+

CN112036868A - Two-dimensional code secure payment method and device, storage medium and equipment - Google Patents

Two-dimensional code secure payment method and device, storage medium and equipment Download PDF

Info

Publication number
CN112036868A
CN112036868A CN202010910241.5A CN202010910241A CN112036868A CN 112036868 A CN112036868 A CN 112036868A CN 202010910241 A CN202010910241 A CN 202010910241A CN 112036868 A CN112036868 A CN 112036868A
Authority
CN
China
Prior art keywords
information
merchant
payment
dimensional code
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010910241.5A
Other languages
Chinese (zh)
Other versions
CN112036868B (en
Inventor
张亚泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202010910241.5A priority Critical patent/CN112036868B/en
Publication of CN112036868A publication Critical patent/CN112036868A/en
Application granted granted Critical
Publication of CN112036868B publication Critical patent/CN112036868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3276Short range or proximity payments by means of M-devices using a pictured code, e.g. barcode or QR-code, being read by the M-device
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The application discloses a two-dimension code secure payment method, a device, a storage medium and equipment, which can solve the security problem that a merchant two-dimension code is stolen. The method comprises the following steps: a merchant firstly acquires collection two-dimensional code information and a public and private key pair from a payment mechanism, wherein the collection two-dimensional code information comprises account information, identity information and position information of the merchant and a public and private key in the public and private key pair; then, receiving signature data which is sent by a user and obtained by signing payment information and position information of the user, position information and identity information of a merchant through a public key; and then, checking the signature data by using a private key, and when the position information of the merchant contained in the verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and the identity information of the merchant contained in the verification result is consistent with the identity information of the merchant contained in the two-dimensional code information, sending the account information of the merchant and the payment information of the user to a payment mechanism for correctness verification, and completing payment after the verification is passed.

