payer included in the transaction confirmation message, it transfers the purchase amount contained in the transaction confirmation message from the account number of the payer to the account number of the payer.

对支付方账号进行验证的过程包括:支付系统提取出保存的与支付方账号对应的密码,将提取的密码与手机发送的密码进行比较,如果相同,则验证成功,如果不相同,则验证失败。The process of verifying the payer’s account includes: the payment system extracts the stored password corresponding to the payer’s account, and compares the extracted password with the password sent by the mobile phone. If they are the same, the verification is successful; if they are not the same, the verification fails. .

步骤311,支付系统向商务平台和手机返回交易结果。Step 311, the payment system returns the transaction result to the business platform and the mobile phone.

参见图4,为本发明进行信息交互的方法流程图实例二,该流程包括以下步骤:Referring to Fig. 4, it is the second example of the flow chart of the method for information interaction in the present invention, the process includes the following steps:

步骤401~404与步骤301~304相同。Steps 401-404 are the same as steps 301-304.

步骤405,支付系统对包括订单信息的未确认交易消息进行签名。Step 405, the payment system signs the unconfirmed transaction message including the order information.

步骤406,支付系统将签名后的未确认交易消息发送给手机。Step 406, the payment system sends the signed unconfirmed transaction message to the mobile phone.

本步骤所述手机为与订单信息中包含的手机标识对应的手机。The mobile phone mentioned in this step is the mobile phone corresponding to the mobile phone identification contained in the order information.

步骤407,手机验证签名后,对订单信息进行确认。In step 407, the mobile phone confirms the order information after verifying the signature.

在开户的过程中,支付系统与用户之间约定了各自的签名,然后在智能存储卡中保存支付系统的签名,在支付系统中保存用户签名。当手机对支付系统的签名进行验证时,手机的智能存储卡判断保存的该支付系统的签名与支付系统发送的签名是否相同,如果相同,则通过验证,否则验证失败;当支付系统对手机进行签名验证时,支付系统判断保存的预定签名与手机发送的签名是否相同,如果相同,则通过验证,否则验证失败。During the process of opening an account, the payment system and the user agree on their respective signatures, and then the payment system's signature is saved in the smart memory card, and the user's signature is saved in the payment system. When the mobile phone verifies the signature of the payment system, the smart memory card of the mobile phone judges whether the saved signature of the payment system is the same as the signature sent by the payment system. If they are the same, the verification is passed; otherwise, the verification fails; When verifying the signature, the payment system judges whether the stored predetermined signature is the same as the signature sent by the mobile phone. If they are the same, the verification is passed, otherwise the verification fails.

步骤408,手机对交易确认消息进行签名。Step 408, the mobile phone signs the transaction confirmation message.

步骤409,手机向支付系统发送带签名的确认交易消息。Step 409, the mobile phone sends a signed confirmation transaction message to the payment system.

该交易确认消息中包括购买金额、收费方账号、支付方账号和密码。The transaction confirmation message includes the purchase amount, the account number of the charging party, the account number of the paying party, and the password.

步骤410,支付系统验证签名后,对交易确认消息中包括的支付方账号和密码进行验证,验证通过后将交易确认消息中包括的购买金额从支付方账号转移到收费方账号。Step 410: After verifying the signature, the payment system verifies the account number and password of the payer included in the transaction confirmation message, and transfers the purchase amount included in the transaction confirmation message from the account of the payer to the account of the payer after the verification is passed.

步骤411,支付系统向商务平台和手机返回交易结果。Step 411, the payment system returns the transaction result to the business platform and the mobile phone.

上述流程中,步骤405和步骤408中都进行了签名,以进一步提高信息交互的安全性。当然,步骤405和步骤408中也可不进行签名。In the above process, signatures are performed in both step 405 and step 408 to further improve the security of information exchange. Certainly, no signature may be performed in step 405 and step 408 .

