Online payment method and system thereof

[0025] Example one

[0026] figure 1 It is a schematic flow chart of an online payment method provided in Embodiment 1 of the present invention. The method is suitable for online order processing. The method can be executed by an online payment system, and the online payment system can be implemented by software and/or hardware. Such as figure 1 As shown, the method includes:

[0027] Step 110: Receive a transaction request sent by at least one application server, where the transaction request carries transaction information, an application server identifier, and a third-party server identifier.

[0028] The payment system can receive transaction requests sent by one or more application servers connected to it, and transactions include: order payment, order refund, order refund progress query and other operations related to online transactions.

[0029] Among them, the transaction information carried in the transaction request includes: transaction time, order number, order status, product name, product quantity, unit price, amount, and transaction type; the application server identifier is a unique identifier for identifying the application server; the third-party server identifier It is generated by a third-party server, the third-party server is used to identify the application server, and the payment system is used to identify the unique identifier of the third-party payment system corresponding to the application server.

[0030] Step 120: According to the application server identification and the third-party server identification, respectively identify the corresponding target application server and the target third-party server, and obtain corresponding target application server interface control information and target third-party server interface control information.

[0031] The application server identification and the third-party server identification are unique. According to the application server identification and the third-party server identification, the corresponding target application server and the target third-party server and their interface control information can be identified. The interface control information can be an information transmission process An agreement or agreement in

[0032] Exemplarily, the application server interface control information includes at least: a secret key and encryption method for information interaction with the application server; the third-party server interface control information includes at least a secret key and encryption used for information interaction with the third-party server the way.

[0033] Step 130: According to the target third-party server interface control information, the transaction information is sent to the target third-party server, and the transaction information feedback result returned by the target third-party server is received.

[0034] Step 140: According to the target application server interface control information, the transaction information feedback result is sent to the target application server for transaction processing.

[0035] In the online payment method provided in the first embodiment of the present invention, by identifying the application server identifier and the third-party server identifier, it can simultaneously connect to multiple application servers and multiple third-party servers corresponding to the application server, and does not need to be an application server Separately allocate payment modules to reduce the labor and time costs caused by adding new applications or new payment methods; through the unified management of interface control information, it avoids security threats caused by too many places where interface control information appears.

[0036] Example two

[0037] figure 2 It is a schematic flowchart of an online payment method provided in the second embodiment of the present invention. The embodiment of the present invention specifically optimizes step 120 on the basis of the above-mentioned embodiment 1, and the method includes:

[0038] Step 210: Receive a transaction request sent by at least one application server, where the transaction request carries transaction information, an application server identifier, and a third-party server identifier.

[0039] Step 220: Determine whether the target application server is legal according to the application server identifier.

[0040] The application server has a unique identification identifier, and verifying the legitimacy of the application server according to the identifier of the application server is to prevent malicious requests from damaging the system. When the identification of the application server matches the identification of the application server pre-assigned by the payment system, it is determined that the target application server is legal.

[0041] Step 230: If it is valid, identify the corresponding target application server and target third-party server according to the application server identifier and the third-party server identifier.

[0042] According to the application server identification, search for the target application server corresponding to the identification in the database of the payment system to determine the target application server; look for the third-party server identification provided by the target application server for the same identification as the obtained third-party server identification If it exists, the target third-party server is obtained; if it does not exist, the third-party server is judged to be illegal.

[0043] Step 240: Obtain corresponding target application server interface control information and target third-party server interface control information according to the application server identifier and the third-party server identifier.

[0044] Different application servers may be connected to multiple third-party servers, and the payment system may be connected to multiple application servers. Correspondingly, the same third-party server may be used for payment among multiple servers connected to the payment system. Therefore, the application server identification and Only the third-party server identifier can obtain the corresponding target application server interface control information and the target third-party server interface control information.

[0045] Step 250: According to the application server interface control information, verify whether the transaction information is legal.

[0046] Step 260: According to the target third-party server interface control information, the transaction information is sent to the target third-party server, and the transaction information feedback result returned by the target third-party server is received.

[0047] Step 270: According to the target application server interface control information, send the transaction information feedback result to the target application server for transaction processing.

[0048] Further, before receiving the transaction request sent by at least one application server, the method further includes: receiving a registration request from at least one application server, and judging whether the registration request is legal; if the registration request is legal, sending the respective corresponding to at least one application server Application server identification and application server interface control information; receiving third-party server identification and third-party server interface control information of at least one third-party server docked with at least one application server.

[0049] Further, after sending the transaction information feedback result to the target application server for transaction processing according to the target application server interface control information, the method further includes: saving transaction behaviors related to the transaction information, and generating a capital transaction flow record.

[0050] In order to further describe the embodiments of the present invention completely, such as image 3 As shown, the user places an order for payment as an example. After the user selects the goods to be purchased, the third-party payment method is selected in the application client. The application client sends a payment request to the application server according to the payment method selected by the user ; After the application server receives the payment request sent by the application client, it processes the background logic related to the order, obtains the order number, amount and other information, and sends the payment request to the payment system; the payment system obtains the payment request according to the allocation to the application server The payment interface secret key confirms the legitimacy of the entire interface. After the confirmation is passed, the payment system will obtain the secret key and encryption method assigned by the third-party payment platform corresponding to the payment method from the configuration file or database, and use the secret key and encryption method to verify the order information Encrypt and send the encrypted order to a third-party server; the third-party server decrypts the received encrypted order, and after confirming that the order is legal, generates a pre-payment order, encrypts the pre-payment order and sends it to the payment system, and the payment system decrypts the payment order , And use its own secret key to encrypt and generate a signed payment order, and return the encrypted payment order to the application server; the application server decrypts the payment order and returns the payment information to the application client; the application client returns the payment information and calls the third party Client: The third-party client initiates a payment request to the third-party server; after the third-party server verifies that the payment information and payment authority are legal, it returns the verification result to the third-party client.

