Proximity payment methods, media, devices, and computing devices
By establishing a close-range connection and implementing multiple verifications between payment and collection devices, the dependence of the transaction process on transaction servers and networks is eliminated, enabling normal transactions and secure payments even in the absence of network access or in the event of a malfunction.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- WANGYIBAO
- Filing Date
- 2022-02-08
- Publication Date
- 2026-06-19
Smart Images

Figure CN114463007B_ABST
Abstract
Description
Technical Field
[0001] The embodiments of this disclosure relate to the field of payment technology, and more specifically, the embodiments of this disclosure relate to a near-field payment method, medium, apparatus, and computing device. Background Technology
[0002] This section is intended to provide background or context for the embodiments of this disclosure as set forth in the claims. The description herein is not intended to be a prior art simply because it is included in this section.
[0003] With the popularization of the Internet, mobile payment has gradually become integrated into life, bringing many conveniences to social life and production. Mobile payment can be divided into long-distance payment and short-distance payment. Short-distance payment is a payment method that requires users to be in close contact and face-to-face to conduct transactions, such as cash transactions, NFC payments, and QR code payments.
[0004] However, in these payment technologies, the transaction process heavily relies on the backend transaction server, and both the payer and the payee need a stable and secure network environment. When there is no network, poor network signal, network congestion during peak hours, or transaction server failure, the transaction cannot be completed normally. If an unknown wireless network is used, the security of the network environment cannot be guaranteed. Summary of the Invention
[0005] This disclosure provides a near-field payment method, medium, apparatus, and computing device to address the technical problems of high dependence on transaction servers and networks and low security in current near-field payment processes.
[0006] In a first aspect of this disclosure, a near-field payment method is provided, applied to a receiving device. The near-field payment method includes: obtaining a first user certificate of the paying device based on a near-field connection established between the receiving device and a paying device; the first user certificate is used to verify the identity of the paying device; issuing a first payment voucher corresponding to a target transaction of the paying device; encrypting the first payment voucher according to a first public key in the first user certificate, and sending the encrypted first payment voucher to the paying device based on the near-field connection; the first payment voucher is used by the paying device to verify the target transaction and generate a target payment voucher corresponding to the target transaction; receiving the target payment voucher sent by the paying device based on the near-field connection, and after establishing a communication connection when the receiving device establishes communication with a transaction server, sending the target payment voucher to the transaction server; the target payment voucher is used by the transaction server to verify the target transaction.
[0007] In a second aspect of this disclosure, a near-field payment method is provided, applied to a payment device. The near-field payment method includes: obtaining a second user certificate of the payment device based on a near-field connection established between the payment device and a receiving device, the second user certificate being used to verify the identity of the receiving device; obtaining a first payment voucher for a target transaction issued by the receiving device; generating a target payment voucher for the target transaction based on the first payment voucher; encrypting the target payment voucher according to a second public key in the second user certificate, and sending the encrypted target payment voucher to the receiving device based on the near-field connection, so that the receiving device sends the target payment voucher to a transaction server; and / or, after the payment device and the transaction server establish a communication connection, encrypting the target payment voucher according to the root certificate public key of the transaction server, and sending the encrypted target payment voucher to the transaction server, the target payment voucher being used by the transaction server to verify the target transaction.
[0008] In a third aspect of this disclosure, a near-field payment method is provided, applied to a transaction server. The near-field payment method includes: receiving a target payment voucher for a target order sent by a receiving device and / or a paying device; and verifying the target order based on the target payment voucher. The target payment voucher includes a first payment voucher and a fourth digital signature issued by the paying device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the paying device, and a first digital signature issued by the receiving device.
[0009] In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, which stores computer-executable instructions that, when executed by a processor, implement a near-field payment method as described in any one of the first, second, and third aspects.
[0010] In a fifth aspect of this disclosure, a near-field payment device is provided, applied to a receiving device. The near-field payment device includes: an acquisition module, configured to acquire a first user certificate of the payment device based on a near-field connection established between the receiving device and a payment device, the first user certificate being used to verify the identity of the payment device; an issuance module, configured to issue a first payment voucher corresponding to the target transaction of the payment device, generating a first payment voucher corresponding to the target transaction; and a sending module, configured to encrypt the first payment voucher according to a first public key in the first user certificate, and send the encrypted first payment voucher to the payment device based on the near-field connection, the first payment voucher being used by the payment device to verify the target transaction and generate a target payment voucher corresponding to the target transaction; a receiving module, configured to receive the target payment voucher sent by the payment device based on the near-field connection; and, after establishing a communication connection when the receiving device establishes communication with a transaction server, send the target payment voucher to the transaction server, the target payment voucher being used by the transaction server to verify the target transaction.
[0011] In a sixth aspect of this disclosure, a proximity payment device is provided, applied to a payment device. The proximity payment device includes: a first acquisition module, configured to acquire a second user certificate of the payment device based on a proximity connection established between the payment device and the receiving device, the second user certificate being used to verify the identity of the receiving device; a second acquisition module, configured to acquire a first payment voucher for a target transaction issued by the receiving device; a processing module, configured to generate a target payment voucher for the target transaction based on the first payment voucher; a sending module, configured to encrypt the target payment voucher according to a second public key in the second user certificate, and send the encrypted target payment voucher to the receiving device based on the proximity connection, so that the receiving device sends the target payment voucher to a transaction server; and / or, after the payment device establishes a communication connection with the transaction server, encrypting the target payment voucher according to the root certificate public key of the transaction server, and sending the encrypted target payment voucher to the transaction server, the target payment voucher being used by the transaction server to verify the target transaction.
[0012] In a seventh aspect of the present disclosure, a near-field payment device is also provided, applied to a transaction server. The near-field payment device includes: a receiving module for receiving a target payment voucher for a target order sent by a receiving device and / or a payment device; and a processing module for verifying the target order based on the target payment voucher. The target payment voucher includes a first payment voucher and a fourth digital signature issued by the payment device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the payment device, and a first digital signature issued by the receiving device.
[0013] In an eighth aspect of the present disclosure, a computing device is also provided, comprising: at least one processor and a memory; the memory storing computer execution instructions; and at least one processor executing the computer execution instructions stored in the memory to implement the near-field payment method as described in any one of the first, second, and third aspects.
[0014] In a ninth aspect of the present disclosure, a computer program product is also provided, the computer program product including a computer program; when the computer program is executed, it implements the near-field payment method as described in any one of the first, second, and third aspects.
[0015] In the near-field payment method, medium, apparatus, and computing device provided in this disclosure, during the payment process, the paying device and the receiving device establish a near-field connection. The receiving device issues a first payment voucher for the target transaction, the paying device verifies the first payment voucher, and issues a target payment voucher. Finally, the transaction server verifies the payment vouchers issued by both parties and cancels the target transaction upon successful verification. In this transaction process, the transaction does not heavily rely on the transaction server, and because the payer and payee establish a near-field connection, it does not depend on an external network environment. Normal transactions can still be conducted even in situations such as no network, poor network signal, peak network congestion, or transaction server failure, while avoiding external network security issues. Furthermore, the multiple verifications of the transaction by the receiving device, the paying device, and the transaction server ensure the reliability of the transaction. Attached Figure Description
[0016] The above and other objects, features, and advantages of this disclosure will become readily apparent from the following detailed description of exemplary embodiments, taken in conjunction with the accompanying drawings. Several embodiments of this disclosure are illustrated in the drawings by way of example and not limitation, in which:
[0017] Figure 1 This is a schematic diagram illustrating an application scenario provided for an embodiment of this disclosure;
[0018] Figure 2 A flowchart illustrating the near-field payment method provided for embodiments of this disclosure. Figure 1 ;
[0019] Figure 3 A flowchart illustrating the near-field payment method provided for embodiments of this disclosure. Figure 2 ;
[0020] Figure 4 A schematic diagram illustrating the principle of the transaction certificate acquisition method provided in this embodiment of the disclosure;
[0021] Figure 5 A schematic flowchart illustrating the first user certificate acquisition process of a payment device provided in an embodiment of this disclosure;
[0022] Figure 6 A schematic diagram illustrating the principle of the user certificate acquisition method provided in this embodiment of the disclosure;
[0023] Figure 7 A flowchart illustrating the second user certificate acquisition process for a payment receiving device provided in an embodiment of this disclosure;
[0024] Figure 8 This is a schematic diagram illustrating the principle of a server verifying a target order according to an embodiment of this disclosure.
[0025] Figure 9 A schematic diagram of the structure of a storage medium provided for an exemplary embodiment of this disclosure;
[0026] Figure 10 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 1 ;
[0027] Figure 11 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 2 ;
[0028] Figure 12 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 3 ;
[0029] Figure 13 A schematic diagram of the structure of a computing device provided in an embodiment of this disclosure;
[0030] In the accompanying drawings, the same or corresponding reference numerals indicate the same or corresponding parts. Detailed Implementation
[0031] The principles and spirit of this disclosure will now be described with reference to several exemplary embodiments. It should be understood that these embodiments are given merely to enable those skilled in the art to better understand and implement this disclosure, and are not intended to limit the scope of this disclosure in any way. Rather, these embodiments are provided to make this disclosure more thorough and complete, and to fully convey the scope of this disclosure to those skilled in the art.
[0032] Those skilled in the art will recognize that embodiments of this disclosure can be implemented as a system, apparatus, device, method, or computer program product. Therefore, this disclosure can be specifically implemented in the following forms: entirely hardware, entirely software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.
[0033] In this article, it is important to understand the following terms and their meanings:
[0034] Write-off: A method of processing transactions after they have been recorded. For example, payments are first recorded in the prepayment account and then transferred to accounts payable when settling accounts with the other party. At this point, the prepayment and accounts payable are written off to complete the entire transaction.
[0035] Asymmetric cryptography is a type of encryption algorithm in cryptography. Common algorithms include RSA, Elgamal, Knapsack, Rabin, Diffie-Hellman, and Elliptic Curve Cryptography (ECC).
[0036] Asymmetric encryption requires a public key and a private key. The public key is used for encryption, and the private key is used for decryption. The ciphertext obtained by encrypting plaintext with the public key can only be decrypted with the corresponding private key to obtain the original plaintext.
[0037] Furthermore, the number of any elements in the accompanying drawings is for illustrative purposes only and not for limitation, and any naming is for distinction only and has no limiting meaning.