Description

Two-dimensional code secure payment method and device, storage medium and equipment
Technical Field
The application relates to the technical field of information security, in particular to a two-dimensional code secure payment method, a two-dimensional code secure payment device, a two-dimensional code secure payment storage medium and two-dimensional code secure payment equipment.
Background
With the increasing popularity of mobile payment means, more and more people tend to use the payment means, and the habit of going out without cash is gradually developed. Moreover, with the rapid development of the "stall economy", the mobile electronic payment is also widely applied to various small and micro merchants, and how to ensure the fund security of the small and micro merchants in the mobile electronic payment process is also very important.
At present, the collection mode adopted by the small and micro merchant mostly takes two-dimensional code scanning as a main mode (namely, a customer scans static two-dimensional code payment of a merchant), but because the technology for manufacturing the two-dimensional code payment label is very convenient and simple, the two-dimensional code of the merchant has potential safety hazards of imitation and fraud, for example, under the condition that the merchant is unaware, the collection two-dimensional code is stolen, and thus the economy of a "tedder" causes loss.
Disclosure of Invention
The embodiment of the application mainly aims to provide a two-dimensional code secure payment method, a device, a storage medium and equipment, which can solve the security problem that a merchant two-dimensional code is stolen without changing the existing payment mode and without perception of a user, so that the security of merchant two-dimensional code payment is fully ensured.
In a first aspect, an embodiment of the present application provides a two-dimensional code secure payment method, including:
acquiring collection two-dimensional code information and a public and private key pair from a payment mechanism; the two-dimension code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in the public and private key pair;
receiving signature data sent by a user; the signature data is obtained by the user signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key;
verifying the signature data by using a private key, verifying whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and verifying whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information; the private key is a private key in the public and private key pair;
if yes, the account information of the merchant and the payment information of the user are sent to the payment mechanism for correctness verification, and payment is completed after the verification is passed.
Optionally, the payment information of the user includes payment account information, payment amount, and payment password of the user.
Optionally, the signature data is obtained by signing, by the public key, the payment information of the user, the position information of the merchant and the identity information of the merchant after the user scans the two-dimensional payment code and verifies that the position information of the user is consistent with the position information of the merchant.
Optionally, the method further includes:
if the position information of the merchant contained in the verification result is inconsistent with the position information of the merchant contained in the two-dimensional code information, and/or the identity information of the merchant contained in the verification result is inconsistent with the identity information of the merchant contained in the two-dimensional code information, sending prompt information;
wherein the prompt message includes at least one of text message, voice message and flashing light signal.
In a second aspect, an embodiment of the present application further provides a two-dimensional code secure payment apparatus, including:
the acquisition unit is used for acquiring the collection two-dimensional code information and the public and private key pair from the payment mechanism; the two-dimension code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in the public and private key pair;
the receiving unit is used for receiving signature data sent by a user; the signature data is obtained by the user signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key;
the verification unit is used for verifying the signature data by using a private key, verifying whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and verifying whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information; the private key is a private key in the public and private key pair;
and the sending unit is used for sending the account information of the merchant and the payment information of the user to the payment mechanism for correctness verification if the verification result shows that the position information of the merchant contained in the verification result is consistent with the position information of the merchant contained in the two-dimensional code information and the verification result shows that the identity information of the merchant contained in the verification result is consistent with the identity information of the merchant contained in the two-dimensional code information, and completing payment after the verification passes.
Optionally, the payment information of the user includes payment account information, payment amount, and payment password of the user.
Optionally, the signature data is obtained by signing, by the public key, the payment information of the user, the position information of the merchant and the identity information of the merchant after the user scans the two-dimensional payment code and verifies that the position information of the user is consistent with the position information of the merchant.
Optionally, the apparatus further comprises:
the sending unit is used for sending prompt information if the position information of the merchant contained in the verification result is inconsistent with the position information of the merchant contained in the two-dimensional code information, and/or the identity information of the merchant contained in the verification result is inconsistent with the identity information of the merchant contained in the two-dimensional code information;
wherein the prompt message includes at least one of text message, voice message and flashing light signal.
The embodiment of the application further provides a two-dimensional code safety payment device, including: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is configured to store one or more programs, the one or more programs including instructions, which when executed by the processor, cause the processor to perform any one implementation of the two-dimensional code secure payment method described above.
The embodiment of the application further provides a computer-readable storage medium, wherein the computer-readable storage medium stores instructions, and when the instructions are run on the terminal device, the terminal device is enabled to execute any implementation manner of the two-dimensional code secure payment method.
According to the two-dimension code safe payment method, the two-dimension code safe payment device, the storage medium and the two-dimension code safe payment equipment, a merchant firstly obtains two-dimension code information and a public and private key pair from a payment mechanism; the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key in a public and private key pair, and then signature data sent by a user is received; the signature data is obtained by signing the payment information of the user, the position information of the merchant and the identity information of the merchant through a public key by the user, then, the signature data can be verified by using a private key in a public and private key pair, whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information is verified, and whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information is verified; if yes, the account information of the merchant and the payment information of the user are sent to a payment mechanism for correctness verification, and payment is completed after the verification is passed. Therefore, according to the embodiment of the application, under the condition that the existing payment mode is not changed, the position information and the identity information of the merchant are verified doubly and then the subsequent payment is carried out, so that the safety problem that the two-dimensional code of the merchant is stolen can be solved under the conditions that the existing payment mode is not changed and a user does not sense, and the security of the two-dimensional code of the merchant for payment is fully ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a two-dimensional code secure payment method provided in an embodiment of the present application;