本发明还提供了信息交互的系统,该系统包括该系统包括商务平台、支付系统和手机;The present invention also provides an information interaction system, the system includes a business platform, a payment system and a mobile phone;

所述商务平台,用于接收个人计算机发送的订单信息,通过互联网向支付系统发送交易请求,该交易请求包括订单信息,该订单信息中包括购买物品、购买金额、支付方信息和收费方账号,所述支付方信息包括支付方手机标识,;The business platform is used to receive the order information sent by the personal computer, and send a transaction request to the payment system through the Internet, the transaction request includes order information, and the order information includes purchased items, purchase amount, payer information and charge party account number, The payer information includes the payer mobile phone identifier;

所述支付系统,用于向支付方手机标识对应的手机发送未确认交易消息,该未确认交易消息中包括订单信息;接收手机返回交易确认消息,该交易确认消息中包括购买金额、收费方账号、支付方账号和密码;支付系统对所述支付方账号和密码进行验证后,将确认消息中包括的购买金额从支付方账号转移到收费方账号;The payment system is used to send an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer, the unconfirmed transaction message includes order information; the receiving mobile phone returns a transaction confirmation message, the transaction confirmation message includes the purchase amount, the account number of the charging party . Payer account number and password; after the payment system verifies the payer account number and password, transfer the purchase amount included in the confirmation message from the payer account to the charge party account;

所述手机,用于接收支付系统发送的未确认交易消息,向支付系统返回交易确认消息。The mobile phone is used to receive an unconfirmed transaction message sent by the payment system, and return a transaction confirmation message to the payment system.

可选地,所述支付系统包括未确认交易消息下发模块、交易确认消息接收模块和转账模块;Optionally, the payment system includes an unconfirmed transaction message sending module, a transaction confirmation message receiving module and a transfer module;

所述未确认交易消息下发模块,向支付方手机标识对应的手机发送未确认交易消息;The unconfirmed transaction message issuing module sends an unconfirmed transaction message to the mobile phone corresponding to the mobile phone identifier of the payer;

所述交易确认消息接收模块,接收手机返回交易确认消息,将交易确认消息发送给转账模块;The transaction confirmation message receiving module receives the transaction confirmation message returned by the mobile phone, and sends the transaction confirmation message to the transfer module;

所述转账模块,对交易确认消息包括的支付方账号和密码进行验证后,将确认消息包括的购买金额从支付方账号转移到收费方账号。The transfer module, after verifying the account number and password of the payer included in the transaction confirmation message, transfers the purchase amount included in the confirmation message from the account of the payer to the account of the payer.

可选地,所述支付系统包括下发请求接收模块,所述手机包括下发请求发送模块;Optionally, the payment system includes a sending request receiving module, and the mobile phone includes a sending request sending module;

所述下发请求发送模块,用于向支付系统发送未确认交易消息下发请求;The sending request sending module is used to send an unconfirmed transaction message sending request to the payment system;

所述下发请求接收模块,用于接收所述下发请求发送模块发送的未确认交易消息下发请求,向未确认交易消息下发模块发送启动命令以启动未确认交易消息下发模块向支付方手机标识对应的手机发送未确认交易消息。The sending request receiving module is used to receive the unconfirmed transaction message sending request sent by the sending request sending module, and send a start command to the unconfirmed transaction message sending module to start the unconfirmed transaction message sending module to send the payment The mobile phone corresponding to the party's mobile phone ID sends an unconfirmed transaction message.

以上所述的具体实施例,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施例而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The specific embodiments described above have further described the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above descriptions are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Protection scope, within the spirit and principles of the present invention, any modification, equivalent replacement, improvement, etc., shall be included in the protection scope of the present invention.

Claims (8)

