阅读说明：本技术 基于云应用实例的支付方法、系统及相关设备 (Payment method, system and related equipment based on cloud application example ) 是由 聂凯旋 黄巍 刘强强 刘春阳 于 2020-06-30 设计创作，主要内容包括：本申请提供一种基于云应用实例的支付方法、系统及相关设备,该方法包括以下步骤：云应用实例向支付管理节点发送订单和设备标识,支付管理节点记录订单和设备标识的对应关系,云应用实例向终端设备发送订单支付请求,终端设备根据订单支付请求,向支付管理节点发送携带设备标识的订单获取请求,支付管理节点根据订单获取请求携带的设备标识从对应关系获取订单,向终端设备发送订单,终端设备接收并处理订单。该方法中,用户无需远程操纵云应用实例进行订单支付,解决了用户通过云应用实例支付订单存在安全隐患的问题。(The application provides a payment method, a payment system and related equipment based on a cloud application example, wherein the method comprises the following steps: the cloud application instance sends an order and a device identifier to the payment management node, the payment management node records the corresponding relation between the order and the device identifier, the cloud application instance sends an order payment request to the terminal device, the terminal device sends an order obtaining request carrying the device identifier to the payment management node according to the order payment request, the payment management node obtains the order from the corresponding relation according to the device identifier carried by the order obtaining request, the order is sent to the terminal device, and the terminal device receives and processes the order. According to the method, the user does not need to remotely control the cloud application example to carry out order payment, and the problem that potential safety hazards exist when the user pays the order through the cloud application example is solved.)

1. A payment method based on a cloud application instance is characterized by comprising the following steps:

the cloud application instance sends an order and an equipment identifier to the payment management node;

the payment management node records the corresponding relation between the order and the equipment identifier;

the cloud application instance sends an order payment request to the terminal equipment;

the terminal equipment sends an order acquisition request carrying the equipment identification to the payment management node according to the order payment request;

the payment management node acquires the order from the corresponding relation according to the equipment identification carried by the order acquisition request, and sends the order to the terminal equipment;

and the terminal equipment receives and processes the order.

2. The method of claim 1, wherein before the cloud application instance sends the order and the order identification to the payment management node, the method further comprises:

and the terminal equipment acquires the equipment identification of the cloud application instance from the connection channel.

3. The method according to claim 1 or 2, wherein the terminal device receives and processes the order, comprising:

the terminal equipment displays the order;

the terminal equipment acquires an identifier of a payment platform selected by a user, a payment account number and a payment password of the user on the payment platform;

and the terminal equipment sends the identification of the payment platform, the payment account and the payment password to the payment management node.

4. The method of claim 3, wherein the terminal device receives and processes the order, further comprising:

the payment management node sends the payment account, the payment password, the collection account recorded by the order and the price of the selling object to the payment platform according to the identifier of the payment platform;

the payment platform deducts money from the payment account and sends first payment success information to the payment management node under the condition that the payment account is successfully verified according to the payment password;

the payment management node sends second payment success information to the application service node;

and the application service node records the order to take effect according to the second payment success information.

5. The method of claim 4, further comprising:

and the application service node informs the cloud application instance that the order is effective.

6. The method of any of claims 1 to 4, wherein the cloud application instances comprise virtual machines, containers, and bare metal servers.

7. The method of any one of claims 1 to 5, wherein the application service nodes comprise a game server, an education application server, a video application server, a social application server and a virtual reality application server.

8. The method according to any one of claims 1 to 6, wherein the terminal device comprises a mobile phone, a tablet computer, a personal computer, a smart television, a game console.

9. A payment system based on a cloud application instance, comprising:

the cloud application instance is used for sending the order and the equipment identifier to the payment management node;

the payment management node is used for recording the corresponding relation between the order and the equipment identifier;

the cloud application instance is used for sending an order payment request to the terminal equipment;

the terminal device is used for sending an order acquisition request carrying the device identifier to the payment management node according to the order payment request;

the payment management node is configured to obtain the order from the corresponding relationship according to the device identifier carried in the order obtaining request, and send the order to the terminal device;

and the terminal equipment is used for receiving and processing the order.

10. The system according to claim 9, wherein the cloud application instance is configured to establish a connection channel with the terminal device before sending the order and the order identifier to the payment management node, and the terminal device obtains the device identifier of the cloud application instance from the connection channel.

11. The system of claim 9 or 10,

the terminal equipment is used for displaying the order;

the terminal equipment is used for acquiring an identifier of a payment platform selected by a user, a payment account and a payment password of the user on the payment platform;

and the terminal equipment is used for sending the identifier of the payment platform, the payment account and the payment password to the payment management node.

12. The system of claim 11, wherein the system further comprises an application service node,

the payment management node is used for sending the payment account, the payment password, the collection account recorded by the order and the price of the selling object to the payment platform according to the identification of the payment platform;

the payment platform is used for deducting the payment account and sending first payment success information to the payment management node under the condition that the payment account is successfully verified according to the payment password;

the payment management node is used for sending second payment success information to the application service node;

and the application service node is used for recording the order taking effect according to the second payment success information.

13. The system of claim 12, wherein the application service node is configured to notify the cloud application instance that the order is in effect.

14. The system of any of claims 9 to 13, wherein the cloud application instances comprise virtual machines, containers, and bare metal servers.

15. The system according to any one of claims 9 to 14, wherein the application service nodes comprise a game server, an education application server, a video application server, a social application server and a virtual reality application server.

16. The system according to any one of claims 9 to 15, wherein the terminal device comprises a mobile phone, a tablet computer, a personal computer, a smart television, a game console.

17. A payment method based on a cloud application instance is characterized in that the method comprises the following steps:

the terminal equipment receives an order payment request sent by the cloud application example;

the terminal equipment sends an order obtaining request carrying the equipment identification of the cloud application instance to a payment management node according to the order payment request, wherein the payment management node records the corresponding relation between the order and the equipment identification;

the terminal equipment receives the order sent by the payment management node according to the order acquisition request;

and the terminal equipment processes the order.

18. The method of claim 17, wherein before the terminal device receives the order payment request sent by the cloud application instance, the method further comprises:

and the terminal equipment establishes a connection channel with the cloud application instance and acquires the equipment identification of the cloud application instance from the connection channel.

19. The method according to claim 17 or 18, wherein the terminal device processes the order, comprising:

the terminal equipment displays the order;

the terminal equipment acquires an identifier of a payment platform selected by a user, a payment account number and a payment password of the user on the payment platform;

and the terminal equipment sends the identification of the payment platform, the payment account and the payment password to the payment management node.

20. A terminal device, comprising:

the receiving module is used for receiving an order payment request sent by the cloud application example;

an obtaining module, configured to send an order obtaining request carrying an equipment identifier of the cloud application instance to a payment management node according to the order payment request, where the payment management node records a correspondence between the order and the equipment identifier;

the receiving module is configured to receive the order sent by the payment management node according to the order obtaining request;

and the processing module is used for processing the order.

21. The terminal device according to claim 20, wherein the terminal device further includes an establishing module, and the establishing module is configured to establish a connection channel with the cloud application instance and obtain the device identifier of the cloud application instance from the connection channel before the receiving module receives the order payment request sent by the cloud application instance.

22. The terminal device according to claim 20 or 21,

the processing module is used for displaying the order;

the processing module is used for acquiring an identifier of a payment platform selected by a user, a payment account and a payment password of the user on the payment platform;

and the processing module is used for sending the identifier of the payment platform, the payment account and the payment password to the payment management node.

23. A terminal device comprising a processor and a memory, wherein the memory has code stored thereon, and wherein the processor executes the code in the memory to implement the method of any one of claims 17 to 19.

24. A computer-readable storage medium comprising instructions that, when executed on a terminal device, cause the terminal device to perform the method of any one of claims 17 to 19.

Technical Field

The present application relates to the field of cloud technologies, and in particular, to a payment method and system based on a cloud application instance, and a related device.

Background

With the rapid development of cloud computing Technology and various network infrastructures, traditional Internet Technology (IT) business architecture is gradually migrating to a public cloud, and more business applications are redesigned and used based on the public cloud architecture. Under a public cloud architecture, the application of a user is installed in a cloud application example, the cloud application example can transmit an audio and video picture rendered in the application running process to terminal equipment in the form of audio and video streams, and the terminal equipment only needs to display the received audio and video streams to the user, so that the downloading and installation of the application are avoided, and the application can be used immediately.

However, when the user performs a payment operation through the cloud application instance, for example, the application is an online game application, the user needs to add value in the online game, since the cloud application instance is set in the public cloud, if the terminal device transmits financial information (such as a third party payment account and a password) of the user to the cloud application instance, in the process, the cloud application example of the public cloud can acquire the financial information of the user, when the user stops renting the cloud application example, the financial information of the user can be recorded in the cloud application example, if other users rent the cloud application example, the financial information input by the user at the previous time can be obtained, and a great potential safety hazard exists, based on the fact, at present, a user cannot perform any payment operation through a cloud application instance, and inconvenience is brought to the user.

Disclosure of Invention

The application provides a payment method, a payment system and related equipment based on a cloud application instance, and a user can realize safe payment through the cloud application instance.

In a first aspect, a payment method based on a cloud application instance is provided, and the method includes the following steps: the cloud application instance firstly sends an order and a device identifier to the payment management node so that the payment management node records the corresponding relationship between the order and the device identifier, the cloud application instance then sends an order payment request to the terminal device, the terminal device sends an order acquisition request carrying the device identifier to the payment management node according to the order payment request, the payment management node acquires the order from the previous corresponding relationship according to the device identifier in the order acquisition request, then sends the order to the terminal device, and the terminal device receives and processes the order.

In specific implementation, the device identifier is a unique character string, specifically, the device identifier may be a device feature code of a cloud application instance, and the unique code is used by the cloud platform to distinguish the cloud application instance. The order includes a price of the selling object, which may be a commodity purchased by the user within the application, referring to an amount due for the order, and a collection account number, which may be a collection account number of a provider of the application service node. In a specific implementation, the order may further include information describing the order, such as an order number, an application account number of the user, a commodity name of the selling object, discount offers, a purchase amount, and the like.

In the implementation of the method described in the first aspect, the cloud application instance sends the order to be paid by the user to the payment management node, the terminal device held by the user obtains the order from the payment management node, and the payment application running on the terminal device is used to pay the order.

In a possible implementation manner, before the cloud application instance sends the order and the order identifier to the payment management node, the method further includes the following steps: and the terminal equipment acquires the equipment identifier of the cloud application instance from the connection channel.

In a specific implementation, the connection channel may be an event pipeline, or may also be another connection channel for transmitting data between the cloud application instance and the terminal device, and the application is not limited in particular.

It should be noted that, the cloud application instance sends the order and the device identifier to the payment management node through an encryption transmission channel with high security, the encryption transmission channel may be implemented by an application layer (seventh layer) protocol of an Open System Interconnection Model (OSI), such as a mature and trusted communication protocol existing in the industries, e.g., HTTP protocol, FTP protocol, and the like, and further encryption processing is performed when the application layer protocol is used to transmit data, such as AES128 encryption algorithm, RSA encryption algorithm, and the like, even if the data is intercepted by an unintended recipient, the transmission content of the request cannot be easily interpreted, so that when the cloud application instance sends the order and the device identifier to the payment management node, privacy information such as the user's order is prevented from being lost, and the security of the payment process is improved.

By implementing the implementation mode, desensitized state information or action information is transmitted between the cloud application instance and the terminal equipment only through the event pipeline, and password information related to user privacy is not transmitted.

In a possible implementation manner, after the terminal device receives the order, the terminal device displays the order, acquires the identifier of the payment platform selected by the user, the payment account and the payment password of the user on the payment platform, and sends the identifier of the payment platform, the payment account and the payment password to the payment management node.

Optionally, the payment platform displayed by the terminal device to the user and available for the user to select is a payment platform to which the user has bound through the cloud platform before the cloud application instance first sends the order and the device identifier to the payment management node. In brief, a user can firstly bind a payment account of a payment platform commonly used by the user with a cloud platform account, and a terminal device records the binding relationship, so that when the terminal device receives an order and displays the order to the user, the previously bound payment platform can be displayed on the terminal device for the user to select, and after the user selects the payment platform, the payment account of the payment platform previously bound by the user is obtained according to the previously recorded binding relationship, and then a payment password corresponding to the payment account of the payment platform is obtained from the user. If the user sets the default payment platform for payment, the terminal device can also directly acquire the payment password of the default payment platform from the user, and then send the identifier of the default payment platform, the payment account number of the default payment platform and the payment password to the payment management node.

In the specific implementation, because the payment account and the payment password of the payment platform of the user also belong to the privacy information of the user, when the payment account and the payment password of the payment platform are sent to the payment management node by the terminal device, the payment account and the payment password of the payment platform can be encrypted to generate a serial number, then the serial number is sent to the payment management node for processing, the payment management node sends the prepaid information containing the serial number to the payment platform, and the payment platform can decrypt the serial number to obtain the payment account and the payment password of the user, so that the safety of the payment process is further improved.

By implementing the implementation mode, after the user terminal acquires the order from the payment management node, whether the order information is correct or not can be confirmed, and the payment platform is selected for payment under the condition that the order information is confirmed to be correct, so that the cloud application instance-based payment method provided by the application is wider in applicability, and the use experience of the user is improved.

In a possible implementation manner, after the terminal device sends the identifier of the payment platform, the payment account and the payment password to the payment management node, the payment management node sends the payment account, the payment password, the collection account recorded by the order and the price of the selling object to the payment platform according to the identifier of the payment platform, the payment platform deducts the payment account and sends first payment success information to the payment management node under the condition that the payment account is successfully verified according to the payment password, the payment management node sends second payment success information to the application service node, and the application service node records the order to take effect according to the second payment success information.