[0038] The principles and spirit of this disclosure will be explained in detail below with reference to several representative embodiments. Invention Overview
[0040] The inventors discovered that existing transaction processes heavily rely on backend transaction servers, and both the payer and payee require a stable and secure network environment. When there is no network, poor network signal, network congestion during peak hours, or transaction server failure, the transaction cannot proceed normally. If an unknown wireless network is used, the security of the network environment cannot be guaranteed.
[0041] In view of this, the embodiments of this disclosure provide a near-field payment method. During the payment process, a near-field connection is established between the payer and the payee, without relying on an external network environment. Normal transactions can still be carried out when there is no network, poor network signal, peak network congestion, or transaction server failure, while avoiding the security issues of external networks. In addition, the reliability of transactions can be guaranteed through multiple verifications of the transaction by the receiving device, the paying device, and the transaction server.
[0042] Application Scenarios Overview
[0043] First refer to Figure 1 , Figure 1 This is a schematic diagram of an application scenario provided by an embodiment of the present disclosure. The devices involved in this application scenario include a payment receiving device 101, a payment receiving device 102, and a transaction server 103.
[0044] The transaction server 103 can communicate with the receiving device 101 and the payment device 102 via the network, and a near-field connection can be established between the receiving device 101 and the payment device 102.
[0045] The receiving device 101 and the payment device 102 can be personal digital assistant (PDA) devices, handheld devices with wireless communication functions (such as smartphones and tablets), computing devices (such as personal computers (PCs)), in-vehicle devices, wearable devices (such as smartwatches and smart bracelets), smart home devices (such as smart display devices), etc. The figure shows a mobile phone as an example, but it is not limited to this.
[0046] Transaction server 103 can be a product server for a payment application. User data, business data, etc. of the payment application are deployed in transaction server 103, thereby providing payment services related to the payment application to users of multiple devices (such as receiving device 101 and payment device 102).
[0047] Correspondingly, the receiving device 101 and the payment device 102 are equipped with a client for the payment application, which allows users to access the payment services provided by the product server.
[0048] Exemplary methods
[0049] The following is combined Figure 1 Application scenarios, refer to Figure 2-8 This document describes a near-field payment method according to exemplary embodiments of the present disclosure. It should be noted that the above application scenarios are shown only to facilitate understanding of the spirit and principles of the present disclosure, and the embodiments of the present disclosure are not limited in any way. Rather, the embodiments of the present disclosure can be applied to any applicable scenario.
[0050] refer to Figure 2 , Figure 2 A flowchart illustrating the near-field payment method provided for embodiments of this disclosure. Figure 1 .like Figure 2 As shown, this near-field payment method includes the following steps:
[0051] S201. The receiving device obtains the first user certificate of the payment device based on the near-field connection established between the receiving device and the payment device.
[0052] S202. The payment device obtains a second user certificate from the receiving device based on the near-field connection established between the payment device and the receiving device.
[0053] The first user certificate is used to verify the identity of the payment device, and the second user certificate is used to verify the identity of the receiving device. During the identity verification process, the primary function is to verify whether the first and second user certificates were issued by the transaction server. The methods for verifying user identity and issuing user certificates will be shown in subsequent embodiments.
[0054] In this embodiment of the disclosure, before the transaction, the receiving device and the paying device exchange user certificates and perform mutual verification to prevent unauthorized impersonation of the transaction identity, thereby ensuring the security of information transmission in the near-field connection, while also protecting the funds of the receiving and paying parties and improving the reliability of the transaction process.
[0055] In the embodiments of this disclosure, the near-field connection methods between the receiving device and the payment device include, but are not limited to, any of the following: NFC connection, Bluetooth connection, Long Range Radio (LoRa) connection, or WIFI connection, etc., and the embodiments of this disclosure are not limited to these.
[0056] S203. The receiving device issues a payment voucher for the target transaction corresponding to the payment device, generating the first payment voucher corresponding to the target transaction.
[0057] S204. The receiving device encrypts the first payment credential using the first public key in the first user certificate, and sends the encrypted first payment credential to the paying device based on the near-field connection.
[0058] The target transaction is a transaction initiated by the receiving device and the payment device after a near-field connection is established.
[0059] In this embodiment of the disclosure, the receiving device authenticates and authorizes the target transaction, thereby generating a first payment voucher. It should be understood that offline payment is actually an accounting process, and the first payment voucher is the transaction details and data format of the payment process recorded by the receiving device. The content and specific generation method of the first payment voucher will be shown in subsequent embodiments.
[0060] Furthermore, after obtaining the first payment credential, the first payment credential is encrypted using the first public key of the payment device, and the encrypted first payment credential is sent to the payment device based on a near-field connection.
[0061] In this embodiment of the disclosure, encrypting the first payment credential with the first public key can establish an encrypted communication tunnel with the payment device. Since only the payment device and the receiving device can decrypt the encrypted content, this process can further enhance the security of the transaction process.
[0062] S205. The payment device generates a target payment document for the target transaction based on the first payment document.
[0063] Accordingly, the payment device decrypts the received first payment credential using its own first private key and generates the target payment credential based on the first payment credential.
[0064] Similarly, the target payment voucher is the data format in which the payment device records transaction details and the payment process. After receiving the first payment voucher, the first payment voucher is first verified. When the verification passes, the target payment voucher is generated based on the first payment voucher. The content and specific generation method of the target payment voucher will be shown in subsequent embodiments.
[0065] In this embodiment of the disclosure, by having both the payment device and the receiving device perform multiple verifications and authorizations on the target transaction, it can be ensured that the payment voucher is not tampered with or repudiated, thereby ensuring the legality and validity of the payment process and the traceability of the payment result, and thus guaranteeing the fund security of both the payer and the payee.
[0066] S206. The payment device encrypts the target payment credential using the second public key in the second user certificate, and sends the encrypted target payment credential to the receiving device based on the near-field connection, so that the receiving device sends the target payment credential to the transaction server.
[0067] S207. The receiving device receives the target payment voucher sent by the payment device based on the near-field connection, and after the receiving device establishes a communication connection with the transaction server, it sends the target payment voucher to the transaction server.
[0068] In one implementation, after generating the target payment voucher, the payment device can send the target payment voucher directly to the receiving device based on a near-field connection. The receiving device then forwards the target payment voucher to the transaction server, which verifies the voucher and completes the transaction.
[0069] Optionally, the receiving device may encrypt the target payment credential using the root certificate public key of the transaction server before sending it to the transaction server.
[0070] In this embodiment, an encrypted communication tunnel is established between the receiving device and the transaction server using the root certificate public key. Since only the receiving device and the transaction server can decrypt the message, this process can further enhance the security of the transaction process.
[0071] After the transaction server completes the verification, the payment will be deducted from the account corresponding to the paying device, and the receiving device will receive the corresponding funds. Therefore, the payer may be reluctant to pay or delay payment, resulting in lower initiative in advancing the transaction verification process. Conversely, the receiving party may be more eager to receive payment, leading to higher initiative in advancing the transaction verification process. In one embodiment of this disclosure, when the paying device generates the target payment voucher, it sends the target payment voucher to the receiving device, which then sends the target payment voucher to the transaction server to complete the verification. This can improve the transaction progress to some extent, prevent situations where verification cannot be completed due to poor initiative from the paying device, and protect the rights and interests of the receiving party.
[0072] In addition, in one embodiment of this disclosure, if the location of the receiving device has good network conditions, the payment device can send the payment voucher to the receiving device based on the near-field connection, and the receiving device can synchronize it to the transaction server. This allows the transaction server to perform real-time verification and provide real-time feedback on the transaction results. In scenarios such as shopping malls, supermarkets, or other large transactions, this can improve the real-time nature of the transaction process while ensuring transaction security.
[0073] Furthermore, before sending the target payment credential to the receiving device, the payment device encrypts the target payment credential using the receiving device's second public key, which can establish an encrypted communication tunnel with the receiving device. Since only the payment device and the receiving device can decrypt it, this process can further enhance the security of the transaction process.
[0074] S208. After establishing a communication connection between the payment device and the transaction server, the payment device encrypts the target payment voucher according to the root certificate public key of the transaction server and sends the encrypted target payment voucher to the transaction server.
[0075] It should be noted that when the receiving device is located in a relatively fixed environment with poor network conditions, such as in mountainous areas or underground passages, it may be offline for extended periods. In contrast, the payment device is typically more mobile and less likely to remain offline for long periods. Therefore, in one embodiment of this disclosure, the payment device can send the target payment voucher to the transaction server. This allows for faster transaction verification when the payee fails to upload the target transaction voucher in a timely manner, further ensuring the timeliness and reliability of the target transaction.
[0076] In addition, before sending the target payment voucher to the transaction server, the payment device encrypts the target payment voucher using the transaction server's root certificate public key, which can establish an encrypted communication tunnel with the transaction server. Since only the payment device and the transaction server can decrypt it, this process can further enhance the security of the transaction process.
[0077] It should be noted that steps S207 and S208 can be executed either one or both. When both steps S207 and S208 are executed, there is no strict restriction on their execution order. For example, step S208 can be executed first and then step S207 can be executed.
[0078] In an optional implementation, in steps S207 and S208, the receiving device and / or the payment device may send the target transaction voucher to the transaction server in batches.
[0079] Specifically, after establishing a communication connection with the transaction server, the same payment device (or receiving device) can automatically send target payment vouchers to the transaction server in batches according to the transaction time corresponding to each unreconciled transaction. This embodiment does not specifically limit the division of transaction time. For example, the target payment vouchers for transactions generated within a certain time interval can be sent at intervals of 30 minutes, 1 hour, or 24 hours. Alternatively, a fixed sending time can be set, at which target payment vouchers for transactions generated before that time but not yet reconciled are sent. For example, if the time points are set to 11:00 and 18:00, then target payment vouchers for transactions before 11:00 are sent at 11:00, and target payment vouchers for transactions between 11:00 and 18:00 are sent at 18:00.
[0080] It should be noted that the transaction time can be the time when the receiving device and the paying device establish a connection, or the time when the target payment voucher is generated, etc. Furthermore, the start time of each batch can be a fixed time (e.g., a set time point) or the end time of the previous batch's upload of the target transaction voucher. Additionally, users can set the sending interval and sending time of the target payment voucher according to their needs.
[0081] In this embodiment, by sending the target transaction voucher in batches, the number of times the device sends data can be reduced, thereby reducing the device's power consumption and data usage. Furthermore, uploading the target payment voucher in batches facilitates transaction management for the user. Additionally, because this method allows users to set the sending time and time interval according to their needs, it can meet personalized user requirements and improve the user experience.
