A payment method and system based on hierarchical security control

By using a payment method based on hierarchical security controls, commercial bank systems determine the security authorization level of business personnel and conduct multiple verifications. Combined with a blockchain platform, this enables face-to-face corporate payments, addressing the payment needs of small and medium-sized enterprises and improving payment security and efficiency.

CN114638600BActive Publication Date: 2026-06-16ZHONGCHAO CREDIT CARD IND DEV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHONGCHAO CREDIT CARD IND DEV
Filing Date
2020-12-15
Publication Date
2026-06-16

AI Technical Summary

Technical Problem

Existing traditional and electronic payment tools cannot meet the face-to-face corporate payment needs of SMEs in business scenarios, especially the lack of mobile payment and split payment functions.

Method used

The payment method adopts a hierarchical security control approach. It receives order requests from mobile terminals through the commercial bank's business system, determines the security authorization level and permissions of business personnel, and uses a multi-factor authentication mechanism of mobile terminals and commercial bank systems to conduct secure payments. It also combines a blockchain platform to achieve decentralized and secure information transmission.

Benefits of technology

It achieves security and convenience for face-to-face corporate payments, supports mobile payments and split payments, improves corporate payment efficiency and business efficiency, and meets the actual needs of small and medium-sized enterprises.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114638600B_ABST
    Figure CN114638600B_ABST
Patent Text Reader

Abstract

The application discloses a payment method and system based on hierarchical security control, and the method comprises the following steps: a commercial bank business system receives a request for making a form sent by a mobile terminal and containing information of a service personnel; the commercial bank business system determines a security authorization level of the service personnel according to the information of the service personnel in the request for making a form; the commercial bank business system determines security authorization permission information of the service personnel according to the security authorization level, and sends the security authorization permission information to the mobile terminal, so that the mobile terminal performs a secure payment according to the security authorization permission information.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of communication technology, and in particular to a payment method and system based on hierarchical security control. Background Technology

[0002] Currently, corporate payment tools can be divided into two main categories based on whether they are electronic or not: traditional payment tools and electronic payment tools.

[0003] Traditional payment tools mainly rely on paper materials, such as cash and checks. This requires corporate finance personnel to withdraw cash or purchase checks from banks, and then provide them to business personnel according to business needs. The checks are then delivered offline to the relevant finance personnel of the receiving company. The entire process involves offline operations by personnel from both companies.

[0004] Electronic payment tools, represented by corporate online banking, are products of the PC internet era. Corporate finance personnel conduct internal approvals based on contracts, and payments are completed directly after approval. Business personnel cannot participate in the payment process, and they cannot meet the face-to-face corporate payment needs in specific business scenarios. Furthermore, they do not support mobile payments, cannot adapt to payment scenarios, and do not support split payments.

[0005] As mentioned above, both traditional and electronic payment tools have certain problems. In other words, while electronic payment tools utilize the advantages of the internet, they have abandoned the face-to-face corporate payment function of paper media. However, there is indeed a clear demand for face-to-face corporate payment in actual business scenarios, especially among small and medium-sized enterprises. Summary of the Invention

[0006] The technical problem solved by the solution provided in the embodiments of the present invention is that face-to-face corporate payment function cannot meet the needs of small and micro enterprises in their business scenarios.

[0007] A payment method based on hierarchical security control, according to an embodiment of the present invention, includes:

[0008] The commercial bank's business system receives a document creation request containing business personnel information sent from a mobile terminal;

[0009] The commercial banking system determines the security authorization level of the business personnel based on the business personnel information in the order request;

[0010] The commercial banking system determines the security authorization information of the business personnel based on the security authorization level, and sends the security authorization information to the mobile terminal so that the mobile terminal can make secure payments based on the security authorization information.

[0011] Preferably, the business personnel information includes the business personnel's name and telephone number; the security authorization information includes the payment limit, payment validity period, and payment geographical range.