By implementing the implementation mode, after the terminal equipment pays the order through the payment platform and the payment is successful, the payment management node receives first payment success information sent by the payment platform, and the payment management node can send second payment success information to the application service node so that the application service node records the order to take effect.

In a possible implementation manner, after the terminal device sends the identifier of the payment platform, the payment account and the payment password to the payment management node, the payment management node may also send prepaid information to the corresponding payment platform according to the identifier of the payment platform, where the prepaid information includes the payment account, the price of the selling object and the collection account. And then the payment platform generates a transaction serial number according to the prepayment information and returns the transaction serial number to the payment management node, the payment management node sends the transaction serial number to the terminal equipment, the terminal equipment sends the payment password and the transaction serial number to the payment platform together after obtaining the payment password of the user, the payment platform can verify the payment password according to the transaction serial number, deduct a payment account number under the condition of successful verification, send first successful payment information to the payment management node, the payment management node sends second successful payment information to the application service node, and the application service node records the order taking effect according to the second successful payment information.

By implementing the implementation mode, in the process of paying the order by the terminal equipment, the payment management node and the cloud application instance cannot acquire the payment password of the user, so that the safety of payment of the user through the cloud application instance is ensured to a great extent.

In one possible implementation, the method further includes: and the application service node informs the cloud application instance that the order is effective.

In one possible implementation, the cloud application instance includes a virtual machine, a container, and a bare metal server.

In one possible implementation, the application service nodes include a game server, an education application server, a video application server, a social application server, and a virtual reality application server.

In one possible implementation manner, the terminal device includes a mobile phone, a tablet computer, a personal computer, a smart television, and a game console.

In a second aspect, a payment system based on a cloud application instance is provided, the system comprising: the cloud application instance is used for sending the order and the equipment identifier to the payment management node; the payment management node is used for recording the corresponding relation between the order and the equipment identifier; the cloud application instance is used for sending an order payment request to the terminal equipment; the terminal equipment is used for sending an order acquisition request carrying an equipment identifier to the payment management node according to the order payment request; the payment management node is used for acquiring the order from the corresponding relation according to the equipment identification carried by the order acquisition request and sending the order to the terminal equipment; the terminal equipment is used for receiving and processing orders.

Any implementation manner of the second aspect or the second aspect is a system implementation manner corresponding to any implementation manner of the first aspect or the first aspect, and the description in any implementation manner of the first aspect or the first aspect is applicable to any implementation manner of the second aspect or the second aspect, and is not described herein again.

In a third aspect, a payment method based on a cloud application instance is provided, and the method includes the following steps: the method comprises the steps that terminal equipment receives an order payment request sent by a cloud application instance, the terminal equipment sends an order acquisition request carrying an equipment identifier of the cloud application instance to a payment management node according to the order payment request, the payment management node extremely routes a corresponding relation between an order and the equipment identifier, the terminal equipment receives the order sent by the payment management node according to the order acquisition request, and the terminal equipment processes the order.

In the method described in the third aspect, the cloud application instance sends the order to be paid by the user to the payment management node, the terminal device held by the user obtains the order from the payment management node, and the payment application running on the terminal device is used for paying the order.

In a possible implementation manner, before the terminal device receives the order payment request sent by the cloud application instance, the method further includes the following steps: and the terminal equipment establishes a connection channel with the cloud application instance and acquires the equipment identifier of the cloud application instance from the connection channel.

In a specific implementation, the connection channel may be an event pipeline, or may also be another connection channel for transmitting data between the cloud application instance and the terminal device, and the application is not limited in particular.

By implementing the implementation mode, desensitized state information or action information is transmitted between the cloud application instance and the terminal equipment only through the event pipeline, and password information related to user privacy is not transmitted, so that privacy data of the user are powerfully guaranteed.

In one possible implementation, the receiving and processing of the order by the terminal device includes: the terminal equipment displays the order, then obtains the identifier of the payment platform selected by the user, the payment account and the payment password of the user on the payment platform, and sends the identifier of the payment platform, the payment account and the payment password to the payment management node.

Optionally, the payment platform displayed by the terminal device to the user and available for the user to select is a payment platform to which the user has bound through the cloud platform before the cloud application instance first sends the order and the device identifier to the payment management node. In brief, a user can firstly bind a payment account of a payment platform commonly used by the user with a cloud platform account, and a terminal device records the binding relationship, so that when the terminal device receives an order and displays the order to the user, the previously bound payment platform can be displayed on the terminal device for the user to select, and after the user selects the payment platform, the payment account of the payment platform previously bound by the user can be obtained according to the previously recorded binding relationship, and then a payment password corresponding to the payment account of the payment platform is obtained from the user. If the user sets the default payment platform for payment, the terminal device can also directly acquire the payment password of the default payment platform from the user, and then send the identifier of the default payment platform, the payment account number of the default payment platform and the payment password to the payment management node.

In the specific implementation, because the payment account and the payment password of the payment platform of the user also belong to the privacy information of the user, when the payment account and the payment password of the payment platform are sent to the payment management node by the terminal device, the payment account and the payment password of the payment platform can be encrypted to generate a serial number, then the serial number is sent to the payment management node for processing, the payment management node sends the prepaid information containing the serial number to the payment platform, and the payment platform can decrypt the serial number to obtain the payment account and the payment password of the user, so that the safety of the payment process is further improved.

By implementing the implementation mode, after the user terminal acquires the order from the payment management node, whether the order information is correct or not can be confirmed, and the payment platform is selected for payment under the condition that the order information is confirmed to be correct, so that the cloud application instance-based payment method provided by the application is wider in applicability, and the use experience of the user is improved.

In a fourth aspect, a terminal device is provided, which includes: the payment management node comprises a receiving module used for receiving an order payment request sent by a cloud application instance, an obtaining module used for sending the order obtaining request carrying an equipment identifier of the cloud application instance to a payment management node according to the order payment request, wherein the payment management node is extremely used for routing the corresponding relation between the order and the equipment identifier, the receiving module used for receiving the order sent by the payment management node according to the order obtaining request, and a processing module used for processing the order.

Any implementation manner of the fourth aspect or the fourth aspect is an apparatus implementation manner corresponding to any implementation manner of the third aspect or the third aspect, and the description in any implementation manner of the fourth aspect or the fourth aspect is applicable to any implementation manner of the third aspect or the third aspect, and is not described herein again.

In a fifth aspect, a payment method based on a cloud application instance is provided, and the method includes the following steps: the method comprises the steps that a payment management node receives an order and a device identification sent by a cloud application instance, records the corresponding relation between the order and the device identification, and then receives an order obtaining request sent by a terminal device, wherein the order obtaining request is generated after the terminal device receives the order payment request sent by the cloud application instance, the order obtaining request carries the device identification, the payment management node obtains the order from the corresponding relation according to the device identification carried by the order obtaining request, and sends the order to the terminal device so that the terminal device can receive and process the order.

In the implementation of the method described in the fifth aspect, the cloud application instance sends the order to be paid by the user to the payment management node, the terminal device held by the user obtains the order from the payment management node, and the payment application running on the terminal device is used to pay the order.

In a possible implementation manner, the method further includes the following steps: the payment management node receives an identifier of a payment platform, a payment account and a payment password sent by the terminal device, wherein the identifier of the payment platform is the identifier of the payment platform selected by a user, the payment account and the payment password are obtained by the terminal device to the user, the payment management node sends the payment account, the payment password, a collection account recorded by an order and a price of a selling object to the payment platform according to the identifier of the payment platform, receives first successful payment information sent by the payment platform under the condition that the payment platform successfully verifies the payment account according to the payment password, and then sends second payment information to the application service node so that the application service node takes effect according to the second successful payment information recorded by the application service node.

After the terminal equipment pays the order through the payment platform, the payment management node can send second payment success information to the application service node after receiving the first payment success information sent by the payment platform, so that the application service node records the order to take effect, and in the whole payment order and order taking effect process, a payment account and a payment password of the payment platform of the user do not need to be sent to the cloud application instance, the possibility that the cloud application instance records the payment account and the payment password of the user is avoided, and the problem that the user has potential safety hazard when paying the order through the cloud application instance is solved.

In a sixth aspect, there is provided a payment management node, the node comprising: the cloud application instance receiving module is used for receiving an order and an equipment identifier sent by a cloud application instance, the recording module is used for recording a corresponding relation between the order and the equipment identifier, the receiving module is used for receiving an order obtaining request sent by a terminal device, wherein the order obtaining request is generated after the terminal device receives an order payment request sent by the cloud application instance, the order obtaining request carries the equipment identifier, the obtaining module is used for obtaining the order from the corresponding relation according to the equipment identifier carried by the order obtaining request, and the sending module is used for sending the order to the terminal device so that the terminal device can receive and process the order.

Any implementation manner of the sixth aspect or the sixth aspect is an apparatus implementation manner corresponding to any implementation manner of the fifth aspect or the fifth aspect, and the description in any implementation manner of the sixth aspect or the sixth aspect is applicable to any implementation manner of the fifth aspect or the fifth aspect, and is not repeated here.

In a seventh aspect, there is provided a computer-readable storage medium comprising instructions that, when executed on a computing device, cause the computing device to perform the method as described in the third or fifth aspect.

In an eighth aspect, there is provided a computer program product which, when read and executed by a computing device, implements the method as described in the third or fifth aspect.

In a ninth aspect, there is provided a terminal device comprising a processor and a memory, the processor when executing code in the memory causing a computing device to implement the method as described in the third aspect.

In a tenth aspect, there is provided a computing device comprising a processor and a memory, the processor when executing code in the memory causing the computing device to carry out the method as described in the fifth aspect.

Drawings

FIG. 1 is an architectural diagram of a public cloud system;

FIG. 2 is a flowchart illustrating steps of a login method based on a cloud application example provided in the present application;

FIG. 3 is a flowchart illustrating steps of a cloud application instance-based login method provided by the present application in an application scenario;

4-7 are schematic diagrams of some embodiments of user interfaces in a login method based on a cloud application example provided by the present application;

FIG. 8 is a flowchart illustrating steps of a payment method based on a cloud application instance provided by the present application;

FIG. 9 is a flowchart illustrating steps of a cloud application instance based login method provided by the present application in an application scenario;

10-15 are schematic diagrams of embodiments of user interfaces in a cloud application instance based payment method provided herein;

fig. 16 is a schematic structural diagram of a terminal device provided in the present application;

fig. 17 is a schematic structural diagram of a payment management node provided in the present application;

FIG. 18 is a diagram of a hardware configuration of a computing device provided herein;

fig. 19 is a schematic diagram of a hardware structure of a terminal device provided in the present application.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

To facilitate understanding of the embodiments of the present application, first, some terms referred to in the present application are explained.

Container (Container): a container is a set of processes that are resource constrained, isolated from each other.

Cloud application example: a virtual container, a virtual machine or a bare metal server with a mobile phone operating system and a virtual mobile phone function in a physical server, which is essentially characterized in that the application on a mobile phone is transferred to the public cloud container, the virtual machine or the bare metal server to run, different cloud application examples are mutually isolated and do not interfere with each other, the cloud application examples can be used for installing the application of a local mobile phone and run in the cloud application examples, audio and video streams generated in the running process can be sent to the local terminal equipment of a user to be displayed and played, a control command generated by the local terminal equipment of the user according to the displayed and played audio and video streams can also be sent to the cloud application examples, the cloud application examples control the running state of the application according to the control command, so that the application of the local mobile phone can be transferred to the cloud application examples to run, and the local terminal equipment of the user does not need to install a large amount of applications consuming hardware resources, the application can be light.

Public cloud: the core attribute of the public cloud is a shared resource service, which means that a third-party provider provides a cloud infrastructure and a service, which can be used through a public network (such as the Internet), for a user, and the user obtains the use authority of the cloud infrastructure and the service by paying.

Software Development Kit (SDK): the SDK is a development tool set used by a developer to build an application for a specific software package, software framework, hardware platform, operating system, and the like, and simply, is a tool package capable of implementing a certain function of a software product. Through the SDK, a developer does not need to develop each function of the product, and can select the required SDK to integrate the required function in the product directly according to the required function of the product.

Next, application scenarios according to the present application will be briefly described.

With the rapid development of cloud computing Technology and various network infrastructures, traditional Internet Technology (IT) business architecture is gradually migrating to a public cloud, and more business applications are redesigned and used based on the public cloud architecture. Under a public cloud architecture, the application of a user is installed in a cloud application instance, the cloud application instance can transmit an audio and video picture rendered in the application running process to the terminal device 110 in the form of audio and video stream, and the terminal device 110 only needs to display the received audio and video stream on a screen, so that the application is download-free, installation-free and instant use.

Fig. 1 is a schematic diagram of an architecture of a public cloud system. As shown in fig. 1, the system includes a terminal device 110, an application service node 120, an account management node 140, a payment management node 141, a payment platform 121, and a public cloud data center 130, and the terminal device 110, the application service node 120, the account management node 140, and the public cloud data center 130 are connected through a network 150.

The terminal device 110 may be an electronic device with streaming media playing capability, such as a smart phone, a handheld device, a tablet computer, a mobile notebook, a virtual reality device, a wearable device, an integrated palm computer, and the like, and fig. 1 illustrates the terminal device 110 as the smart phone, but the present application is not limited thereto. The terminal device 110 is held by a user.

The application service node 120, the payment platform 121, the account management node 140, and the payment management node 141 may be general physical servers, for example, ARM servers or X86 servers; or a Virtual Machine (VM) implemented by Network Function Virtualization (NFV) technology, where the VM refers to a complete computer system that has a complete hardware system function and runs in a completely isolated environment, and is simulated by software; the virtual machine may also be a server cluster, where each server in the server cluster may be implemented by the physical server or the virtual machine.

