Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. However, it will be appreciated by those of ordinary skill in the art that numerous technical details are set forth in order to provide a better understanding of the present application in various embodiments of the present invention. However, the technical solution claimed in the present application can be implemented without these technical details and various changes and modifications based on the following embodiments.
The first embodiment of the invention relates to a transaction method, and the specific flow is shown in fig. 1.
Step S101, detecting transaction equipment in the range of the target area.
Specifically, the transaction method can be applied to a user terminal and a server, wherein the user terminal comprises: and devices such as mobile phones and tablet computers which can be connected with the network. When the transaction method is applied to the server, the server acquires the position information of each transaction device, detects the transaction devices in the target area range according to the acquired position information of each transaction device, namely the server acquires the position information of each transaction device from the transaction devices in communication connection with the server, determines a target range again, and can detect the transaction devices in the target area in communication connection with the server according to the acquired position information of each transaction device.
When the transaction method is applied to the user terminal, the user terminal establishes communication connection with the transaction equipment within the target range, the transaction equipment transmits the position information of the user terminal to the user terminal, and the user terminal acquires the position of the transaction equipment according to the position information transmitted by the transaction equipment within the target range.
There are many kinds of transaction devices, and when the transaction method is applied to a server, the transaction device should be connectable to the server, such as a point of sale information management system (POS machine) used in performing transactions by using a credit card, and a terminal device installed with software for transactions, such as a mobile phone installed with a payment device, a tablet computer installed with a WeChat, and a device for payment by using a consumer card, to name but a few. When the transaction method is applied to a user terminal, the transaction equipment used should be equipment capable of autonomously completing transactions, such as a card swiping machine on a bus, and when a user holds a bus card and is close to the card swiping machine, the card swiping machine can autonomously change the amount of money on the bus card of the user without completing a transaction process through a server.
If the situation that the position of the transaction equipment detected by the server side is inconsistent with the current actual position of the transaction equipment due to the change of the position of the transaction equipment is prevented, the position information of the transaction equipment acquired by the server or the user terminal can be the position information of the transaction equipment acquired periodically, namely the position information of the transaction equipment is continuously updated by the server or the user terminal, so that the position information of the transaction equipment before the position change is still used after the position of the transaction equipment is changed, and the consistency of the position information of the detected transaction equipment and the actual position information of the transaction equipment is ensured.
Step S102, pre-authorization is carried out on the detected transaction equipment, and transaction information is bound to the pre-authorization.
Specifically, after detecting the transaction equipment within the target range, the server or the user terminal performs pre-authorization on the detected transaction equipment within the target range, and the pre-authorization is bound with the transaction information. Wherein, the pre-authorization is used for giving the transaction equipment the right to complete the transaction when the transaction equipment needs to perform the transaction related to the transaction information. The transaction information is mainly used as a certificate to determine whether the transaction object is the owner of the payment instrument. For example, if the transaction uses a transaction certificate given by a bank such as a credit card and a bank card, the transaction information may be a card number of a payment certificate of the bank such as the credit card and the bank card; if transaction software such as payment software and WeChat software is used for the transaction, the transaction information may be an account number of the payment software or a two-dimensional code generated based on user information. If the transaction uses a consumption card or a coupon, the transaction information may be a card number of the consumption card or a coupon number.
The pre-authorized transaction information may carry information characteristics of the user, the information characteristics of the user, including any one or a combination of the following: a device characteristic of the user, a biometric characteristic of the user, a network characteristic of the user.
Wherein, the device characteristics of the user may be: name, device identification number ID, Token, two-dimensional code, digital certificate, etc. The network characteristics of the user may be: the website server comprises a user name, a login account, a Session and the like, wherein the Session refers to the time from entering a website to closing a browser when the user browses the website, namely the time spent by the user in browsing the website. The biometric of the user may be: hand shape, fingerprint, finger vein, face shape, iris, retina, or any combination thereof.
