A dual-channel verification distributed data processing method, system, device and medium

By adopting a dual-channel verification method in ride-hailing platforms, the settlement of trip costs is separated to offline payment. By using service tokens and performance tokens in combination with GPS spatiotemporal overlap events for multi-dimensional verification, the problems of high server load, insufficient data security, and reliance on a single signal for performance verification are solved, thus achieving an efficient and reliable transaction process and compliance with financial regulations.

CN122263136APending Publication Date: 2026-06-23CHENGDU LINGQI SPACE SOFTWARE +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHENGDU LINGQI SPACE SOFTWARE
Filing Date
2026-05-26
Publication Date
2026-06-23

Smart Images

  • Figure CN122263136A_ABST
    Figure CN122263136A_ABST
Patent Text Reader

Abstract

The application provides a double-channel verification distributed data processing method, system, device and medium, belonging to the technical field of distributed data processing. The high-frequency trip cost settlement is separated to the offline point-to-point payment channel, and the platform server only needs to process lightweight token verification and state machine flow, without performing real-time account distribution, balance maintenance and other complex financial logic, thereby significantly reducing the database write pressure and transaction lock conflict in a high-concurrency scenario, and improving the system throughput capacity and response speed. Through the hierarchical access control scheme of "paying information service fee first and then unlocking details", the platform can only show the encrypted or blurred vehicle and location data to the passenger in the early stage of the trip, and only when the real performance behavior occurs and passes the double-token verification, more sensitive information can be gradually unlocked, effectively reducing the risk of misuse or large-scale crawling of sensitive data by crawlers, and improving the data security and privacy protection capability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of distributed data processing technology, and specifically relates to a dual-channel verification distributed data processing method, system, device and medium. Background Technology

[0002] Currently, most ride-hailing and carpooling platforms adopt a "funds pooling" model, where the platform server collects all fees from passengers, including information service fees and trip costs, and then settles the payment to the driver after the trip is completed and confirmed. This centralized funds pooling model has the following prominent issues in terms of engineering implementation and regulatory compliance:

[0003] High server load necessitates real-time processing of payment callbacks, order amount distribution, account balance updates, concurrent database writes, and complex transaction locking operations to support high-frequency, small-amount, and massive order settlements. In high-concurrency scenarios, the database can easily become a bottleneck, leading to increased order processing latency or even timeouts, negatively impacting user experience.

[0004] Insufficient data security and privacy protection. In existing solutions, platforms typically disclose sensitive data such as the driver's precise location, vehicle information, and real phone number directly to passengers before the trip is actually fulfilled. This practice increases the risk of driver privacy leaks and also provides opportunities for malicious web scraping and large-scale collection of sensitive data.

[0005] Fulfillment verification relies on a single subjective signal. In the traditional model, whether a trip is completed depends mainly on a single client-side action signal, such as the driver clicking "arrived" or the passenger clicking "confirm completion." Such purely logical click behaviors are prone to accidental operation and are easily forged by malicious automated scripts. They lack objective verification evidence corresponding to the real physical world, making it difficult to fundamentally prevent fraudulent behaviors such as remote order-faking and false completion.

[0006] State machine deadlock and process stall issues. Order status updates are highly dependent on the stability of third-party payment callbacks and network channels. In weak network environments or when the payment interface malfunctions, if payment is successful but the callback signal is lost, the order may remain in an intermediate state for an extended period, unable to progress to the completed state. This can block subsequent operations such as evaluation, arbitration, and credit score updates, severely impacting user rights.

[0007] Meanwhile, with increasingly stringent financial regulations, the long-term fund pooling model of platforms that hold user funds is facing growing pressure regarding compliance. How to ensure the verifiability and credibility of transactions while reducing the platform's centralized control over fund flows has become a major technical challenge for the travel industry. Summary of the Invention

[0008] In view of the above problems, this application proposes a dual-channel verification distributed data processing method, system, device, and medium. By offloading high-frequency travel cost settlement to an offline peer-to-peer payment channel, the platform server only needs to handle lightweight token verification and state machine transitions, thereby significantly reducing database write pressure and transaction lock conflicts in high-concurrency scenarios, and improving system throughput and response speed.

[0009] One embodiment of this application provides a dual-channel verification distributed data processing method, applied to a server, including:

[0010] Receive trip booking requests and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, send an authentication command to the first terminal;

[0011] Upon receiving the first authentication pass signal from the first terminal, a service token corresponding to the service order is generated, and the service token is stored in association with the service order.

[0012] The service token is used as an encryption key to encrypt the sensitive information of the second terminal to obtain an encryption result, and the de-identified trip data generated based on the encryption result is sent to the first terminal; the sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, the precise geographical coordinates, and some fields from the historical credit score; the de-identified trip data includes obfuscated location data and location information presented in the form of relative distance.