The application service node 120 is configured to provide various services to a user, and the application service node 120 may include a game service node, an education application service node, a video application service node, a social application service node, a virtual reality application service node, and the like, which is not limited in this application.

The payment platform 121 is used to provide a third party guarantee payment service to the user, in short, the buyer sends the payment to the payment platform, and the payment platform temporarily keeps the payment for the buyer and seller before confirming the delivery of the merchant. It should be noted that fig. 1 illustrates 1 payment platform 121 as an example, in a specific implementation, the number of the payment platforms 121 may be one or more, and the application is not limited in particular.

The account management node 140 is configured to process a relevant process of logging in an application server by a cloud application instance, and the payment management node 141 is mainly configured to process a relevant process of payment by the cloud application instance, where the account management node 140 and the payment management node 141 may be in communication connection through a network, and in an embodiment, the account management node 140 and the payment management node 141 may also be the same device, such as the same virtual machine or the same physical machine.

The public cloud data center 130 includes a cloud platform 131 and a hardware resource pool 132, where the cloud platform 131 may be implemented by a general physical server, for example, an ARM server or an X86 server, and may also be a virtual machine implemented by an NFV technology, the virtual machine refers to a complete computer system that has a complete hardware system function and runs in a completely isolated environment, and the cloud platform 131 may also be a virtual machine or a physical server in the hardware resource pool 132, which is not specifically limited in this application.

The hardware resource pool 132 may include at least one physical server (fig. 1 illustrates an example of the resource pool including server 1, server 2, server 3, and server 4), wherein the physical server may be a general physical server, such as an ARM server or an X86 server, which is not limited in this application. There is an internal network connection between the physical servers of the hardware resource pool 132 and the cloud platform, and each physical server can communicate with other physical servers and the cloud platform 131 through the internal network.

Wherein each physical Server may run at least one cloud application instance, which may be any one of the virtual machines (such as virtual machine 21 and virtual machine 22), containers (such as container 11 and container 22), and Bare Metal Servers (BMS) (such as Server 3 and Server 4) in fig. 1. The data center 130 of the public cloud can provide cloud application instance renting services for users, and the terminal device 110 can rent cloud application instances of various specifications for a fee according to the needs of the terminal device and install various applications in the cloud application instances. For example, assuming that the user needs to use the application 111, the user may send a purchase request to the cloud platform 131 to rent a cloud application instance, obtain a right to control the cloud application instance, and install the application in the cloud application instance, as shown in fig. 1, if the cloud application instance is implemented by a container, the cloud platform 131 may notify the cloud platform management agent node of the server to create the container according to an operating environment required by the application, and install the application 111 in the cloud application instance; if the cloud application instance is implemented by a virtual machine, the cloud platform 131 may create a virtual machine through a virtual machine manager according to an operating environment required by the application, and install the application 111 in the cloud application instance; if the cloud application instance is a BMS, the cloud platform 131 may select a suitable BMS according to an operating environment required by the application and install the application 111 thereon, so as to obtain the cloud application instance in which the application 111 is installed.

After the terminal device 110 rents the cloud application instance (i.e., the container 11) running the application 111, the terminal device 110 may remotely manipulate the application 111 on the cloud application instance, and the cloud application instance may adjust the hardware specification according to the rental cost, where the higher the rental cost is, the higher the hardware specification is, and the cloud application instance may respond to the remote operation of the user and send the audio/video stream generated therewith to the terminal device 110 for display and playing, so that the user may use the terminal device 110 with relatively limited image processing and data computing capabilities, or even the terminal device 110 with only streaming media playing capabilities, to use the application program with a higher requirement on hardware resources.

It should be appreciated that after the terminal device 110 stops remotely manipulating the application 111 on the cloud application instance, the cloud platform 131 may release the cloud application instance (i.e., the container 11), the released resources may be available for other users, and when the terminal device 110 requests remote manipulation of the application 111 on the cloud application instance again, the cloud platform 131 may create a cloud application instance with the application 111 installed again for use by the user.

In summary, under a public cloud architecture, the application of a user is installed in a cloud application instance, the cloud application instance can transmit an audio/video picture rendered in the application running process to the terminal device in the form of audio/video stream, and the terminal device only needs to display the received audio/video stream to the user, so that the application is download-free, installation-free and instant use is really achieved.

However, when a user performs in-application recharging through a cloud application instance, for example, the application is an online game application, the user needs to recharge in the online game application, because the cloud application instance is set in a public cloud, if the terminal device transmits privacy information such as a user payment account and a payment password to the cloud application instance so that the cloud application instance can pay an order through a third-party payment platform, when the user stops renting the cloud application instance, the privacy information such as the user payment account and the payment password may be recorded in the cloud application instance, if other users rent the cloud application instance, financial information input by the user at the previous time can be obtained, and certain potential safety hazards exist.

In order to solve the problem that potential safety hazards exist when a user pays an order through a cloud application instance, the cloud application instance can firstly send the order to a payment management node 141, then inform a terminal device 110 of an account management node 140 to obtain the order, and then pay the order through third-party payment software installed on the terminal device 110, in the whole payment process, the cloud application instance cannot receive privacy information such as a payment account number and a payment password of the user, and therefore the safety of payment of the user through the cloud application instance is greatly guaranteed.

It can be understood that, before the user pays through the cloud application instance, the user needs to log in the application server 120 through the cloud application instance, and similarly, when the application in the cloud application instance needs to log in the application service node 120, if the terminal device 110 transmits the password information to the cloud application instance, so that the cloud application instance requests for logging in to the application service node 120, in this process, the password information may be recorded in the cloud application instance, and if other users rent the cloud application instance, the password information input by the previous user may be obtained, and a certain potential safety hazard exists.

Therefore, the application also provides a login method based on the cloud application instance, and the method is used for solving the problem that potential safety hazards exist when the user logs in the application server through the cloud application instance. According to the method, when a user logs in the application service node 120 through a cloud application instance each time, the cloud application instance informs the terminal device 110, the terminal device 110 sends a login password for logging in a cloud platform account to the account management node 140 for verification, the application service node 120 can be logged in through the cloud application instance after the verification, the login password information is not required to be sent to the cloud application instance, and the problem that potential safety hazards exist when the user logs in the application through the cloud application instance is solved.

The cloud application instance-based login method provided by the application is described first below.

As shown in fig. 2, the cloud application instance-based login method provided by the present application includes the following steps:

s209: the cloud platform 131 sends registration information and instance status information to the account management node 140, where the registration information includes an account and password correspondence between a cloud platform account and a registration password, the status information includes an identification account correspondence between a device identifier of the cloud application instance 200 and the cloud platform account, and the account management node 140 may record the correspondence. The registration information and the instance state information may be sent to the account management node 140 by the cloud platform 131, wherein the user may register a cloud platform account in the cloud platform 131, input a registration password, the cloud platform 131 records a correspondence between the cloud platform account and the registration password information as registration information, the user may pay in the cloud platform using the cloud platform account to rent the cloud application instance 200, and the cloud platform 131 records a correspondence between the cloud platform account and the device identifier of the cloud application instance 200 as instance state information.

In an embodiment, the user may also send a registration request of the cloud platform account to the account management node 140, and the account management node 140 may record registration information in the registration request, where the registration information includes an account password corresponding relationship between the cloud platform account and the registration password, which is not limited in this application.

In specific implementation, the device identifier is a unique character string, specifically, the device identifier may be a device feature code of the cloud application instance 200, and is a unique code used by the cloud platform to distinguish the cloud application instance 200.

It should be noted that, each time the user remotely uses the cloud application instance 200 through the terminal device 110, the cloud application instance 200 connected to the terminal device 110 may not be the same cloud application instance 200, and therefore, after the terminal device 110 establishes a connection with the cloud application instance 200 each time, the cloud platform may record instance state information of the cloud application instance 200 in real time, and then send the instance state information to the account management node 140.

S210: the cloud application instance 200 sends a login request for the application service node 120 to the terminal device 110.

In a specific implementation, the cloud application instance 200 may send the login request, such as a Notify event pipe, to the terminal device 110 through the event pipe. The event pipeline cannot transmit user privacy data and only can transmit desensitized state information or action information, the user privacy can be prevented from being revealed by sending the login request through the event pipeline, and the safety of data transmission is improved.

S220: the terminal device 110 obtains a login password input by the user according to the login request, and sends a verification request carrying the login password and the device identifier of the cloud application instance 200 to the account management node 140.

It should be noted that the login password is password information of the cloud platform account of the user. The login password may include biological information of the user, such as iris information, face information, fingerprint information, voiceprint information, and the like, or may include password information of the user, such as a character password, a short message authentication code, and the like, or may be password information in other forms, and the specific form of the login password is not limited in the present application.

In a specific implementation, the device identifier of the cloud application instance 200 may be the device identifier obtained by the cloud application instance 200 before step S210 and after the terminal device 110 establishes the connection channel with the cloud application instance 200. The connection channel may be an event pipeline in the foregoing, such as a Notify event pipeline, or may be another connection channel for transmitting data between the cloud application instance 200 and the terminal device 110, which is not specifically limited in this application.

As can be seen from the foregoing, each time a user remotely uses a cloud application instance through the terminal device 110, the cloud application instance connected to the terminal device 110 may not be the same cloud application instance each time, and therefore the device identifier of the cloud application instance 200 is changed, but no matter how the device identifier of the cloud application instance is changed, after the terminal device 110 establishes a connection with the cloud application instance 200 each time, the device identifier of the cloud application instance 200 currently connected to the terminal device may be obtained through the connection channel. For example, when the terminal device 110 requests to run the application 11 through the cloud application instance for the first time, the cloud platform 131 creates the container 11, and establishes the connection channel 1 between the container 11 and the terminal device 110, the terminal device 110 may obtain the device identifier of the container 11 through the connection channel 1, after the terminal device 110 is disconnected from the container 1, the cloud platform 131 may release the container 1, and the released resources may be provided for other users; when the user requests to run the application 11 through the cloud application instance for the second time, the cloud platform 131 may recreate one container 12, establish the connection channel 2 between the container 12 and the terminal device 110, and the terminal device 110 may obtain the device identifier of the container 12 through the connection channel 2. It should be understood that the above examples are illustrative only and are not to be construed as being particularly limiting.

S230: the account management node 140 verifies the login password, generates verification success information if the verification is successful, and sends the verification success information to the cloud application instance 200 according to the device identifier. The verification success information may be a Token (Token), and specifically may be a unique character string generated according to the device identifier of the cloud application instance, which is not specifically limited in this application.

In an embodiment, before step S410, when the user sends a registration request of a cloud platform account, the account management node 140 may record registration information in the registration request, where the registration information includes an account password correspondence between the cloud platform account and a registration password. Moreover, after the terminal device 110 establishes a connection with the cloud application instance 200 each time, the cloud platform may further send state information of the cloud application instance 200 to the account management node 140, where the state information includes an identification account corresponding relationship between the device identifier of the cloud application instance 200 and an account of the cloud platform, and the account management node 140 may record the identification account corresponding relationship. In this way, at step S430, after the account management node 140 receives the login password and the device identifier sent by the user, the cloud platform account corresponding to the device identifier may be determined according to the device identifier and the stored identifier account corresponding relationship, and then the registration password input when the user registers may be obtained according to the account password corresponding relationship and the cloud platform account. Thus, in step S430, the account management node 140 may compare the login password with the registration password, and when the login password is consistent with the registration password, confirm that the authentication is successful and generate authentication success information, and if the login password is inconsistent with the registration password, the account management node 140 may return information that the password is incorrect to the terminal device 110, and the user may re-input the password for re-authentication. It can be understood that although the terminal device 110 sends the login password to the account management node 140, the cloud platform account is not sent, but the account management node 140 obtains the cloud platform account corresponding to the login password according to the device identifier, so that even if the login password is obtained by others, the cloud platform account corresponding to the password information cannot be obtained, the transmission process is very safe, and the private data of the user is effectively guaranteed.

The cloud application instance 200 may poll the terminal device 110 through the event channel to query whether the terminal device 110 has sent the login password and the device identifier to the account management node 140, and when it is determined that the terminal device 110 has sent the login password and the device identifier to the account management node 140, the cloud application instance 200 sends a verification result acquisition request to the account management node 140, where the verification result acquisition request includes the device identifier of the cloud application instance 200, and the account management node 140 returns verification success information of the cloud platform account to the cloud application instance 200 according to the device identifier carried in the verification result acquisition request.

As can be appreciated, the terminal device 110 sends the login password and the device identifier to the account management node 140 for verification, and the cloud application instance 200 directly obtains the verification success information through the device identifier, so that the cloud application instance 200 is prevented from recording the login password, and the security of data transmission is improved.

S240: the cloud application instance 200 logs in the application service node 120 according to the authentication success information.

In a specific implementation, the cloud application instance 200 may send successful verification information to the application service node 120, and the application service node 120 sends a verification request to the account management node 140 according to the successful verification information, where the verification request carries the successful verification information, and when the account management node 140 confirms that the successful verification information is recorded, the verification successful verification information may be returned to the application service node 120, so that the application service node 120 allows the cloud application instance 200 to log in the application service node 120, otherwise, the verification failed information is returned, and the application service node 120 does not allow the cloud application instance 200 to log in the application service node 120.