[0082] On the other hand, target payment credentials can also be sent to the transaction server in batches based on the transaction category. Specifically, transaction categories can include: payment account category (such as Alipay, WeChat Pay, online banking, etc.), product category, etc.
[0083] For example, transactions of the same payment category can be sent to the transaction server as a single batch, or transactions of the same product category can be sent to the transaction server as a single batch.
[0084] In this embodiment of the disclosure, sending the target payment voucher in batches according to the transaction category can reduce the number of times the device sends data, thereby reducing the device's power consumption and data usage. Furthermore, uploading the target payment voucher in batches facilitates user management of transactions, enabling the payer or payee to verify and record transactions, thus improving the user experience.
[0085] S209. Based on the target payment voucher, verify the target order.
[0086] The target payment voucher includes a first payment voucher and a fourth digital signature issued by the payment device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the payment device, and a first digital signature issued by the receiving device.
[0087] In this embodiment, the transaction server verifies the first digital signature in the first payment voucher and the fourth digital signature in the target payment voucher. When both verifications pass, the current transaction is cancelled, and operations such as archiving and fund transfer are performed to complete the entire transaction. It should be noted that the transaction server's cancellation scheme for the target order will be shown in subsequent embodiments.
[0088] In this embodiment of the disclosure, the transaction process does not heavily rely on the transaction server, and since the payer and payee establish a close-range connection, it does not rely on the external network environment. Normal transactions can still be carried out when there is no network, poor network signal, peak network congestion, or transaction server failure, while avoiding the security issues of external networks. In addition, the reliability of the transaction can be guaranteed by performing multiple verifications on the target transaction through the receiving device, the payment device, and the transaction server.
[0089] Furthermore, in related technologies, because the transaction process heavily relies on the transaction server, in small-amount, high-frequency transaction scenarios such as canteens, public transportation, scenic spots, and internal corporate consumption, the transaction server may need to process multiple transactions simultaneously, causing congestion on the transaction server, slowing down the transaction process, and even easily leading to transaction failures, severely impacting the user's transaction experience. The solution provided by this disclosure eliminates the need for a strong reliance on the transaction server during the transaction process. The target payment voucher can be generated before the transaction begins, allowing for "postponement" of the transaction and enabling direct payment on the device's local machine, thus improving payment efficiency. When the networks of each payment / collection device are normal, because the connection establishment time between each payment / collection device and the transaction server is different, and the time for uploading the target payment voucher can be freely chosen by the user, the devices can avoid sending the target payment voucher to the transaction server simultaneously. This achieves decentralized sending of the target transaction voucher to the server, avoiding high concurrency, and allowing the server to perform decentralized transaction verification. This effectively solves transaction problems in scenarios with weak networks, high concurrency, and long processing times, reducing the processing pressure on the transaction server and improving the user's transaction experience.
[0090] Next, combined Figure 3 The transaction process of the payment device and the receiving device in the embodiments of this disclosure will be described in detail as follows:
[0091] Figure 3 A flowchart illustrating the near-field payment method provided for embodiments of this disclosure. Figure 2 .like Figure 3 As shown, the near-field payment method specifically includes the following steps:
[0092] S301. The payment device generates a QR code and / or NFC tag based on the connection information of the payment device.
[0093] First, connection information is generated based on the connection method of the payment device, such as Bluetooth connection, WiFi connection, LoRa connection, NFC connection, etc.
[0094] Accordingly, if the payment device supports Wi-Fi or Bluetooth connectivity, a QR code containing the device's connection information will be generated; if the device supports NFC connectivity, an NFC tag containing the device's connection information will be generated. It should be understood that if the payment device supports multiple methods simultaneously, a prompt message can be generated, allowing the recipient to select the desired connection method based on the prompt.
[0095] Specifically, the data size of the connection information of the receiving device is a preset size, and the content of the connection information is a connection identifier and password in a preset format. For example, the preset format can be {T:WiFi / Bluetooth; S:DeviceName; P:password}, that is, {T:Connection method; S:Device name; P:Password}, such as {T:WiFi; S:NetEase-5G; P:123456}, {T:Bluetooth; S:DeviceName; P:PinCode}, etc., which will not be shown one by one here.
[0096] S302. The payment device establishes a near-field connection with the receiving device based on the QR code and / or NFC tag generated by the receiving device.
[0097] Specifically, during the connection process, if the payment device supports NFC, the NFC function will be used first to read the seller's NFC tag content, thereby achieving the connection between the two.
[0098] Correspondingly, if the NFC tag content reading fails, the camera can be opened automatically, prompting the payer to connect via the QR code provided by the payee. After scanning the code, the connection information contained in the QR code is parsed, and a WiFi or Bluetooth connection is established with the payment device based on the connection information (the specific connection method can be determined according to the connection method supported by the device or the user's choice).
[0099] Optionally, if scanning fails, a list of nearby payment devices can be obtained, guiding the user to manually connect to the payment device corresponding to the target transaction.
[0100] In this embodiment of the disclosure, by providing multiple connection methods, the payment needs of different types of devices can be met, the reliability of the connection process can be improved, and the user experience can be guaranteed.
[0101] S303. The receiving device obtains the first user certificate of the payment device based on the proximity connection established with the payment device.
[0102] S304. The receiving device parses the third digital signature based on the root certificate public key of the transaction server to obtain the third digest information.
[0103] S305. The payment device uses a digital signature algorithm to sign the first original user certificate and obtain the fourth digest information.
[0104] S306. The receiving device responds that the third digest information and the fourth digest information match, and determines that the identity verification of the paying device is successful.
[0105] The first user certificate includes a first original user certificate and a third digital signature.
[0106] In this embodiment, the third digital signature is first parsed using the root certificate public key. If the third digest information can be obtained, it indicates that the third digital signature was issued by the transaction server. Conversely, if the third digital signature cannot be parsed using the root certificate public key, it indicates that the third digital signature was not issued by the transaction server. In this case, the transaction is interrupted to prevent security risks.
[0107] It should be noted that the specific type of digital signature algorithm disclosed herein is not limited. For example, it can be a hash algorithm, DSA algorithm, RSA algorithm, etc.
[0108] It should be understood that a digital signature algorithm is an alphanumeric string obtained by processing the information to be transmitted through a one-way function, which authenticates the source of the information and verifies whether the information has changed during transmission. Therefore, in this embodiment of the disclosure, the first original user certificate is signed using a digital signature algorithm to obtain the fourth digest information, and the third digital signature is parsed to obtain the third digest information. If the third digital signature is valid and has not been tampered with, theoretically the third digest information and the fourth digest should be the same.
[0109] In other words, if the third digest information and the fourth digest information are the same, it means that the identity verification of the payment device is successful; if the third digest information and the fourth digest information are different, it means that the identity verification of the payment device fails, and the identity of the payment device may have certain security risks.
[0110] Furthermore, if the identity verification of the payment device is successful, the transaction process continues; if the identity verification fails, the transaction process is interrupted.
[0111] Correspondingly, the payment device also needs to verify the identity of the receiving device. The following is a detailed explanation of the identity verification scheme for the receiving device, excluding S307 to S310:
[0112] S307. The payment device obtains a second user certificate from the receiving device based on the proximity connection established with the receiving device.
[0113] The second user certificate includes a second original user certificate and a second digital signature. The second digital signature is obtained by the transaction server by signing the second original user certificate based on a digital signature algorithm.
[0114] S308. The payment device parses the second digital signature based on the root certificate public key of the transaction server to obtain the ninth digest information.
[0115] S309. The payment device uses a digital signature algorithm to sign the second original user certificate to obtain the tenth digest information.
[0116] S310, The payment device responds that the ninth digest information and the tenth digest information match, and determines that the identity verification of the receiving device is successful.
[0117] Similarly, if the identity verification of the receiving device is successful, the transaction process continues; if the identity verification fails, the transaction process is interrupted.
[0118] It should be understood that the identity verification method for the receiving device is similar to the verification method for the payment device (steps S303 to S306), and the specific details can be found in the above embodiments, which will not be repeated here.
[0119] It should also be noted that the execution order of the above steps is not specifically limited in this embodiment. For example, the payment device may verify the identity of the receiving device first, or the receiving device may verify the identity of the payment device first. Furthermore, during the identity verification process, the original user certificate may be signed first, and then the digital signature may be parsed.
[0120] Next, combine Figure 4 The methods for obtaining the first transaction certificate and the target transaction certificate in the above embodiments are described in detail.
[0121] Figure 4 This is a schematic diagram illustrating the principle of the transaction certificate acquisition method provided in this embodiment of the disclosure. Figure 4 As shown, for the receiving device, the method for obtaining the first payment voucher (i.e. Figure 2 Step S203 in the illustrated embodiment specifically includes the following steps:
[0122] (1) The receiving device obtains the order information of the target transaction and the second user certificate of the receiving device.
[0123] The order information includes, but is not limited to, any of the following: order number, product details, amount, timestamp, etc. The timestamp can be the moment when the receiving device and the payment device establish a connection, or it can be the moment when the target order is generated.
[0124] The second user certificate is the digital identity information of the receiving device issued by the transaction server. The second user certificate includes the receiving device's second identity information, second account information, and second public key.
[0125] (2) Based on the second private key in the second user certificate, encrypt the order information and the second user certificate to obtain the first digital signature.
[0126] (3) Based on the first public key in the first user certificate, encrypt the order information, the second user certificate, the first digital signature and the first user certificate to generate the first payment voucher.
[0127] In some implementations, the first payment voucher also needs to include connection information between the receiving device and the paying device. Specifically, step (3) above includes the following steps:
[0128] I. Obtain connection information between the receiving device and the payment device;
[0129] II. Based on the first public key in the first user certificate, encrypt the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information to generate the first payment credential.
[0130] In this embodiment of the disclosure, by obtaining connection information, the receiving device can check the connection status of the payment device and the receiving device in real time based on the connection information, and in response to the disconnection between the payment device and the receiving device, re-establish the connection with the payment device based on the connection information.
[0131] This solution enables a timely response and proactive reconnection when the connection between the receiving and paying devices is lost, preventing payment failures due to disconnection and improving payment efficiency and user experience. Furthermore, by generating a first payment credential based on the connection information, a connection can be directly established based on the connection information in the first payment credential when the connection is lost, without the need to regenerate a QR code or NFC tag. The connection process is simpler, more convenient, and provides a better user experience.