[0013] The service rights count of the second terminal is obtained by associating with the second terminal, and the service rights count is frozen to form a frozen rights amount; the order state machine is updated and the validity period parameter of the service token is recorded.

[0014] The location information of the first terminal and the second terminal is collected periodically, and the spatial distance and moving speed of the first terminal and the second terminal are calculated based on the preset geofencing algorithm.

[0015] When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

[0016] Preferably, the method further includes: receiving a second authentication signal sent by a first terminal, performing authentication based on the second authentication signal, generating a performance token after successful authentication, and recording the generation timestamp of the performance token;

[0017] An atomicity verification algorithm is executed to perform multi-dimensional data joint verification of the validity of the service token, the spatiotemporal overlap information of the first terminal and the second terminal, and the timestamp of the fulfillment token;

[0018] The atomicity check algorithm includes at least the following:

[0019] If the service token Token_A.isValid is true, and the difference between the timestamp of the fulfillment token Token_B and the timestamp of the most recent spatiotemporal overlap event is less than the preset time difference threshold, then the verification is considered to have passed; otherwise, the verification is considered to have failed and the exception handling process is triggered.

[0020] Preferably, the method further includes:

[0021] When the atomicity check algorithm passes the check, the service order state machine is updated from the thread waiting state to the completed state.

[0022] The credit graph data of the first terminal and the second terminal are updated based on the service token and the performance token, and the freeze on the service rights count of the second terminal is lifted, and the frozen rights amount is unfrozen or returned.

[0023] Preferably, the method further includes:

[0024] A decryption key or decryption command is sent to the first terminal, and the sensitive information of the second terminal is unlocked based on the decryption key or decryption command for subsequent evaluation, complaint or rights protection.

[0025] Preferably, the method further includes:

[0026] If a fulfillment token is not generated within the preset time limit or the atomicity check fails, the service order state machine will be transitioned to an abnormal state, and a deduction or rollback strategy for freezing the equity count will be executed.

[0027] Preferably, the step of calculating the spatial distance and movement speed between the first terminal and the second terminal based on a preset geofencing algorithm includes:

[0028] Calculate the Euclidean distance or great circle distance between the GPS coordinates of the first terminal and the second terminal and determine it as the spatial distance;

[0029] When the spatial distance is less than the first threshold, the velocity vectors of the first terminal and the second terminal within the preset time window are combined to determine whether the dwell time at the same location is greater than the third threshold, so as to confirm the spatiotemporal overlap event.

[0030] Preferably, the service rights count is the order acceptance limit or service execution limit bound to the second terminal account;

[0031] When generating the service token Token_A, the order acceptance limit is decremented by one and marked as frozen.

[0032] When the order status is completed, the frozen order acceptance limit will be restored to an available state;

[0033] When an order status becomes abnormal and the second terminal is determined to be in breach of contract, the deduction of the corresponding order amount will continue.

[0034] Based on the same inventive concept, another aspect of the embodiments of this application provides a dual-channel verification distributed data processing system, including:

[0035] The server is used to receive trip booking requests and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, it sends an authentication command to the first terminal.

[0036] Upon receiving the first authentication pass signal from the first terminal, a service token corresponding to the service order is generated, and the service token is stored in association with the service order.

[0037] The service token is used as an encryption key to encrypt the sensitive information of the second terminal to obtain an encryption result, and the de-identified trip data generated based on the encryption result is sent to the first terminal; the sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, the precise geographical coordinates, and some fields from the historical credit score; the de-identified trip data includes obfuscated location data and location information presented in the form of relative distance.

[0038] The service rights count of the second terminal is obtained by associating with the second terminal, and the service rights count is frozen to form a frozen rights amount; the order state machine is updated and the validity period parameter of the service token is recorded.

[0039] The location information of the first terminal and the second terminal is collected periodically, and the spatial distance and moving speed of the first terminal and the second terminal are calculated based on the preset geofencing algorithm.

[0040] When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

[0041] Based on the same inventive concept, another aspect of the embodiments of this application provides an electronic device, including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus;

[0042] Memory, which stores computer programs;

[0043] When the processor executes a program stored in memory, it implements a dual-channel verification distributed data processing method.

[0044] Based on the same inventive concept, another aspect of the embodiments of this application provides a computer-readable storage medium storing a computer program, which, when executed by a processor, implements a dual-channel verification distributed data processing method.

[0045] The beneficial effects of this application are as follows: Based on the above technical solution, (1) the high-frequency trip cost settlement is separated to the offline point-to-point payment channel. The platform server only needs to handle lightweight token verification and state machine transition, without having to execute complex financial logic such as real-time accounting and balance maintenance. This significantly reduces the database writing pressure and transaction lock conflict in high-concurrency scenarios, reduces the server load, and improves the system throughput and order processing speed.

