Module structure and payment process
Mobile phone payment usually has two forms: bank card payment and prepaid phone bill payment. Bank card payment is to bind the mobile phone number to the bank card. The customer realizes bank account inquiry, bill payment, product purchase and other functions through the mobile phone number, and prepaid phone bill payment. The customer directly utilizes the existing pre-existing credit account, and realizes the functions of bill payment and commodity purchase by way of charge collection. This paper mainly discusses the implementation of the mobile payment intermediate platform based on the pre-stored call charge method.
The mobile payment intermediate platform includes three functional modules. The WAP front-end interface is a direct user-oriented operation interface, which mainly includes functions such as mobile payment registration, mobile payment registration, user information maintenance, and jumping to different merchant SPs (service providers) for payment operations of corresponding businesses. The WEB background management system is an operation interface for administrators and various merchant SPs, mainly including information release, order inquiry, user management and other functions. The information release refers to the dynamic information that the administrator wants to display on the WAP front page. The payment intermediate platform records the corresponding order information for each payment request of each merchant. The merchant SP can log in to the WEB background management system for query and statistical operations. User management mainly refers to the management of the basic information of the merchant SP by the administrator and the management of the relevant information of the merchant SP. The interface module is the core part of the platform. It mainly implements the underlying communication between the merchant SP and the payment intermediate platform, the payment intermediate platform and the mobile BOSS. In the horizontal direction, it can be divided into the interface between the payment intermediate platform and the merchant SP and the interface with the mobile BOSS.
The entire payment process user must first register in the WAP front-end interface. After the registration is successful, the corresponding payment activity can be performed without login. The login operation only provides some basic information query and modification functions, such as: querying the balance, querying the historical transaction record, and recharging. Card recharge, payment password modification, etc. After successful registration, the user needs to log in to the WAP front page, select the hyperlink to purchase the product or payment item, and enter the corresponding merchant SP system. The merchant SF system calls the payment intermediate platform interface to send the balance. The query request, the payment intermediate platform receives the request and then calls the mobile BOSS interface. The user's transferable credit balance is queried, and the query result is returned to the payment platform, and the payment intermediate platform is sent to the merchant SP in response. If the balance is sufficient, the user confirms the purchase, and the merchant SP system will send the payment information to the payment intermediate platform. After the payment intermediate platform receives the request, the payment information is sent to the mobile BOSS interface for payment. After the payment is completed, the mobile BOSS will send the success information to the payment. The payment intermediate platform, the payment intermediate platform transmits the information to the merchant SP system, and the merchant SP system prompts the user to pay the payment successfully. If the user does not confirm the purchase, the WAP front page is returned to continue other operations. If the balance is insufficient, the merchant SP system will prompt After the user recharges, after the user confirms the recharge, the merchant SP system will send a recharge request to the payment intermediate platform, and the payment intermediate platform will call the mobile BOSS recharge card recharge interface to perform recharge, and the payment can be made after completion. If you abandon the recharge, return to the WAP front page to continue other operations.
Platform construction strategy
2.1 scalability strategy
In the past, users need to remember the platform address of the merchant SP, and then perform the corresponding payment operation after login. After receiving the payment request, the merchant SP will directly call the mobile BOSS interface to implement the corresponding payment and other operations. Now, the payment intermediate platform will uniformly manage the merchant. The basic information of the SP, the user only needs to remember the address of the payment intermediate platform, and can easily access the payment system of other merchant SPs. When the merchant SP designs its own payment system, it only needs to directly call the mobile BOSS interface. The part is changed to call the payment intermediate platform interface, and the other parts do not need to be changed. The design idea of ​​the payment intermediate platform not only solves the problem of each merchant SP, but also independently develops the payment system. Users need to remember each service separately. The platform address of the merchant and the corresponding payment operation problem, and the access of each new merchant SP becomes very simple, and the scalability of the payment intermediate platform to the merchant SP payment system is enhanced. Each newly-connected merchant SP can access the public interface of the payment intermediate platform according to the relevant agreement and inform the payment intermediate platform of the basic information.
2.2 Performance Optimization Strategy
In order to improve the performance of the payment intermediate platform, an asynchronous long connection is used to implement the connection with the merchant SP and the mobile BOSS, as shown in FIG. The so-called asynchronous long connection is that after the client establishes a connection with the server, the connection state is maintained. If the requester does not receive the response, the requester can initiate multiple requests, and the processor can process the data in parallel and return the result to the requester in any order. . At the same time, in order to improve the scalability of the payment intermediate platform when accessing the merchant SP, a layered transceiver request strategy is adopted. In this way, a merchant SP and a receiving queue belonging to the merchant SP itself can be established for each merchant SP that establishes the connection for the first time. All the sending requests are first added to the sending queue, which is the first layer. The second layer is a public sending and receiving queue of all merchants SP, which stores information received from different merchant sending queues, and uniformly sends the request to the mobile BOSS. When the mobile BOSS processes the request and returns the result, the returned information will first be stored in the public receiving queue of the second layer. The received information of the receiving queue will be distributed to the receiving queue of the participating SP according to a certain identification policy, and then the merchant SP The receiving queue then sends the information to the corresponding merchant SP. In order to further implement concurrency control and improve system resource utilization between the payment intermediate platform and the mobile BOSS, and further improve system performance, the payment intermediate platform creates multiple asynchronous long connection instances simultaneously when establishing a connection with the mobile BOSS. First, the maximum utilization can be achieved in terms of time, space, and system resource utilization, greatly improving the performance of the system itself and the system, and optimizing the architecture of the entire system.