fig. 2 is a schematic composition diagram of a two-dimensional code secure payment device according to an embodiment of the present application.
Detailed Description
At present, with the gradual popularization of mobile payment means, more and more people tend to use the payment means, and the habit of going out without cash is gradually developed. The existing offline code scanning payment mode is very convenient and simple in technology for manufacturing the two-dimensional code payment label, so that a user can scan a code for payment or scan a code virus to invade a user terminal through scanning a code virus to cause fund loss for a merchant and also cause code scanning risk for a payment user terminal by manufacturing a fake two-dimensional code payment label and attaching the fake two-dimensional code payment label to a regular label of the merchant or replacing the regular two-dimensional code payment label of the merchant. Moreover, with the rapid development of the stall economy, the mobile electronic payment is also widely applied to all small and micro merchants, and it is very important to ensure the fund security problem of the small and micro merchants in the two-dimensional code payment process, and avoid the loss of the stall economy caused by the stolen change of the collected two-dimensional code under the condition that the merchants are unaware of the change.
In order to solve the above defects, the embodiment of the application provides a two-dimensional code secure payment method, a merchant first obtains two-dimensional code information and a public and private key pair from a payment mechanism; the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key in a public and private key pair, and then signature data sent by a user is received; the signature data is obtained by signing the payment information of the user, the position information of the merchant and the identity information of the merchant through a public key by the user, then, the signature data can be verified by using a private key in a public and private key pair, whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information is verified, and whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information is verified; if yes, the account information of the merchant and the payment information of the user are sent to a payment mechanism for correctness verification, and payment is completed after the verification is passed. Therefore, according to the embodiment of the application, under the condition that the existing payment mode is not changed, the position information and the identity information of the merchant are verified doubly and then the subsequent payment is carried out, so that the safety problem that the two-dimensional code of the merchant is stolen can be solved under the conditions that the existing payment mode is not changed and a user does not sense, and the security of the two-dimensional code of the merchant for payment is fully ensured.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
First embodiment
Referring to fig. 1, a schematic flow chart of a two-dimensional code secure payment method provided in this embodiment is shown, where the method includes the following steps:
s101: acquiring collection two-dimensional code information and a public and private key pair from a payment mechanism; the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in a public and private key pair.
It should be noted that, with the rapid development of "amortization economy", the mobile electronic payment is also widely applied to each small and micro business, and the main mode is two-dimensional code collection and payment. The payment mode of passively scanning the code by the customer needs a merchant to be provided with a set of money receiving terminal, which is high in cost for small merchants in the stall economy, so that the small merchants in the stall actively scan static two-dimensional codes of the merchant to complete payment, and the payment mode has the potential safety hazard that the two-dimensional codes of the merchants are maliciously replaced.
Because the shops of the stall in one area are basically gathered together, and the liquidity of the stall is relatively high, the safety problem that the payment code of the merchant is illegally replaced cannot be solved only by the existing mode of adding position information for verification, and therefore, in order to further ensure the payment security of the two-dimensional code of the merchant, the payment scheme for double verification of the position information and the identity information of the merchant is provided, so that the safety problem that the two-dimensional code of the merchant is easily stolen is solved under the condition that the existing payment mode is not changed and a user does not sense.
Specifically, in the embodiment of the application, for a merchant, first, the two-dimensional code information of money collection and a unique public and private key pair (including a pair of a public key and a private key) of the merchant can be obtained from a payment mechanism (such as a WeChat, a Payment treasure, a bank, and the like); the two-dimensional code information for collection is generated in advance by a payment mechanism, and the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a unique public key which belongs to the merchant only.
It should be noted that, in order to further ensure the security of the data, an optional implementation manner is that, in advance, hash operation may be performed on the identity information of the merchant to obtain a corresponding hash value, so as to label the identity information of the merchant, and then the received two-dimensional code information of the user is generated by using the hash value, so that the possibility that the received two-dimensional code information is tampered arbitrarily can be effectively prevented.
S102: receiving signature data sent by a user; the signature data is obtained by signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key by the user.
In this embodiment, after acquiring, by the merchant, the two-dimensional code receiving information including the account information of the merchant, the identity information of the merchant, the location information of the merchant, and the public key from the payment mechanism in step S101, the merchant can display the two-dimensional code to the user during a transaction, and further receive signature data sent by the user.
The signature data is obtained by the user by scanning the two-dimensional payment code of the user and then signing the payment information of the user, the position information of the merchant and the identity information of the merchant by using the public key. The payment information of the user comprises payment account information, payment amount and payment password of the user.
In addition, in order to further improve the security of merchant two-dimensional code payment, in a possible implementation manner of the embodiment of the application, for a user performing a transaction with a merchant, after scanning a payment two-dimensional code of the merchant, whether current real-time position information of the user is consistent with position information of the merchant contained in the two-dimensional code may be verified before, and if so, a public key contained in the two-dimensional code may be reused to sign payment information (including payment account information, payment amount, payment password and the like of the user), position information of the user, position information of the merchant and identity information of the merchant, so as to obtain signature data, and the signature data is sent to the merchant to perform the payment transaction.
S103: verifying the signature data by using a private key, verifying whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and verifying whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information; the private key is a private key in a public and private key pair.
In this embodiment, after receiving the signature data sent by the user in step S102, the merchant may check the signature of the signature data by using the unique private key obtained from the payment mechanism in step S101, so as to obtain a signature checking result, where the signature checking result includes the payment information of the user, the location information of the merchant, and the identity information of the merchant.