[0046] (2) By adopting the hierarchical access control scheme of "paying information service fees first and then unlocking details", the platform can only show passengers encrypted or obfuscated vehicle and location data in the early stage of the trip. Only after the actual performance of the contract occurs and the dual token verification is passed will more sensitive information be gradually unlocked, which effectively reduces the risk of sensitive data being abused or crawled on a large scale, and improves data security and privacy protection capabilities.

[0047] (3) By combining dual-channel tokens with order state machines, the online payment token Token_A, the offline near-field interaction-generated performance token Token_B, and the GPS spatiotemporal coincidence event are used as heterogeneous signals for joint verification. This avoids the reliance on a single "button click" or a single "payment callback" in the traditional model, thereby reducing the state machine deadlock problem caused by network interruption and callback loss. It realizes a verifiable transaction loop in the non-managed mode, ensures transaction atomicity and process reliability, and improves the ability to prevent order fraud.

[0048] (4) By freezing, unfreezing, and deducting the service rights count (order limit) on the car owner's side, constraints can be imposed on the car owner's performance without freezing funds. When the second payment is not completed or the performance verification is not passed, the system automatically deducts the relevant rights count and records it in the credit graph, so that malicious default or no-show behavior will be continuously affected in future order acceptance. A distributed credit game model is constructed to realize a distributed risk control closed loop based on virtual rights and improve the reliability of order status flow.

[0049] (5) Since the platform does not directly manage or allocate offline trip cost funds, but only charges information service fees and processes tokens and data flows, it weakens the platform's dependence on the fund pool while retaining risk control capabilities, making it easier to meet the regulatory requirements of the financial and payment fields.

[0050] Other features and advantages of this application will be set forth in the following description and will be apparent in part from the description or may be learned by practicing the application. The objectives and other advantages of this application may be realized and obtained by means of the structures pointed out in the description and the accompanying drawings. Attached Figure Description

[0051] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0052] Figure 1 This diagram illustrates a dual-channel verification distributed data processing method on the server side.

[0053] Figure 2 A schematic diagram of a dual-channel verification distributed data processing system is shown.

[0054] Figure 3 A schematic diagram of an electronic device is shown. Detailed Implementation

[0055] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.

[0056] It should be noted that the terms "first," "second," etc., used in this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate for the embodiments of this application described herein. In this application, the terms "upper," "lower," "left," "right," "front," "rear," "top," "bottom," "inner," "outer," "middle," "vertical," "horizontal," "lateral," "longitudinal," etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings.

[0057] This application provides a dual-channel verification distributed data processing method, applied to a server, see [link to relevant documentation]. Figure 1 ,include:

[0058] S101: Receive trip booking request and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, send the first authentication instruction to the first terminal;

[0059] S102: After receiving the first authentication pass signal from the first terminal, generate a service token corresponding to the service order, and store the service token in association with the service order;

[0060] S103: Use the service token as an encryption key to encrypt the sensitive information of the second terminal to obtain an encryption result, and send the de-identified trip data generated based on the encryption result to the first terminal; the sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, the precise geographical coordinates, and some fields from the historical credit score, and the de-identified trip data includes obfuscated location data and location information presented in the form of relative distance;

[0061] S104: Associate with the second terminal to obtain the service rights count of the second terminal, freeze the service rights count to form a frozen rights amount; update the order state machine and record the validity period parameter of the service token;

[0062] S105: Periodically collect the location information of the first terminal and the second terminal, and calculate the spatial distance and moving speed of the first terminal and the second terminal based on the preset geofencing algorithm;

[0063] S106: When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

[0064] The dual-channel verification distributed data processing method described in this specification is typically used in servers, which can be cloud servers and local servers. Servers can be electronic devices such as laptops, desktop computers, tablets, and all-in-one computers.

[0065] Preferably, when applied to a server, the method further includes:

[0066] The system receives a second authentication signal from the first terminal, performs authentication based on the second authentication signal, generates a performance token after successful authentication, and records the generation timestamp of the performance token.

[0067] An atomicity verification algorithm is executed to perform multi-dimensional data joint verification of the validity of the service token, the spatiotemporal overlap information of the first terminal and the second terminal, and the timestamp of the fulfillment token;

[0068] The atomicity check algorithm includes at least the following:

[0069] If the service token Token_A.isValid is true, and the difference between the timestamp of the fulfillment token Token_B and the timestamp of the most recent spatiotemporal overlap event is less than the preset time difference threshold, then the verification is considered to have passed; otherwise, the verification is considered to have failed and the exception handling process is triggered.

[0070] This embodiment adopts a hierarchical access control scheme of "paying information service fees first and then unlocking details". The platform can only show passengers encrypted or obscured vehicle and location data in the early stages of the trip. More sensitive information is gradually unlocked only after the actual performance of the contract occurs and the dual token verification is completed. This effectively reduces the risk of sensitive data being abused or crawled on a large scale, and improves data security and privacy protection capabilities.

