阅读说明：本技术 在非稳定网络环境下可信的公共交通身份认证和联机支付系统 (Credible public transport identity authentication and online payment system under unstable network environment ) 是由 吴本林 刘有斌 李五发 于 2021-09-03 设计创作，主要内容包括：本发明涉及联机支付技术领域,具体地说,涉及在非稳定网络环境下可信的公共交通身份认证和联机支付系统。其包括用户端、服务端和前端,所述用户端用于采用公交卡为载体进行消费识别,所述服务端用于车载POS读取用户端的信息进行身份认证,传送扣款数据至用户端,在用户端余额不足时建立与前端的消费联系,所述前端用于接收所述服务端的扣款数据,管理用户端数据,所述用户端、服务端和前端之间通过通信协议传输数据,所述通讯协议包括数据依次响应算法。本发明使用户在余额不足时先乘车,后续通过前端支付,且在非稳定网络环境下使用户发布的命令信号避免信号错乱,避免网络不稳定造成的等待超时。(The invention relates to the technical field of online payment, in particular to a credible public transportation identity authentication and online payment system under an unstable network environment. The system comprises a user side, a server side and a front end, wherein the user side is used for consumption identification by adopting a bus card as a carrier, the server side is used for a vehicle-mounted POS (point of sale) to read information of the user side for identity authentication, transmit money deduction data to the user side, establish consumption contact with the front end when the balance of the user side is insufficient, the front end is used for receiving the money deduction data of the server side and managing the data of the user side, the data are transmitted among the user side, the server side and the front end through a communication protocol, and the communication protocol comprises a data sequential response algorithm. The invention makes the user ride the bus first when the balance is insufficient, then the user pays through the front end, and makes the command signal issued by the user avoid the signal confusion under the unstable network environment, and avoids the waiting overtime caused by the unstable network.)

1. The credible public transportation identity authentication and online payment system under the unstable network environment is characterized by comprising a user side, a server side and a front end, wherein the user side is used for consumption identification by adopting a bus card as a carrier, the server side is used for reading information of the user side by a vehicle-mounted POS (point of sale) to perform identity authentication, transmitting money deducting data to the user side, establishing consumption contact with the front end when the balance of the user side is insufficient, and the front end is used for receiving the money deducting data of the server side and managing the user side data;

the data is transmitted among the user side, the server side and the front end through a communication protocol, the communication protocol comprises a data sequential response algorithm, and the method comprises the following steps:

a user issues a command signal at a server;

setting a receiving gap threshold, and retransmitting the command when the receiving gap threshold is exceeded until the front end sequentially receives command signals;

when the front end receives the command signal, the command signal is compared with the existing command signal, and if the command signal is repeated, the command signal is deleted, and if the command signal is not repeated, the command signal is responded;

and responding to the command signal to complete the command transmission to the server to receive the next command signal.

2. The system of claim 1, wherein the system comprises: the communication protocol adopts a TCP/IP communication protocol.

3. The system of claim 1, wherein the system comprises: the server comprises a user identification module, an identity authentication module, an online payment module and an account access module;

the user identification module is used for identifying the user side, so that the server side and the front end can be conveniently connected through the user side;

the identity authentication module is used for authenticating the identity of the user;

the online payment module is used for checking and transmitting deduction data to the front end;

the account access module is used for enabling the server to be connected with the front end.

4. The system of claim 3, wherein the system comprises: the user identification module adopts a radio frequency identification non-contact card reader.

5. The system of claim 4, wherein the system comprises: the identity authentication module adopts an identity authentication key protocol and comprises the following steps:

a user registers an account number preset key at the front end as a private key;

and verifying the information currently sent by the user through the contact identification key established between the server and the front end, and if the verification is successful, determining the identity of the current user and successfully authenticating the identity.