In an embodiment, the account management node 140 records a corresponding relationship between the verification success information and the cloud platform account, and after receiving the verification request carrying the verification success information sent by the application service node 120, and under the condition that it is confirmed that the verification success information carried by the verification request is recorded by the account management node 140, namely, the login authentication is successful, whether the cloud platform account corresponding to the authentication successful information is bound with the application account can be further determined, if the cloud platform account number is bound with an application account number, the application account number bound with the cloud platform account number may be returned to the application service node 120, the application service node 120 may obtain various application data of the user from the application service node 120 according to the application account number, such as game archive, history play records, favorite contents, and the like, the cloud application instance 200 is then allowed to log into the application service node 120 with the application account number described above. If the account management node 140 determines that the cloud platform account is not bound to an application account, the account management node 140 may send an application account creation request to the application service node 120, and the application service node 120 may create an application account according to the application creation request and allow the cloud application instance 200 to log in the application service node 120 with the newly created application account. The application service node 120 may also return the newly created application account to the account management node 140, so that the account management node 140 may store the binding relationship between the cloud platform account of the user and the newly created application account in a database. After binding the cloud platform account of the user with the application account, when the user logs in the application service node 120 through the cloud application instance 200 each time, the user only needs to use the terminal device 110 to send a login password corresponding to the cloud platform account to the account management node 140 for verification, the user can log in the application service node 120 after the cloud platform account passes the verification, and the user can log in the application service node 120 without recording the application account.

It should be noted that in the embodiment of the present application, although the account management node 140 is used for verifying the cloud platform account, since the cloud platform account and the application account are in a binding relationship, the account management node 140 may be operated and maintained by a service provider of the application service node 120.

In summary, according to the login method based on the cloud application instance 200 provided by the application, the cloud platform account of the user is bound with the application account, when the user logs in the application service node 120 through the cloud application instance 200 each time, the cloud application instance 200 notifies the terminal device 110, the terminal device 110 sends a login password for logging in the cloud platform account to the account management node 140 for verification, the application service node 120 can be logged in through the cloud application instance 200 after verification, the login password information does not need to be sent to the cloud application instance 200, and the problem of potential safety hazards when the user logs in the application through the cloud application instance 200 is solved.

The following explains the login method provided by the present application, taking an application scenario in which the application is a cloud game, the terminal device 110 is a smartphone, and the cloud application example 200 is a container as an example.

Referring first to fig. 3, fig. 3 is a schematic flowchart illustrating steps of a payment method based on a cloud application instance 200 provided in the present application in an application scenario, wherein,

the terminal device 110 is a smart phone installed with a micro Client 111 in the application scenario, where the micro Client 111 refers to a micro Client or a Thin Client (Thin Client). The micro-terminal 111 is dedicated to processing data display of a User Interface (UI), and is responsible for sending an operation action of a User to the cloud application instance 200 connected with the micro-terminal for processing, and then receiving and displaying an audio/video stream sent by the cloud application instance 200 to the User, so that the memory occupation of the micro-terminal 111 is small, an installation package is also small, the User can quickly download and obtain the micro-terminal 111, the micro-terminal 111 includes a game-terminal-side SDK1101 and a micro-terminal SDK1102, wherein the game-terminal-side SDK1101 is mainly used for processing interaction between the terminal device 110 and the account management node 140, for example, sending an acquired login password to the account management node 140 for verification; the micro-terminal SDK is mainly used for processing interaction between the terminal device 110 and the cloud application instance 200, such as receiving a login request for the application service node 120 sent by the cloud application instance 200.

The cloud application instance 200 includes a cloud game 210 and a cloud application engine 220, wherein the cloud game 210 includes an account management module 2101 and a game cloud side SDK 2102. The account management module 2101 is mainly configured to process information related to account login, for example, send a successful authentication message to the application service node 120 to request login; the game cloud side SDK2102 is mainly used for processing interaction with the account management node 140, for example, obtaining verification success information from the account management node 140; the cloud application engine is mainly used for processing interaction between the cloud application instance 200 and the terminal device 110, such as sending a login request for the application service node 120 to the terminal device 110.

It should be noted that the cloud application engine 220 in the cloud application instance 200 is generated when the cloud platform 131 creates the cloud game instance 200, the account management module 2101 and the game cloud side SDK2102 may be integrated in the cloud game 210, and the game side SDK1101 and the micro-end SDK1102 may also be integrated in the micro-end 111. In brief, after a third-party game manufacturer provides the micro-terminal 111 and the cloud application instance 200, the game-side SDK1102 and the micro-terminal SDK1102 are integrated in the micro-terminal 111, and the account management module 2101 and the game cloud-side SDK2102 are integrated in the cloud game 210, so that the cloud application-based login method provided by the application can be realized.

In the application scenario, the application service node 120 is a service software system composed of a plurality of modules based on a cloud server, application and game instance rendering, audio and video encoding and decoding, network transmission, a resource management and scheduling system, terminal access, and the like.

It should be noted that the unit modules of the cloud game login system shown in fig. 3 may be divided into multiple types, each module may be a software module, a hardware module, or a part of the software module, and a part of the hardware module, and fig. 3 is an exemplary division manner, which is not limited in this application.

In the application scenario shown in fig. 3, the cloud application-based login method provided by the present application may include the following steps:

step 0, the account management node 140 receives registration information and instance status information sent by the cloud platform 131, where the registration information includes an account and password corresponding relationship between a cloud platform account and a registration password, the status information includes an identification account corresponding relationship between a device identifier of the cloud application instance 200 and the cloud platform account, and the account management node 140 may record the identification account corresponding relationship. The user may register a cloud platform account in the cloud platform 131, input a registration password, the cloud platform 131 records a corresponding relationship between the cloud platform account and the registration password information as registration information, the user may pay in the cloud platform using the cloud platform account to rent the cloud application instance 200, the cloud platform 131 records a corresponding relationship between the cloud platform account and the device identifier of the cloud application instance 200 as instance state information, and the cloud platform 131 sends the instance state information and the registration information to the account management node 140. The content not described in the step S40 may refer to the step S409 in the foregoing content, and is not repeated here.

Step 1, an account management module 2101 of the cloud game 210 sends a login request to a game cloud side SDK 2102. The login request may be generated during remote manipulation of the cloud application instance 200 by the terminal device 110, and the login request is for the application service node 120.

It should be understood that, before step 1, a connection channel has been established between the terminal device 110 and the cloud application instance 200, the number of the connection channels may be one or more, some connection channels may be used for the terminal device 110 to remotely manipulate the cloud application instance 200 to experience the cloud game, some connection channels may be used for the micro-terminal SDK1102 to obtain the device identifier of the cloud application instance 200, and still other connection channels may be used for the account management module 2101 of the cloud game 210 to send the login request to the game cloud-side SDK 2102.

Step 2, the game cloud side SDK2102 sends a login request to the cloud application engine 220.

Step 3, the cloud application engine 220 sends a login request for the application service node 120 to the micro-terminal SDK 1101. The content not described in the above steps 1 to 3 may refer to step S410 of the foregoing content, and is not repeated herein.

It should be understood that the cloud application engine 220 sends the login request to the cloud application engine 220 through a previously established connection channel, where the connection channel is a time channel that can only transmit desensitization information such as event information and state information, for example, a Notify event channel, in the whole login process, the terminal device 110 and the cloud application instance 200 interact only through the event channel, and the interaction information is all desensitization information, so that the problem of user privacy disclosure is avoided.

Step 4, the micro-peer SDK1102 sends a login request for the application service node 120 to the game-peer SDK 1101.

Step 5, the game end side SDK1101 acquires a login password input by the user, such as collecting a user fingerprint or collecting a user face image, and the like, which is not limited in the present application. The login password is password information corresponding to the cloud platform account.

Step 6, the game side SDK1101 sends an authentication request carrying the login password and the device identifier of the cloud application instance 200 to the account management node 140. The content not described in the above steps 4 to 6 may refer to step S420 of the foregoing content, and is not repeated herein.

Step 7, the account management node 140 may verify the login password, and generate verification success information when the verification is successful.

As can be appreciated, the account management node 140 records registration information and instance status information, where the registration information includes an account and password correspondence between a cloud platform account and a registration password, the status information includes an identification account correspondence between a device identifier of the cloud application instance 200 and the cloud platform account, and the account management node 140 may record the identification account correspondence. Therefore, at step 7, after the account management node 140 receives the login password and the device identifier sent by the user, the cloud platform account corresponding to the device identifier may be determined according to the device identifier and the stored identifier account corresponding relationship, and then the login password input when the user logs in may be obtained according to the account password corresponding relationship and the cloud platform account. The account management node 140 may compare the login password with the registration password, and when the login password is consistent with the registration password, it determines that the verification is successful and generates verification success information, and it can be understood that although the terminal device 110 sends the login password to the account management node 140, it does not send the cloud platform account, but the account management node 140 obtains the cloud platform account corresponding to the login password according to the device identifier, so that even if the login password is known by others, the cloud platform account corresponding to the password information cannot be obtained, and thus the transmission process is very safe, and the privacy data of the user is strongly guaranteed.

In step 8, the cloud application engine 220 sends a confirmation request to the backend SDK1102 of the terminal device 110 to confirm whether the game-side SDK1101 performs step 6, that is, whether a verification request has been sent to the account management node 140.

In a specific implementation, the cloud application engine 220 may poll the micro-terminal SDK1102 through an event channel to query whether the game-side SDK1101 has sent a login password and a device identifier to the account management node 140, and the micro-terminal SDK1102 confirms the execution condition of step 6 to the end-side SDK, and then returns the execution condition to the cloud application engine through the event channel, where the event channel may be a Notify event channel.

In an embodiment, the game side SDK1101 may also notify the micro-terminal SDK1102 after sending the verification request to the account management node 140, and the micro-terminal SDK1102 may send a notification that the step 6 is completed to the cloud application engine 220 through the event channel. The specific flow of how the cloud application engine confirms whether the terminal device 110 sends the verification request to the account management node 140 is not limited in the present application.

In step 9, when the cloud application engine 220 confirms to the micro-terminal SDK1102 that the game-side SDK1101 has executed step 6, a notification is sent to the game cloud-side SDK2102, so that the game cloud-side SDK2102 sends a request for obtaining verification success information to the account management node 140.

It is to be understood that, if the cloud application engine 220 returns a result showing that the game end side SDK1101 has not performed step 6 after sending the confirmation request to the micro-end SDK1102, the cloud application engine 220 may send the confirmation request to the end side SDK1102 again, that is, repeat step 8 until step 9 is executed after confirming that the game end side SDK1101 has performed step 6.

Step 10, the game cloud side SDK2102 obtains verification success information from the account management node 140, where the verification success information may be Token.

Specifically, the game cloud side SDK2102 may send a verification success information acquisition request carrying the device identifier to the account management node 140. It can be understood that, when the game-side SDK1101 sends the authentication request carrying the login password to the account management node 140 in step 6, the device identifier of the cloud application instance 200 is also carried as the pairing basis, so that the account management node 140 may determine, in step 10, the login password carrying the same device identifier according to the device identifier in the acquisition request sent by the game cloud-side SDK of the game 2102, and then return the authentication success information generated by the login password to the game cloud-side SDK2102 of the cloud application instance 200.

It is understood that the content not described in the above steps 7 to 10 may refer to the step S430 in the foregoing embodiment, and the description is not repeated here.

Step 11, the game cloud side SDK2102 sends a verification success message to the account management module 2101, and the account management module 2101 sends the verification success message to the application service node 120 to request login.

Step 12, the application service node 120 sends a verification request carrying the verification success information to the account management node 140 to request the account management node 140 to verify the verification success information, and the account management node 140 may further confirm whether the cloud platform account corresponding to the verification success information is bound with the application account under the condition that it is confirmed that the verification success information is locally present, in the embodiment of fig. 3, the application service node 120 confirms that the cloud platform account is not bound with the application account by taking the application account that has not been registered by the user as an example, and the account management node 140 generates the verification success information and a request for creating the application account.

In step 13, the account management node 140 returns the verification success information and the creation request of the application account to the application service node 120.

Step 14, the application service node 120 creates a new account according to the application account creation request, and allows the cloud application instance 200 to log in the application service node 120 with the newly created application account.

In a specific implementation, the application service node 120 may create an application account at random according to the application account creation request, the application service node 120 may also create a new game archive, bind the game archive to the newly created application account, and may also return the newly created application account to the account management node 140, so that the account management node 140 may bind the newly created application account to the cloud platform account and store the binding relationship in a database maintained by the account management node 140.

Thus, when the user logs in the application service node 120 again through the cloud application instance 200, the cloud application instance 200 may perform steps 1 to 3 to send a login request to the terminal device 110, the terminal device 110 performs steps 4 to 6 to send a login password and a device identifier to the account management node 140, the account management node 140 performs step 7 to verify the first-side information to generate verification success information, the cloud application instance 200 performs steps 8 to 11 to obtain verification success information from the account management node 140 and sends verification success information to the application service node 120 to request login, the application service node 120 may perform step 12 to send a verification request of the verification success information to the account management node 140, and the account management node 140 may further confirm that the cloud platform account is bound with the application account after the verification information is verified successfully, then, the application account bound to the cloud platform account and the information that the verification is successful are returned to the application service node 120, so that the application service node 120 can read game information of the application account, such as game files, user keys and the like, and allow the cloud application instance 200 to log in the application service node 120 again with the application account, and the user can log in the application service node 120 without recording the application account.

In the login method based on the cloud application instance 200 provided by the application, in the application scenario shown in fig. 3, each time a user logs in the application service node 120 through the cloud application instance 200, the cloud application instance 200 notifies the terminal device 110, the terminal device 110 sends a login password for logging in the cloud platform account to the account management node 140 for verification, the application service node 120 can be logged in through the cloud application instance 200 after verification, the login password information does not need to be sent to the cloud application instance 200, and the problem of potential safety hazard when the user logs in the application through the cloud application instance 200 is solved.