Further, it may be verified whether the location information of the merchant included in the signature verification result is consistent with the location information of the merchant included in the two-dimensional code information, and whether the identity information of the merchant included in the signature verification result is consistent with the identity information of the merchant included in the two-dimensional code information, if both are consistent, the subsequent step S104 is executed, and if one of the verification results is that the information of both parties is inconsistent, that is, if the location information of the merchant included in the signature verification result is verified to be inconsistent with the location information of the merchant included in the two-dimensional code information, and/or if the identity information of the merchant included in the signature verification result is verified to be inconsistent with the identity information of the merchant included in the two-dimensional code information, the subsequent payment process is not performed.
In a possible implementation manner of the embodiment of the application, if the position information of the merchant included in the verification result is not consistent with the position information of the merchant included in the two-dimensional code information, and/or the identity information of the merchant included in the verification result is not consistent with the identity information of the merchant included in the two-dimensional code information, it is indicated that a risk that the two-dimensional code is tampered may occur, and at this time, prompt information may be sent to the merchant (and the user) as an early warning.
In an optional implementation manner, the prompt message may include at least one of text message, voice message, and flashing light signal.
In practical application, when it is judged that the risk of tampering the two-dimensional code may occur, prompt information may be sent out. The prompt message can remind the merchant of the problem of the payment transaction in a form of short message or information notification of characters and/or pictures on a mobile phone display screen of the merchant, and the problem needs to be processed in time; or, the merchant can be reminded that the payment transaction is in a problem in the form of emitting stroboscopic light and needs to be processed in time; or, the merchant may be prompted by a sound signal that the payment transaction is in a problem and needs to be processed in time, for example, the payment transaction may be in a form of beep or voice broadcast.
S104: and if the position information of the merchant contained in the verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and the identity information of the merchant contained in the verification result is consistent with the identity information of the merchant contained in the two-dimensional code information, sending the account information of the merchant and the payment information of the user to a payment mechanism for correctness verification, and completing payment after the verification is passed.
In this embodiment, if the merchant verifies through step S103 that the location information of the merchant included in the signature verification result is consistent with the location information of the merchant included in the two-dimensional code information, and verifies that the identity information of the merchant included in the signature verification result is also consistent with the identity information of the merchant included in the two-dimensional code information, it is indicated that the two-dimensional code payment transaction is correct and unproblematic, and further, a subsequent payment transaction step may be requested to the payment mechanism, specifically, the merchant may send the account information of the merchant and the payment information of the user (including the payment account information of the user, the payment amount, the payment password, and the like) to the payment mechanism for correctness verification, and after the payment mechanism verifies the correctness of the account information of the merchant and the payment information of the account information and the payment information of the password of the user, the payment is completed.
In summary, in the two-dimension code secure payment method provided by this embodiment, a merchant first obtains two-dimension code information and a public and private key pair from a payment mechanism; the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key in a public and private key pair, and then signature data sent by a user is received; the signature data is obtained by signing the payment information of the user, the position information of the merchant and the identity information of the merchant through a public key by the user, then, the signature data can be verified by using a private key in a public and private key pair, whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information is verified, and whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information is verified; if yes, the account information of the merchant and the payment information of the user are sent to a payment mechanism for correctness verification, and payment is completed after the verification is passed. Therefore, according to the embodiment of the application, under the condition that the existing payment mode is not changed, the position information and the identity information of the merchant are verified doubly and then the subsequent payment is carried out, so that the safety problem that the two-dimensional code of the merchant is stolen can be solved under the conditions that the existing payment mode is not changed and a user does not sense, and the security of the two-dimensional code of the merchant for payment is fully ensured.
Second embodiment
In this embodiment, a two-dimensional code secure payment apparatus will be described, and please refer to the above method embodiment for related contents.
Referring to fig. 2, a schematic view of a two-dimensional code secure payment device provided in this embodiment is shown, where the device includes:
an obtaining unit 201, configured to obtain collection two-dimensional code information and a public-private key pair from a payment authority; the two-dimension code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in the public and private key pair;
a receiving unit 202, configured to receive signature data sent by a user; the signature data is obtained by the user signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key;
the verification unit 203 is configured to verify the signature data by using a private key, verify whether the location information of the merchant included in the signature verification result is consistent with the location information of the merchant included in the two-dimensional code information, and verify whether the identity information of the merchant included in the signature verification result is consistent with the identity information of the merchant included in the two-dimensional code information; the private key is a private key in the public and private key pair;
a sending unit 204, configured to send the account information of the merchant and the payment information of the user to the payment mechanism for correctness verification if it is verified that the location information of the merchant included in the signature verification result is consistent with the location information of the merchant included in the two-dimensional code information, and it is verified that the identity information of the merchant included in the signature verification result is consistent with the identity information of the merchant included in the two-dimensional code information, and complete payment after the verification passes.
In an implementation manner of this embodiment, the payment information of the user includes payment account information, a payment amount, and a payment password of the user.
In an implementation manner of this embodiment, the signature data is obtained by signing, by the public key, payment information of the user, location information of the merchant, and identity information of the merchant after the user scans the two-dimensional payment code and verifies that the location information of the user is consistent with the location information of the merchant.
In an implementation manner of this embodiment, the apparatus further includes:
the sending unit is used for sending prompt information if the position information of the merchant contained in the verification result is inconsistent with the position information of the merchant contained in the two-dimensional code information, and/or the identity information of the merchant contained in the verification result is inconsistent with the identity information of the merchant contained in the two-dimensional code information;