[0071] Preferably, when applied to a server, the method further includes:

[0072] When the atomicity check algorithm passes the check, the service order state machine is updated from the thread waiting state to the completed state.

[0073] The credit graph data of the first terminal and the second terminal are updated based on the service token and the performance token, and the freeze on the service rights count of the second terminal is lifted, and the frozen rights amount is unfrozen or returned.

[0074] This embodiment combines a dual-channel token with an order state machine, using the online payment service token Token_A, the offline near-field interaction-generated fulfillment token Token_B, and the GPS spatiotemporal coincidence event as heterogeneous signals for joint verification. This avoids the reliance on a single "button click" or a single "payment callback" in traditional models, thereby reducing the state machine deadlock problem caused by network interruption or callback loss. It achieves a verifiable transaction loop in non-managed mode, ensuring transaction atomicity and process reliability, and improving the ability to prevent fraudulent transactions.

[0075] Preferably, when applied to a server, the method further includes:

[0076] A decryption key or decryption command is sent to the first terminal, and the sensitive information of the second terminal is unlocked based on the decryption key or decryption command for subsequent evaluation, complaint or rights protection.

[0077] If a fulfillment token is not generated within the preset time limit or the atomicity check fails, the service order state machine will be transitioned to an abnormal state, and a deduction or rollback strategy for freezing the equity count will be executed.

[0078] This embodiment uses a strategy of freezing, unfreezing, and deducting service rights counts (order acceptance limits) on the car owner's side to constrain the car owner's performance without freezing funds. When the second payment is not completed or the performance verification is not passed, the system automatically deducts the relevant rights count and records it in the credit graph. This ensures that malicious defaults or no-shows will have a continuous impact on future order acceptance, constructing a distributed credit game model and realizing a distributed risk control closed loop based on virtual rights, thereby improving the reliability of order status transitions.

[0079] Preferably, in step S105, calculating the spatial distance and movement speed between the first terminal and the second terminal based on a preset geofencing algorithm includes:

[0080] Calculate the Euclidean distance or great circle distance between the GPS coordinates of the first terminal and the second terminal and determine it as the spatial distance;

[0081] When the spatial distance is less than the first threshold, the velocity vectors of the first terminal and the second terminal within the preset time window are combined to determine whether the dwell time at the same location is greater than the third threshold, so as to confirm the spatiotemporal overlap event.

[0082] Preferably, the service rights count is the order acceptance limit or service execution limit obtained after the server is bound to the second terminal account;

[0083] When generating the service token Token_A, the order acceptance limit is decremented by one and marked as frozen.

[0084] When the order status is completed, the frozen order acceptance limit will be restored to an available state;

[0085] When an order status becomes abnormal and the second terminal is determined to be in breach of contract, the deduction of the corresponding order amount will continue.

[0086] In this embodiment, since the platform does not directly manage or allocate offline travel cost funds, but only charges information service fees and processes tokens and data streams, it weakens the platform's dependence on the fund pool while retaining risk control capabilities, making it easier to meet the regulatory requirements of the financial and payment sectors.

[0087] The application process of the method in the embodiments of this application will be described in detail below.

[0088] Specifically, the dual-channel verification distributed data processing method provided in this application includes the following processes:

[0089] (1) Service request and first token generation:

[0090] The first terminal sends a trip booking request. After successful verification, the server sends a first authentication command to the first terminal, which includes the information service fee amount to be paid through the first online payment channel. Upon receiving the first successful authentication signal from the third-party payment gateway, the server generates a unique service token Token_A and binds it to the current order ID. The server uses Token_A as a key or key generation factor to encrypt sensitive information related to the second terminal, only sending encrypted and anonymized trip data, such as fuzzy location and relative distance, to the first terminal.

[0091] (2) Freezing of rights and status locking:

[0092] While generating the service token Token_A, the server counts the service rights of the second terminal account in the rights data table associated with the second terminal account, such as the number of orders received, the credit pledge limit, etc., and performs a freezing operation, marking the corresponding amount of the limit as "frozen, pending performance".

[0093] The order state machine is updated from the PENDING state (pending payment of information service fees) to the LOCKED_WAITING state, recording the validity period of the service token Token_A and the expected fulfillment time window in this state.

[0094] (3) Geofencing triggering and near-field interaction preparation:

[0095] The server periodically or based on event triggers obtains the current location coordinates and movement speed information of the first and second terminals, and calculates the spatial distance and relative speed between them using a preset geofencing algorithm.

[0096] When the spatial distance is less than a first threshold and the movement speed of both terminals is lower than a second threshold, and these conditions are maintained within a preset dwell time, the server determines that the two terminals have formed a spatiotemporal overlap event in the preset destination area. At this time, the server pushes a fulfillment ready signal to the first terminal and the second terminal respectively, and opens the near-field interaction interface of the second channel so that the first terminal and the second terminal can perform physical near-field confirmation through scanning or NFC.