For example, when the transaction method of the present embodiment is applied to a server, the user terminal device transmits transaction information for a transaction bound to the user terminal device to the server. In practical application, after obtaining the transaction information, the server may send the transaction information bound with the pre-authorization and the carried information characteristic of the user to the transaction device that is pre-authorized, indicating that the transaction information and the information characteristic of the user are pre-authorized, so that when the transaction device detects that the transaction information or the information characteristic of the user used by the transaction in progress belongs to the pre-authorized transaction information or the information characteristic of the user, the transaction with the user may be directly completed without the user inputting the verification information. The transaction equipment sends the amount of money to be paid by the user and the transaction information used by the user in the transaction to the server, the server judges whether the transaction information sent by the transaction equipment belongs to the authorized transaction information of the transaction equipment, and if the judgment result is yes, the amount of money for paying the articles can be drawn from the account of the user without any verification.
When the transaction method according to the first embodiment of the present invention is applied to a user terminal, the user terminal enters transaction information of a user and information characteristics of the user into the terminal, and then binds the transaction information and the information characteristics of the user to pre-authorization information and sends the pre-authorization information to a transaction device in a target area, so that when the transaction device in the target area detects that transaction information used for a transaction in progress or information characteristics of the user belong to pre-authorized transaction information or information characteristics of the user, the user can directly draw money for paying an item from the user account without inputting verification information, and without participation of a server.
In the transaction mode, only the transaction equipment in the target area can have the right of completing the transaction, so that even if the transaction information or the information characteristics of the user are stolen, the stealer does not know which area of the transaction equipment is authorized, and the stolen transaction information or the information characteristics of the user cannot be utilized to carry out the transaction, the property of the user is guaranteed, and the security of the user in the transaction process is ensured. When a user carries out transaction information bound with transaction authorization or transaction related to information characteristics of the user, the user can directly complete the transaction through transaction equipment without inputting a verification password into a server for verification, so that the transaction of the user becomes more convenient and faster.
To further increase security, pre-authorization may be valid; the pre-authorization is specifically used for giving the transaction device the right to complete the transaction when the transaction device with validity needs to perform the transaction related to the transaction information. For example, the following steps: the preauthorization can increase a time efficiency, when the transaction equipment which is preauthorized within the time efficiency carries out the transaction related to the bound transaction information or the information characteristics of the user, the user does not need to input the verification information, and outside the time efficiency, the transaction equipment loses the preauthorization and cannot have the authority of completing the transaction, and the user must input the verification information during the transaction. In so doing, it is prevented that a transaction device that has been pre-authorized can always have authorization. It will be appreciated that if the preauthorized transaction device is always authorized, then when a theft of user information occurs, the likelihood of the thief finding the preauthorized transaction device will increase, thereby causing a loss of the user's property. To prevent this, pre-authorization with a certain time limit is a good solution to ensure the security of the user transaction.
In order to further increase security, the server or the user terminal may also determine whether to give the transaction device pre-authorization based on the industry characteristics of the transaction device within the target range and the transaction description, where the industry characteristics may be a category of an industry where the transaction device is located, for example, the server may know whether the transaction device within the target range is a transaction device in a catering industry, a transaction device in a bus system, or a transaction device in a clothing store. And the transaction description may average the amount of a transaction amount for one transaction for this transaction device. When the server or the user terminal judges whether the transaction device is pre-authorized, the industry characteristics or the transaction description can provide more intuitive data for the judgment of the server or the user terminal, and the safety of the first embodiment of the invention is further improved.
For the convenience of understanding the content of the above step S102, some specific application scenarios are given below:
the application scene one: the user terminal binds the card number of the public transport card of the user, detects the transaction equipment in the target range and finds out the card swiping machine of the public transport card in the target range according to the industry characteristics of the transaction equipment, pre-authorizes the card swiping machine of the public transport card, the user can swipe the public transport card on the card swiping machine of the pre-authorized public transport card without worrying about the problem that the public transport card is stolen after being lost, because even if the public transport card is stolen, the stolen public transport card cannot be used on the card swiping machine of the pre-authorized public transport card, the stolen public transport card cannot be used, and the property safety of the user is protected.