[0132] In some embodiments, the payment voucher is in a preset format, such as a table format as shown below:
[0133] Order Information Second User Certificate First digital signature Connection information First User Certificate null
[0134] The order information, second user certificate, first digital signature, connection information, and first user certificate constitute the contents of the first payment voucher, which can be filled in by the receiving device.
[0135] Please continue to refer to this. Figure 4 For payment devices, the method for obtaining the target payment voucher (i.e. Figure 2 Step S205 in the illustrated embodiment specifically includes the following steps:
[0136] I. The payment device obtains the first digital signature from the first payment voucher.
[0137] In this step, after receiving the first payment credential, the payment device decrypts it using its own first private key to obtain the complete first payment credential and the first digital signature in the first payment credential.
[0138] The first digital signature includes order information and a second user certificate.
[0139] II. The payment device verifies the first digital signature based on the second user certificate.
[0140] Specifically, the process of verifying the first digital signature is shown in steps i to iii:
[0141] i. Based on the second public key in the second user certificate, parse the first digital signature to obtain the fifth digest information.
[0142] ii. Based on the digital signature algorithm, encrypt the order information and the second user certificate to obtain the sixth digest information.
[0143] iii. In response to the matching of the fifth digest information and the sixth digest information, it is determined that the first digital signature verification was successful.
[0144] In this embodiment of the disclosure, since the first digital signature is obtained by the receiving device after signing the order information and the second user certificate based on the digital signature algorithm, if the first digital signature is legal and has not been tampered with, theoretically the fifth digest information and the sixth digest information should be the same.
[0145] Therefore, if the fifth digest information and the sixth digest information are the same, it means that the first digital signature is valid; if the fifth digest information and the sixth digest information are different, it means that the first digital signature may not have been issued by the receiving device, or the first digital signature may have been tampered with.
[0146] Furthermore, if the first digital signature is valid (i.e., verification is successful), then proceed to step III below; if the first digital signature is invalid (verification fails), then interrupt the target transaction to prevent the transaction information from being maliciously tampered with, thereby posing a security risk to the payer, payee, or even the payment platform.
[0147] III. The payment device responds to the successful verification of the first digital signature and obtains the first user certificate from the first payment voucher.
[0148] IV. The payment device verifies the first user certificate in the first payment voucher based on the first user certificate issued by the transaction server.
[0149] Specifically, the first user certificate issued by the transaction server is compared with the first user certificate in the first payment voucher. If they are the same, the first user certificate in the first payment voucher passes the verification; otherwise, the verification fails and the current transaction is interrupted, thereby avoiding security risks during the transaction process and preventing losses to the payer or payee.
[0150] V. Upon successful verification of the first user certificate in the first payment credential, the payment device generates the target payment credential based on the first private key of the payment device.
[0151] Specifically, the first payment credential is encrypted using the first private key of the payment device to generate a fourth digital signature, and the fourth digital signature is then entered into the form of the first payment credential to obtain the target payment credential as shown in the table below:
[0152] Order Information Second User Certificate First digital signature Connection information First User Certificate Fourth digital signature
[0153] As an optional embodiment, the payment device can also obtain the order transaction duration from the order information, wherein the transaction duration is obtained based on the current time and the first moment when the receiving device and the payment device establish a connection (i.e., the timestamp in the order information), that is, the transaction duration is the time period between the current time and the first moment.
[0154] Furthermore, in response to a transaction duration less than or equal to a preset duration, an order confirmation page is generated based on the order information. The order confirmation page may include order information, such as order amount, product type, timestamp, etc. It should be understood that the embodiments of this disclosure do not specifically limit the preset duration; for example, it may be 1 minute, 90 seconds, etc.
[0155] Correspondingly, when a user confirms an order on the order confirmation page, it indicates that the payer has confirmed the order information for the current transaction is correct. At this time, the first payment voucher is encrypted using the first private key of the payment device to generate a fourth digital signature.
[0156] Furthermore, a target payment voucher is generated based on the first payment voucher and the fourth digital signature.
[0157] In some embodiments, in response to a transaction duration exceeding a preset duration, an instruction message is sent to the receiving device to instruct the receiving device to regenerate the first payment voucher.
[0158] In this embodiment of the disclosure, the accuracy of the order can be ensured by having the payer further confirm the order. When there is an error in the order information, the payer can correct the transaction or interrupt the transaction in a timely manner to prevent financial losses to the payee or the payer.
[0159] Furthermore, setting a preset time limit for transactions can, to some extent, urge the payer to complete the transaction, prevent long-term pending orders, and thus accelerate the completion process and improve efficiency. At the same time, it can also prevent the transaction information from being tampered with due to excessively long transaction times, thereby avoiding security risks and further enhancing the reliability of the transaction process.
[0160] In one optional implementation, when the first payment voucher contains connection information, the payment device can also verify the currently connected receiving device based on the connection information in the first payment voucher, thereby preventing the connection information from being tampered with, or preventing other devices from replacing the receiving device to establish a connection with the payment device.
[0161] Specifically, the system obtains the connection information from the first payment voucher and the connection information obtained when establishing a connection with the receiving device (e.g., connection information obtained by scanning a code or NFC), compares whether the two are consistent, and if they are consistent, continues the current transaction; if they are inconsistent, the transaction is interrupted, or the system re-establishes a connection with the receiving device corresponding to the connection information using the connection information obtained when establishing the connection.
[0162] For example, when a payment device establishes a connection with a receiving device, the connection information of the receiving device obtained is {T:WiFi; S:NetEase-5G; P:123456}. After obtaining the first payment voucher, the connection information in the first payment voucher is obtained, and it is determined whether the "device name" in the connection information in the first payment voucher matches "NetEase-5G", and whether the "password" in the connection information in the first payment voucher matches "123456".
[0163] Furthermore, if either the device name or the password cannot be matched, it is determined that the connection information in the first payment credential has been tampered with or replaced; conversely, if both the device name and the password can be matched, it indicates that the connection information in the first payment credential has not been tampered with or replaced.
[0164] Correspondingly, when the connection information in the first payment voucher has been tampered with or replaced, the payment device can re-establish a connection with the receiving device based on the connection information obtained when establishing a connection with the receiving device.
[0165] This solution prevents the connection information of the receiving device from being tampered with during the payment process, or prevents other devices from establishing a connection with the paying device in place of the receiving device, thus avoiding economic losses for both the payee and the payer. It also prevents the leakage of the payee's and payer's information. Furthermore, if tampering or substitution of the connection information is detected, the obtained connection information can be used to promptly re-establish a connection with the receiving device, allowing the transaction to continue without the need for scanning or NFC connections, simplifying the transaction process and improving efficiency.
[0166] Optionally, the payment device can also check the connection status with the receiving device in real time. When the connection with the receiving device is lost, it can obtain the connection information from the first payment voucher, and when the connection information is verified, it can re-establish the connection with the receiving device based on the connection information. Through the solution of this embodiment, if an unexpected disconnection occurs during the payment process, a connection can be directly established based on the connection information, eliminating the need for scanning or NFC connection operations, thus simplifying the transaction process and improving transaction efficiency.
[0167] The root certificate of the transaction server is the cornerstone of the entire payment process's trust chain. The transaction server generates the root certificate key pair using an asymmetric encryption algorithm. The private key is stored on the server side, and the public key is packaged into the root certificate. This root certificate is distributed to various devices, such as payment devices and receiving devices, as the payment application is deployed, installed, and updated. This ensures that each device has a valid root certificate built-in for subsequent information dissemination and legitimacy verification. Furthermore, before a transaction is initiated, both the payment device and the receiving device must be authenticated by the transaction server to guarantee the security of the transaction process. Next, we will combine... Figures 5-7 The certification process for the equipment is described in detail.
[0168] refer to Figure 5 , Figure 5 A schematic flowchart illustrating the first user certificate acquisition process for a payment device provided in an embodiment of this disclosure. Figure 5 As shown, the process of obtaining the first user certificate specifically includes the following steps:
[0169] S501, The payment device generates the first public key and the first private key of the payment device.
[0170] Specifically, a first public key and a first private key can be generated based on an asymmetric encryption algorithm. The first private key can be stored locally on the payment device. The specific generation process will not be described here.
[0171] S502. The payment device generates a first original user certificate based on the second identity information, the second account information, and the first public key corresponding to the payment device.
[0172] In this step, the second identity information, the second account information, and the first public key can be packaged together to generate the first original user certificate.
[0173] The second identity information includes, for example, the device authentication information such as the payment device's password, face, fingerprint, iris, and finger vein, and the second account information includes, for example, the account information of the payment account logged in on the payment device.
[0174] S503, The payment device sends the first original user certificate to the transaction server.
[0175] Specifically, the payment device encrypts the first original user certificate using the local root certificate public key and sends the encrypted first original user certificate to the transaction server.
[0176] S504. The transaction server uses a digital signature algorithm to sign the first original user certificate to obtain a third digital signature.
[0177] S505, The transaction server sends the first target user certificate to the payment device.
[0178] The first target user certificate includes a first original user certificate and a third digital signature issued by the transaction server. When sending the first target user certificate, the first public key in the first original user certificate can be used to encrypt the first target user certificate, thereby improving the security of the user authentication process and preventing the relevant information in the payment device from being illegally stolen or tampered with.
[0179] S506. The payment device obtains the first user certificate based on the first target user certificate.
[0180] Figure 6 This is a schematic diagram illustrating the principle of the user certificate acquisition method provided in this embodiment of the disclosure. Figure 6 As shown, step S506 may include the following steps:
[0181] (1) The payment device obtains the third digital signature and the first original user certificate from the first target user certificate.
[0182] First, when the payment device receives the first target user certificate, it uses the first private key stored locally to decrypt the first user certificate, thereby obtaining the third digital signature and the first original user certificate.
[0183] (2) The payment device parses the third digital signature based on the root certificate public key of the transaction server to obtain the seventh digest information.
[0184] (3) The payment device encrypts the first original user certificate based on the digital signature algorithm to obtain the eighth digest information.
[0185] (4) The payment device responds by matching the seventh digest information and the eighth digest information and determines the first target user certificate as the first user certificate.
[0186] It should be noted that since the third digital signature is obtained by the transaction server by signing the first original user certificate based on the digital signature algorithm, if the third digital signature is valid and has not been tampered with, theoretically the seventh digest information and the eighth digest should be the same.
[0187] Therefore, if the seventh digest information and the eighth digest information are the same, it means that the third digital signature is valid, that is, the first target user certificate has passed the verification. At this time, the first target user certificate is determined to be the first user certificate of the payment device.