[0051] The third-party client informs the customer to enter the password, and the user enters the correct payment password to authorize the payment behavior. The third-party client will notify the third-party server after the authorization is confirmed, and the third-party server will perform operations such as payment deductions. Third-party customers The end will inform the user that the payment is complete. While this process is going on, the third-party server will notify the user's payment behavior to the payment system. The payment system will record and save the payment behavior information. At the same time, it will modify the logic of the previous booking form after payment confirmation to generate funds. Flow records.

[0052] After the user enters the payment password and obtains the payment completion confirmation, he will follow the prompts and return to the application client interface. At this time, the application server will query the payment system for the payment result of this operation, and the payment system will return the payment result notified by the third-party server To the application server; if the payment system does not receive the payment result notified by the third-party server, then the payment system will actively follow the rules to query the result on the third-party server, and the application server will process the status change of the order after receiving the payment result. Order business logic, and at the same time inform the client to show to the user that the payment is completed.

[0053] Figure 4 It is a schematic diagram of an online refund method provided by an embodiment of the present invention. After the user initiates a refund request, the application client sends a refund request to the application server. The application server processes the order and determines whether a refund is available. If the refund conditions are met, the refund request is sent to the payment system; the payment system obtains the refund request , Encrypt the refund information through a secret key and encryption method, and send the encrypted refund information to a third-party server; the third-party server decrypts and judges the received encrypted refund information, and confirms that the refund information is legal. The result is returned to the payment system, the payment system records the refund logic, and returns the determination result to the application server; the application server processes the refund logic and returns the processing result to the application client, and the application client displays the refund operation result to the user to complete the refund Payment order processing.

[0054] After completing the refund order processing, when the user needs to check the refund progress, such as Figure 5 As shown, after obtaining the user's refund progress query request, the application client sends the refund progress query request to the application server, and the application server sends the refund progress query request to the payment system; the payment system obtains the refund progress query request and passes The secret key and encryption method encrypt the query parameters and send the query parameters to the third-party server; the third-party server decrypts and detects the received encrypted query parameters, returns the refund result to the payment system, and the payment system records the refund result. The refund result is returned to the application server; the application server processes the refund result, returns the refund result to the application client, and the application client displays the refund result to the user.

[0055] It should be noted that for the data exchange between the payment system and the application server and the third-party server, for security reasons, the third-party server provides all certificates, secret keys, and signature rules and saves them in the payment system. At the same time, to ensure security, the payment system The application server will also be assigned a unique identification and secret key and signature rules.

[0056] The online payment method provided by the embodiment of the present invention can simultaneously connect to multiple application servers and multiple third-party servers corresponding to the application servers by identifying the application server identification and the third-party server identification, and does not need to be a separate application server Allocate payment modules to reduce labor and time costs caused by adding new applications or new payment methods; through unified management of interface control information, avoid security threats caused by too many places where interface control information appears; unified processing of orders , Which is conducive to the overall financial reconciliation in the later period.

[0057] Example three

[0058] Image 6 It is a structural block diagram of an online payment system provided in the third embodiment of the present invention. Such as Image 6 As shown, the system includes:

[0059] The transaction request receiving module 610 is configured to receive a transaction request sent by at least one application server, and the transaction request carries transaction information, an application server identifier, and a third-party server identifier;

[0060] The interface control information acquisition module 620 is configured to identify the corresponding target application server and the target third-party server according to the application server identifier and the third-party server identifier, and obtain corresponding target application server interface control information and target third-party server interface control information ;

[0061] The transaction information processing module 630 is configured to send transaction information to the target third-party server according to the target third-party server interface control information, and receive the transaction information feedback result returned by the target third-party server;

[0062] The feedback result sending module 640 is configured to send the transaction information feedback result to the target application server for transaction processing according to the target application server interface control information.

[0063] Further, the interface control information acquisition module 620 includes: an application server judging unit for judging whether the target application server is legal according to the application server identification; the target server identifying unit is for judging whether the registration request judging module is legal, according to The application server identification and the third-party server identification respectively identify the corresponding target application server and the target third-party server; the interface information obtaining unit is used to obtain the corresponding target application server interface control information and The target third-party server interface control information; the transaction information verification unit is used to verify whether the transaction information is legal according to the application server interface control information.

[0064] Further, the system further includes: a registration request judging module for receiving a registration request from at least one application server and judging whether the registration request is legal; an information sending module for sending a request to at least one application server when the application server judging module judges that it is legal The application server sends respective corresponding application server identification and application server interface control information; the information receiving module is configured to receive the third-party server identification and third-party server interface control information of at least one third-party server docked with the at least one application server.

[0065] Exemplarily, the application server interface control information includes at least: a secret key and encryption method for information interaction with the application server; the third-party server interface control information includes at least a secret key and encryption used for information interaction with the third-party server the way.

[0066] Further, it also includes: a transaction flow record module, which is used to store transaction behaviors related to transaction information and generate a capital transaction flow record.

[0067] The online payment system provided in this embodiment belongs to the same inventive concept as the online payment method provided in any embodiment of the present invention, and can implement the online payment method provided in any embodiment of the present invention, and has Corresponding functions and beneficial effects. For technical details that are not described in detail in this embodiment, please refer to an online payment method provided in any embodiment of the present invention.