[0012] Preferably, the commercial banking system determines the security authorization level of the business personnel based on the business personnel information in the order request, including:

[0013] The commercial banking system queries the department and position of the business personnel based on their name or phone number in the personnel information.

[0014] The commercial banking system determines the security authorization level of the business personnel based on their department and position.

[0015] Preferably, the commercial banking system determines the security authorization information of the business personnel based on the security authorization level, including:

[0016] The security authorization level is directly proportional to the security authorization permission information.

[0017] Preferably, the mobile terminal performing secure payment based on the security authorization information includes:

[0018] During secure payment, the mobile terminal acquires payment information including payment amount, payment date, and geographical location, and sends the payment information to the commercial bank's business system.

[0019] The commercial banking system receives payment information sent by the mobile terminal and determines whether the payment amount, payment date, and geographical location in the payment information are all valid.

[0020] The commercial banking system completes the payment when it determines that the payment amount, payment date, and geographical location in the payment information are all valid.

[0021] A payment system based on hierarchical security control, according to an embodiment of the present invention, includes:

[0022] The receiving module is used to receive order creation requests containing business personnel information sent by the mobile terminal;

[0023] The determination module is used to determine the security authorization level of the business personnel based on the business personnel information in the order request;

[0024] The sending module is used to determine the security authorization information of the business personnel according to the security authorization level, and send the security authorization information to the mobile terminal so that the mobile terminal can make secure payments based on the security authorization information.

[0025] Preferably, the business personnel information includes the business personnel's name and telephone number; the security authorization information includes the payment limit, payment validity period, and payment geographical range.

[0026] Preferably, the business personnel information includes the business personnel's name and telephone number; the security authorization information includes the payment limit, payment validity period, and payment geographical range.

[0027] Preferably, the determining module is specifically used to query the department and position of the business personnel based on the business personnel's name or phone number in the business personnel information, and to determine the security authorization level of the business personnel based on the business personnel's department and position.

[0028] Preferably, the security authorization level is directly proportional to the security authorization permission information.

[0029] Preferably, the system further includes a payment module, configured to receive payment information, including payment amount, payment date, and geographical location, obtained by the mobile terminal during secure payment, and determine whether the payment amount, payment date, and geographical location in the payment information are all valid, and complete the payment when the payment amount, payment date, and geographical location in the payment information are all valid.

[0030] According to the solution provided in the embodiments of the present invention, the enterprise client is an extension based on the bank's corporate online banking system and corporate mobile banking, providing services and empowerment to the bank. It realizes internal approval of the enterprise based on the corporate online banking system, designates the enterprise's business personnel as payers, and the payers use the corporate mobile banking to realize face-to-face corporate payments within the scope authorized by the enterprise. Attached Figure Description

[0031] The accompanying drawings, which are included to provide a further understanding of the invention and form part of this invention, illustrate exemplary embodiments of the invention and are used to understand the invention, but do not constitute an undue limitation of the invention. In the drawings:

[0032] Figure 1 This is a flowchart of a payment method based on hierarchical security control provided by an embodiment of the present invention;

[0033] Figure 2 This is a schematic diagram of a payment system based on hierarchical security control provided by an embodiment of the present invention;

[0034] Figure 3 This is a schematic diagram of a blockchain platform based on hierarchical security control provided in an embodiment of the present invention;

[0035] Figure 4This is a schematic diagram of a payment system based on hierarchical security control provided in an embodiment of the present invention;

[0036] Figure 5 This is a flowchart of a payment method based on hierarchical security control provided in an embodiment of the present invention. Detailed Implementation

[0037] The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be understood that the preferred embodiments described below are only for illustration and explanation of the present invention and are not intended to limit the present invention.