[0188] Correspondingly, if the seventh digest information and the eighth digest information are different, it means that the third digital signature may not have been issued by the transaction server, or the third digital signature may have been illegally tampered with. In this case, the verification of the first target user certificate fails, and the current authentication process is interrupted.
[0189] refer to Figure 7 , Figure 7 This is a flowchart illustrating the second user certificate acquisition process for a payment receiving device provided in an embodiment of this disclosure. Figure 7 As shown, the process of obtaining the second user certificate specifically includes the following steps:
[0190] S701, The receiving device generates a second public key and a second private key for the receiving device;
[0191] S702. The receiving device generates a second original user certificate based on the corresponding second identity information, second account information, and second public key of the receiving device.
[0192] S703, The receiving device sends the second original user certificate to the transaction server;
[0193] S704. The server uses a digital signature algorithm to sign the second original user certificate to obtain a second digital signature.
[0194] S705, The server sends the second target user certificate to the receiving device;
[0195] The second target user certificate includes a second original user certificate and a second digital signature.
[0196] S706. The receiving device obtains the second user certificate based on the second target user certificate.
[0197] Specifically, step S706 above includes the following steps:
[0198] (1) Obtain the second digital signature and the second original user certificate from the second target user certificate;
[0199] (2) Based on the root certificate public key of the transaction server, the second digital signature is parsed to obtain the first digest information;
[0200] (3) Based on the digital signature algorithm, the second original user certificate is signed to obtain the second digest information;
[0201] (4) In response to the matching of the first digest information and the second digest information, the second target user certificate is determined to be the second user certificate.
[0202] It should be noted that the scheme for obtaining the second user certificate in steps S701 to S706 is different from... Figures 5-6 The method and principle for obtaining the first user certificate in the illustrated embodiment are similar. For details, please refer to the above embodiments, which will not be repeated here.
[0203] Figure 8 This is a schematic diagram illustrating the principle of a server verifying a target order, as provided in an embodiment of this disclosure. Figure 8 As shown, the target payment document includes a first payment document and a fourth digital signature issued by the payment device.
[0204] The first payment voucher includes order information, the second user certificate of the receiving device, the first user certificate of the paying device, and the first digital signature issued by the receiving device.
[0205] like Figure 8 As shown, the specific steps involved in the reconciliation process for the target order are as follows:
[0206] (1) Using the first public key of the payment device, the fourth digital signature is parsed to obtain the eleventh digest information.
[0207] (2) Based on the digital signature algorithm, the first digital signature and the first user certificate are signed to obtain the twelfth digest information.
[0208] Since the fourth digital signature is obtained by the payment device through a digital signature algorithm, which is used to sign the first digital signature and the first user certificate, if the third digital signature is valid and has not been tampered with, theoretically the eleventh digest and the twelfth digest should be the same.
[0209] Therefore, by comparing the eleventh and twelfth digests, the legitimacy of the target payment credential can be verified. Correspondingly, when the eleventh and twelfth digests are identical, it indicates that the fourth digital signature is valid, meaning the target payment credential has passed verification.
[0210] Correspondingly, if the eleventh digest information and the twelfth digest information are different, it indicates that the fourth digital signature may not have been issued by the payment device, or the fourth digital signature may have been illegally tampered with. In this case, the verification of the target payment credential fails.
[0211] (3) Using the second public key of the receiving device, the first digital signature is parsed to obtain the thirteenth digest information.
[0212] (4) Based on the digital signature algorithm, the order information and the second user certificate are signed to obtain the fourteenth digest information.
[0213] Similarly, the first digital signature is obtained by the payment device using a digital signature algorithm to sign the order information and the second user certificate. If the first digital signature is valid and has not been tampered with, theoretically the thirteenth digest and the fourteenth digest should be the same.
[0214] Therefore, by comparing the thirteenth and fourteenth digests, the legitimacy of the first payment voucher can be verified. When the thirteenth and fourteenth digests are identical, it indicates that the first digital signature is valid, meaning the first payment voucher has passed verification.
[0215] Correspondingly, if the thirteenth digest information and the fourteenth digest information are different, it indicates that the first digital signature may not have been issued by the receiving device, or the first digital signature may have been illegally tampered with. In this case, the verification of the first payment voucher fails.
[0216] (5) In response to the matching of the eleventh and twelfth summary information, and the matching of the thirteenth and fourteenth summary information, the target order is determined to have passed the verification and the target order is cancelled.
[0217] In some embodiments, the entire transaction is verified when both the first digital signature and the fourth digital signature pass verification; conversely, the entire transaction fails verification if either the first digital signature or the fourth digital signature fails verification.
[0218] Once verification is successful, the transaction server performs operations such as archiving and fund transfer for the current order based on the order information to complete the order's reconciliation. Optionally, after completing the reconciliation operation, the payee and payer can be notified, or the payee and payer can proactively initiate a payment result inquiry.
[0219] As an optional implementation, the current transaction can be interrupted when transaction verification fails, thereby ensuring the security of the receiving device and the payment device.
[0220] In this embodiment, the transaction information is first verified by the receiving device to obtain a first payment voucher, and then the first payment voucher is verified by the paying device to obtain a target payment voucher. Finally, the transaction server verifies the two to complete the entire transaction. Through verification from multiple angles and in multiple rounds, the legality of the transaction can be guaranteed, and the information during the transaction process can be prevented from being illegally tampered with, thereby causing losses to the payee, the payer, and even the server.
[0221] In some embodiments, the first payment credential may also include connection information of the payment device and the receiving device. In this case, step (2) specifically includes: based on the digital signature algorithm, signing the first digital signature, the first user certificate and the connection information to obtain the twelfth digest information.
[0222] By synchronously verifying the connection information, it is possible to determine whether the receiving and paying devices have been maliciously tampered with, thereby preventing financial losses and further ensuring the security of the payment process.
[0223] In some embodiments, the server may also process the received target transaction vouchers for each transaction in batches. For example, transactions within the same time period may be simultaneously reconciled based on their transaction time, or transactions of the same transaction category may be simultaneously reconciled based on their transaction category. The batch reconciliation method based on transaction time and category is similar in principle and benefit to the scheme of sending target payment vouchers in batches by the payment device (or receiving device), and will not be elaborated upon here.
[0224] Exemplary media
[0225] After introducing the methods of exemplary embodiments of this disclosure, the following references are made. Figure 9 The storage medium of the exemplary embodiments of this disclosure will be described.
[0226] refer to Figure 9 As shown, the storage medium 900 stores a program product for implementing the above-described method according to embodiments of the present disclosure. This program product may be a portable compact disc read-only memory (CD-ROM) and includes program code, and can run on a terminal device, such as a personal computer. However, the program product of the present disclosure is not limited thereto.
[0227] The program product may employ any combination of one or more readable media. A readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of readable storage media include: electrical connections having one or more wires, portable disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.
[0228] A readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, carrying readable program code. This propagated data signal may take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. A readable signal medium may also be any readable medium other than a readable storage medium.
[0229] Program code for performing the operations of this disclosure can be written in any combination of one or more programming languages, including object-oriented programming languages such as Java and C++, and conventional procedural programming languages such as C or similar languages. The program code can execute entirely on the user's computing device, partially on the user's computing device, partially on a remote computing device, or entirely on a remote computing device or server. In cases involving remote computing devices, the remote computing devices can be connected to the user's computing device via any type of network, including a local area network (LAN) or a wide area network (WAN).
[0230] Exemplary device
[0231] Having introduced the medium of exemplary embodiments of this disclosure, the following references are made to... Figure 10-12 A near-field payment device according to an exemplary embodiment of the present disclosure will be described.
[0232] refer to Figure 10 , Figure 10 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 1 The near-field payment device provided in this embodiment is applied to a payment receiving device, such as... Figure 10 As shown, the near-field payment device 1000 includes:
[0233] The acquisition module 1001 is used to acquire the first user certificate of the payment device based on the near-field connection established between the receiving device and the payment device. The first user certificate is used to verify the identity of the payment device.
[0234] The issuance module 1002 is used to issue a first payment voucher corresponding to the target transaction of the payment device.
[0235] The sending module 1003 encrypts the first payment credential according to the first public key in the first user certificate, and sends the encrypted first payment credential to the payment device based on the near-field connection. The first payment credential is used by the payment device to verify the target transaction and generate the target payment credential corresponding to the target transaction.
[0236] The receiving device receives the target payment voucher sent by the payment device based on the near-field connection, and after establishing a communication connection with the transaction server, it sends the target payment voucher to the transaction server. The target payment voucher is used by the transaction server to verify the target transaction.
[0237] In one possible implementation, the issuing module 1002 is specifically used to: obtain the order information of the target transaction and the second user certificate of the receiving device; encrypt the order information and the second user certificate based on the second private key in the second user certificate to obtain a first digital signature, wherein the second user certificate is issued by the transaction server; and encrypt the order information, the second user certificate, the first digital signature and the first user certificate based on the first public key in the first user certificate to generate a first payment voucher.
[0238] In one possible implementation, the issuing module 1002 is specifically used to: obtain connection information between the receiving device and the paying device; and encrypt the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information based on the first public key in the first user certificate to generate a first payment credential.
[0239] In one possible implementation, the near-field payment device further includes: a processing module 1004, used to generate a second public key and a second private key for the receiving device; and to generate a second original user certificate based on the corresponding second identity information, second account information and second public key of the receiving device.
[0240] The sending module 1003 is also used to send a second original user certificate to the transaction server; the obtaining module 1001 is also used to: obtain a second target user certificate sent by the transaction server, the second target user certificate including a second original user certificate and a second digital signature issued by the transaction server, the second digital signature being obtained by the transaction server after signing the second original user certificate based on a digital signature algorithm; and obtain a second user certificate based on the second target user certificate.
[0241] In one possible implementation, the acquisition module 1001 is specifically used to: acquire the second digital signature and the second original user certificate from the second target user certificate; parse the second digital signature based on the root certificate public key of the transaction server to obtain first digest information; perform signature processing on the second original user certificate based on the digital signature algorithm to obtain second digest information; and determine the second target user certificate as the second user certificate in response to the matching of the first digest information and the second digest information.
[0242] In one possible implementation, the acquisition module 1001 is specifically used to: generate a QR code and / or an NFC tag based on the connection information of the receiving device; establish a near-field connection with the payment device based on the QR code and / or the NFC tag; and acquire the first user certificate of the payment device based on the near-field connection established with the payment device.