In order to facilitate understanding of the beneficial effects of the login scheme based on the cloud application instance provided in the embodiment of the present application, for example, taking an application scenario described in fig. 3 as an example, where the application is a cloud game, the terminal device 110 is a smartphone, and the cloud application instance 200 is a container, some exemplary graphical user interfaces of the cloud application instance 200 login application service node 120 are remotely invoked by the user operating the terminal device 110 in the processes of step 0 to step 14 described above.

Assuming that a user clicks a cloud platform application on the terminal device 110 to enter the main interface 11 of the cloud platform application, where the cloud platform application is connected to the data center 130 of the public cloud in the foregoing content, the user may purchase various cloud application instances 200 through the cloud platform application, transfer the application of the local mobile phone to the cloud application instances 200 to run, and the terminal device 110 local to the user does not need to install a large amount of applications consuming hardware resources, so that the light weight of the application can be realized.

Fig. 4 illustrates an exemplary user host interface 11 of the cloud platform on the terminal device 110. The user interface 11 may include: a status bar 401, an application title bar 402, a search box 403, a control 404, a function bar 405, a plurality of recommendation display boxes 406, a plurality of freshness controls 407, and a tray 408 of frequently used controls.

The status bar 401 may include: one or more signal strength indicators for mobile communication signals (which may also be referred to as cellular signals), one or more signal strength indicators for wireless fidelity (Wi-Fi) signals, a battery status indicator, a time indicator, and the like.

Application title bar 402 may be used to indicate that the current page is used to present an interface of the cloud platform of terminal device 110. The presentation of the application title bar 402 may be in the form of textual information, icons, or other forms.

The search box 403 may be used to search for a setting item matching a character input by a user according to the character.

The control 404 may receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may display an interface for logging in to the cloud platform account or an interface for switching the cloud platform account.

The ribbon bar 405 includes a plurality of controls, such as an audiovisual entertainment control, a utility control, a social communication control, and so on, each of which may be configured to receive a user operation (e.g., a touch operation), and in response to detecting the user operation, the terminal device 110 may display a corresponding page, such as an interface displaying audiovisual entertainment, a utility interface, a social communication interface, and so on.

The plurality of recommendation display boxes 406 is used to display a cover page of the cloud application recommended for download.

The plurality of fresh controls 407 are configured to display controls of a plurality of cloud applications newly shelved, each of the controls may be configured to receive a user operation (e.g., a touch operation), and in response to detecting the user operation, the terminal device 110 may display a page of the corresponding cloud application.

The tray 408 of common controls may show: home control icon 408A, recommended control icon 408B, game control icon 408C, ranking control icon 408D, my controls icon 408E. The control icons can all accept user operations (for example, touch operations), in response to a detected user operation, the terminal device 110 can display a corresponding page, specifically, the home page control icon 408A can be used to display a home page of a cloud platform, the recommended control icon 408B can be used to display a page recommended for a user, the game control icon 408C can be used to display a page of a game-class application, the chat control icon 408D can be used to display a page where an application is downloaded or scored, and the my control icon 408E can be used to display an account center page.

It is understood that fig. 4 only illustrates an interface of the cloud platform application on the terminal device 110, and should not be construed as a limitation to the embodiment of the present application.

For example, as shown in fig. 4, after the user may click on a control icon of a cloud application, such as "cloud game" in the plurality of fresh controls 307, the terminal device 110 detects the user operation, and in response to the user operation, the terminal device 110 may display the interface 12 of the cloud application, such as "cloud game" shown in fig. 5.

The user interface 12 may include: account control 501, return control 502, cloud application title bar 503, launch control 504, and a plurality of cloud application introduction display boxes 505. Wherein the content of the first and second substances,

the account control 501 may receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may display a cloud platform account login interface.

Return control 501 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may exit user interface 12 at the account center and display a previous user interface of user interface 12, such as user interface 11.

The cloud application title bar 503 is used to indicate that the current page is used to present the launch and introduction interface of "cloud games". The cloud application title bar 503 may include classification information and an application name of a cloud application presented on a current page, and the like, and the representation form of the cloud application title bar 503 may include text information, an icon, or other forms.

Launch control 504 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may launch a cloud application, which is a "cloud game.

The plurality of cloud application introduction display boxes 505 are for game content profiles of cloud applications "cloud games".

It is understood that fig. 5 only illustrates the user interface 12 of the cloud application, i.e. the "cloud game" on the terminal device 110, and should not be construed as a limitation to the embodiment of the present application.

For example, as shown in fig. 6, a user may click on start control 504, terminal device 110 detects the user operation, sends a connection request to cloud platform 131 in response to the user operation, cloud platform 131 may create a cloud application instance 200 with the application "cloud game" installed according to the running environment of the "cloud game", then establish a connection channel between cloud application instance 200 and terminal device 110, and terminal device 110 may obtain the device identifier of cloud application instance 200 from the connection channel.

Next, the cloud application instance 200 may generate a login request, and send the login request to the terminal device 110 through a previously created connection channel (e.g., a Notify event channel) (step S210), and the terminal device 110 may obtain a login password corresponding to the cloud platform account from the user. Specifically, the terminal device 110 may display a login password input interface 13 as shown in fig. 6 to the user. It should be understood that fig. 6 exemplifies a login password as fingerprint information, the login password may also be password information, face information, and other forms of information, and the specific form of the login password is not limited in the present application.

The user interface 13 may include: login sub-interface 602. The login sub-interface 602 includes a fingerprint input area 6021, a switch password input control 6022, and a cancel control 6023, among other things.

The fingerprint input area 6021 is used to prompt the user to input fingerprint information in the area, and the area can receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 can collect the fingerprint information input by the user, that is, a login password.

The switch password input control 6022 is configured to receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may display an interface for character password input.

The cancel control 6023 is configured to receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may return to the user interface 12.

It is to be understood that fig. 6 merely illustrates, by way of example, the interface 13, used by the terminal device 110 to collect the user login password after the user clicks the start control 404, and should not be construed as a limitation to the embodiment of the present application.

For example, as shown in fig. 6, the user may input fingerprint information (i.e., a login password) in the fingerprint input area 6021, the terminal device 110 detects the user operation, and in response to the user operation, the acquired login password and the device identifier of the cloud application instance 200 are sent to the account management node 140 (i.e., step S220). The account management node 140 may obtain the cloud platform account corresponding to the device identifier according to the identifier account corresponding relationship stored in the database, then obtain the registration password (i.e., fingerprint information input by the user during registration) corresponding to the cloud platform account according to the account password corresponding relationship, then compare the login password with the registration password, and generate verification success information when the login password is consistent with the registration password.

Meanwhile, the cloud application instance 200 may poll the terminal device 110 through a connection channel (e.g., a Notify event channel) to query whether the terminal device 110 has sent the login password and the device identifier to the account management node 140, and in a case that the sending is confirmed, the cloud application instance 200 may send an acquisition request of verification success information to the account management node 140, where the acquisition request also includes the device identifier of the cloud application instance 200. The account management node 140 may determine, according to the device identifier, verification success information of the cloud platform account corresponding to the device identifier, and then return the verification success information (specifically, Token) to the cloud application instance 200 (step S230), and the cloud application instance 200 may send the verification success information to the application service node 120 to request login (step S240).

After receiving the verification success information sent by the account management module 2101, the application service node 120 may send the verification success information to the account management node 140 for verification, after the account management node 140 confirms that the verification success information is recorded, it may further confirm whether an application account is bound to the cloud platform account corresponding to the verification success information, in the case that the application account is not bound, send an application account creation request to the application service node 120, the application service node 120 may create an application account "cloud platform guest 888888", then bind the created new game archive and the application account "cloud platform guest 888888", and then return the application account to the application service node 120, so that the application service node 120 may bind the application account and the cloud platform account. Finally, the application service node 120 may allow the cloud application instance 200 to log in the application service node 120 with a newly-established application account of "cloud platform guest 888888", after the cloud application instance 200 logs in the application service node 120, the generated audio and video stream may be sent to the terminal device 110, the terminal device 110 may play and display the audio and video stream, and for example, the terminal device 110 may display the game interface 14 shown in fig. 7 to the user.

The game interface 14 may include: a prompt box 701 and a game screen 702.

The prompt box 701 may include multiple elements, and fig. 7 illustrates 3 elements as an example, where "a cloud game is running" is used to prompt a name of a currently running cloud application, "13 ms" is used to prompt a current network delay, "east China data center" is used to prompt an address of a data center where the cloud application instance 200 currently running the application is located, it may be understood that, if the network delay is too high, a user may select a closer data center or a data center with a lower network delay, a network delay condition is reduced, and a user experience is improved.

The game screen 702 is used to display a game screen, and the game screen may be specifically generated according to the audio and video stream sent by the cloud application instance 200.

It is understood that fig. 7 only illustrates the game interface 14 after the cloud application instance 200 logs in the application server 120, and should not be construed as a limitation to the embodiment of the present application.

It should be noted that, the user operation listed in fig. 4 to fig. 7 for logging in the application server 120 through the cloud application instance 200 is not limited, and other user operations may also be available in a specific implementation, which is not limited in this embodiment of the present application.

In summary, as can be seen from fig. 4 to 7, when a user logs in 200 the application service node 120 through the cloud application instance 200 each time, the user only needs to use the terminal device 110 to send a login password corresponding to the cloud platform account to the account management node 140 for verification, the user can log in the application service node 120 after verification, and the login password is not needed to be sent to the cloud application instance 200, so that the problem of potential safety hazard when the user logs in the application server 120 through the cloud application instance 200 is solved, and the user experience is improved.

The following describes a payment method based on a cloud application instance after the cloud application instance logs in an application server. As shown in fig. 8, the payment method based on the cloud application instance provided by the present application includes the following steps:

step S810: the cloud application instance 200 sends the order and the device identification to the payment management node 141.

The order comprises a selling object price and a collection account number, wherein the selling object can be a commodity purchased by a user in an application, the price refers to an amount due for the order, and the collection account number can be a collection account number of a supplier of the application service node. In a specific implementation, the order may further include information describing the order, such as an order number, an application account number of the user, a commodity name of the selling object, discount offers, a purchase amount, and the like. For example, if the application executed by the cloud application instance 200 is a game, the order may be an order generated by the user terminal 110 remotely controlling the cloud application instance 200 to purchase payment items or virtual money in the game, and the order may include information such as an order number, an application account number of the user, and names, amounts, discount offers, and amount due of the payment items or virtual money purchased by the account number. If the application run by the cloud application instance 200 is a shopping platform application of a certain type, the order may be an order generated by the terminal device 110 for remotely controlling the cloud application instance 200 to purchase goods on the shopping platform, and the order may include information such as an order number, a name of goods purchased by the user, a quantity, a discount, an amount due, and a shipping address. It should be understood that the foregoing examples are illustrative only, and the present application is not limited thereto.

It should be understood that the device identifier is a device identifier obtained from the connection channel after the terminal device 110 establishes the connection channel with the cloud application instance, and reference may be made to the foregoing for specific descriptions of the device identifier and the connection channel, which is not repeated herein.

It should be noted that, the cloud application instance 200 may send the order and the device identifier to the payment management node 141 through an encryption transmission channel with high security, where the encryption transmission channel may be implemented by an application layer (seventh layer) protocol of an Open System Interconnection Model (OSI), such as an HTTP protocol, an FTP protocol, and other mature communication protocols existing in the industry, and further encryption processing is performed when the application layer protocol is used to transmit data, such as an AES128 encryption algorithm, an RSA encryption algorithm, and the like, so that even if the data is intercepted by an unintended recipient, the transmission content of the request cannot be easily deciphered, thereby preventing privacy information such as the user's order from being lost when the cloud application instance 200 sends the order and the device identifier to the payment management node 141, and improving security of the payment process.

In an embodiment, after the payment management node 141 receives the order and the device identifier, the payment management node 141 records the first corresponding relationship between the order and the device identifier. In this way, when the payment management node 141 receives the order obtaining request with the device identifier sent by the terminal device 110, the order corresponding to the device identifier may be determined according to the previously recorded first corresponding relationship, and then the order is sent to the terminal device 110. The privacy information of the user cannot be transmitted between the terminal device 110 and the cloud application instance 200, and the privacy information of the user is transmitted only through an encryption transmission channel with very high security, so that the privacy security of the user in the payment process is improved.

It should be understood that if a certain cloud application instance generates a plurality of orders in a short time (for example, a user continuously clicks to purchase a certain product in a short time), many orders may correspond to the same device identifier, and therefore, when the payment management node 141 records the first correspondence between the orders and the device identifiers, the receiving time of the received orders may also be recorded, so that, when an order acquisition request sent by the terminal device 110 is received, if it is determined that the number of orders corresponding to the device identifiers is multiple according to the first correspondence, the payment management node 141 may send, to the terminal device 110, an order with the earliest marked receiving time in the plurality of orders that are not acquired by the terminal device 110.

Step S820: the cloud application instance 200 sends an order payment request to the terminal device 110.

The order payment request does not include user privacy information such as an account number and an order of the user, and only comprises one action request. In a specific implementation, the cloud application instance 200 may send the payment request to the terminal device 110 through an event channel, for example, a Notify event pipeline of the foregoing content, where the event pipeline cannot transmit user privacy data and may only transmit desensitized state information or action information, and sending the login request through the pipeline may avoid disclosure of user privacy, and improve security of data transmission. It should be understood that according to the login method and the payment method based on the cloud application instance provided in the embodiment of the present application, the cloud application instance 200 and the terminal device 110 only transmit various action requests, such as a payment request and a login request, through an event channel, do not transmit any information related to user privacy data, and only transmit desensitization information, so that privacy security when a user logs in an application server and pays an order can be ensured to a great extent.