Application scenario two: the server obtains the bank card number sent by the user terminal, starts to detect the transaction devices in the target range, screens out the transaction devices at luxury selling points and the transaction devices with the average transaction amount of over 3000 yuan of one transaction of the transaction devices according to the industry characteristics and the transaction description of the transaction devices, and does not authorize the transaction devices in advance and authorizes other transaction devices in the target range in advance. Therefore, when the user conducts the transaction with higher transaction amount on the transaction equipment of the shop within the target range, the user still uses the traditional transaction method with higher safety factor and needing to input the verification information, and when the transaction equipment of the shop within the target range conducts the transaction with lower transaction amount, the user can directly detect the held transaction information by the transaction equipment to complete the transaction without inputting the verification information, so that the transaction is very convenient.
Application scenario three: the server obtains the user fingerprint which is sent by the user terminal and bound with the bank card in advance, the server starts to detect the transaction equipment within the target range, preauthorizes the transaction equipment which meets the preauthorization condition, and sends the user fingerprint to the preauthorized transaction equipment at the same time, when the user carries out transaction on the preauthorized transaction equipment within the target range, the user only needs to provide the fingerprint for the transaction equipment to be checked, and the transaction can be completed without showing the bank card. In the prior art, if the transaction equipment is connected to the fingerprint database, the time for the transaction equipment to verify the identity of the transaction object by using the fingerprint is relatively long during transaction because the amount of the fingerprint information in the fingerprint database is relatively large, but if the user uses the transaction method described in the embodiment and uses the fingerprint as the transaction information, the transaction equipment only obtains the fingerprint information of the user who needs to use the transaction method described in the embodiment, the time for the transaction equipment to verify the identity of the transaction object by using the fingerprint is relatively short during transaction, and the transaction convenience is improved while the transaction safety is ensured.
In summary, the first embodiment of the present invention uses a transaction method of first authorization and then transaction, which not only ensures the security of transaction, but also considers the convenience of transaction, and meanwhile, the validity of pre-authorization further increases the security.
A second embodiment of the invention relates to a transaction method. The second embodiment of the present invention is also applied to a server or a user terminal, and is an improvement of the first embodiment of the present invention, and the main improvements are as follows: in a second embodiment of the present invention, before detecting a transaction device within the target area, the transaction method further includes: and acquiring the position information of the user terminal, and determining the target area range according to the position information of the user terminal. After pre-authorizing the detected transaction device, further comprising: and when the change of the position information of the user terminal meets the preset condition, updating the target area range, re-determining the transaction equipment needing pre-authorization according to the updated target area range, and canceling the pre-authorization of the failed transaction equipment. The specific flow is shown in fig. 2.
Step S201, obtaining the position information of the user terminal, and determining the target area range according to the position information of the user terminal.
Specifically, when the transaction method is applied to the server, a user can select a terminal such as a mobile phone and a tablet personal computer to be connected with the server, the user terminal such as the mobile phone and the tablet personal computer can acquire position information of the user terminal through a global positioning system or a locator, the position information can be transmitted to the connected server after the position information is acquired, and the server can determine a target area range according to the position information of the user terminal after the position information transmitted by the terminal is acquired. When the transaction method is applied to the user terminal, the user terminal such as a mobile phone and a tablet personal computer of the user can directly determine the target area range according to the position information of the user terminal after acquiring the position information of the user terminal through a global positioning system or a locator. For example, an area range determined by taking the position of the user terminal as a center and a preset distance as a radius is taken as a target area range. Because the target area range is set to be related to the user terminal, the transaction equipment granted with the transaction authority changes along with the change of the position of the user terminal, so that even if the transaction information used for transaction by the user is stolen, the stealer can hardly know the position of the transaction equipment granted with the transaction authority, the stealer is prevented from carrying out transaction by using the stolen transaction information, the property safety of the user is guaranteed, and the transaction safety of the user is ensured.