6. The system of claim 5, wherein the system comprises: the identity authentication module further comprises an SM4 mode algorithm, the key data field is encrypted, and the encryption steps are as follows:

determining the field key name needing to be encrypted and putting the field key name into an entry list;

determining the encryption security level required to be used and putting the encryption security level into a safecontrol field;

carrying out SM4 encryption on the fields in each token, wherein SM4 adopts a PKCS7/ECB mode;

the encryption result is represented by 16-system upper case and is put into the corresponding field.

7. The system of claim 1, wherein the system comprises: the front end comprises an information receiving module, an account management module and a consumption management module;

the information receiving module is used for receiving data information of the server side and the user side;

the account management module is used for managing the account information of the user;

the consumption management module is used for recharging the amount of money in the user side and carrying out deduction management on the consumption data.

8. The system of claim 7, wherein the system comprises: the consumption management module includes a split payment algorithm, comprising the steps of:

detecting balance in the user side;

comparing the consumption data with balance data in the user side, and deducting the balance in the user side;

transmitting a deduction signal to a consumption management module to carry out off-line deduction when the consumption data overflow;

and reminding the user of payment processing when the offline deduction exceeds a preset value.

9. The system of claim 8, wherein the system comprises: the split payment algorithm has the following calculation formula:

wherein, a is the balance in the user terminal, b is the consumption data value, and c is the balance overflow value.

Technical Field

The invention relates to the technical field of online payment, in particular to a credible public transportation identity authentication and online payment system under an unstable network environment.

Background

The IC card is generally used when a bus is taken in a city, a special bus card is provided, and a bus card shared with a bank card is also provided, so that the bus can be used as the bank card and also can be used as the bus card, and a mobile bus card which is put together with a mobile phone SIM card is also provided, so that the bus can be used by swiping a mobile phone for consumption, and a pile of loose money is not needed when the bus leaves, so that the bus is convenient and fashionable;

however, when the balance is insufficient, the current public transport payment system needs to be recharged before taking a bus, so that the trip efficiency is influenced, the payment failure caused by other people and self time is easily delayed, and the trip is influenced;

in addition, data transmission is performed through a communication protocol in an unstable network environment, due to network disconnection caused by poor network quality, a server side does not timely detect network disconnection and always sends messages, transmission failure and waiting timeout are easily caused, or data signal receiving is disordered, for example, when passwords are input, password authentication failure is caused by wrong password sequence received due to network delay, and great damage is caused to user experience.

Disclosure of Invention

The present invention is directed to a public transportation identity authentication and online payment system trusted in an unstable network environment, so as to solve the problems in the background art.

In order to achieve the aim, the invention provides a credible public transportation identity authentication and online payment system under an unstable network environment, which comprises a user side, a server side and a front end, wherein the user side is used for consumption identification by adopting a bus card as a carrier, the server side is used for reading information of the user side by a vehicle-mounted POS (point of sale) to perform identity authentication, transmitting deduction data to the user side, establishing consumption connection with the front end when the balance of the user side is insufficient, and the front end is used for receiving the deduction data of the server side and managing the user side data;

the specific working principle is as follows: the user manages data in the user side at the front end, then the user side can use a bus card to swipe the card, so that the server side reads information of the user side to perform identity authentication, fraudulent people are prevented from being stolen when the user is lost, meanwhile, the server side establishes consumption contact with the front end, consumption amount calculation is facilitated, money deduction data can be transmitted to the user side to be directly deducted, money can be directly deducted when the amount in the user side is enough, consumption contact is established with the front end when the amount in the user side is not enough, the front end receives the money deduction data to perform payment, and meanwhile, the amount can be charged in the user side;

the data is transmitted among the user side, the server side and the front end through a communication protocol, the communication protocol comprises a data sequential response algorithm, and the method comprises the following steps:

a user issues a command signal at a server;

setting a receiving gap threshold, and retransmitting the command when the receiving gap threshold is exceeded until the front end sequentially receives command signals;

when the front end receives the command signal, the command signal is compared with the existing command signal, and if the command signal is repeated, the command signal is deleted, and if the command signal is not repeated, the command signal is responded;

and responding to the command signal to complete the command transmission to the server to receive the next command signal.