[0243] In one possible implementation, the first user certificate includes a first original user certificate and a third digital signature, wherein the third digital signature is obtained by the transaction server signing the first original user certificate based on a digital signature algorithm; the near-field payment device further includes: a verification module 1005, used to parse the third digital signature based on the root certificate public key of the transaction server to obtain third digest information; to sign the first original user certificate based on the digital signature algorithm to obtain fourth digest information; and to determine that the identity verification of the payment device is successful in response to the matching of the third digest information and the fourth digest information.
[0244] In one possible implementation, the near-field payment device further includes a connection module 1006, which, in response to a disconnection between the payment device and the receiving device, re-establishes a connection with the payment device based on connection information.
[0245] It should be understood that the near-field payment device 1000 provided in this disclosure is used to implement the near-field payment method in any of the above-described method embodiments of the receiving device side. Its implementation principle and technical effect are similar, and will not be described again here.
[0246] refer to Figure 11 , Figure 11 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 2 The near-field payment device provided in this embodiment is applied to payment devices, such as... Figure 11 As shown, the near-field payment device 1100 includes:
[0247] The first acquisition module 1101 is used to acquire the second user certificate of the receiving device based on the near-field connection established between the payment device and the receiving device. The second user certificate is used to verify the identity of the receiving device.
[0248] The second acquisition module 1102 is used to acquire the first payment voucher for the target transaction issued by the receiving device.
[0249] Processing module 1103 is used to generate a target payment voucher for the target transaction based on the first payment voucher;
[0250] The sending module 1104 is used to encrypt the target payment credential according to the second public key in the second user certificate, and send the encrypted target payment credential to the receiving device based on the near-field connection, so that the receiving device sends the target payment credential to the transaction server; and / or, after the payment device establishes a communication connection with the transaction server, encrypts the target payment credential according to the root certificate public key of the transaction server, and sends the encrypted target payment credential to the transaction server, wherein the target payment credential is used by the transaction server to verify the target transaction.
[0251] In one possible implementation, the processing module 1103 is specifically configured to: obtain a first digital signature from a first payment voucher, the first digital signature including order information and a second user certificate, the first digital signature being obtained by the receiving device after signing the order information and the second user certificate based on a digital signature algorithm; verify the first digital signature according to the second user certificate; in response to successful verification of the first digital signature, obtain the first user certificate from the first payment voucher; verify the first user certificate from the first payment voucher according to the first user certificate issued by the transaction server; in response to successful verification of the first user certificate from the first payment voucher, generate a target payment voucher according to the first private key of the payment device.
[0252] In one possible implementation, the processing module 1103 is specifically used to: parse the first digital signature based on the second public key in the second user certificate to obtain a fifth digest; encrypt the order information and the second user certificate based on the digital signature algorithm to obtain a sixth digest; and determine that the first digital signature verification is successful in response to a match between the fifth digest and the sixth digest.
[0253] In one possible implementation, the processing module 1103 is specifically configured to: in response to the successful verification of the first user certificate in the first payment voucher, obtain the current transaction duration of the order from the order information, wherein the transaction duration is obtained based on the current time and the first time when the receiving device and the paying device establish a connection; in response to the transaction duration being less than or equal to a preset duration, generate an order confirmation page based on the order information; in response to the user's order confirmation operation on the order confirmation page, encrypt the first payment voucher based on the first private key of the paying device to generate a fourth digital signature; and generate a target payment voucher based on the first payment voucher and the fourth digital signature.
[0254] In one possible implementation, the sending module 1104 is further configured to: in response to a transaction duration exceeding a preset duration, send an instruction message to the receiving device to instruct the receiving device to regenerate the first payment voucher via the instruction message.
[0255] In one possible implementation, the near-field payment device 1100 further includes: a verification module 1105, configured to acquire connection information in the first payment voucher; verify the connection information in the first payment voucher based on the connection information between the receiving device and the payment device; in response to the connection information in the first payment voucher being verified successfully and the payment device and the receiving device being disconnected, re-establish a connection with the receiving device based on the connection information in the first payment voucher; or, in response to the connection information in the first payment voucher failing verification, interrupt the order transaction.
[0256] In one possible implementation, the processing module 1103 is further configured to: generate a first public key and a first private key for the payment device; generate a first original user certificate based on the second identity information, the second account information, and the first public key corresponding to the payment device; the sending module 1104 is further configured to: send the first original user certificate to the transaction server; the processing module 1103 is further configured to: obtain a first target user certificate sent by the transaction server, the first target user certificate including the first original user certificate and a third digital signature issued by the transaction server, the third digital signature being obtained by the transaction server by signing the first original user certificate based on a digital signature algorithm; and obtain the first user certificate based on the first target user certificate.
[0257] In one possible implementation, the processing module 1103 is specifically used to: obtain the third digital signature and the first original user certificate from the first target user certificate; parse the third digital signature based on the root certificate public key of the transaction server to obtain the seventh digest information; encrypt the first original user certificate based on the digital signature algorithm to obtain the eighth digest information; and determine the first target user certificate as the first user certificate in response to the matching of the seventh digest information and the eighth digest information.
[0258] In one possible implementation, the first acquisition module 1101 is specifically used to: establish a near-field connection with the payment device based on the QR code and / or NFC tag generated by the payment device; and obtain the second user certificate of the payment device through the near-field connection established with the payment device.
[0259] In one possible implementation, the second user certificate includes a second original user certificate and a second digital signature. The second digital signature is obtained by the transaction server signing the second original user certificate based on a digital signature algorithm. The verification module 1105 is also used to parse the second digital signature based on the root certificate public key of the transaction server to obtain a ninth digest information; to sign the second original user certificate based on the digital signature algorithm to obtain a tenth digest information; and to determine that the identity verification of the receiving device is successful in response to the matching of the ninth digest information and the tenth digest information.
[0260] It should be understood that the near-field payment device 1100 provided in this disclosure is used to implement the near-field payment method in any of the above-described payment device side method embodiments, and its implementation principle and technical effect are similar, so they will not be described again here.
[0261] refer to Figure 12 , Figure 12 Schematic diagram of the near-field payment device provided in the embodiments of this disclosure Figure 3 In this embodiment, the near-field payment device is applied to a transaction server, such as... Figure 12 As shown, the near-field payment device 1200 includes:
[0262] Receiver module 1201 is used to receive the target payment voucher for the target order sent by the receiving device and / or payment device;
[0263] The processing module 1202 is used to verify the target order based on the target payment voucher. The target payment voucher includes a first payment voucher and a fourth digital signature issued by the payment device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the payment device, and a first digital signature issued by the receiving device.
[0264] In one possible implementation, the processing module 1202 is specifically configured to: parse the fourth digital signature using the first public key of the payment device to obtain an eleventh digest, wherein the fourth digital signature is obtained by the payment device signing the first digital signature and the first user certificate based on a digital signature algorithm; sign the first digital signature and the first user certificate based on the digital signature algorithm to obtain a twelfth digest; parse the first digital signature using the second public key of the receiving device to obtain a thirteenth digest, wherein the first digital signature is obtained by the receiving device signing the order information and the second user certificate based on a digital signature algorithm; sign the order information and the second user certificate based on the digital signature algorithm to obtain a fourteenth digest; and, in response to the matching of the eleventh digest and the twelfth digest, and the matching of the thirteenth digest and the fourteenth digest, determine that the target order has passed verification and cancel the target order.
[0265] In one possible implementation, the first payment credential further includes: connection information between the payment device and the receiving device; the processing module 1202 is specifically used to: based on a digital signature algorithm, sign the first digital signature, the first user certificate, and the connection information to obtain the twelfth digest information.
[0266] It should be understood that the near-field payment device 1200 provided in this disclosure is used to implement the near-field payment method in any of the above-described method embodiments of the transaction server backup side. Its implementation principle and technical effect are similar, and will not be described again here.
[0267] Exemplary computing device
[0268] Having described the methods, media, and apparatus of exemplary embodiments of this disclosure, the following references... Figure 13 A computing device according to exemplary embodiments of this disclosure will be described. It should be understood that... Figure 13 The computing device 1300 shown is merely an example and should not be construed as limiting the functionality and scope of use of the embodiments disclosed herein.
[0269] Figure 13 This is a schematic diagram of the structure of a computing device provided in an embodiment of this disclosure. Figure 13 As shown, the computing device 1300 is presented in the form of a general-purpose computing device. The components of the computing device 1300 may include, but are not limited to: at least one processing unit 1301, at least one storage unit 1302, and a bus 1303 connecting different system components (including the processing unit 1301 and the storage unit 1302).
[0270] Bus 1303 includes a data bus, a control bus, and an address bus. Storage unit 1302 may include readable media in the form of volatile memory, such as random access memory (RAM) 1313 and / or cache memory 1322, and may further include readable media in the form of non-volatile memory, such as read-only memory (ROM) 1332.
[0271] Storage unit 1302 may also include a program / utility 1352 having a set (at least one) of program modules 1342, such program modules 1342 including but not limited to: operating system, one or more application programs, other program modules and program data, each or some combination of these examples may include an implementation of a network environment.
[0272] The computing device 1300 can also communicate with one or more external devices 1304 (e.g., keyboard, pointing device, etc.). This communication can be performed via the input / output (I / O) interface 1305. Furthermore, the computing device 1300 can also communicate with one or more networks (e.g., local area network (LAN), wide area network (WAN), and / or public networks, such as the Internet) via a network adapter 1306. Figure 13 As shown, network adapter 1306 communicates with other modules of computing device 1300 via bus 1303. It should be understood that, although not shown in the figure, other hardware and / or software modules may be used in conjunction with computing device 1300, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems.
[0273] It should be noted that although several units / modules or sub-units / modules of the timing update device have been mentioned in the detailed description above, this division is merely exemplary and not mandatory. In fact, according to embodiments of this disclosure, the features and functions of two or more units / modules described above can be embodied in one unit / module. Conversely, the features and functions of one unit / module described above can be further divided and embodied by multiple units / modules.
[0274] Furthermore, although the operations of the methods disclosed herein are described in a specific order in the accompanying drawings, this does not require or imply that these operations must be performed in that specific order, or that all of the operations shown must be performed to achieve the desired result. Additionally or alternatively, certain steps may be omitted, multiple steps may be combined into one step, and / or one step may be broken down into multiple steps.