1, a kind of information interactive method, it is characterized in that, this method comprises: business platform receives the sequence information that personal computer sends, send transaction request by the internet to payment system, this transaction request comprises sequence information, comprise in this sequence information and buy article, the purchase amount of money, payer information and payment collector number of the account, payer information comprises the payer mobile phone logo;
Payment system sends transaction message unconfirmed to the mobile phone of payer mobile phone logo correspondence, comprises sequence information in this transaction message unconfirmed;
Payment system receives the trade confirmation message that mobile phone returns, and comprises in this trade confirmation message buying the amount of money, payment collector number of the account, payer number of the account and password;
Payment system is transferred to the payment collector number of the account with the purchase amount of money that comprises in the acknowledge message from the payer number of the account after described payer number of the account and password are verified.
2, the method for claim 1, it is characterized in that, described the purchase amount of money that comprises in the acknowledge message is transferred to the payment collector number of the account from the payer number of the account before, this method comprises: the purchase amount of money and payment collector number of the account that payment system comprises sequence information, compare with the purchase amount of money that comprises in the trade confirmation message and payment collector number of the account, if identical, then carry out the purchase amount of money that comprises in the described acknowledge message and transfer to the payment collector number of the account from the payer number of the account.
3, the method for claim 1 is characterized in that, described payment system is before the mobile phone of payer mobile phone logo correspondence sends transaction message unconfirmed, and this method comprises:
The transaction message unconfirmed that payment system receives the mobile phone transmission of this payer mobile phone logo correspondence issues request.
4, method as claimed in claim 3 is characterized in that, on the described mobile phone intelligent memory card is set, and the transaction message unconfirmed that described payment system receives the mobile phone transmission of this payer mobile phone logo correspondence issues before the request, and this method comprises:
Carry out authentication between the intelligent memory card on payment system and the mobile phone.
5, as each described method in the claim 1 to 3, it is characterized in that, on the described mobile phone intelligent memory card is set, the transaction message unconfirmed that payment system is signed for band to the transaction message described unconfirmed of the mobile phone transmission of payer mobile phone logo correspondence;
Described payment system is after the mobile phone of payer mobile phone logo correspondence sends transaction message unconfirmed, this method comprises: the intelligent memory card on the mobile phone authenticates the transaction message unconfirmed of band signature, after authentication was passed through, intelligent memory card sent to payment system after trade confirmation message is signed;
Before the trade confirmation message that described payment system reception mobile phone returns, this method comprises: payment system authenticates the trade confirmation message of band signature.
6, a kind of system of information interaction is characterized in that, this system comprises business platform, payment system and mobile phone;
Described business platform, be used to receive the sequence information that personal computer sends, send transaction request by the internet to payment system, this transaction request comprises sequence information, comprise in this sequence information and buy article, the purchase amount of money, payer information and payment collector number of the account, described payer information comprises the payer mobile phone logo;
Described payment system is used for sending transaction message unconfirmed to the mobile phone of payer mobile phone logo correspondence, comprises sequence information in this transaction message unconfirmed; Receive mobile phone and return trade confirmation message, comprise in this trade confirmation message and buy the amount of money, payment collector number of the account, payer number of the account and password; Payment system is transferred to the payment collector number of the account with the purchase amount of money that comprises in the acknowledge message from the payer number of the account after described payer number of the account and password are verified;
Described mobile phone is used to receive the transaction message unconfirmed that payment system sends, and returns trade confirmation message to payment system.
7, system as claimed in claim 6 is characterized in that, described payment system comprises that transaction message unconfirmed issues module, trade confirmation message sink module and the module of transferring accounts;
Described transaction message unconfirmed issues module, sends transaction message unconfirmed to the mobile phone of payer mobile phone logo correspondence;
Described trade confirmation message sink module receives mobile phone and returns trade confirmation message, and trade confirmation message is sent to the module of transferring accounts;
The described module of transferring accounts after payer number of the account that trade confirmation message is comprised and password are verified, is transferred to the payment collector number of the account with the purchase amount of money that acknowledge message comprises from the payer number of the account.
8, system as claimed in claim 6 is characterized in that, described payment system comprises and issue the request receiver module, and described mobile phone comprises and issues request sending module;
The described request sending module that issues is used for sending transaction message unconfirmed to payment system and issues request;
The described request receiver module that issues, be used to receive and describedly issue the transaction message unconfirmed that request sending module sends and issue request, issue module to transaction message unconfirmed and send startup command and issue module and send transaction message unconfirmed to the mobile phone of payer mobile phone logo correspondence to start transaction message unconfirmed.
CNA2009100856177A 2009-05-26 2009-05-26 Method and system for information interaction Pending CN101561956A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2009100856177A CN101561956A (en) 2009-05-26 2009-05-26 Method and system for information interaction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2009100856177A CN101561956A (en) 2009-05-26 2009-05-26 Method and system for information interaction

Publications (1)

Publication Number Publication Date
CN101561956A true CN101561956A (en) 2009-10-21

Family

ID=41220741

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2009100856177A Pending CN101561956A (en) 2009-05-26 2009-05-26 Method and system for information interaction

Country Status (1)

Country Link
CN (1) CN101561956A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101950453A (en) * 2010-07-19 2011-01-19 福建联迪商用设备有限公司 Novel mobile phone payment terminal-based payment method
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
WO2014117563A1 (en) * 2013-01-30 2014-08-07 Tencent Technology (Shenzhen) Company Limited Method, apparatus and system for user authentication
CN104077699A (en) * 2014-06-09 2014-10-01 中国建设银行股份有限公司 Payment data processing method and system used for e-business platform
CN104751326A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Data processing method and related equipment and system
CN104767735A (en) * 2011-04-29 2015-07-08 阿里巴巴集团控股有限公司 Information safety processing method, processing server and processing client side
CN105721404A (en) * 2014-12-04 2016-06-29 阿里巴巴集团控股有限公司 Business processing method based on computer system, and device thereof
CN106934273A (en) * 2017-04-19 2017-07-07 上海浦江智能卡系统有限公司 Authentication device and authentication method
CN109447733A (en) * 2018-09-25 2019-03-08 深圳壹账通智能科技有限公司 Transaction verification method, device and the storage medium of transaction system
CN110111100A (en) * 2013-04-28 2019-08-09 阿里巴巴集团控股有限公司 A kind of data interaction device and method applied to mobile terminal
CN110634070A (en) * 2019-08-13 2019-12-31 上海陆家嘴国际金融资产交易市场股份有限公司 File processing method and device, computer equipment and storage medium
CN111639927A (en) * 2020-05-25 2020-09-08 上海中通吉网络技术有限公司 Method and system for collecting money of network cashier desk