[0097] (4) Joint verification of second token generation and heterogeneous signals:

[0098] Upon receiving the fulfillment-ready signal, the first terminal completes the offline peer-to-peer payment or fund settlement by scanning a QR code displayed by the second terminal or by NFC contact with the second terminal. The first terminal or the third-party payment gateway then sends a second authentication success signal to the server. After confirming successful second authentication, the server generates a fulfillment token (Token_B) and records its generation timestamp.

[0099] Subsequently, the server calls the atomicity verification algorithm to combine and verify multi-dimensional data such as the validity status of Token_A, the timestamp and spatial distance parameters of the most recent spatiotemporal coincidence event, the timestamp of Token_B, and the current status of the order. The server determines that the fulfillment is successful only when all preset conditions are met.

[0100] (5) State machine transition and data unlocking:

[0101] If the atomicity verification algorithm determines that the performance is successful, the server will transition the order state machine from the locked waiting state LOCKED_WAITING to the completed state COMPLETED; at the same time, the service rights count of the second terminal will be unfrozen, the frozen amount will be restored to available or adjusted for rewards, and the node weights and relationships of the first terminal and the second terminal in the credit graph will be updated.

[0102] In this state, the server can selectively send more decrypted information to the first terminal, including some sensitive information from the second terminal, to support subsequent evaluation, complaints, or tracing.

[0103] If a fulfillment token Token_B is not generated within the preset time, or if the atomicity verification algorithm fails, the order status will be transferred to the EXCEPTION status of verification failure. Depending on the type of exception, the frozen service rights count will be reduced or rolled back, and credit penalties will be imposed on the second terminal if necessary.

[0104] Based on the same inventive concept, another aspect of the embodiments of this application provides a dual-channel verification distributed data processing system, including:

[0105] The server is used to receive trip booking requests and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, it sends an authentication command to the first terminal.

[0106] Upon receiving the first authentication pass signal from the first terminal, a service token corresponding to the service order is generated, and the service token is stored in association with the service order.

[0107] The service token is used as an encryption key to encrypt the sensitive information of the second terminal to obtain an encryption result, and the de-identified trip data generated based on the encryption result is sent to the first terminal; the sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, the precise geographical coordinates, and some fields from the historical credit score; the de-identified trip data includes obfuscated location data and location information presented in the form of relative distance.

[0108] The service rights count of the second terminal is obtained by associating with the second terminal, and the service rights count is frozen to form a frozen rights amount; the order state machine is updated and the validity period parameter of the service token is recorded.

[0109] The location information of the first terminal and the second terminal is collected periodically, and the spatial distance and moving speed of the first terminal and the second terminal are calculated based on the preset geofencing algorithm.

[0110] When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

[0111] This embodiment decouples the high-frequency travel cost settlement to the offline peer-to-peer payment channel. The platform server only needs to handle lightweight token verification and state machine transitions, without having to execute complex financial logic such as real-time accounting and balance maintenance. This significantly reduces database write pressure and transaction lock conflicts in high-concurrency scenarios, thereby improving system throughput and response speed.

[0112] Based on the same inventive concept, another aspect of the embodiments of this application provides a dual-channel verification distributed data processing system, see [link to relevant documentation]. Figure 2 ,include:

[0113] Server 10, first terminal 20, and second terminal 30;

[0114] The first terminal 20 is used to send a trip reservation request to the server 10, receive de-identified trip data associated with the service token, and, in the fulfillment-ready state, conduct near-field interaction with the second terminal 30 through an offline physical channel and trigger the second authentication signal.

[0115] The second terminal 30 is used to receive trip request information, freeze the service rights count by the server 10 after Token_A is generated, and perform near-field interaction with the first terminal 20 when the first terminal 20 reaches the geofence area.

[0116] The server 10 is connected to the first terminal (passenger terminal) 20, the second terminal (vehicle owner terminal) 30 and the third-party payment gateway 40 via the network.

[0117] Preferably, the server 10 includes:

[0118] The token generation module is used to generate a service token Token_A when the first authentication is successful, and a fulfillment token Token_B when the second authentication is successful, and maintain the mapping relationship between the two and the order.

[0119] The data encryption and desensitization module is used to encrypt sensitive data of the second terminal 30 based on the service token Token_A, and provide the first terminal 20 with desensitized travel data generated based on the encryption result;

[0120] The geofence detection module is used to calculate spatiotemporal overlap events based on the location information of the first terminal 20 and the second terminal 30, and send a fulfillment ready signal to both terminals.

[0121] The atomicity verification module is used to perform multi-dimensional joint verification based on the service token Token_A, the performance token Token_B, and the spatiotemporal overlap event.

[0122] The state machine and rights management module is used to maintain the state transitions of the order state machine, freeze, unfreeze, or deduct the service rights count of the second terminal 30, and update the credit graph data of the first terminal 20 and the second terminal 30.