Step S202 corresponds to step S101, i.e. transaction devices within the target area are detected.
Step S203 corresponds to step S102, namely, pre-authorization is performed on the detected transaction device, and the transaction information is bound to the pre-authorization.
The contents of step S202 and step S203 are described in the first embodiment of the present invention, and the description thereof is not repeated here.
And step S204, updating the target area range when the change of the position information of the user terminal meets the preset condition.
Specifically, when the transaction method is applied to a server, a user terminal is connected to the server, the server acquires position information of the user terminal from the user terminal, and when the transaction method is applied to the user terminal, the user terminal is in communication connection with transaction equipment within a target range and acquires position information of the terminal. The location information of the user terminal may be periodically acquired location information of the user terminal, that is, the server periodically receives location information of the user terminal or periodically updates location information of the user terminal, and when the acquired location information of the user terminal changes and meets a preset condition, a new range of the target area is determined according to the newly acquired location information of the user terminal. The preset condition may be that a certain distance is satisfied. For example, if the location of the user terminal changes by a distance exceeding 100 meters, the target area range is updated. The distance satisfying the preset condition may be set arbitrarily, and may be 100 meters, 200 meters, 300 meters, or the like. The method for updating the target area when the position information of the user terminal changes to meet the preset condition is beneficial to the fact that when the user conducts transaction, the user always uses the transaction equipment authorized for transaction in the target area to conduct transaction when the user is always in the target area, and the use of the user is facilitated.
Step S205, according to the updated target area range, re-determining the transaction equipment which needs to be subjected to transaction authorization and canceling authorization for the invalid transaction equipment.
Specifically, due to the change of the position of the user terminal, after the target area is updated, the server or the user terminal pre-authorizes the transaction equipment in the new target area, and cancels the authorization for the failed transaction equipment, wherein the failed transaction equipment is the transaction equipment which is out of the range of the updated target area in the transaction equipment authorized by the transaction. That is, when the target area is not updated, a certain transaction device is in the target area and is authorized in advance by the server or the user terminal, but when the target area changes due to the change of the position of the user terminal, the transaction device becomes out of the coverage of the new target area, and the transaction device is called as a failed transaction device. The reason why the authorization is canceled for the invalid transaction device is advantageous for ensuring the security of the user in the transaction process is that when the position of the user terminal changes with the change of the position of the user, in order to enable the user to still use the authorized transaction device, the target area changes with the change of the position of the user terminal, and if the invalid transaction device is still authorized in advance, the area occupied by the transaction device with the advance authorization is enlarged. When the user transaction information is stolen, under the condition that the area occupied by the transaction equipment with the pre-authorization is expanded, the stealer can more easily find the transaction equipment with the pre-authorization, so that the property of the user is lost. The cancellation of the pre-authorization of a disabled transaction device therefore ensures security when the user is transacting.
Some specific application scenarios are given below to facilitate understanding of the present embodiment.
The application scene one:
the mobile phone A of a user reports position information to a server regularly (for example, reporting the position information once every 5 minutes), the mobile phone A is also bound with a bank card of the user and uploads a card number of the bank card to the server, the server sets a target area which takes the position of the mobile phone A of the user as the center and takes a certain distance as a radius (for example, setting the position as the radius of 500 meters) according to the position information reported by the mobile phone A of the user, the server detects all POS machines which are in communication connection with the server in the target area, pre-authorizes the transaction of the detected POS machines and sends the card number of the bank card uploaded by the mobile phone A to the detected POS machines (namely authorized POS machines), when the mobile phone A is held by the user to a certain shop and the POS machines connected with the server are used for swiping the transaction, the POS machines check whether the bank card number obtained during swiping the card is consistent with the bank card number sent by the server and authorized for the transaction, if the check result is consistent, the bank card number obtained during card swiping is directly sent to the server without inputting a verification password by the user, when the server obtains the bank card number sent by the POS machine, the server judges again to check whether the bank card number sent by the POS machine is consistent with the bank card number sent by the mobile phone A of the user, and if the check result is consistent, the transaction of the user is completed.