The command signals issued by the user can be sequentially executed through a data sequential response algorithm, another command signal is received after one command signal is completed, signal confusion is avoided, failure in sending the commands due to network instability is avoided, meanwhile, a gap threshold value is set, for example, the gap threshold value is set to be 10s, no response command still exists when the time exceeds 10s, the commands are repeatedly issued again until the front end can receive the commands, waiting overtime caused by network instability is avoided, due to the fact that the commands are issued for multiple times, existing command signals can be detected, the commands are deleted if the commands are already issued for multiple times, otherwise, the command signals are responded, repeated commands caused by multiple times of issuing are avoided, and safety of online payment is guaranteed.

In order to improve the practicability, the user side can adopt the riding code as a carrier to carry out consumption identification;

specifically, the personal bus taking code can be generated by the front end, the front end can use an APP (application), a public number applet and the like to call a two-dimensional code front-mounted cluster opening interface to perform account opening and binding operation of the front end, and after the two-dimensional code is generated on line or off line, a user scans the code at a service end to take a bus and simultaneously sends deduction data to the front end to deduct money;

the two-dimensional code adopts a dynamic two-dimensional code, the dynamic two-dimensional code can be automatically changed every ten seconds and can transmit scanning data, so that a payment function is achieved, and the dynamic two-dimensional code is widely applied to various occasions due to the fact that the dynamic two-dimensional code can monitor the scanning data, change contents at any time and store large amount of information, and is higher in safety.

As a further improvement of the technical scheme, the communication protocol adopts a TCP/IP communication protocol, and the TCP/IP communication protocol follows the following rules:

the TCP/IP connection is always established by the call of the server side, and the connection is cut off by the server side.

The data transmission between the server and the front end is always initiated by the server, and the data is transmitted synchronously on a TCP/IP connection, that is, after the server sends the data to the front end, the next data transmission can be started only after the front end response data is received.

The front end cyclically listens to a service request from the server on a connection, that is, the server can send a plurality of service requests by using one connection until the connection is detected to be closed by the server or the data transmission and reception on the connection fails, and when the data transmission and reception on the connection fails, the front end actively disconnects the connection.

The use mode of the connection, that is, how many connections are established between the front end and the server, and how many service requests are sent to each connection, is completely determined by the front end.

As a further improvement of the technical scheme, the server comprises a user identification module, an identity authentication module, an online payment module and an account access module;

the user identification module is used for identifying the user side, so that the server side and the front end can be conveniently connected through the user side;

the identity authentication module is used for authenticating the identity of the user, avoiding the embezzlement of outsiders, improving the safety, and simultaneously ensuring the payment real-name system of public transportation to facilitate the follow-up inquiry;

the online payment module is used for checking and transmitting deduction data to the front end;

the account access module is used for enabling the server to be connected with the front end, and data transmission is facilitated.

As a further improvement of the technical solution, the user identification module adopts a radio frequency identification contactless card reader, and the specific working principle is as follows:

the radio frequency identification contactless card reader comprises two parts:

the first is an interface function of the microcontroller and the read-write chip MFRC531, and the part is written by adopting C51 language;

and secondly, the interface design of the PC machine reader-writer is that the PC machine sends a read-write command to the microcontroller through a serial port and waits for an operation result or data returned by the microcontroller, the part is compiled by adopting VC + +6.0, the function realized by the microcontroller software is to respond to the command sent by the upper computer, receive and execute corresponding control or read-write operation through the serial port and then send back the operation result or read data to the upper computer.

As a further improvement of the technical solution, the identity authentication module adopts an identity authentication key protocol, and includes the following steps:

a user registers an account number preset key at the front end as a private key;

and verifying the information currently sent by the user through the contact identification key established between the server and the front end, and if the verification is successful, determining the identity of the current user and successfully authenticating the identity.