[0123] Preferably, the server 10 further includes:

[0124] The exception handling module is used to update the order state machine to an abnormal state when no Token_B is detected within a preset time or when atomicity verification fails. It also performs rollback or deduction processing on the service rights count according to a preset strategy and writes the exception record into the credit graph.

[0125] Preferably, the first terminal 20 and the second terminal 30 are smartphones or in-vehicle terminal devices with travel service applications installed, respectively.

[0126] The offline physical channels include at least one of QR code scanning, Bluetooth near-field communication, and NFC near-field communication.

[0127] Preferably, the order state machine in the server 10 includes at least the following states:

[0128] PENDING: Status of pending payment of information service fees;

[0129] TICKET_ISSUED or LOCKED_WAITING: A locked wait state in which a service token has been generated and the second terminal's 30 service rights count has been frozen;

[0130] FULFILLMENT_VERIFIED: The fulfillment token has been generated and its atomicity has been verified.

[0131] COMPLETED: The order has been fulfilled and the credit graph has been updated.

[0132] EXCEPTION: An abnormal state in which a fulfillment token is not successfully generated or verification fails within a preset time.

[0133] Specifically, see Figure 2 Step S1: Service request and first token generation.

[0134] In S11, the first terminal 20 sends a trip reservation request to the server 10 through a travel application. The trip reservation request includes the departure point, destination, estimated time, and basic passenger information.

[0135] S12. Server 10 performs a validity check on the request, including but not limited to: whether the first terminal 20 is a registered user with a real name, whether the vehicle owner corresponding to the second terminal 30 has valid service qualifications, and whether there are any incomplete or abnormal orders. If the check fails, the order creation is rejected; if the check passes, the process proceeds to the next step.

[0136] S13. Server 10 determines a suitable second terminal 30 based on the matching algorithm and pushes a trip request to it. After the second terminal 30 accepts the order, server 10 generates a corresponding order record and sends a first authentication instruction to the first terminal 20, requesting payment of information service fees through the third-party payment gateway 40.

[0137] S14. When the server 10 receives a successful payment notification for the information service fee from the payment gateway 40, i.e., the first authentication pass signal, the server 10 generates a unique service token Token_A based on parameters such as the order number, timestamp, and random number, and stores the service token Token_A in association with the order and the identifiers of the first terminal 20 and the second terminal 30.

[0138] S15, Server 10 encrypts sensitive information (including real phone number, precise location coordinates, etc.) related to the second terminal 30, using the service token Token_A as the key or a key derivation factor; simultaneously, Server 10 generates de-identified travel data based on the aforementioned encrypted information. For example, it only displays "Approximately 2 kilometers away" and "Estimated arrival time: 3 minutes," and sends the de-identified data to the first terminal 20 for display.

[0139] Step S2: Freeze rights and lock order status.

[0140] S21. While generating the service token Token_A, server 10 accesses the service rights count associated with the account of the second terminal 30. Server 10 marks one or more of these limits as "frozen" for use as credit collateral for the fulfillment of this order's service obligations.

[0141] S22. The order state machine transitions from the PENDING state (pending payment of information service fees) to the LOCKED_WAITING state. Server 10 writes the state field STATE=LOCKED_WAITING into the order record and records the validity period parameters of the service token Token_A, such as token_expire_time, as well as the expected start and end times of the trip.

[0142] Step S3: Geofencing Trigger and Near-Field Interaction Preparation.

[0143] S31. During the period when the order is in the LOCKED_WAITING state, the server 10 periodically receives GPS coordinates and speed information reported from the first terminal 20 and the second terminal 30, and stores them in the trajectory cache.

[0144] S32. Server 10 calls the geofence detection algorithm to calculate the spatial distance D(t) between the first terminal 20 and the second terminal 30, as well as their respective velocities v1(t) and v2(t).

[0145] S33. When there exists a time t0 such that the spatial distance D(t0) is less than the preset distance threshold D_th, and the speed of the first terminal v1(t0) is less than the speed threshold V_th and the speed of the second terminal v2(t0) is less than the speed threshold V_th, and the above conditions are continuously met within the time interval [t0, t0+Δt], the server 10 determines that a valid spatiotemporal overlap event GPS_Overlap has occurred at t_overlap=t0.

[0146] S34. After detecting the spatiotemporal overlap event GPS_Overlap, server 10 pushes a fulfillment ready prompt to the first terminal 20 and the second terminal 30 respectively, displaying information such as "Arrived at the destination, please complete offline payment and confirmation", and at the same time activates the second channel interaction interface.

[0147] Step S4: Second token generation and heterogeneous verification.

[0148] S41. In the fulfillment-ready state, the second terminal 30 displays the order QR code or NFC tag generated by the server 10 on its screen, and the first terminal 20 reads the identification information through the camera or NFC module.