Step S830: the terminal device 110 sends an order obtaining request carrying the device identifier to the payment management node 141 according to the order payment request.

In a specific implementation, the device identifier of the cloud application instance may be, after the terminal device 110 establishes a connection channel with the cloud application instance 200 each time, the terminal device 110 acquires, through the connection channel, the device identifier of the cloud application instance 200 currently connected to the terminal device, and the connection channel used for acquiring the device identifier may be an event channel used for sending a payment request and a login request, or may be another connection channel used for transmitting data between the cloud application instance 200 and the terminal device 110, which is not limited in this application. The content that is not described in the device identifier obtaining process may refer to step S220 of the foregoing content, which is not repeated herein.

Step S840: the payment management node 141 obtains the order from the first corresponding relationship according to the device identifier carried in the order obtaining request, and sends the order to the terminal device 110.

It can be understood that, at step S810, after receiving the order and the device identifier sent by the cloud application instance 200, the payment management node 141 records a first corresponding relationship between the order and the device identifier, so that, when receiving the order obtaining request with the device identifier sent by the terminal device 110 at step S840, the payment management node 141 may determine the order corresponding to the device identifier according to the previously recorded first corresponding relationship, and then send the order to the terminal device 110.

It should be noted that, the payment management node 141 may send the order to the terminal device 110 through an encryption transmission channel with high security, where the encryption transmission channel may be implemented by an application layer protocol of the OSI model, such as an HTTP protocol, an FTP protocol, and so on, and further encryption processing is performed when the data is transmitted using the application layer protocol, such as an AES128 encryption algorithm, an RSA encryption algorithm, and so on, even if the data is intercepted by an unintended recipient, the transmission content of the request cannot be easily deciphered, so that loss of privacy information such as the user's order is avoided, and security of the payment process is improved. In this way, in steps S810 to S840, in the process that the terminal device 110 obtains the order that needs to be paid, the order of the user is transmitted only through the existing mature secure channel in the industry, and only desensitized action information is transmitted between the cloud application instance 200 and the terminal device 110, so that the payment security coefficient is greatly improved.

Step S850: the terminal device 110 receives the order and pays for the order through the payment platform.

In an embodiment, after receiving the order sent by the payment management node 141, the terminal device 110 may first display the order on the terminal device 110 for the user to confirm, and when the user confirms that the order information is correct, display a payment platform selectable by the user to obtain an identifier of the payment platform selected by the user and a payment account and a payment password of the user on the payment platform, and finally, the terminal device 110 sends the identifier of the payment platform, the payment account and the payment password to the payment management node 141.

It should be understood that the payment platform displayed to the user by the terminal device 110, which is available for the user to select, is the payment platform to which the user has bound through the cloud platform 131 before step S810. In brief, a user may bind a payment account of a payment platform commonly used by the user with a cloud platform account, and the terminal device 110 records the binding relationship, so that, in step S860, when the terminal device 110 receives an order and displays the order to the user, the previously bound payment platform may be displayed on the terminal device 110 for the user to select, and after the user selects a payment platform, the payment account of the payment platform previously bound by the user may be obtained according to the previously recorded binding relationship, and then a payment password corresponding to the payment account of the payment platform is obtained from the user.

For example, before step S810, the user binds the payment account of the payment platform 1 and the payment account of the payment platform 2 with the cloud platform account of the user, and then when the terminal device 110 receives the order and displays the order to the user in step S860, the payment platform 1 and the payment platform 2 may be used as payment platforms that can be selected by the user, and assuming that the user selects the payment platform 1, the terminal device 110 may obtain the payment account of the payment platform 1 according to the previously recorded binding relationship, and then obtain the payment password corresponding to the payment account to the user. It should be understood that the above examples are illustrative only and are not to be construed as being particularly limiting.

It should be noted that, if the user sets the default payment platform to pay, the terminal device may also directly obtain the payment password of the default payment platform from the user, and then send the identifier of the default payment platform, the payment account of the default payment platform, and the payment password to the payment management node.

Further, since the payment account and the payment password of the payment platform of the user also belong to the privacy information of the user, when the terminal device 110 sends the payment account and the payment password of the payment platform to the payment management node 141, the payment account and the payment password of the payment platform can be encrypted to generate a serial number, and then the serial number is sent to the payment management node 141 for processing, the payment management node 141 sends the prepaid information containing the serial number to the payment platform 121, and the payment platform 121 can decrypt the serial number to obtain the payment account and the payment password of the user, thereby further improving the security of the payment process.

S860: the payment node 121 verifies the payment password, and if the verification is successful, transmits first payment success information to the payment management node 141.

In an embodiment, after receiving the payment platform identifier, the payment account, and the payment password sent by the terminal device 110, the payment management node 141 sends the payment account, the payment password, the collection account recorded in the order, and the price of the selling object to the payment platform 121 according to the identifier of the payment platform, and if the payment platform 121 successfully verifies the payment account according to the payment password, deducts the payment account and sends the first successful payment information to the payment management node 141. In other words, the payment account and the payment password of the user are forwarded to the payment platform by the payment management node 141, and it can be known by referring to the foregoing contents that the payment account and the payment password of the user can be encrypted into a serial number and then transmitted, and since the payment management node 141 cannot know the encryption manner, the privacy information of the user can still be guaranteed. It should be understood that the payment account and the payment password of the user are forwarded by the payment management node 141, so that multiple interactions among the terminal device, the payment management node, and the payment platform can be avoided, the payment efficiency is improved, and the user experience is improved.

Alternatively, the terminal device 110 may also send the identifier of the payment platform selected by the user to the payment management node 141, and send the obtained payment password to the payment platform 121 for verification by bypassing the payment management node. In a specific implementation, the payment management node 141 may send the prepaid information to the corresponding payment platform according to the identifier of the payment platform, the prepaid information includes the above-mentioned payment account number, the price of the selling object, and the collection account number, and then the payment platform generates a transaction serial number according to the prepaid information, and returns the transaction serial number to the payment management node 141, the payment management node 141 transmits the transaction serial number to the terminal device 110, the terminal device 110 after acquiring the payment password of the user, the payment password and the transaction serial number are sent to the payment platform 121, the payment platform 121 can determine the prepayment information according to the transaction serial number, then verify the payment password according to the payment account number in the prepayment information, and deduct the payment account number if the verification is successful, and send the first payment success information to the payment management node 141 after the deduction is successful. In the process of paying the order by the terminal equipment, the payment management node and the cloud application instance cannot acquire the payment password of the user, so that the safety of payment of the user through the cloud application instance is ensured to a great extent.

The payment account in the prepaid information is a payment account of the user on the payment platform, the collection account may be a collection account of the provider of the cloud platform 131 on the payment platform, or may be a collection account of the provider of the application service node 120 on the payment platform, and the price of the selling object is the amount due for the order. It should be understood that the prepaid information generated by the payment manager node 141 may also include more contents, and the payment manager node 141 may generate corresponding prepaid information according to necessary parameters in the payment interface provided by each payment platform 121. For example, a certain payment platform 121 needs the prepaid information to include a merchant number of a merchant, a description of a product created according to the specification of the payment platform 121, and the like, the prepaid information generated by the payment management node 141 needs to include the merchant number, the description of the product, and the like.

In a specific implementation, after receiving the prepaid information sent by the payment management node 141, the payment platform 121 generates a transaction serial number according to the prepaid information, records a second correspondence between the transaction serial number and the prepaid information, then sends the transaction serial number to the payment management node 141, after receiving the transaction serial number, the payment management node 141 returns the transaction serial number to the terminal device 120, and the terminal device 120 can obtain a payment password from the transaction serial number to the user to request a payment order. It can be understood that after the terminal device 110 confirms the order and selects the payment platform, the payment application installed on the terminal device 110 is operated to allow the user to pay for the order, the payment application corresponds to the payment platform selected by the user, and neither the payment account nor the payment password of the payment platform of the user needs to be sent to the cloud application instance 200, so that the problem of potential safety hazard when the user pays the order through the cloud application instance 200 is solved.

It should be noted that, after the payment management node 141 generates the prepaid information, the third corresponding relationship between the order and the prepaid information may be recorded, and after receiving the transaction serial number, the second corresponding relationship between the transaction serial number and the prepaid information may also be recorded, so that, after the user pays successfully, the payment management node 141 receives the first payment success information returned by the payment platform 121, and whether the first payment success information carries the transaction serial number or the prepaid information, the order with successful payment may be determined according to the previously recorded second corresponding relationship and/or third corresponding relationship, so that the scheme of the present application has general applicability.

It can be understood that, if the payment password authentication fails, or the payment password authentication succeeds but the money transfer fails due to reasons such as network, platform maintenance, or insufficient balance of the payment account of the user, the payment node 121 may return payment failure information to the terminal device 110 for the user terminal 110 to perform the re-payment.

S870: the payment management node 141 sends the second payment success information to the application service node, and the application service node 120 records that the order is in effect according to the second payment success information, and notifies the cloud application instance that the order is in effect, that is, a payment process based on the cloud application instance can be completed.

For example, the application service node 120 is a game service node, the user uses the application account X to purchase a "novice gift bag" with a value of 30 yuan of money in a game, after receiving the first payment success information sent by the payment platform Y, the payment management node 141 determines an order with a successful payment according to the first payment success information, that is, the application account X purchases an order of the "novice gift bag" with a value of 30 yuan of money in the game, then the payment management node 141 sends the second payment success information to the game service node, the game service node can take effect on the order according to the second payment success information, send the "novice gift bag" to a game package of the application account, the cloud application instance 200 can send an audio/video stream to the terminal device 110, and the terminal device 110 displays the "novice gift bag" on a game package interface of the user.

In an embodiment, after the payment management node 141 receives the first payment success information, if the first payment success information only includes the transaction serial number, the payment management node 141 may determine prepaid information corresponding to the transaction serial number according to the transaction serial number in the first payment success information and a previously recorded second corresponding relationship, then determine an order corresponding to the prepaid information according to the prepaid information and a previously recorded third corresponding relationship, and then send the second payment success information to the application service node 120; if the first payment success information includes the prepayment information, the payment management node 141 may determine the order corresponding to the prepayment information directly according to the third corresponding relationship, and then send the second payment success information to the application service node 120.

It should be noted that the second payment success information generated by the payment management node 141 is used to notify the application service node 120 that the order is paid, so that the second payment success information includes partial information that may include the order, and may also include the complete content of the order, which is not limited in this application. For example, the second payment success information may include an order number, and after receiving the second payment success information, the application service node 120 may determine the order with which the payment is successful according to the order number, and then generate the order validation information.

It should be noted that the account management node 140 in the steps S210 to S240 and the payment management node 141 in the steps S810 to S870 may be the same node, or may be two nodes in different geographic locations, one is responsible for processing the login process of the steps S210 to S240, and one is responsible for processing the payment process of the steps S810 to S870, which is not limited in this application.

In summary, according to the payment method based on the cloud application instance 200 provided by the application, the cloud application instance sends the order to be paid by the user to the payment management node, the terminal device held by the user obtains the order from the payment management node, and the payment application running on the terminal device is used for paying the order.

Assuming that, in the application scenario shown in fig. 3, after the user logs in the application service node 120 by using the cloud application instance 200 through the above steps 1 to 14, in the process of playing a game by using the cloud application instance 200, the user needs to purchase a certain service in the application, such as a "40-yuan novice gift package", and the following describes steps of the above payment method based on the cloud application instance in the application scenario provided in this application with reference to fig. 9.

Step 15, the account management module 2101 sends a payment request to the game cloud side SDK 2102.

The payment request may be generated during the process of remotely operating the cloud application instance 200 by the terminal device 110, and the payment request may include an order, and the order may specifically include an order number, an application account number of the user, and a name (50 yuan for a novice gift package), a quantity (1), a discount (10 yuan), a collection account number (a collection account number of an operator of the cloud game), and a payment amount (40 yuan), and other information.

Step 16, the game cloud side SDK2102 sends the order to the payment management node 141.

In a specific implementation, the game cloud side SDK2102 may further send the device identifier of the cloud application instance 200 to the payment management node 141, and the payment management node 141 records the first corresponding relationship between the device identifier and the order.

It should be noted that, the content not described in the foregoing steps 15 to 16 may refer to step S810 of the foregoing content, and is not repeated herein.

Step 17, the game cloud side SDK2102 sends an order payment request to the cloud application engine 220.

Step 18, the cloud application engine 220 sends an order payment request to the micro-terminal SDK1102 on the terminal device 110.

In a specific implementation, the cloud application engine 220 may send an order payment request, such as a Notify event channel, to the backend SDK1102 through the event channel used for transmitting desensitization information such as event information and state information in the foregoing content.

Step 19, the micro-peer SDK1102 sends an order payment request to the game-peer SDK 1101.

It should be noted that, the content not described in the above steps 17 to 19 may refer to step S820 of the foregoing content, and is not repeated herein.

Step 20, the game side SDK1101 sends an order obtaining request carrying the device identifier to the payment management node 141 according to the order payment request, and the payment management node 141 obtains the order from the first corresponding relationship according to the device identifier carried by the order obtaining request and returns the order to the game side SDK.

In a specific implementation, the device identifier is the device identifier of the cloud application instance 200, which is obtained by the terminal device 110 from the connection channel after the connection channel is established between the cloud application instance 200 and the terminal device 110. Specifically, reference may be made to the foregoing, and details are not repeated here.

Step 21, the game side SDK1101 confirms to the user whether the order information is accurate. Specifically, the game side SDK1101 generates an order page to be presented to the user for the user to confirm whether the order information is correct.

After the user confirms that the order information is correct, the game side SDK1101 sends the identifier of the payment platform selected by the user and the payment account number of the payment platform to the payment management node 141.