[0275] While the spirit and principles of this disclosure have been described with reference to several specific embodiments, it should be understood that this disclosure is not limited to the disclosed specific embodiments, and the division of aspects does not imply that features in these aspects cannot be combined for benefit; such division is merely for convenience of expression. This disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims
1. A proximity payment method applied to a payment receiving device, the proximity payment method comprising: Based on the proximity connection established between the receiving device and the payment device, the first user certificate of the payment device is obtained, and the first user certificate is used to verify the identity of the payment device; Obtain the order information of the target transaction and the second user certificate of the payment device; Based on the second private key in the second user certificate, the order information and the second user certificate are encrypted to obtain a first digital signature, wherein the second user certificate is issued by the transaction server; Obtain the connection information between the receiving device and the payment device; Based on the first public key in the first user certificate, the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information are encrypted to generate a first payment credential. The first payment credential is encrypted using the first public key in the first user certificate, and the encrypted first payment credential is sent to the payment device based on a near-field connection. The first payment credential is used by the payment device to verify the target transaction and generate a target payment credential corresponding to the target transaction. The receiving device receives the target payment voucher sent by the payment device based on a near-field connection, and after the receiving device establishes a communication connection with the transaction server, sends the target payment voucher to the transaction server. The target payment voucher is used by the transaction server to verify the target transaction. After the transaction server completes the verification, the payment will be deducted from the account corresponding to the payment device, and the receiving device will receive the corresponding funds.
2. The near-field payment method according to claim 1 further includes: Generate a second public key and a second private key for the payment receiving device; A second original user certificate is generated based on the second identity information, second account information, and second public key corresponding to the payment device. Send the second original user certificate to the transaction server; Obtain the second target user certificate sent by the transaction server. The second target user certificate includes the second original user certificate and the second digital signature issued by the transaction server. The second digital signature is obtained by the transaction server after signing the second original user certificate based on a digital signature algorithm. Obtain the second user certificate based on the second target user certificate.
3. The near-field payment method according to claim 2, wherein obtaining the second user certificate based on the second target user certificate includes: Obtain the second digital signature and the second original user certificate from the second target user certificate; Based on the root certificate public key of the transaction server, the second digital signature is parsed to obtain the first digest information; Based on the digital signature algorithm, the second original user certificate is signed to obtain the second digest information; In response to a match between the first digest information and the second digest information, the second target user certificate is determined to be the second user certificate.
4. The near-field payment method according to claim 1, wherein obtaining the first user certificate of the payment device based on the near-field connection established between the receiving device and the payment device includes: Based on the connection information of the payment device, a QR code and / or NFC tag are generated. A near-field connection is established with the payment device based on the QR code and / or the NFC tag; Based on the proximity connection established with the payment device, the first user certificate of the payment device is obtained.
5. The near-field payment method according to claim 4, wherein the first user certificate includes a first original user certificate and a third digital signature, wherein the third digital signature is obtained by the transaction server by signing the first original user certificate based on a digital signature algorithm; The near-field payment method also includes: Based on the root certificate public key of the transaction server, the third digital signature is parsed to obtain the third digest information; Based on the digital signature algorithm, the first original user certificate is signed to obtain the fourth digest information; In response to a match between the third digest information and the fourth digest information, it is determined that the identity verification of the payment device was successful.
6. The near-field payment method according to claim 1 further includes: In response to a disconnection between the payment device and the receiving device, a new connection is established with the payment device based on the connection information.
7. A proximity payment method applied to a payment device, the proximity payment method comprising: Based on the proximity connection established between the payment device and the receiving device, a second user certificate of the receiving device is obtained, and the second user certificate is used to verify the identity of the receiving device; Obtain the first payment voucher for the target transaction issued by the receiving device; Obtain the first digital signature from the first payment voucher. The first digital signature includes order information and a second user certificate. The first digital signature is obtained by the payment device after signing the order information and the second user certificate based on a digital signature algorithm. The first digital signature is verified based on the second user certificate; Upon successful verification of the first digital signature, the first user certificate from the first payment voucher is obtained. The first user certificate in the first payment voucher is verified based on the first user certificate issued by the transaction server. Upon successful verification of the first user certificate in the first payment credential, a target payment credential is generated based on the first private key of the payment device. The target payment credential is encrypted using the second public key in the second user certificate, and the encrypted target payment credential is sent to the receiving device based on a near-field connection, so that the receiving device sends the target payment credential to the transaction server; and / or, after the payment device establishes a communication connection with the transaction server, the target payment credential is encrypted using the root certificate public key of the transaction server, and the encrypted target payment credential is sent to the transaction server, the target payment credential being used by the transaction server to verify the target transaction; After the transaction server completes the verification, the payment will be deducted from the account corresponding to the payment device, and the receiving device will receive the corresponding funds.
8. The near-field payment method according to claim 7, wherein verifying the first digital signature based on the second user certificate includes: Based on the second public key in the second user certificate, the first digital signature is parsed to obtain the fifth digest information; Based on the digital signature algorithm, the order information and the second user certificate are encrypted to obtain the sixth digest information; In response to the matching of the fifth digest information and the sixth digest information, it is determined that the first digital signature verification was successful.
9. The near-field payment method according to claim 8, wherein the step of generating the target payment credential based on the first private key of the payment device in response to successful verification of the first user certificate in the first payment credential includes: In response to the successful verification of the first user certificate in the first payment credential, the current transaction duration of the order is obtained from the order information. The transaction duration is obtained based on the current time and the first moment when the receiving device and the payment device establish a connection. In response to the transaction duration being less than or equal to a preset duration, an order confirmation page is generated based on the order information; In response to the user's order confirmation operation on the order confirmation page, the first payment credential is encrypted according to the first private key of the payment device to generate a fourth digital signature; The target payment voucher is generated based on the first payment voucher and the fourth digital signature.
10. The near-field payment method according to claim 9 further includes: In response to the transaction duration exceeding the preset duration, an instruction message is sent to the payment receiving device to instruct the payment receiving device to regenerate the first payment voucher.
11. The near-field payment method according to claim 7, further comprising: Obtain the connection information from the first payment voucher; Based on the connection information between the receiving device and the payment device, verify the connection information in the first payment voucher; In response to the successful verification of the connection information in the first payment voucher and the disconnection between the payment device and the receiving device, a new connection is established with the receiving device based on the connection information in the first payment voucher; Alternatively, in response to the connection information in the first payment voucher failing verification, the transaction of the order is interrupted.
12. The near-field payment method according to any one of claims 7 to 11, further comprising: Generate the first public key and the first private key of the payment device; A first original user certificate is generated based on the second identity information, the second account information, and the first public key corresponding to the payment device. Send the first original user certificate to the transaction server; Obtain a first target user certificate sent by the transaction server. The first target user certificate includes a first original user certificate and a third digital signature issued by the transaction server. The third digital signature is obtained by the transaction server by signing the first original user certificate based on the digital signature algorithm. Obtain the first user certificate based on the first target user certificate.
13. The near-field payment method according to claim 12, wherein obtaining the first user certificate based on the first target user certificate includes: Obtain the third digital signature from the first target user certificate and the first original user certificate; Based on the root certificate public key of the transaction server, the third digital signature is parsed to obtain the seventh digest information; Based on the digital signature algorithm, the first original user certificate is encrypted to obtain the eighth digest information; In response to a match between the seventh digest information and the eighth digest information, the first target user certificate is determined to be the first user certificate.
14. The near-field payment method according to any one of claims 7 to 11, wherein obtaining the second user certificate of the receiving device based on the near-field connection established between the payment device and the receiving device comprises: A near-field connection is established with the payment device based on the QR code and / or NFC tag generated by the payment device. By establishing a near-field connection with the payment device, a second user certificate of the payment device is obtained.
15. The near-field payment method according to claim 14, wherein the second user certificate includes a second original user certificate and a second digital signature, and the second digital signature is obtained by the transaction server by signing the second original user certificate based on the digital signature algorithm; The near-field payment method also includes: Based on the root certificate public key of the transaction server, the second digital signature is parsed to obtain the ninth digest information; Based on the digital signature algorithm, the second original user certificate is signed to obtain the tenth digest information; In response to a match between the ninth and tenth digest information, the identity verification of the payment device is determined to be successful.
16. A near-field payment method, applied to a transaction server, the near-field payment method comprising: Receive the target payment voucher for the target order sent by the receiving device and / or payment device; Based on the target payment voucher, the target order is verified. The target payment voucher includes a first payment voucher and a fourth digital signature issued by the payment device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the payment device, and a first digital signature issued by the receiving device. The first payment voucher is generated by the receiving device through the following steps: obtaining the order information of the target transaction and the second user certificate of the receiving device; Based on the second private key in the second user certificate, the order information and the second user certificate are encrypted to obtain a first digital signature, wherein the second user certificate is issued by the transaction server; Obtain the connection information between the receiving device and the payment device; Based on the first public key in the first user certificate, the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information are encrypted to generate the first payment credential. The target payment credential is generated by the payment device through the following steps: obtaining a first digital signature from the first payment credential, the first digital signature including order information and a second user certificate, the first digital signature being obtained by the receiving device after signing the order information and the second user certificate based on a digital signature algorithm; The first digital signature is verified based on the second user certificate; Upon successful verification of the first digital signature, the first user certificate from the first payment voucher is obtained. The first user certificate in the first payment credential is verified based on the first user certificate issued by the transaction server; in response to the successful verification of the first user certificate in the first payment credential, the target payment credential is generated based on the first private key of the payment device.
17. The near-field payment method according to claim 16, wherein the step of verifying the target order based on the target payment voucher includes: The fourth digital signature is parsed using the first public key of the payment device to obtain the eleventh digest information. The fourth digital signature is obtained by the payment device by signing the first digital signature and the first user certificate based on a digital signature algorithm. Based on the digital signature algorithm, the first digital signature and the first user certificate are signed to obtain the twelfth digest information; The first digital signature is parsed using the second public key of the payment device to obtain the thirteenth digest information. The first digital signature is obtained by the payment device by signing the order information and the second user certificate based on a digital signature algorithm. Based on the digital signature algorithm, the order information and the second user certificate are signed to obtain the fourteenth digest information; In response to the matching of the eleventh and twelfth summary information, and the matching of the thirteenth and fourteenth summary information, the target order is determined to have passed the verification, and the target order is cancelled.
18. The near-sight payment method of claim 17, further comprising in the first payment instrument: The connection information between the payment device and the receiving device; The method based on the digital signature algorithm involves signing the first digital signature and the first user certificate to obtain the twelfth digest information, including: Based on the digital signature algorithm, the first digital signature, the first user certificate, and the connection information are signed to obtain the twelfth digest information.
19. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the near-field payment method according to any one of claims 1 to 18.