[0149] S42. Based on the reading result, the first terminal 20 initiates offline peer-to-peer payment or completes the cost sharing settlement with the second terminal 30 through a local wallet. After the settlement is completed, the first terminal 20 or the third-party payment gateway 40 sends a second authentication success signal to the server 10.

[0150] S43. When the server 10 receives the second authentication success signal, it generates a performance token Token_B and records its generation timestamp t_tokenB.

[0151] S44, Server 10 executes the atomicity check algorithm.

[0152] For example: IF(Token_A.isValid==TRUE)AND;

[0153] (abs(t_tokenB-t_overlap)<ΔT_th)AND;

[0154] (ORDER_STATE==LOCKED_WAITING);

[0155] THENverify_success=TRUE;

[0156] ELSEverify_success=FALSE.

[0157] Example explanation: Check if Token_A (representing the authorization credential before payment) is still valid (Token_A.isValid==TRUE). This is equivalent to confirming that "the user has previously obtained payment eligibility".

[0158] Verify that the payment process was completed promptly.

[0159] Compare the payment completion time (t_tokenB) with the user's scanning time (t_overlap) to ensure that the time difference between the two is less than the allowed threshold (ΔT_th).

[0160] (For example: users must complete the payment within 30 seconds after scanning the code to prevent timeout transactions or fraud.)

[0161] Verify that the order status is ready.

[0162] The order is currently in a "locked and waiting for fulfillment" state (ORDER_STATE==LOCKED_WAITING): This is equivalent to the system marking "the order is frozen and can be executed at any time".

[0163] Final judgment rules.

[0164] All conditions are met → Verification passed (verify_success=TRUE), proceed to the next step of the fulfillment process S5.

[0165] Any failure → Verification failure (verify_success=FALSE), the order is transferred to exception handling (such as refund, manual review, etc.).

[0166] Where t_overlap is the timestamp of the most recent valid spatiotemporal overlap event, and ΔT_th is the allowed time deviation threshold.

[0167] S45. If verify_success is true TRUE, proceed to step S5; otherwise, the fulfillment verification is deemed to have failed, and the order enters the exception handling process.

[0168] Step S5: State machine transition and data unlocking.

[0169] S51. When the verification is successful, the server 10 updates the order status to COMPLETED and writes fields such as completion time and verification result into the order record.

[0170] S52, Server 10 unfreezes the service rights count of the second terminal 30, restores the frozen amount to an available state or provides a reward boost if the credit is good, and updates the credit graph node weight of the second terminal 30.

[0171] S53. At the same time, server 10 updates the reputation record of the first terminal 20, such as adding statistical fields such as "on-time payment completion rate" and "number of successful performance".

[0172] S54, Server 10 can send more decryption information to the first terminal 20, including decrypting some sensitive information of the second terminal 30 or allowing viewing of historical evaluations and contact information for subsequent evaluation, tracing and rights protection.

[0173] S55. If the second authentication success signal is not received within the preset time window, or the atomicity check fails, the server 10 will update the order status to the EXCEPTION status of verification failure, execute the corresponding exception handling strategy, such as: releasing the subsequent evaluation entry of the first terminal 20, deducting or freezing the service rights count of the second terminal 30 according to the rules, and recording the abnormal behavior in the credit graph.

[0174] Based on the same inventive concept, this disclosure also provides an electronic device 161, see [link to previous document]. Figure 3 It includes a processor 164, a communication interface 165, a memory 162, and a communication bus, wherein the processor 164, the communication interface 165, and the memory 162 communicate with each other through the communication bus;

[0175] Memory 162 stores computer program 163;

[0176] When processor 164 executes the program stored in memory 162, it implements a dual-channel verification distributed data processing method.

[0177] The aforementioned communication bus can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. This communication bus can be divided into address bus, data bus, control bus, etc.

[0178] The communication interface 165 is used for communication between the aforementioned electronic device 161 and other devices.

[0179] The memory 162 may include random access memory (RAM) or non-volatile memory, such as at least one disk storage device. Optionally, the memory 162 may also be at least one storage device located remotely from the aforementioned processor 164.

[0180] The processor 164 mentioned above can be a general-purpose processor 164, including a central processing unit (CPU), a network processor (NP), etc.; it can also be a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components.

[0181] Based on the same inventive concept, another aspect of the present disclosure provides a computer-readable storage medium storing a computer program 163, which, when executed by a processor 164, implements a dual-channel verification distributed data processing method.

[0182] The computer-readable storage medium may be included in the device / apparatus described in the above embodiments; or it may exist independently and not assembled into the device / apparatus. The computer-readable storage medium carries one or more programs, which, when executed, implement a dual-channel verification distributed data processing method according to embodiments of this disclosure.

[0183] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application.