In a specific implementation, after the user confirms that the order information is correct, the game side SDK1101 displays a selectable payment platform to the user, and then sends the identifier of the payment platform selected by the user and the payment account of the user on the payment platform to the payment management node 141. Wherein, the payment platform exposed by the game side SDK1101 is the payment platform to which the user has bound through the cloud platform 131 before step 15. In brief, a user may bind a payment account of a payment platform commonly used by the user with a cloud platform account, and the terminal device 110 may record the binding relationship, so that when the terminal device 110 receives an order and displays the order to the user, the previously bound payment platform may be displayed on the terminal device 110 for the user to select, and after the user selects a payment platform, the previously bound payment account of the payment platform of the user may be obtained according to the previously recorded binding relationship, and fig. 9 illustrates an example in which the user selects a payment platform 1 to pay the order, so that in step 22, the game end side SDK1101 sends an identifier of the payment platform 1 and the payment account of the payment platform 1 to the payment management node 141.

It should be noted that, if the user sets a default payment order using the payment platform 1, the game side SDK1101 may no longer display the bound payment platform to the user, and directly send the identifier of the default payment platform 1 and the payment account to the payment management node 141.

Step 23, the payment management node 141 sends the prepaid information to the payment platform 1 according to the identifier of the payment platform 1. The prepay information includes the payment account number of the payment platform 1, the price of the selling object (i.e. 40 yuan), and the collection account number of the cloud platform at the payment platform 1.

It should be understood that the prepaid information also includes some necessary information provided by the authority of the payment platform 1 when invoking the payment interface, such as the merchant number, device number, description of the goods, order number, total amount of the order, etc. for describing the order.

And 24, generating a transaction serial number by the payment platform 1 according to the prepayment information, recording a second corresponding relation between the transaction serial number and the prepayment information, and returning the transaction serial number to the payment management node 141.

Step 25, the payment management node 141 receives the transaction serial number, records the second correspondence between the transaction serial number and the prepayment information, records the third correspondence between the prepayment information and the order, and sends the transaction serial number to the game side SDK1101 of the terminal device 110.

It should be noted that, the content not described in the foregoing steps 20 to 25 may refer to the foregoing steps S830 to S840, and is not repeated herein.

Step 26, the game side SDK1101 sends the transaction serial number to the payment SDK1, and after the payment SDK collects the payment password of the user, the payment password and the transaction serial number are sent to the payment platform 1.

It should be understood that the terminal device 110 may be installed with a plurality of payment SDKs, each of which is connected to a different payment platform, and fig. 9 illustrates an example in which the payment platform 1 is connected to the payment SDK1, and the application does not limit the number of the payment SDKs.

Step 27, the payment platform 1 obtains the prepaid information corresponding to the transaction serial number according to the transaction serial number and the second corresponding relationship (the second corresponding relationship between the transaction serial number and the prepaid information recorded in step 24), verifies the payment password according to the payment account number in the prepaid information, deducts the payment account number if the verification is successful, and sends first payment success information to the payment management node 141 if the deduction is successful, wherein the first payment success information includes the transaction serial number.

It should be noted that, the content not described in the foregoing steps 25 to 27 may refer to step S850 of the foregoing content, and is not repeated herein.

Step 28, the payment management node 141 determines the prepaid information corresponding to the transaction serial number according to the transaction serial number in the first payment success information and the recorded second corresponding relationship (the second corresponding relationship between the transaction serial number and the prepaid information recorded in step 25), then determines the order corresponding to the prepaid information according to the prepaid information and the recorded third corresponding relationship (the third corresponding relationship between the prepaid information and the order recorded in step 25), and sends second payment success information to the application management node 120 according to the order, wherein the second payment success information includes the order number.

It should be noted that, the content not described in step 28 may refer to step S860 of the foregoing content, and is not repeated here.

Step 29, the application management node 120 determines the order with which the user has successfully paid according to the order number in the second payment success information, then validates the order, installs the "50-yuan novice gift package" purchased by the user under the application account of the user, and generates order validation information.

And step 30, the payment SDK1 receives the third payment success information sent by the payment platform 1. In a specific implementation, step 30 and step 27 may be executed simultaneously or non-simultaneously, and the present application is not limited specifically.

Step 31, the cloud application engine 220 polls the micro-terminal SDK1102 to determine whether the terminal device 110 receives the third payment success information sent by the payment platform 1. The channels used for polling may also be the event channels used for transmitting desensitization information in the foregoing, such as Notify event channels.

In a specific implementation, step 31 may be started after step 16 is finished, that is, after the game cloud side SDK2102 of the cloud application instance 200 sends the order and the device identifier to the payment management node 141, the cloud application engine 220 may start to continuously poll the backend SDK 1102.

Step 32, after the cloud application engine 220 confirms that the terminal device 110 receives the third successful payment information sent by the payment platform 1, the account management module 2101 is notified that the order payment is successful, the account management module 2101 obtains the order validation information from the application service node 120, the cloud application instance 200 can generate an audio/video stream and send the audio/video stream to the terminal device, and the terminal device 110 can display a page on which the order payment is successful.

It should be noted that, the content not described in the foregoing step 29 to step 32 may refer to step S870 of the foregoing content, and is not repeated herein.

In the method, the cloud application instance sends the order to be paid by the user to the payment management node, the terminal device held by the user obtains the order from the payment management node, and the payment application running on the terminal device is used for paying the order.

In order to facilitate understanding of the beneficial effects of the payment method based on the cloud application example proposed in the embodiment of the present application, for example, the application scenario described in fig. 9 above is taken as an example, and some exemplary graphical user interfaces during the above-mentioned steps S15 to step 32 are introduced.

Fig. 10 illustrates an exemplary mall interface 15 for a cloud game on a terminal device 110. The mall interface is generated by the terminal device 110 according to the audio and video stream sent by the cloud application instance 200, and the mall interface 15 may include: the hot commodity display frame 901. The hot merchandise display box 901 may include a title bar 9011, a close control 9012, a plurality of merchandise controls 9013, wherein,

the title bar 9011 is used for displaying the current commodity category, and the representation form of the title bar 9011 may be text information, an icon or other forms.

The close control 9012 may receive a user operation (e.g., a touch operation) in response to which the current mall interface 15 is to be closed.

The multiple commodity controls 9013 are configured to display icons of purchasable commodities, each icon may receive a user operation (for example, a touch operation), and in response to the detected user operation, the terminal device may send the user operation to the cloud application instance, and the cloud application instance may generate a corresponding order and then send the order to the payment management node 140.

It is understood that fig. 10 only illustrates an interface of the cloud platform application on the terminal device 110, and should not be construed as a limitation to the embodiment of the present application.

For example, as shown in fig. 10, a user may click on "newsfeed gift package 50 yuan" in the multiple merchandise controls 9013, the terminal device 110 detects the user operation, sends the user operation to the cloud application instance 200, the cloud application instance may generate an order for the user to purchase "newsfeed gift package 50 yuan" in response to the user operation, then sends the order and the device identifier to the payment management node 141, and sends an order payment request to the terminal device 110 (specifically, reference may be made to steps S810 to S820 and steps 15 to 18 of the foregoing contents), the terminal device 110 may obtain the order from the payment management node 141 in response to the payment request, and the terminal device 110 displays the order confirmation interface 16 shown in fig. 10 to the user.

The order confirmation interface 16 may include: order confirmation display box 101. The order confirmation display box 101 includes a confirmation control 1011 and a cancellation control 1012.

Confirmation control 1011 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may generate an order confirmation message, and in response to the user operation if the user does not set a default payment platform, terminal device 110 may also generate a payment platform selection interface 17, which is described below.

Cancel control 1012 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may close current order confirmation interface 16, returning to the last user interface, such as interface 15.

The order confirmation display frame 101 may further include a plurality of elements, and fig. 10 illustrates 3 elements as an example, in which a "novice gift bag" and a "50 yuan" are used to confirm to the user whether the name of the purchased commodity is correct, a "offer" and a "10 yuan" are used to confirm to the user whether the offer information for purchasing the commodity is correct, and a "total of 1 piece" and a "total of 40 yuan" are used to confirm to the user whether the quantity and amount of the purchased commodity are correct. The order confirmation display 101 may also include further elements, not illustrated here.

It should be understood that fig. 10 is only an exemplary illustration of the order confirmation interface 15 and should not be construed as limiting the embodiments of the present application.

Illustratively, as shown in fig. 12, the user may click on a confirmation control 1011, and the terminal device 110 detects the user operation, and in response to the user operation, the terminal device may display a payment platform selection interface 17 as shown in fig. 12 to the user.

The payment platform selection interface 17 may include: the payment platform display box 111, where the payment platform display box 111 may include a plurality of payment platform controls, each of which may receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may transmit an identifier of a payment platform selected by a user and a payment account of the payment platform to the payment management node 141, and start a corresponding payment application to pay the order. Fig. 12 illustrates 2 payment platforms as an example, which are respectively a control of the payment platform 1 and a control of the payment platform 2.

It should be noted that the payment platform that can be selected by the user and displayed in the payment display box 111 is a payment platform that the user has bound to the cloud platform before, and in brief, before the user starts ordering in the application, the user has bound the cloud platform account with the required payment account of the payment platform 1 and the payment account of the payment platform 2 through the cloud platform, so that the payment display box 111 only displays two payment platforms, namely, the payment platform 1 and the payment platform 2, for the user to select.

It is understood that fig. 11 is only an exemplary illustration of the payment platform selection interface 17 on the terminal device 110, and should not be construed as a limitation on the embodiments of the present application.

Illustratively, as shown in fig. 12, a user may click a payment application 1 control in a payment platform display box 111, the terminal device 110 detects the user operation, in response to the user operation, the terminal device 110 may transmit an identifier of a payment platform 1 corresponding to the payment application 1 selected by the user and a payment account of the payment platform 1 to a payment management node 141, the payment management node 141 generates prepaid information (including at least an amount due, a payment account and a collection account, where the payment account is a payment account of the user, the collection account may be a collection account of an application service node provider or a collection account of a cloud platform provider, and the application is not particularly limited) according to the identifier of the payment platform 1 selected by the user and the payment account of the payment platform 1, and then transmits the prepaid information to the payment platform 1 corresponding to the identifier of the payment platform 1, after the payment platform 1 generates the transaction serial number according to the prepaid information, the transaction serial number is returned to the payment management node 141, and after the payment management node 141 sends the transaction serial number to the terminal device 110, the terminal device 110 may start the payment application 1 on the terminal device to perform the operation of a payment order, and for example, the terminal device 110 may display the prompt interface 18 as shown in fig. 12.

The prompt interface 18 may include: a prompt box 121, where the prompt box 121 is used to prompt the user whether to start the payment application 1 to pay for the order. The prompt box 121 may include a cancel control 1211 and an open control 1212.

Cancel control 1211 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may cancel launching payment application 1 and display a last user interface of prompt interface 18, e.g., user interface 17.

The open control 1212 may receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may launch the payment application 1 and display a payment interface of the payment application 1 to the user.

It is understood that fig. 12 is only an exemplary illustration of the presentation interface 18 on the terminal device 110, and should not be construed as a limitation on the present application.

Illustratively, as shown in fig. 13, the user may click on an open control 1212, the terminal device 110 detects the user operation, and in response to the user operation, the payment application 1 installed on the terminal device 110 is started, and the payment interface 19 shown in fig. 13 is displayed.

The payment interface 19 may include: title bar 131, collection prompt box 132, payment control 133, and return control 134.

The title bar 131 may be used to indicate the name of the order to be paid, the payment amount, and the like, and the title bar 131 may further include more elements, and fig. 13 illustrates the name of the order and the payment amount, which is not limited in this application.

The collection prompt box 132 may be used to display information of the payee to the user, and fig. 13 illustrates that a collection account of the payee is a "cloud game," and in a specific implementation, the collection prompt box 132 may further include more contents, such as a merchant number and an order number of the payee, which is not limited in this application.

Payment control 133 may receive a user operation (e.g., a touch operation), and in response to detecting the user operation, terminal device 110 may display payment password input interface 20 to the user.

The return control 134 may receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 may return to the game interface 15 of the "cloud game".

It is understood that fig. 13 is only an exemplary illustration of the payment interface 19 on the terminal device 110, and should not be construed as a limitation on the embodiment of the present application.

Illustratively, as shown in fig. 14, the user may click on the payment control 133, the terminal device 110 detects the user operation, and in response to the user operation, the payment password input interface 20 shown in fig. 14 is displayed to the user. It should be understood that fig. 14 illustrates the distance by taking the payment password as the fingerprint information, the payment password may also be other forms of information such as password information and face information, and the specific form of the login password is not limited in the present application.

The payment password input interface 20 may include: a payment sub-interface 141. The payment sub-interface 141 includes a close control 1411, a toggle password input control 1412, and a fingerprint input area 1413.

The close control 1411 is configured to receive a user operation (e.g., a touch operation), and in response to detecting the user operation, the terminal device 110 may return to the payment interface 19.

Switching password input control 1412 is configured to receive a user operation (e.g., a touch operation), and in response to the detected user operation, terminal device 110 may display an interface for character password input.

The fingerprint input area 1413 is used to prompt the user to input fingerprint information in the area, and the area can receive a user operation (e.g., a touch operation), and in response to the detected user operation, the terminal device 110 can collect the fingerprint information input by the user, that is, a payment password.

It should be understood that fig. 14 merely illustrates, by way of example, the interface 20 for the terminal device 110 to collect the user login password after the user clicks the payment control 133, and should not be construed as a limitation to the embodiment of the present application.