20. A proximity payment device, applied to a payment receiving device, the proximity payment device comprising: The acquisition module is used to acquire the first user certificate of the payment device based on the near-field connection established between the receiving device and the payment device. The first user certificate is used to verify the identity of the payment device. The issuance module is used to obtain the order information of the target transaction and the second user certificate of the receiving device; Based on the second private key in the second user certificate, the order information and the second user certificate are encrypted to obtain a first digital signature, wherein the second user certificate is issued by the transaction server; Obtain the connection information between the receiving device and the payment device; Based on the first public key in the first user certificate, the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information are encrypted to generate a first payment credential. The sending module is configured to encrypt the first payment credential based on the first public key in the first user certificate, and send the encrypted first payment credential to the payment device based on a near-field connection. The first payment credential is used by the payment device to verify the target transaction and generate a target payment credential corresponding to the target transaction. The module also receives the target payment credential sent by the payment device based on the near-field connection, and after establishing a communication connection between the receiving device and the transaction server, sends the target payment credential to the transaction server. The target payment credential is used by the transaction server to verify the target transaction.
21. The near-field payment device according to claim 20 further includes a processing module, configured to generate a second public key and a second private key for the receiving device; and generate a second original user certificate based on the corresponding second identity information, second account information, and the second public key of the receiving device. The sending module is also used to: send the second original user certificate to the transaction server; The acquisition module is also used to: acquire the second target user certificate sent by the transaction server, wherein the second target user certificate includes the second original user certificate and the second digital signature issued by the transaction server, and the second digital signature is obtained by the transaction server after signing the second original user certificate based on a digital signature algorithm; Obtain the second user certificate based on the second target user certificate.
22. The near-field payment device according to claim 21, wherein the acquisition module is specifically used to: acquire the second digital signature and the second original user certificate from the second target user certificate; Based on the root certificate public key of the transaction server, the second digital signature is parsed to obtain the first digest information; Based on the digital signature algorithm, the second original user certificate is signed to obtain the second digest information; In response to a match between the first digest information and the second digest information, the second target user certificate is determined to be the second user certificate.
23. The near-field payment device according to claim 20, wherein the acquisition module is specifically used for: Based on the connection information of the payment device, a QR code and / or NFC tag are generated. A near-field connection is established with the payment device based on the QR code and / or the NFC tag; Based on the proximity connection established with the payment device, the first user certificate of the payment device is obtained.
24. The near-field payment device according to claim 23, wherein the first user certificate includes a first original user certificate and a third digital signature, wherein the third digital signature is obtained by the transaction server by signing the first original user certificate based on a digital signature algorithm; The near-field payment device also includes: a verification module, used to parse the third digital signature based on the root certificate public key of the transaction server to obtain third digest information; Based on the digital signature algorithm, the first original user certificate is signed to obtain the fourth digest information; In response to a match between the third digest information and the fourth digest information, it is determined that the identity verification of the payment device was successful.
25. The near-field payment device according to claim 20, further comprising: A connection module is configured to re-establish a connection with the payment device based on the connection information in response to a disconnection between the payment device and the receiving device.
26. A proximity payment device, applied to a payment device, the proximity payment device comprising: The first acquisition module is used to acquire the second user certificate of the receiving device based on the near-field connection established between the payment device and the receiving device. The second user certificate is used to verify the identity of the receiving device. The second acquisition module is used to acquire the first payment voucher for the target transaction issued by the receiving device. The processing module is used to obtain the first digital signature in the first payment voucher. The first digital signature includes order information and a second user certificate. The first digital signature is obtained by the payment device after signing the order information and the second user certificate based on a digital signature algorithm. The first digital signature is verified based on the second user certificate; Upon successful verification of the first digital signature, the first user certificate from the first payment voucher is obtained. The first user certificate in the first payment voucher is verified based on the first user certificate issued by the transaction server; in response to the successful verification of the first user certificate in the first payment voucher, the target payment voucher is generated based on the first private key of the payment device. The sending module is configured to encrypt the target payment credential according to the second public key in the second user certificate, and send the encrypted target payment credential to the receiving device based on a near-field connection, so that the receiving device sends the target payment credential to the transaction server; and / or, after the payment device establishes a communication connection with the transaction server, encrypt the target payment credential according to the root certificate public key of the transaction server, and send the encrypted target payment credential to the transaction server, wherein the target payment credential is used by the transaction server to verify the target transaction.
27. The near-field payment device according to claim 26, wherein the processing module is specifically used to: parse the first digital signature based on the second public key in the second user certificate to obtain fifth digest information; Based on the digital signature algorithm, the order information and the second user certificate are encrypted to obtain the sixth digest information; In response to the matching of the fifth digest information and the sixth digest information, it is determined that the first digital signature verification was successful.
28. The near-field payment device according to claim 27, wherein the processing module is specifically used for: In response to the successful verification of the first user certificate in the first payment credential, the current transaction duration of the order is obtained from the order information. The transaction duration is obtained based on the current time and the first moment when the receiving device and the payment device establish a connection. In response to the transaction duration being less than or equal to a preset duration, an order confirmation page is generated based on the order information; In response to the user's order confirmation operation on the order confirmation page, the first payment credential is encrypted according to the first private key of the payment device to generate a fourth digital signature; The target payment voucher is generated based on the first payment voucher and the fourth digital signature.
29. The near-field payment device according to claim 28, wherein the sending module is further configured to: In response to the transaction duration exceeding a preset duration, an instruction message is sent to the payment receiving device to instruct the payment receiving device to regenerate the first payment voucher.
30. The proximity payment device of claim 26, further comprising: The verification module is used to obtain the connection information in the first payment voucher; Based on the connection information between the receiving device and the payment device, verify the connection information in the first payment voucher; In response to the successful verification of the connection information in the first payment voucher and the disconnection between the payment device and the receiving device, a new connection is established with the receiving device based on the connection information in the first payment voucher; Alternatively, in response to the connection information in the first payment voucher failing verification, the transaction of the order is interrupted.
31. The near-field payment device according to any one of claims 26 to 30, wherein the processing module is further configured to: Generate the first public key and the first private key of the payment device; A first original user certificate is generated based on the second identity information, the second account information, and the first public key corresponding to the payment device. The sending module is also used to: send the first original user certificate to the transaction server; The processing module is also configured to: obtain a first target user certificate sent by the transaction server, wherein the first target user certificate includes a first original user certificate and a third digital signature issued by the transaction server, wherein the third digital signature is obtained by the transaction server by signing the first original user certificate based on the digital signature algorithm; Obtain the first user certificate based on the first target user certificate.
32. The near-field payment device according to claim 31, wherein the processing module is specifically used for: Obtain the third digital signature from the first target user certificate and the first original user certificate; Based on the root certificate public key of the transaction server, the third digital signature is parsed to obtain the seventh digest information; Based on the digital signature algorithm, the first original user certificate is encrypted to obtain the eighth digest information; In response to a match between the seventh digest information and the eighth digest information, the first target user certificate is determined to be the first user certificate.
33. The near-field payment device according to any one of claims 26 to 30, wherein the first acquisition module is specifically used for: A near-field connection is established with the payment device based on the QR code and / or NFC tag generated by the payment device. By establishing a near-field connection with the payment device, a second user certificate of the payment device is obtained.
34. The near-field payment device according to claim 33, wherein the second user certificate includes a second original user certificate and a second digital signature, and the second digital signature is obtained by the transaction server by signing the second original user certificate based on the digital signature algorithm; The near-field payment device further includes: a verification module, used to parse the second digital signature based on the root certificate public key of the transaction server to obtain the ninth digest information; Based on the digital signature algorithm, the second original user certificate is signed to obtain the tenth digest information; In response to a match between the ninth and tenth digest information, the identity verification of the payment device is determined to be successful.
35. A proximity payment device, applied to a transaction server, the proximity payment device comprising: The receiving module is used to receive the target payment voucher for the target order sent by the receiving device and / or payment device; The processing module is used to verify the target order based on the target payment voucher. The target payment voucher includes a first payment voucher and a fourth digital signature issued by the payment device. The first payment voucher includes order information, a second user certificate of the receiving device, a first user certificate of the payment device, and a first digital signature issued by the receiving device. The first payment voucher is generated by the receiving device through the following steps: obtaining the order information of the target transaction and the second user certificate of the receiving device; Based on the second private key in the second user certificate, the order information and the second user certificate are encrypted to obtain a first digital signature, wherein the second user certificate is issued by the transaction server; Obtain the connection information between the receiving device and the payment device; Based on the first public key in the first user certificate, the order information, the second user certificate, the first digital signature, the first user certificate, and the connection information are encrypted to generate the first payment credential. The target payment credential is generated by the payment device through the following steps: obtaining a first digital signature from the first payment credential, the first digital signature including order information and a second user certificate, the first digital signature being obtained by the receiving device after signing the order information and the second user certificate based on a digital signature algorithm; The first digital signature is verified based on the second user certificate; Upon successful verification of the first digital signature, the first user certificate from the first payment voucher is obtained. The first user certificate in the first payment credential is verified based on the first user certificate issued by the transaction server; in response to the successful verification of the first user certificate in the first payment credential, the target payment credential is generated based on the first private key of the payment device.
36. The near-field payment device according to claim 35, wherein the processing module is specifically used for: The fourth digital signature is parsed using the first public key of the payment device to obtain the eleventh digest information. The fourth digital signature is obtained by the payment device by signing the first digital signature and the first user certificate based on a digital signature algorithm. Based on the digital signature algorithm, the first digital signature and the first user certificate are signed to obtain the twelfth digest information; The first digital signature is parsed using the second public key of the payment device to obtain the thirteenth digest information. The first digital signature is obtained by the payment device by signing the order information and the second user certificate based on a digital signature algorithm. Based on the digital signature algorithm, the order information and the second user certificate are signed to obtain the fourteenth digest information; In response to the matching of the eleventh and twelfth summary information, and the matching of the thirteenth and fourteenth summary information, the target order is determined to have passed the verification, and the target order is cancelled.
37. The proximity payment device of claim 36, the first payment instrument further comprising: The connection information between the payment device and the receiving device; The processing module is specifically used for: Based on the digital signature algorithm, the first digital signature, the first user certificate, and the connection information are signed to obtain the twelfth digest information.
38. A computing device comprising: At least one processor and memory; The memory stores computer-executed instructions; The at least one processor executes the computer execution instructions stored in the memory, causing the at least one processor to perform the near-field payment method according to any one of claims 1 to 18.