[0024] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
[0025] However, it cannot be guaranteed that the card reading action occurs when the medical payment transaction occurs. The technicians and system managers of transaction terminals and access systems have the opportunity to access historical user data and related card data in their own systems. These data can be used to illegally initiate medical payment requests without the real-time existence of cards, thereby Resulting in the loss of funds of users of the medical payment platform.
[0026] A card security authentication payment system, such as figure 1 As shown, including: a card, which contains an IC chip inside;
[0027] The transaction terminal is used to read the card information, cooperate with the card, and request the transaction random number from the payment platform;
[0028] The payment platform, after receiving the transaction random number request, generates a transaction random number and sends it to the transaction terminal;
[0029] The transaction terminal sends the received transaction random number to the card for internal authentication calculation to obtain card authentication data;
[0030] The card will get the card identification data and return it to the transaction terminal;
[0031] The transaction terminal sends the card identification data to the payment platform;
[0032] After receiving the card authentication data, the payment platform uses the transaction random number to generate terminal authentication data using the security verification module group, and compares the terminal authentication data with the card authentication data. If the two data meet the specific matching rules, the payment is allowed. Otherwise, the payment is terminated.
[0033] In specific use, the card can be a social security card or a resident health card. Insert the card into the transaction terminal. After the transaction terminal reads the card information, it sends a transaction request to the payment platform by operating the transaction terminal. The payment platform generates a transaction random number and sends it to The card authentication random number is generated by the transaction terminal after it is sent to the card for authentication and calculation. Since the transaction random number is randomly generated, and the card authentication random number is generated according to the transaction random number, the card authentication random number will also change dynamically. , the card authentication random number is then transmitted to the payment platform through the transaction terminal, and the payment platform will only generate terminal authentication data through the security verification module inside the transaction platform after receiving the card authentication data, which can ensure the real-time existence of the card to a certain extent, and finally pass Judging whether the card authentication data and terminal authentication data meet the specific matching rules to determine whether the payment is allowed. When the transaction is allowed, the user can use the transaction terminal to enter the payment amount, enter the payment password, and confirm the payment. Follow-up steps.
[0034] The card security authentication payment system provided by the present invention closely combines the card, the transaction terminal and the payment platform. The card itself can generate dynamic information, and the payment platform provides transaction random numbers and uses the dynamic information generated by the card itself as the basis for judgment. , to perform the final authentication operation. Using the third-party payment platform as the final authentication party improves the security and credibility of payment, prevents the information inside the card from being simply copied, and further improves the security of payment by card.
[0035] On the basis of the above scheme, each transaction random number only generates a unique pair of card authentication data and terminal authentication data, which will be recorded in the database of the payment platform, which ensures the security of card authentication data and terminal authentication data.
[0036] Further, the payment platform uses the database to judge each set of card authentication data and terminal authentication data, and if each pair of card authentication data and terminal authentication data has not been used, the payment is allowed; otherwise, the payment is terminated .
[0037] Since transaction terminals, technicians and system managers who access the system have the opportunity to have access to historical user data and related card data in their own systems, these data can be used to illegally initiate medical payment requests, resulting in medical payment platform users loss of funds. And each transaction random number generates a unique pair of card authentication data and terminal authentication data, and can only be used once, when the user is about to perform a payment task, the payment platform judges the authentication data and terminal authentication data according to the records in the database. The authentication data has been used, if the set of data has been used, the data will be invalid. This solution prevents the operators of the internal system from taking advantage of their positions to steal historical data in the system to initiate payment requests illegally, which greatly improves the security of the system.
[0038] The present invention also provides a supplementary scheme, wherein the terminal authentication data and transaction random number include generation time information; the payment platform receives the card authentication data, uses the transaction random number to generate the terminal authentication data using a safety verification module group, and judges Whether the difference between the generation time of the terminal authentication data and the generation time of the transaction random number is within the set time range, if so, the payment is allowed; otherwise, the payment is terminated.
[0039] The transaction random number and card identification data generated by the payment platform contain time information, and the time accuracy is seconds. Since the authentication time of the payment platform for the card is short, the data is valid only when the time interval between the two is less than a certain period of time. allowed to proceed. This further prevents the technical staff of the transaction terminal or the access system from forging the transaction by using the time difference, and ensures to a certain extent that the card reading action occurs when the medical payment transaction occurs, that is, the real-time existence of the card during the transaction greatly ensures the security of the transaction. safety.
[0040] Further, the set duration ranges from 3s to 6s. Due to the short authentication time of the payment platform for the card, in order to prevent the system or the network itself from being unsmooth, the time interval is set to 3s~6s, and the risk time is shortened while ensuring the normal operation of the system, so that illegal personnel can create fake transactions The time difficulty increases, which strengthens the security of the system.
[0041]Preferably, the present invention also provides a supplementary solution. When the transaction terminal sends the received transaction random number to the card for internal authentication calculation, the card generates key process data, and the key process data performs transaction random number according to certain encryption rules. Generate card authentication data after encryption processing.
[0042] Further, the key process data is customized and set by the card owner on the payment platform.
[0043] Specifically, in order to prevent the fixed authentication calculation inside the card from being cracked, the transaction random number is encrypted through the key process data to generate card authentication data. The key process number can be generated by the card owner through custom settings on the payment platform or randomly generated by the payment platform, and sent to the transaction terminal after generation, and then sent to the card together with the random number by the transaction terminal. The payment platform finally decrypts the card authentication data through the key process data, and then judges whether the card authentication data and terminal authentication data meet specific matching rules, so as to determine whether the payment is allowed.
[0044] Specifically, each card uniquely corresponds to the encryption rule of the key process data, and the decryption rule of the payment platform also corresponds to the encryption rule. The only set of encryption rules is determined by the card number and the set key process data, which makes it difficult to determine the card key through the transaction random number even if the information inside the card is copied or the transaction random number is obtained, and then proceed illegal trading. This scheme further ensures the security of the system.
[0045] Specifically, the cards in the above solution include a social security card or a resident health card.
[0046] Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.