wherein the prompt message includes at least one of text message, voice message and flashing light signal.
In summary, in the two-dimension code secure payment apparatus provided by this embodiment, a merchant first obtains the two-dimension code information and a public and private key pair from a payment mechanism; the two-dimensional code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key in a public and private key pair, and then signature data sent by a user is received; the signature data is obtained by signing the payment information of the user, the position information of the merchant and the identity information of the merchant through a public key by the user, then, the signature data can be verified by using a private key in a public and private key pair, whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information is verified, and whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information is verified; if yes, the account information of the merchant and the payment information of the user are sent to a payment mechanism for correctness verification, and payment is completed after the verification is passed. Therefore, according to the embodiment of the application, under the condition that the existing payment mode is not changed, the position information and the identity information of the merchant are verified doubly and then the subsequent payment is carried out, so that the safety problem that the two-dimensional code of the merchant is stolen can be solved under the conditions that the existing payment mode is not changed and a user does not sense, and the security of the two-dimensional code of the merchant for payment is fully ensured.
Further, this application embodiment still provides a two-dimensional code safety payment equipment, includes: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is used for storing one or more programs, and the one or more programs comprise instructions which when executed by the processor cause the processor to execute any implementation method of the two-dimensional code secure payment method.
Further, an embodiment of the present application further provides a computer-readable storage medium, where instructions are stored in the computer-readable storage medium, and when the instructions are run on a terminal device, the terminal device is caused to execute any implementation method of the two-dimensional code secure payment method.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. A two-dimension code secure payment method is characterized by comprising the following steps:
acquiring collection two-dimensional code information and a public and private key pair from a payment mechanism; the two-dimension code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in the public and private key pair;
receiving signature data sent by a user; the signature data is obtained by the user signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key;
verifying the signature data by using a private key, verifying whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and verifying whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information; the private key is a private key in the public and private key pair;
if yes, the account information of the merchant and the payment information of the user are sent to the payment mechanism for correctness verification, and payment is completed after the verification is passed.
2. The method of claim 1, wherein the payment information of the user comprises payment account information, a payment amount, and a payment password of the user.
3. The method as claimed in claim 1, wherein the signature data is obtained by the user signing payment information of the user, the location information of the merchant and the identity information of the merchant through the public key after scanning the two-dimensional payment code and verifying that the location information of the user is consistent with the location information of the merchant.
4. The method of claim 1, further comprising:
if the position information of the merchant contained in the verification result is inconsistent with the position information of the merchant contained in the two-dimensional code information, and/or the identity information of the merchant contained in the verification result is inconsistent with the identity information of the merchant contained in the two-dimensional code information, sending prompt information;
wherein the prompt message includes at least one of text message, voice message and flashing light signal.
5. A two-dimensional code safety payment device, characterized by, includes:
the acquisition unit is used for acquiring the collection two-dimensional code information and the public and private key pair from the payment mechanism; the two-dimension code information comprises account information of a merchant, identity information of the merchant, position information of the merchant and a public key; the public key is a public key in the public and private key pair;
the receiving unit is used for receiving signature data sent by a user; the signature data is obtained by the user signing the payment information of the user, the position information of the merchant and the identity information of the merchant through the public key;
the verification unit is used for verifying the signature data by using a private key, verifying whether the position information of the merchant contained in the signature verification result is consistent with the position information of the merchant contained in the two-dimensional code information, and verifying whether the identity information of the merchant contained in the signature verification result is consistent with the identity information of the merchant contained in the two-dimensional code information; the private key is a private key in the public and private key pair;
and the sending unit is used for sending the account information of the merchant and the payment information of the user to the payment mechanism for correctness verification if the verification result shows that the position information of the merchant contained in the verification result is consistent with the position information of the merchant contained in the two-dimensional code information and the verification result shows that the identity information of the merchant contained in the verification result is consistent with the identity information of the merchant contained in the two-dimensional code information, and completing payment after the verification passes.
6. The apparatus of claim 5, wherein the payment information of the user comprises payment account information, a payment amount, and a payment password of the user.
7. The apparatus according to claim 6, wherein the signature data is obtained by the user signing payment information of the user, the location information of the merchant, and the identity information of the merchant through the public key after scanning the two-dimensional payment code and verifying that the location information of the user is consistent with the location information of the merchant.
8. The apparatus of claim 5, further comprising:
the sending unit is used for sending prompt information if the position information of the merchant contained in the verification result is inconsistent with the position information of the merchant contained in the two-dimensional code information, and/or the identity information of the merchant contained in the verification result is inconsistent with the identity information of the merchant contained in the two-dimensional code information;
wherein the prompt message includes at least one of text message, voice message and flashing light signal.
9. A two-dimensional code secure payment device, comprising: a processor, a memory, a system bus;
the processor and the memory are connected through the system bus;
the memory is to store one or more programs, the one or more programs comprising instructions, which when executed by the processor, cause the processor to perform the method of any of claims 1-4.
10. A computer-readable storage medium having stored therein instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 1-4.
CN202010910241.5A 2020-09-02 2020-09-02 Two-dimensional code secure payment method, device, storage medium and equipment Active CN112036868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010910241.5A CN112036868B (en) 2020-09-02 2020-09-02 Two-dimensional code secure payment method, device, storage medium and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010910241.5A CN112036868B (en) 2020-09-02 2020-09-02 Two-dimensional code secure payment method, device, storage medium and equipment