Claims

1. A dual-channel verification distributed data processing method, applied to a server, characterized in that, include: Receive trip booking requests and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, send an authentication command to the first terminal; Upon receiving the first authentication pass signal from the first terminal, a service token corresponding to the service order is generated, and the service token is stored in association with the service order. The service token is used as an encryption key to encrypt sensitive information of the second terminal to obtain an encryption result, and desensitized trip data generated based on the encryption result is sent to the first terminal. Sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, precise geographic coordinates, and some fields from historical credit scores. The desensitized trip data includes obfuscated location data and location information presented in the form of relative distance. The service rights count of the second terminal is obtained by associating with the second terminal, and the service rights count is frozen to form a frozen rights amount; Update the order state machine and record the service token's validity period parameter; The location information of the first terminal and the second terminal is collected periodically, and the spatial distance and moving speed of the first terminal and the second terminal are calculated based on the preset geofencing algorithm. When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

2. The method according to claim 1, characterized in that, The method further includes: The system receives a second authentication signal from the first terminal, performs authentication based on the second authentication signal, generates a performance token after successful authentication, and records the generation timestamp of the performance token. An atomicity verification algorithm is executed to perform multi-dimensional data joint verification of the validity of the service token, the spatiotemporal overlap information of the first terminal and the second terminal, and the timestamp of the fulfillment token; The atomicity check algorithm includes at least the following: If the service token Token_A.isValid is true, and the difference between the timestamp of the fulfillment token Token_B and the timestamp of the most recent spatiotemporal overlap event is less than the preset time difference threshold, then the verification is considered to have passed; otherwise, the verification is considered to have failed and the exception handling process is triggered.

3. The method according to claim 2, characterized in that, The method further includes: When the atomicity check algorithm passes the check, the service order state machine is updated from the thread waiting state to the completed state. The credit graph data of the first terminal and the second terminal are updated based on the service token and the performance token, and the freeze on the service rights count of the second terminal is lifted, and the frozen rights amount is unfrozen or returned.

4. The method according to claim 3, characterized in that, The method further includes: A decryption key or decryption command is sent to the first terminal, and the sensitive information of the second terminal is unlocked based on the decryption key or decryption command for subsequent evaluation, complaint or rights protection.

5. The method according to claim 2, characterized in that, The method further includes: If a fulfillment token is not generated within the preset time limit or the atomicity check fails, the service order state machine will be transitioned to an abnormal state, and a deduction or rollback strategy for freezing the equity count will be executed.

6. The method according to claim 1, characterized in that, The calculation of the spatial distance and movement speed between the first terminal and the second terminal based on a preset geofencing algorithm includes: Calculate the Euclidean distance or great circle distance between the GPS coordinates of the first terminal and the second terminal and determine it as the spatial distance; When the spatial distance is less than the first threshold, the velocity vectors of the first terminal and the second terminal within the preset time window are combined to determine whether the dwell time at the same location is greater than the third threshold, so as to confirm the spatiotemporal overlap event.

7. The method according to claim 1, characterized in that, The service rights count is the order acceptance limit or service execution limit obtained after the server is bound to the second terminal account; When generating the service token Token_A, the order acceptance limit is decremented by one and marked as frozen. When the order status is completed, the frozen order acceptance limit will be restored to an available state; When an order status becomes abnormal and the second terminal is determined to be in breach of contract, the deduction of the corresponding order amount will continue.

8. A dual-channel verification distributed data processing system, characterized in that, include: The server is used to receive trip booking requests and sensitive information, and after verifying the qualifications of the first terminal and the second terminal, it sends an authentication command to the first terminal. Upon receiving the first authentication pass signal from the first terminal, a service token corresponding to the service order is generated, and the service token is stored in association with the service order. The service token is used as an encryption key to encrypt sensitive information of the second terminal to obtain an encryption result, and desensitized trip data generated based on the encryption result is sent to the first terminal. Sensitive information includes at least the real phone number of the vehicle owner corresponding to the second terminal, precise geographic coordinates, and some fields from historical credit scores. The desensitized trip data includes obfuscated location data and location information presented in the form of relative distance. The service rights count of the second terminal is obtained by associating with the second terminal, and the service rights count is frozen to form a frozen rights amount; Update the order state machine and record the service token's validity period parameter; The location information of the first terminal and the second terminal is collected periodically, and the spatial distance and moving speed of the first terminal and the second terminal are calculated based on the preset geofencing algorithm. When the spatial distance between the first terminal and the second terminal is less than the first threshold and their respective moving speeds are less than the second threshold, it is determined that the first terminal and the second terminal have spatiotemporal overlap near the preset destination. A fulfillment ready signal is pushed to the first terminal and the second terminal respectively, and the near-field interactive input interface of the second channel is activated.

9. An electronic device, characterized in that, It includes a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; Memory, which stores computer programs; When the processor executes the program stored in the memory, it implements the dual-channel verification distributed data processing method according to any one of claims 1 to 7.

10. A computer-readable storage medium storing a computer program, characterized in that, When the computer program is executed by the processor, it implements the dual-channel verification distributed data processing method according to any one of claims 1 to 7.