[0038] Figure 1 This is a flowchart of a payment method based on hierarchical security control provided by an embodiment of the present invention, such as... Figure 1 As shown, it includes:

[0039] Step S101: The commercial bank's business system receives a document creation request containing business personnel information sent by the mobile terminal;

[0040] Step S102: The commercial banking system determines the security authorization level of the business personnel based on the business personnel information in the order request;

[0041] Step S103: The commercial banking system determines the security authorization information of the business personnel according to the security authorization level, and sends the security authorization information to the mobile terminal so that the mobile terminal can make secure payments according to the security authorization information.

[0042] The business personnel information includes the business personnel's name and phone number; the security authorization information includes the payment limit, payment validity period, and payment geographical range.

[0043] Specifically, the commercial banking system determines the security authorization level of the business personnel based on the business personnel information in the order request by: querying the department and position of the business personnel based on the business personnel's name or phone number in the business personnel information; and determining the security authorization level of the business personnel based on the department and position of the business personnel.

[0044] Specifically, the commercial banking system determines the security authorization information of the business personnel based on the security authorization level, including the fact that the security authorization level is directly proportional to the security authorization information.

[0045] Specifically, the mobile terminal's secure payment based on the security authorization information includes: during the secure payment process, the mobile terminal acquires payment information containing the payment amount, payment date, and geographical location, and sends the payment information to the commercial banking system; the commercial banking system receives the payment information sent by the mobile terminal and determines whether the payment amount, payment date, and geographical location in the payment information are all valid; when the commercial banking system determines that the payment amount, payment date, and geographical location in the payment information are all valid, the payment is completed.

[0046] Figure 2 This is a schematic diagram of a payment system based on hierarchical security control provided by an embodiment of the present invention, such as... Figure 2 As shown, it includes: a receiving module, used to receive an order creation request containing business personnel information sent by a mobile terminal; a determining module, used to determine the security authorization level of the business personnel based on the business personnel information in the order creation request; and a sending module, used to determine the security authorization permission information of the business personnel based on the security authorization level, and send the security authorization permission information to the mobile terminal so that the mobile terminal can make secure payments based on the security authorization permission information.

[0047] The business personnel information includes the business personnel's name and phone number; the security authorization information includes the payment limit, payment validity period, and payment geographical range.

[0048] Specifically, the determining module is used to query the department and position of the business personnel based on their name or phone number in the business personnel information, and to determine the security authorization level of the business personnel based on their department and position.

[0049] The security authorization level is directly proportional to the security authorization permission information.

[0050] The embodiments of the present invention also include a payment module, which is used to receive payment information including payment amount, payment date and geographical location obtained by the mobile terminal during secure payment, and to determine whether the payment amount, payment date and geographical location in the payment information are all valid, and to complete the payment when it is determined that the payment amount, payment date and geographical location in the payment information are all valid.

[0051] The following is combined with Figures 3-5 The present invention will be described in detail.

[0052] Permissioned blockchain construction and institutional access

[0053] An operating organization creates and maintains the blockchain platform, and reviews and manages participating institutions, including regulatory agencies, clearing houses, and commercial banks. It enables information exchange among participating institutions, and the decentralized system ensures information is tamper-proof and traceable; it provides privacy protection, with sensitive information only visible to counterparties and regulatory agencies; and it supports 24 / 7 uninterrupted operation, allowing businesses to make payments anytime, anywhere, completely eliminating time and location restrictions and significantly improving the efficiency of corporate payments, thereby enhancing business efficiency and competitiveness.

[0054] Hierarchical security control

[0055] Corporate online banking allows corporate administrators to create and manage business personnel without needing to apply for hardware certificates from banks. The company manages these functions internally, including adding, modifying, querying, and deleting data. Business personnel added by the company can only act as payers and cannot participate in the company's internal application process.

[0056] Corporate finance personnel with hardware certification can approve vouchers of a certain amount through the corporate online banking client, designating a specific payer as the face-to-face corporate payment provider on the mobile device. The payer can only perform payment operations within the authorized scope, thus controlling the risks of mobile payments from a business perspective.

[0057] The payment process for designated payers is divided into two stages: online banking approval and mobile payment. The online banking approval process controls the payer's disposable amount, achieving tiered security control.