As a further improvement of the technical solution, the identity authentication module further includes an SM4 algorithm for encrypting the key data field, and the encryption steps are as follows:

determining that the key name of the field needing encryption is put into an entry list: such as pin, phone;

determining the encryption security level to be used is put into the safecontrol field: such as SM 4;

carrying out SM4 encryption on the fields in each token, wherein SM4 adopts a PKCS7/ECB mode;

the encryption result is represented by 16-system capitalization and is put into a corresponding field;

when data is transmitted between the front end and the server, the data field can be encrypted, so that the security is further improved, and the data in the transmission process is prevented from being intercepted and stolen.

As a further improvement of the technical solution, the front end includes an information receiving module, an account management module and a consumption management module;

the information receiving module is used for receiving data information of the server side and the user side;

the account management module is used for managing the account information of the user, so that the key and the identity information can be conveniently defined by users, and the account content can be conveniently changed;

the consumption management module is used for recharging the amount of money in the user side and carrying out deduction management on the consumption data.

As a further improvement of the present technical solution, the consumption management module includes a split payment algorithm, including the following steps:

detecting balance in the user side;

comparing the consumption data with balance data in the user side, and deducting the balance in the user side;

transmitting a deduction signal to a consumption management module to carry out off-line deduction when the consumption data overflow;

reminding the user of payment processing when the offline deduction exceeds a preset value;

therefore, when the balance of the user side is insufficient, the user can transmit a signal to the front end to enable the consumption management module to receive the balance overflow value, the user can take a bus first and then pay through the front end, if the deduction exceeds the preset value, short message reminding can be carried out, and otherwise credit is influenced.

As a further improvement of the technical solution, the split payment algorithm has a calculation formula as follows:

wherein, a is the balance in the user terminal, b is the consumption data value, and c is the balance overflow value.

Compared with the prior art, the invention has the beneficial effects that:

1. in the credible public transportation identity authentication and online payment system under the unstable network environment, a user manages data in a user side at the front end, then the user side can use a bus card to swipe the card, so that the server side reads information of the user side to perform identity authentication, the illegal user is prevented from being stolen when the user is lost, meanwhile, the server side establishes consumption contact with the front end, the front end receives a balance overflow value when the balance of the user side is insufficient, the user can take a bus first, and then the payment is performed through the front end, and the practicability is higher.

2. In the credible public transportation identity authentication and online payment system under the unstable network environment, the command signals issued by the user can be sequentially executed through the data sequential response algorithm, and the other command signal is received after the command signal is completed, so that the signal confusion is avoided, the failure of command sending caused by the unstable network is avoided, the command is repeatedly issued again when the response command still does not exist when the gap threshold is exceeded, and the waiting overtime caused by the unstable network is avoided until the front end can receive the command.

Drawings

FIG. 1 is an overall schematic diagram of embodiment 1 of the present invention;

FIG. 2 is a flow chart of a data sequential response algorithm in embodiment 1 of the present invention;

fig. 3 is a flowchart of an identity authentication key protocol according to embodiment 1 of the present invention;

fig. 4 is a flowchart of a split payment algorithm in embodiment 1 of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Example 1

Referring to fig. 1-4, the present embodiment provides a trusted public transportation identity authentication and online payment system under an unstable network environment, including a client, a server, and a front end;

the user side is used for consumption identification by adopting a bus card as a carrier;

the server is used for the vehicle-mounted POS to read the information of the user side for identity authentication, transmit money deduction data to the user side and establish consumption contact with the front end when the balance of the user side is insufficient;

in order to ensure the integrity of the server, the server comprises a user identification module, an identity authentication module, an online payment module and an account access module;

the user identification module is used for identifying the user side, so that the server side and the front end can be conveniently connected through the user side;

the identity authentication module is used for authenticating the identity of the user, avoiding the embezzlement of outsiders, improving the safety, and simultaneously ensuring the payment real-name system of public transportation to facilitate the follow-up inquiry;

the online payment module is used for checking and transmitting deduction data to the front end;

the account access module is used for enabling the server to be connected with the front end, and data transmission is facilitated.