Publications (2)

Publication Number Publication Date
CN112036868A true CN112036868A (en) 2020-12-04
CN112036868B CN112036868B (en) 2024-01-26

Family

ID=73591199

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010910241.5A Active CN112036868B (en) 2020-09-02 2020-09-02 Two-dimensional code secure payment method, device, storage medium and equipment

Country Status (1)

Country Link
CN (1) CN112036868B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112561517A (en) * 2020-12-10 2021-03-26 南京航空航天大学 Two-dimensional code payment method capable of being authenticated based on geographic position
CN113128994A (en) * 2021-04-26 2021-07-16 深圳海红智能制造有限公司 Trusted mobile payment device and system
CN113630735A (en) * 2021-10-13 2021-11-09 南京云联数科科技有限公司 Method and device for correcting position of commercial place, electronic device, and storage medium
CN113850591A (en) * 2021-03-18 2021-12-28 天翼智慧家庭科技有限公司 Method for verifying authenticity of payment two-dimensional code based on encryption and digital signature algorithm
CN116167757A (en) * 2022-11-07 2023-05-26 中国银联股份有限公司 A security control method and system for a two-dimensional code
CN116739589A (en) * 2023-06-13 2023-09-12 吉林银行股份有限公司 Payment verification methods, devices and computer equipment
CN117152855A (en) * 2023-09-06 2023-12-01 深圳市赛菲姆科技有限公司 Parking lot charging method, device, equipment and readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320253A (en) * 2014-09-28 2015-01-28 东北大学 Two-dimension code authentication system and method based on CBS signature mechanism
CN106204029A (en) * 2016-07-28 2016-12-07 北京小米移动软件有限公司 The method and apparatus of Quick Response Code payment
CN107507007A (en) * 2017-08-30 2017-12-22 努比亚技术有限公司 One kind pays 2 D code verification method, terminal and computer-readable recording medium
CN109255906A (en) * 2018-08-01 2019-01-22 福州市晋安区绿奇鑫环保科技有限公司 A kind of barcode scanning method of payment and mobile terminal
CN110851270A (en) * 2019-10-21 2020-02-28 中国银联股份有限公司 Resource transfer method, device, equipment and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320253A (en) * 2014-09-28 2015-01-28 东北大学 Two-dimension code authentication system and method based on CBS signature mechanism
CN106204029A (en) * 2016-07-28 2016-12-07 北京小米移动软件有限公司 The method and apparatus of Quick Response Code payment
CN107507007A (en) * 2017-08-30 2017-12-22 努比亚技术有限公司 One kind pays 2 D code verification method, terminal and computer-readable recording medium
CN109255906A (en) * 2018-08-01 2019-01-22 福州市晋安区绿奇鑫环保科技有限公司 A kind of barcode scanning method of payment and mobile terminal
CN110851270A (en) * 2019-10-21 2020-02-28 中国银联股份有限公司 Resource transfer method, device, equipment and medium