2.3 Security Policy
In order to ensure the security of data transmission, the following security policies are adopted for the entire payment process: First, the payment intermediate platform selects a TCP/IP-based Socket for data interconnection between the system and the platform, to a certain extent Improve the security of the system's own data transmission, and the platform will make corresponding security policies for different IP address requests, add some authentication mechanisms, and minimize the security risks of the payment intermediate platform. Second, the data transmission between the merchant SP and the payment intermediate platform is performed through the public network. This can increase the scalability of the payment intermediate platform, and the merchant's access will not be limited by space and time. However, there are many security risks in this way. In order to ensure the correctness of data transmission, MD5 or RSA encryption is performed on the information specified by some protocols before transmission. In addition, a timeout processing mechanism is introduced to ensure real-time performance during data transmission. Avoid packet loss due to some unpredictable factors throughout the transmission. If a timeout occurs during the delivery of the data packet, it will be processed according to the timeout policy specified by the protocol. Third, the data transmission between the payment intermediate platform and the mobile BOSS is performed through a dedicated line to avoid many security risks encountered during data transmission. If the data is maliciously intercepted, falsified, etc., in order to ensure the real-time nature of the data transmission process, and avoid packet loss caused by some unpredictable factors in the whole transmission process, the data packet request timeout is also processed accordingly.
Platform payment agreement design
3.1 Platform and Mobile BOSS Payment Agreement
In this part of the payment protocol, the listening port of the BOSS is 6666, the mobile BOSS is used as the SOCKET server, and the payment intermediate platform is used as the SOCK-ET client. The two parties keep the connection through the handshake message, and the handshake interval is 1 minute. The packet is in the format of a header + body.
(1) Header format.
The header is a fixed-length header, such as 40 bytes, including information such as station code, packet length, function code, encryption flag, transaction time, service return code, serial number, and subsequent packet flags. Among them, the platform code is fixedly filled in "PAY". The function code includes 8 kinds of registration application, cancellation application, user authentication, call fee payment, return interface, recharge card payment, call charge payment, and transferable balance inquiry. Each function has a corresponding 4-digit ACSII code value. If the call charge is 0201. Their service timeouts are set to 30 seconds, that is, the service fails after more than 30 seconds after the payment platform initiates the request. In the encryption flag, 0 is not encrypted, and 1 is encryption. During the transaction process, when the payment platform sends the transaction request packet, fill in the request time; when the BOSS sends the transaction response packet, fill in the response time, in the service return code, the response message 100 indicates success, the other fails, and the request message fills in 000. The serial number is a unique identifier of the request information in the entire payment activity during the asynchronous connection process. For subsequent packet flags, it is used only when the transaction data exceeds 1024 bytes, and is transmitted in a packet, cyclically transmitted and received, and the sender is divided. The subsequent packet flag of a packet is set to 0, and the subsequent packet flag of all previous packets is set to 1; the receiver cyclically receives and sends a response until the subsequent packet flag of the received transaction packet is 0, the loop process ends, and the receiver The response packet is an empty packet with only the header.
(2) Envelope format.
The inclusion body is a variable length inclusion body. Among the above eight functions, the format of the request packet and the response packet body are different for different function requests, wherein the response packet body including the transferable balance inquiry function includes In addition to the user's available balance and the transferable balance, the response packet body of the other functions is empty. In addition, the service return code can be determined according to the "service return code" of the response packet header, and the call charge is now paid (0201). For example, the request packet body includes the mobile phone number, the transfer request amount, the order number, etc. The order number cannot be repeated. The format is: YYMMDD+ sequential growth ID (YYMMDD and ID complement each other) 12 bytes), for example. All the places involved in the amount are divided into units. In the response packet of this function, when the return packet header return code is 100, the service is successfully processed; when it is 999, the service processing fails, and when it is 404, the service processing timeout is determined. . The response packet body is empty.
3.2 Payment Agreement with Merchant SP
In this part of the payment protocol, the payment platform listening port is 9999, and the network timeout period is 60 seconds. The payment platform serves as the server, and the merchant system acts as the client. All transactions are initiated by the client and the server responds. After the client starts, it sends a login request message. After receiving the login success response message from the server, it can perform transaction such as call fee payment, correction, return, etc. The client sends a logout request before exiting and exits after receiving the response from the server. The data packet is also in the format of the header + package, and its header is the same as the format in the first part of the payment protocol. The package format is only different in content.
Acrylic Pepper Mill,Acrylic Pepper Grinder,Acrylic Salt And Pepper Grinder,Acrylic Grinder And Salt Mill
Yongkang Lianyang Industry & Trade Co., Ltd , http://www.lianyangmill.com