For example, as shown in fig. 15, the user may input fingerprint information (i.e., a payment password) in the fingerprint input area 1413, the terminal device 110 detects the user operation, and in response to the user operation, transmits the collected payment password and the previously received transaction serial number to the payment platform 1, and the payment platform 1 may obtain prepaid information according to the transaction serial number and the recorded third corresponding relationship, and in case that the payment account is successfully verified according to the payment password, transfers the money in the payment account to a collection account, where the money is a "newsletter" money purchased by the user. In case the money transfer is successful, the payment platform sends a third payment success message to the user terminal 110, and the user terminal 110 may display a payment success interface 21 as shown in fig. 15.

The payment success interface 21 includes a payment success prompt box 151, and the prompt box 151 may include a plurality of elements, and fig. 16 illustrates 3 elements, where "payment success" is used to prompt the user that the current order has been successfully paid, "40.00" is used to prompt the user for a payment amount, and "payee cloud game" is used to prompt the user for the name of the payee. The payment success prompt box 151 may also include further elements, not illustrated here.

It should be understood that, while the payment platform sends the third payment success information to the user terminal 110, it may also send the first payment success information to the payment management node 140, where the first payment success information includes the transaction serial number. The payment management node 140 may obtain the prepaid information corresponding to the transaction serial number according to the transaction serial number and the recorded second corresponding relationship, and determine the order corresponding to the prepaid information according to the recorded third corresponding relationship, so as to generate second payment success information, and send the second payment success information to the application service node 120, so as to notify that the order is successfully paid. The second payment composition information may carry partial information of the order, such as an order number, an application account number of the user, a name of a purchased commodity, and the like. The application service node 120 may validate the order according to the second payment success information, and issue the "50-yuan novice gift package" purchased by the user to the application account of the user.

For example, the user may click on the return control 131 in the interface 21, and after returning to the cloud game interface, the user may see that the purchased "novice gift bag" is already in the game package. It is to be understood that the above description is intended to be illustrative, and not restrictive.

It is to be understood that fig. 15 is merely an exemplary illustration of the payment success interface 21 and should not be construed as limiting the embodiments of the present application.

It should be noted that, without limitation, user operations in the payment method based on the cloud application example 200 listed in fig. 10 to fig. 15 may also be other user operations in a specific implementation, and this is not limited in this embodiment of the present application.

As can be seen from fig. 10 to 15, according to the login method based on the cloud application instance provided by the application, when a user uses the cloud application instance to pay an order, the user starts a payment application installed on the terminal device 110 itself to pay the order, instead of remotely operating the cloud application instance to pay the order, so that the security of the payment performed by the user through the cloud application instance is ensured to the greatest extent, and the use experience of the user is also improved.

The method of the embodiments of the present application is explained in detail above, and in order to better implement the above-mentioned solution of the embodiments of the present application, correspondingly, the following also provides the related apparatus for implementing the above-mentioned solution cooperatively.

Fig. 16 is a schematic structural diagram of a terminal device 110 provided in the present application, and as shown in fig. 16, the terminal device 110 provided in the present application may include a receiving module 1601, an obtaining module 1602, a processing module 1603, and a creating module 1604.

The receiving module 1601 is configured to receive an order payment request sent by a cloud application instance.

The obtaining module 1602 is configured to send an order obtaining request carrying the device identifier of the cloud application instance to a payment management node according to the order payment request, where the payment management node records a corresponding relationship between the order and the device identifier.

The receiving module 1601 is configured to receive an order sent by the payment management node according to the order obtaining request.

Processing module 1603 is used for processing the order.

In an embodiment, the establishing module 1604 is configured to establish a connection channel with the cloud application instance before the receiving module 1601 receives the order payment request sent by the cloud application instance, and acquire the device identifier of the cloud application instance from the connection channel.

In one embodiment, processing module 1603 is configured to display the order; the processing module 1603 is configured to obtain an identifier of a payment platform selected by a user, a payment account and a payment password of the user on the payment platform; processing module 1603 is configured to send the identifier of the payment platform, the payment account and the payment password to the payment management node.

It should be understood that the internal unit modules of the terminal device 110 shown in fig. 16 may also have various partitions, and each module may be a software module, a hardware module, or a part of a software module and a part of a hardware module, which is not limited in this application. Fig. 16 is an exemplary division, and the present application is not limited in particular.

According to the terminal equipment, when a user uses the cloud application instance to pay an order, the cloud application instance sends the order to the payment management node, the terminal equipment obtains the order needing to be paid from the payment management node, payment is conducted on the order through payment software installed on the terminal equipment, in the whole payment process, the cloud application instance cannot receive any privacy information related to payment of the user, such as a payment account number and a payment password of a payment platform, and therefore the safety of payment conducted by the user through the cloud application instance is guaranteed to the greatest extent.

Fig. 17 is a schematic structural diagram of a payment management node 141 provided in the present application, and as shown in fig. 17, the payment management node 141 includes a receiving module 1411, a recording module 1412, an obtaining module 1413, and a sending module 1414.

The receiving module 1411 is configured to receive the order and the device identifier sent by the cloud application instance.

The recording module 1412 records the corresponding relationship between the order and the device identifier.

The receiving module 1411 is configured to receive an order obtaining request sent by a terminal device, where the order obtaining request is generated after the terminal device receives an order payment request sent by a cloud application instance, and the order obtaining request carries the device identifier.

The obtaining module 1413 is configured to obtain the order from the correspondence between the order and the device identifier according to the device identifier carried in the order obtaining request.

The sending module 1414 sends the order to the terminal device so that the terminal device receives and processes the order.

In an embodiment, the receiving module 1411 is configured to receive an identifier of a payment platform, a payment account and a payment password sent by a terminal device, where the identifier of the payment platform is an identifier of a payment platform selected by a user, and the payment account and the payment password are obtained by the terminal device to the user; the sending module 1414 is configured to send a payment account, a payment password, a collection account recorded by the order, and a price of the selling object to the payment platform according to the identifier of the payment platform; the receiving module 1411 is configured to receive first payment success information sent by the payment platform when the payment platform successfully verifies the payment account according to the payment password; the sending module 1414 is configured to send the second payment information to the application service node, so that the application service node takes the order into effect according to the second payment success information.

It should be understood that the internal unit modules of the payment management node 141 shown in fig. 17 may also be divided into multiple parts, and each module may be a software module, a hardware module, or a part of a software module and a part of a hardware module, which is not limited in this application. Fig. 17 is an exemplary division, and the present application is not limited in particular.

According to the payment management node, when a user uses the cloud application instance to pay an order, the cloud application instance sends the order to the payment management node, the terminal equipment obtains the order needing payment from the payment management node, payment is conducted on the order through payment software installed on the terminal equipment, in the whole payment process, the cloud application instance cannot receive any privacy information related to payment of the user, such as a payment account number and a payment password of a payment platform, and therefore the safety of payment conducted by the user through the cloud application instance is guaranteed to the greatest extent.

Fig. 18 is a schematic hardware configuration diagram of a computing device 1800 according to an embodiment of the present disclosure. Computing device 1800 may be, among other things, payment management node 141 in the embodiments of fig. 1-17. As shown in fig. 18, computing device 1800 includes: a processor 1810, a communication interface 1820, and a memory 1830. The processor 1810, the communication interface 1820, and the memory 1830 may be connected to each other via an internal bus 1840, or may communicate with each other via other means such as wireless transmission. In the embodiment of the present application, the bus 1840 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like, for example. The bus 1840 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 18, but this does not mean only one bus or one type of bus.

The processor 1810 may be formed of at least one general-purpose processor, such as a Central Processing Unit (CPU), or a combination of a CPU and a hardware chip. The hardware chip may be an Application-Specific Integrated Circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a Field-Programmable Gate Array (FPGA), General Array Logic (GAL), or any combination thereof. Processor 1810 executes various types of digitally stored instructions, such as software or firmware programs stored in memory 1830, which enable computing device 1800 to provide a variety of services.

The memory 1830 is used for storing program codes and is controlled by the processor 1810 to execute to perform the processing steps of the payment management node in any one of the embodiments of fig. 1-16. The program code may include one or more software modules, which may be software modules provided in the embodiment of fig. 17, such as a receiving module, a recording module, an obtaining module, and a sending module, where the receiving module is configured to receive an order and an equipment identifier sent by a cloud application instance, the recording module records a correspondence between the order and the equipment identifier, the receiving module is further configured to receive an order obtaining request sent by a terminal device, and the obtaining module is configured to obtain the order from the correspondence between the order and the equipment identifier according to the equipment identifier carried by the order obtaining request. Specifically, the method may be used to execute step S810, step S830 to step S840, step S860 to step S870 and optional steps thereof in the embodiment of fig. 8, step 16, step 20 to step 22, step 27 to step 28 and optional steps thereof in the embodiment of fig. 9, and may also be used to execute other steps executed by the payment management node described in the embodiments of fig. 1 to fig. 15, which is not described herein again.

It should be noted that the present embodiment may be implemented by a general physical server, for example, an ARM server or an X86 server, or may also be implemented by a virtual machine implemented based on the general physical server and combining with the NFV technology, where the virtual machine refers to a complete computer system that has a complete hardware system function and is run in a completely isolated environment through software simulation, and the present application is not limited in particular.

The Memory 1830 may include a Volatile Memory (Volatile Memory), such as a Random Access Memory (RAM); the Memory 1030 may also include a Non-Volatile Memory (Non-Volatile Memory), such as a Read-Only Memory (ROM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, HDD), or a Solid-State Drive (SSD); the memory 1830 may also include a combination of the above categories. The memory 1830 may store program codes, and particularly may include program codes for performing the steps performed by the payment management node according to the embodiments described in fig. 1 to fig. 15, which are not described in detail herein.

The communication interface 1820 may be a wired interface (e.g., an ethernet interface), may be an internal interface (e.g., a Peripheral Component Interconnect express (PCIe) bus interface), a wired interface (e.g., an ethernet interface), or a wireless interface (e.g., a cellular network interface or using a wireless lan interface) for communicating with other devices or modules.

It should be noted that fig. 18 is only one possible implementation manner of the embodiment of the present application, and in practical applications, the computing device may further include more or less components, which is not limited herein. For the content that is not shown or described in the embodiment of the present application, reference may be made to the related explanation in the foregoing embodiments of fig. 1 to fig. 15, which is not described herein again.

It should be understood that the payment management node provided herein may also be a server cluster formed by at least one server, each server in the server cluster may be implemented by the computing device shown in fig. 18, and the present application is not limited in particular.

Fig. 19 is a schematic hardware structure diagram of a terminal device 110 according to an embodiment of the present disclosure. As shown in fig. 19, the terminal device 110 includes: a processor 1910, a communication interface 1920, and a memory 1930. The processor 1910, the communication interface 1920, and the memory 1930 may be connected to each other via an internal bus 1940, or may communicate via other means such as wireless transmission. In the embodiment of the present application, the bus 1940 is exemplified by a PCI bus or an EISA bus. The bus 1940 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 19, but it is not intended that there be only one bus or one type of bus.

The processor 1910 may be constituted by at least one general-purpose processor, such as a CPU, or a combination of a CPU and hardware chips. The hardware chips may be ASICs, PLDs, or a combination thereof. The aforementioned PLD may be a CPLD, an FPGA, a GAL, or any combination thereof. Processor 1910 executes various types of digitally stored instructions, such as software or firmware programs stored in memory 1930, which enable terminal device 110 to provide a wide variety of services.

The memory 1930 is used for storing program codes and is controlled by the processor 1910 for execution to perform the processing steps of the terminal device in any of the embodiments of fig. 1-15. The program code may include one or more software modules, which may be the software modules provided in the embodiment of fig. 16, such as a receiving module, an obtaining module, a processing module, and an establishing module, where the establishing module is configured to establish a connection channel with a cloud application instance and obtain a device identifier of the cloud application instance from the connection channel, the receiving module is configured to receive an order payment request sent by the cloud application instance, the obtaining module is configured to send an order obtaining request carrying the device identifier of the cloud application instance to a payment management node according to the order payment request, the processing module is configured to process an order, and is specifically configured to perform steps S820 to S830, step S850, and optional steps S thereof in the embodiment of fig. 8, steps 18 to 22, steps 24 to 26, and optional steps thereof in the embodiment of fig. 5, and may also be configured to perform other steps performed by the terminal device described in the embodiments of fig. 1 to fig. 15, and will not be described in detail herein.

Memory 1930 can include volatile memory, such as RAM; the memory 1930 may also include non-volatile memory, such as ROM, flash memory, HDD, or SSD; the memory 1930 may also include combinations of the above categories. The memory 1930 may store program codes, and may specifically include program codes for performing other steps described in the embodiments of fig. 1 to 15, which are not described herein again.

Communication interface 1920 may be a wired interface (e.g., an ethernet interface), may be an internal interface (e.g., a PCIe bus interface), a wired interface (e.g., an ethernet interface), or a wireless interface (e.g., a cellular network interface or using a wireless local area network interface) for communicating with other devices or modules.

It should be noted that fig. 19 is only one possible implementation manner of the embodiment of the present application, and in practical applications, the terminal device may further include more or less components, which is not limited herein. For the content that is not shown or described in the embodiment of the present application, reference may be made to the related explanation in the foregoing embodiments of fig. 1 to fig. 15, which is not described herein again.

Embodiments of the present application also provide a computer-readable storage medium, in which instructions are stored, and when the computer-readable storage medium is executed on a processor, the method flows shown in fig. 1 to 15 are implemented.

Embodiments of the present application also provide a computer program product, and when the computer program product is run on a processor, the method flows shown in fig. 1-15 are implemented.

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product includes at least one computer instruction. The procedures or functions according to the embodiments of the invention are wholly or partly generated when the computer program instructions are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, a data center, or the like that contains at least one collection of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., Digital Video Disc (DVD), or a semiconductor medium.

While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.