[0058] Multi-factor safety factor verification

[0059] When designating a payer on the online banking platform, multiple factors can be authorized, including the payer's mobile phone number, the payer's device binding, the payment validity period, and the payment geographical range. Multiple factors can be selected to restrict payments during the enterprise approval process to ensure the security of mobile payments.

[0060] When a payer makes a payment, security checks are performed on relevant security factors, such as digital certificates, biometrics, passwords, verification codes, bound devices, payment validity period, and payment geographical range, to conduct multiple verifications.

[0061] Biometric authentication employs the FIDO authentication system. First, it verifies the digital certificate of the hardware device. Then, it verifies the payer's identity through methods such as username and password, mobile verification code, and real-name authentication. After successful verification, a digital certificate is generated for the user in a secure environment on the mobile device, ensuring both device and user identity security. Simultaneously, it collects biometric data hashes, such as fingerprints, and stores them in the phone's secure environment. This enables biometric authentication mode, verifying the payment validity period and geographical location to ensure the security of critical operations such as login and payment.

[0062] By strictly controlling the scope of risk through online banking and verifying multiple security factors on mobile devices, payment security is guaranteed to the greatest extent.

[0063] QR code payment

[0064] Mobile payment allows payers to scan the recipient's mobile QR code with their phones, automatically filling in the recipient's company information. This enables face-to-face corporate payments via mobile devices, with funds arriving within 6 seconds – convenient, secure, and fast.

[0065] The QR code generation rules involve concatenating the bank code, company name, company account, timestamp, and bank identifier into a string and then encrypting it using SHA1. The bank identifier is distributed through a blockchain platform to enable blockchain verification of the corporate QR code. The bank obtains the QR code through the blockchain platform system interface, emphasizing information exchange security and ensuring that the bank identifier is not leaked.

[0066] The business owner who makes the payment scans the QR code and performs the following verification:

[0067] Verify whether the receiving bank has joined the blockchain platform;

[0068] Verify that the timestamp is valid;

[0069] Verify that the signature is correct.

[0070] Application scenarios

[0071] It supports corporate payments for all enterprises, but the best application scenario is (B2C)2B. Essentially, it is a B2B payment, but the (B2C) part extends the enterprise's simple payment behavior to all business personnel, so that finance is integrated into the entire business. Enterprises authorize business personnel to complete face-to-face corporate QR code payments through mobile terminals in specific scenarios, such as employee business trips, corporate welfare distribution, and small purchases.

[0072] Further integration with merchant systems and e-invoice systems will enable the integration of payment information, order information, and invoice information, eliminating cumbersome procedures such as employee advance payment and reimbursement. This will allow employees to focus on business processing, achieving the ideal effect of intelligent supervision and intelligent reimbursement, with payment resulting in reimbursement. Ultimately, this will enable finance to drive more efficient business operations, improve financial effectiveness, and enhance corporate efficiency.

[0073] like Figure 3 As shown, a new trust cooperation platform is built using a blockchain platform, with commercial banks, regulatory agencies, clearing institutions, and operation and maintenance institutions as participating institutions, to realize the decentralized transmission of information between commercial banks, which is tamper-proof and traceable.

[0074] like Figure 4As shown, within the commercial banking system, it is embedded in the corporate online banking system, utilizing the secure environment of the corporate online banking to ensure a high level of system security. It supports internal order approval processes and provides security management and hash-based on-chaining for aspects such as designating payers, setting payment validity periods, limit controls, device binding, and geographical location restrictions, achieving the first level of secure authorization in the approval process and controlling the scope of risk. On the mobile application side, it supports secure verification through digital certificates, biometrics, passwords, and verification codes, achieving the second level of security in the payment process through local and blockchain verification, further ensuring payment security.