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102195932A (en) * 2010-03-05 2011-09-21 北京路模思科技有限公司 Method and system for realizing network identity authentication based on two pieces of isolation equipment
CN101950453A (en) * 2010-07-19 2011-01-19 福建联迪商用设备有限公司 Novel mobile phone payment terminal-based payment method
CN104767735A (en) * 2011-04-29 2015-07-08 阿里巴巴集团控股有限公司 Information safety processing method, processing server and processing client side
CN104767735B (en) * 2011-04-29 2019-12-06 阿里巴巴集团控股有限公司 information security processing method, processing server and processing client
WO2014117563A1 (en) * 2013-01-30 2014-08-07 Tencent Technology (Shenzhen) Company Limited Method, apparatus and system for user authentication
CN110111100A (en) * 2013-04-28 2019-08-09 阿里巴巴集团控股有限公司 A kind of data interaction device and method applied to mobile terminal
CN104751326A (en) * 2013-12-30 2015-07-01 腾讯科技(深圳)有限公司 Data processing method and related equipment and system
CN104077699A (en) * 2014-06-09 2014-10-01 中国建设银行股份有限公司 Payment data processing method and system used for e-business platform
CN105721404A (en) * 2014-12-04 2016-06-29 阿里巴巴集团控股有限公司 Business processing method based on computer system, and device thereof
CN105721404B (en) * 2014-12-04 2019-01-29 阿里巴巴集团控股有限公司 Method for processing business and its device based on computer system
CN106934273A (en) * 2017-04-19 2017-07-07 上海浦江智能卡系统有限公司 Authentication device and authentication method
CN109447733A (en) * 2018-09-25 2019-03-08 深圳壹账通智能科技有限公司 Transaction verification method, device and the storage medium of transaction system
CN110634070A (en) * 2019-08-13 2019-12-31 上海陆家嘴国际金融资产交易市场股份有限公司 File processing method and device, computer equipment and storage medium
CN111639927A (en) * 2020-05-25 2020-09-08 上海中通吉网络技术有限公司 Method and system for collecting money of network cashier desk

Similar Documents

Publication Publication Date Title
CN101561956A (en) Method and system for information interaction
TWI587225B (en) Secure payment method, mobile device and secure payment system
EP2380308B1 (en) Secure remote authentication through an untrusted network
CN101651675B (en) By the method and system that authentication code is verified client
CN113170299A (en) System and method for password authentication of contactless cards
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
CN102202300A (en) System and method for dynamic password authentication based on dual channels
CN102118251B (en) Security authentication method for internet banking remote payment based on multi-interface intelligent safety card
CN104240074B (en) The online payment system of prepaid card and its method of payment of identity-based certification
CN110278180B (en) Financial information interaction method, device, equipment and storage medium
JP2014529273A (en) Secure authentication method and system for online transactions
JP2003518303A (en) Method and system for secure authentication settlement in a computer network
CN101848090A (en) Authentication device and system and method using same for on-line identity authentication and transaction
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
CN102790767B (en) Information safety control method, information safety display equipment and electronic trading system
CN103152174B (en) Data processing method, device and parking lot management system applied to parking lot
CN108234385A (en) A kind of method for authenticating user identity and device
US20120254041A1 (en) One-time credit card numbers
CN103489104A (en) Security payment method and system
CN105809417A (en) Safe reliable real-time electronic payment settlement merchant terminal, user terminal, bank front-end system, system, and method
CN101221641A (en) On-line trading method and its safety affirmation equipment
WO2012034339A1 (en) Method and mobile terminal for realizing network payment
CN103699997A (en) Method, device and electronic equipment for locking mobile payment service
CN103077460A (en) System and method for financial certificate transaction by mobile device
EP2533486A1 (en) Method to validate a transaction between a user and a service provider

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Open date: 20091021

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载