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112561517A (en) * 2020-12-10 2021-03-26 南京航空航天大学 Two-dimensional code payment method capable of being authenticated based on geographic position
CN112561517B (en) * 2020-12-10 2024-09-17 南京航空航天大学 A verifiable QR code payment method based on geographic location
CN113850591A (en) * 2021-03-18 2021-12-28 天翼智慧家庭科技有限公司 Method for verifying authenticity of payment two-dimensional code based on encryption and digital signature algorithm
CN113128994A (en) * 2021-04-26 2021-07-16 深圳海红智能制造有限公司 Trusted mobile payment device and system
CN113630735A (en) * 2021-10-13 2021-11-09 南京云联数科科技有限公司 Method and device for correcting position of commercial place, electronic device, and storage medium
CN113630735B (en) * 2021-10-13 2022-01-28 南京云联数科科技有限公司 Method and device for correcting position of commercial place, electronic device, and storage medium
CN116167757A (en) * 2022-11-07 2023-05-26 中国银联股份有限公司 A security control method and system for a two-dimensional code
CN116739589A (en) * 2023-06-13 2023-09-12 吉林银行股份有限公司 Payment verification methods, devices and computer equipment
CN117152855A (en) * 2023-09-06 2023-12-01 深圳市赛菲姆科技有限公司 Parking lot charging method, device, equipment and readable storage medium

Also Published As

Publication number Publication date
CN112036868B (en) 2024-01-26

Similar Documents

Publication Publication Date Title
CN112036868B (en) Two-dimensional code secure payment method, device, storage medium and equipment
US20180114221A1 (en) Secure payment
US12026713B2 (en) System and method for processing transactions
US9449311B2 (en) Methods and systems for facilitating transactions using badges
CN108647969A (en) A kind of method, apparatus, system and the storage medium of access block chain
US20160197915A1 (en) Systems and methods for authentication and verification
CN107464120A (en) Exempt from the safe verification method, trade company's background system and payment system of close payment
MX2014003427A (en) Transaction payment method and system.
CN105933274A (en) Payment method and device
KR20180113229A (en) Loan service providing method using black chain and system performing the same
US9448981B2 (en) Methods and systems for setting and enabling images on web pages
US12079850B2 (en) System and process for electronic calendar payments
CN110119940A (en) Cashing method, device, equipment and computer readable storage medium
CN108154362A (en) Method of commerce, apparatus and system based on figure bar code
US12248924B2 (en) System and method for mobile payments
CN115994760A (en) Method and device for realizing third party payment service
CN103179096A (en) Website unique identification achieving method and authentication method based on favicon expansion
KR101523494B1 (en) Mobile payment relay validation system and method in online and offline
KR20160048600A (en) Mobile cross-authentication system and method
CN112651727B (en) On-site shopping payment replacing method, acquirer server and system
CN104009955B (en) A kind of processing method of associated person information, device and system
CN111242764A (en) A blockchain-based invoice reimbursement method, device and readable storage medium
CN112184343A (en) Method and device for preventing electronic invoice from being stolen
CN114971632A (en) Social platform binding system, method, device, electronic device and storage medium
CN112039676A (en) Token dynamic verification code safety generation method, device and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载