[0075] Figure 5 This is a flowchart of a payment method based on hierarchical security control provided in an embodiment of the present invention, such as... Figure 5 As shown, it includes:

[0076] Enterprise administrators use hardware certificates issued by commercial banks to log in to the enterprise's online banking system, authenticate with signatures, create business personnel for the enterprise, and register information such as mobile phone numbers, names, login names, and login passwords.

[0077] Enterprise administrators use hardware certificates issued by commercial banks to log in to the enterprise's online banking system, and customize internal approval processes through signature authentication.

[0078] The person creating the document logs into the corporate online banking system using a hardware certificate issued by a commercial bank, initiates the document creation process through signature authentication, and sets the payment limit, validity period, designated payer, mobile device binding, and payment geographical range.

[0079] The reviewer uses a hardware certificate issued by a commercial bank to log in to the corporate online banking system, completes the approval of the document creation through signature authentication;

[0080] Payers use mobile applications to log in using digital certificates, biometrics, or passwords and verification codes, and make QR code payments within the authorized limit, validity period, bound device, and valid location.

[0081] The validity of the recipient's QR code is verified. Once the verification is successful, the transaction information is transferred to the blockchain through the commercial bank where the paying company is located. At the same time, the transaction is cleared in the bank's blockchain virtual clearing account and then settled.

[0082] After receiving the payment information, the commercial bank where the receiving company is located will credit the payment to the company's account and notify the company.

[0083] At the end of the day, the clearing institution will allocate funds between banks based on the clearing results of the blockchain.

[0084] The hierarchical security control of this invention separates internal enterprise approval from payment, keeping mobile risks within an acceptable range through business control. Multi-factor security verification ensures that the internal enterprise approval process, conducted within a secure corporate online banking environment, allows for designation of payers, device binding, payment validity period settings, and geographical scope control. Simultaneously, digital certificates, biometrics, passwords, and verification codes are used on the mobile terminal to guarantee mobile payment security. It enables the application of (B2C)2B mobile face-to-face corporate payment scenarios, where enterprise B authorizes business personnel C to make face-to-face payments to receiving enterprise B via mobile applications, adapting to the business scenario of mobile face-to-face payments. Real-time settlement is achieved through the blockchain platform, enabling settlement within 6 seconds and seamless 24 / 7 operation, allowing enterprises to use it anytime, anywhere, providing more flexible payment time and promoting business prosperity. (B2C)2B corporate payment serves as a financial infrastructure, connecting all banks joining the blockchain platform, automatically granting this function to enterprises with bank accounts, applicable to various forms of corporate payment transactions.

[0085] According to the solution provided in the embodiments of the present invention, the system realizes hierarchical security control, transfers the security risks of mobile terminals to the bank's online banking terminal through business approval, and reduces the risk of mobile payment; it realizes (B2C)2B payment, that is, the enterprise authorizes business personnel to make face-to-face corporate payments on mobile terminals, extends the enterprise's financial chain to all business personnel, further optimizes the role of finance in promoting business, and improves the enterprise's capital utilization rate and efficiency.

[0086] Although the present invention has been described in detail above, it is not limited thereto, and those skilled in the art can make various modifications based on the principles of the present invention. Therefore, all modifications made in accordance with the principles of the present invention should be understood to fall within the protection scope of the present invention.