Specifically, the user identification module adopts a radio frequency identification non-contact card reader, and the specific working principle is as follows:

the radio frequency identification contactless card reader comprises two parts:

the first is an interface function of the microcontroller and the read-write chip MFRC531, and the part is written by adopting C51 language;

and secondly, the interface design of the PC machine reader-writer is that the PC machine sends a read-write command to the microcontroller through a serial port and waits for an operation result or data returned by the microcontroller, the part is compiled by adopting VC + +6.0, the function realized by the microcontroller software is to respond to the command sent by the upper computer, receive and execute corresponding control or read-write operation through the serial port and then send back the operation result or read data to the upper computer.

In order to improve the accuracy of identity authentication and avoid the embezzlement of others, as shown in fig. 3, the identity authentication module adopts an identity authentication key protocol, and includes the following steps:

a user registers an account number preset key at the front end as a private key;

and verifying the information currently sent by the user through the contact identification key established between the server and the front end, and if the verification is successful, determining the identity of the current user and successfully authenticating the identity.

Specifically, assuming that a private key of a registered account of the user A is X, the private key is transmitted to the server, and information sent by the current user when the current user performs verification at the server is Y;

if X is Y, the verification is successful;

if X ≠ Y, the verification fails.

The front end is used for receiving deduction data of the server and managing data of the user end;

in order to ensure the integrity of the front end, the front end comprises an information receiving module, an account management module and a consumption management module;

the information receiving module is used for receiving data information of the server side and the user side;

the account management module is used for managing the account information of the user, so that the key and the identity information can be conveniently defined by users, and the account content can be conveniently changed;

the consumption management module is used for recharging the amount of money in the user side and carrying out deduction management on the consumption data.

In order to improve the practicability, the user can pay after taking a bus, specifically, as shown in fig. 4, the consumption management module includes a split payment algorithm, and includes the following steps:

detecting balance in the user side;

comparing the consumption data with balance data in the user side, and deducting the balance in the user side;

transmitting a deduction signal to a consumption management module to carry out off-line deduction when the consumption data overflow;

reminding the user of payment processing when the offline deduction exceeds a preset value;

therefore, when the balance of the user side is insufficient, the user can transmit a signal to the front end to enable the consumption management module to receive the balance overflow value, the user can take a bus first and then pay through the front end, if the deduction exceeds the preset value, short message reminding can be carried out, and otherwise credit is influenced.

Specifically, the split payment algorithm has the following calculation formula:

wherein, a is the balance in the user terminal, b is the consumption data value, and c is the balance overflow value.

The specific working principle is as follows: the user manages data in the user side at the front end, then the user side can use a bus card to swipe the card, so that the server side reads information of the user side to perform identity authentication, fraudulent people are prevented from being stolen when the user is lost, meanwhile, the server side establishes consumption contact with the front end, consumption amount calculation is facilitated, money deduction data can be transmitted to the user side to be directly deducted, money can be directly deducted when the amount in the user side is enough, consumption contact is established with the front end when the amount in the user side is not enough, the front end receives the money deduction data to perform payment, and meanwhile, the amount can be charged in the user side;

specifically, as shown in fig. 2, the user side, the server side, and the front end transmit data through a communication protocol, where the communication protocol includes a data sequential response algorithm, and the method includes the following steps:

a user issues a command signal at a server;

setting a receiving gap threshold, and retransmitting the command when the receiving gap threshold is exceeded until the front end sequentially receives command signals;

when the front end receives the command signal, the command signal is compared with the existing command signal, and if the command signal is repeated, the command signal is deleted, and if the command signal is not repeated, the command signal is responded;

and responding to the command signal to complete the command transmission to the server to receive the next command signal.