Application scenario two:
the mobile phone B of the user uploads an account number and current position information of third-party payment software (such as a payment treasure) in the mobile phone to the server, the server stores map information comprising a plurality of specific areas (such as areas with relatively concentrated transaction equipment in a market, a dish market and the like) in advance, and each specific area is provided with a plurality of transaction equipment in communication connection with the server. When the server detects that the mobile phone B is in a certain specific area, the specific area is set as a target area, transaction pre-authorization is carried out on all transaction equipment in the target area, which are in communication connection with the server, and all transaction equipment in the target area, which are in communication connection with the server, can complete transactions related to the account number reported by the mobile phone B without providing verification information, and the account number of the third-party payment software uploaded by the mobile phone B is sent to the transaction equipment. When a user arrives at a target area and utilizes third-party payment software and the transaction equipment to conduct transaction, the transaction equipment scans a two-dimensional code generated by an account of the third-party payment software of the user, checks whether account information carried by the scanned two-dimensional code is consistent with account information sent by a server or not, if the account information carried by the scanned two-dimensional code is consistent with the account information sent by the server, the account information carried by the scanned two-dimensional code is transmitted to the server, and when the account information uploaded by the transaction equipment is judged to be consistent with the account information uploaded by a mobile phone B of the user by the server, the transaction of the user is directly completed.
In summary, the second embodiment of the present invention re-determines the transaction device that needs to be pre-authorized according to the updated target area range, and cancels the authorization for the failed transaction device; the invalid transaction equipment is the transaction equipment which is out of the updated target area range in the transaction equipment which is authorized in advance. By the method, even if the target area is changed, the transaction equipment outside the target area is ensured to be in a state without pre-authorization, the transaction safety of the user is further ensured, and the user can enjoy convenient transaction without losing own property.
The steps of the above methods are divided for clarity, and the implementation may be combined into one step or split some steps, and the steps are divided into multiple steps, so long as the same logical relationship is included, which are all within the protection scope of the present patent; it is within the scope of the patent to add insignificant modifications to the algorithms or processes or to introduce insignificant design changes to the core design without changing the algorithms or processes.
Those skilled in the art will understand that all or part of the steps in the method according to the above embodiments may be implemented by a program instructing related hardware to complete, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, etc.) or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
A third embodiment of the present invention relates to an electronic device, the configuration of which is shown in fig. 3, and which includes: at least one processor 31, and,
a memory 32 communicatively coupled to the at least one processor 31;
wherein the memory 32 stores instructions executable by the at least one processor 31, the instructions being executable by the at least one processor 31 to enable the at least one processor 31 to perform a transaction method according to the first embodiment or the second embodiment of the present invention.
In summary, the third embodiment of the present invention provides an electronic device, which enables a user to perform a transaction more conveniently and ensures the security of the transaction.
It should be noted that this embodiment is an example of an apparatus corresponding to the first embodiment or the second embodiment of the present invention, and may be implemented in cooperation with the first embodiment or the second embodiment. The related technical details mentioned in the first embodiment or the second embodiment are still valid in this embodiment, and are not described herein again in order to reduce repetition. Accordingly, the related-art details mentioned in the present embodiment can also be applied to the first embodiment or the second embodiment.
It will be understood by those of ordinary skill in the art that the foregoing embodiments are specific examples for carrying out the invention, and that various changes in form and details may be made therein without departing from the spirit and scope of the invention in practice.