Claims

1. A payment method based on hierarchical security control, characterized in that, include: The operating organization creates and maintains the blockchain platform, and reviews and manages the participating regulatory agencies, clearing institutions and commercial banks to enable enterprises to make payments anytime and anywhere, eliminating the time and location restrictions on enterprise payments; Corporate finance personnel with hardware certificates can designate vouchers of a certain amount as the face-to-face corporate payment provider for mobile payments within authorized limits by approving them through the corporate online banking client. The designated payment is processed through both online banking approval and mobile payment. When designating a payment provider online, authorization is granted for multiple factors, including the payer's mobile phone number, device binding, payment validity period, and geographical location. During corporate approval, multiple factors are selected to restrict payment, ensuring security checks are performed on the payer's identity, including digital certificates, biometrics, passwords, verification codes, bound devices, payment validity period, and geographical location. When making payments on the mobile terminal, the payer scans the recipient's mobile QR code, automatically filling in the recipient's company information for mobile face-to-face corporate payments. The QR code generation rules involve concatenating the bank code, company name, company account, timestamp, and bank identifier into a string, which is then encrypted using SHA1. The bank identifier is distributed through a blockchain platform for blockchain verification of the corporate QR code, obtained by the bank through the blockchain platform system interface. The person creating the document logs into the corporate online banking system using a hardware certificate issued by a commercial bank, initiates the document creation process through signature authentication, sets the payment limit, payment validity period, designates the payer, binds the mobile device, and sets the payment geographical range. The reviewer uses a hardware certificate issued by a commercial bank to log in to the corporate online banking system, completes the approval of the document creation through signature authentication; The payer uses a mobile application to log in using a digital certificate, biometrics, or password and verification code, and makes a QR code payment within the authorized payment limit, the payment validity period, the bound mobile device, and the valid payment geographical range; The validity of the recipient's QR code is verified. After the verification is successful, the transaction information is paid through the commercial bank where the paying company is located on the blockchain. At the same time, the transaction is cleared in the bank's blockchain virtual clearing account and then the transaction is recorded. The QR code generation rule is that the bank code, business name, business account, timestamp, and bank identifier are concatenated into a string in sequence and then encrypted with SHA1. After receiving the payment information, the commercial bank where the receiving company is located will credit the payment to the company's account and notify the company.

2. A payment system based on hierarchical security control, characterized in that, include: The receiving module is used by the document creator to log in to the corporate online banking system using a hardware certificate issued by a commercial bank, initiate the document creation process through signature authentication, set the payment limit, payment validity period, designate the payer, bind the mobile device, and set the payment geographical range; and by the approver to log in to the corporate online banking system using a hardware certificate issued by a commercial bank, complete the document approval process through signature authentication. The payment module allows payers to log in via a mobile application using digital certificates, biometrics, or passwords and verification codes. Within the authorized payment limit, payment validity period, bound mobile device, and valid geographical area, they can scan a QR code to make a payment. The module verifies the validity of the payee's QR code. Upon successful verification, the payment transaction information is uploaded to the blockchain by the commercial bank where the paying company is located, and simultaneously cleared in the bank's blockchain virtual clearing account before being stored on the blockchain. The QR code generation rules involve concatenating the bank code, business name, business account, timestamp, and bank identifier into a string and then encrypting it using SHA1. After receiving the payment information, the commercial bank where the payee is located credits the payee's account and notifies the payee. The receiving module is also used to create and maintain a blockchain platform within the operating organization, and to review and manage the participating regulatory agencies, clearing institutions, and commercial banks, enabling enterprises to make payments anytime, anywhere, eliminating the time and location restrictions on enterprise payments. Enterprise financial personnel with hardware certificates can designate vouchers of a certain amount as the face-to-face corporate payment provider for mobile payments within the authorized scope by approving them through the enterprise online banking client. The designated payment provider's payment is divided into online banking approval and mobile payment. When designating a payment provider on the online banking platform, authorization is granted for multiple elements including the payment provider's mobile phone number, payment device binding, payment validity period, and payment geographical range. The enterprise approval process selects... Multiple factors are selected for payment restrictions to ensure security checks are performed on payers, including digital certificates, biometrics, passwords, verification codes, bound devices, payment validity periods, and geographical scope. When a mobile payer makes a payment, they scan the recipient's mobile QR code to automatically fill in the recipient's company information, enabling mobile face-to-face corporate payments. The QR code generation rules involve concatenating the bank code, company name, company account, timestamp, and bank identifier into a string and encrypting it using SHA1. The bank identifier is distributed through a blockchain platform for blockchain verification of the corporate QR code, which the bank obtains through the blockchain platform system interface.