The command signals issued by the user can be sequentially executed through a data sequential response algorithm, another command signal is received after one command signal is completed, signal confusion is avoided, failure in sending the commands due to network instability is avoided, meanwhile, a gap threshold value is set, for example, the gap threshold value is set to be 10s, no response command still exists when the time exceeds 10s, the commands are repeatedly issued again until the front end can receive the commands, waiting overtime caused by network instability is avoided, due to the fact that the commands are issued for multiple times, existing command signals can be detected, the commands are deleted if the commands are already issued for multiple times, otherwise, the command signals are responded, repeated commands caused by multiple times of issuing are avoided, and safety of online payment is guaranteed.

Specifically, the communication protocol adopts a TCP/IP communication protocol, and the TCP/IP communication protocol follows the following rules:

the TCP/IP connection is always established by the call of the server side, and the connection is cut off by the server side.

The data transmission between the server and the front end is always initiated by the server, and the data is transmitted synchronously on a TCP/IP connection, that is, after the server sends the data to the front end, the next data transmission can be started only after the front end response data is received.

The front end cyclically listens to a service request from the server on a connection, that is, the server can send a plurality of service requests by using one connection until the connection is detected to be closed by the server or the data transmission and reception on the connection fails, and when the data transmission and reception on the connection fails, the front end actively disconnects the connection.

The use mode of the connection, that is, how many connections are established between the front end and the server, and how many service requests are sent to each connection, is completely determined by the front end.

Example 2

In order to improve the practicability, the user side can adopt the riding code as a carrier to carry out consumption identification;

specifically, the personal bus taking code can be generated by the front end, the front end can use an APP (application), a public number applet and the like to call a two-dimensional code front-mounted cluster opening interface to perform account opening and binding operation of the front end, and after the two-dimensional code is generated on line or off line, a user scans the code at a service end to take a bus and simultaneously sends deduction data to the front end to deduct money;

the two-dimensional code adopts a dynamic two-dimensional code, the dynamic two-dimensional code can be automatically changed every ten seconds and can transmit scanning data, so that a payment function is achieved, and the dynamic two-dimensional code is widely applied to various occasions due to the fact that the dynamic two-dimensional code can monitor the scanning data, change contents at any time and store large amount of information, and is higher in safety.

Example 3

In order to further improve the security and avoid the leakage of the key data field, the identity authentication module further comprises an SM4 mode algorithm for encrypting the key data field, and the encryption steps are as follows:

determining that the key name of the field needing encryption is put into an entry list: such as pin, phone;

determining the encryption security level to be used is put into the safecontrol field: such as SM 4;

carrying out SM4 encryption on the fields in each token, wherein SM4 adopts a PKCS7/ECB mode;

the encryption result is represented by 16-system capitalization and is put into a corresponding field;

when data is transmitted between the front end and the server, the data field is encrypted, so that the security is further improved, and the data in the transmission process is prevented from being intercepted and stolen;

specifically, the following takes JSON packet as an example to introduce

Assume that the following data needs to be communicated: {

"funcode":"login",

"usename":"[email protected]",

"pin":"123456",

"phone":"13512341234",

"safecontrol":"SM4"

}

The test SM4 key is 7465737420537472696E67206B657931, 16-ary format, distributed online on the formal key system.

And encrypting the key word pin by SM4, wherein the encryption result is as follows: 54ABB5198D86B77A3EDAFC3CE78077CD

The key phone is encrypted in SM4, and the encryption result is: 22879973FCD7D1CCD1506A4AB5675FB9

The final message after encryption is obtained as follows:

{

"funcode":"login",

"usename":"[email protected]",

"pin":"54ABB5198D86B77A3EDAFC3CE78077CD",

"phone":"22879973FCD7D1CCD1506A4AB5675FB9",

"safecontrol":"SM4"，

"enkey":"pin,phone"

}。

the foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, and the preferred embodiments of the present invention are described in the above embodiments and the description, and are not intended to limit the present invention. The scope of the invention is defined by the appended claims and equivalents thereof.