Apple Pay 整体流程
下图为目前国内 Apple Pay 支付接入的一个通用的流程(银联 API 模式),仅供参考:
整个流程中如下:
- 客户端通过苹果
API,在APP应用内展示Apple Pay支付控件。 - 用户在
Apple Pay的支付控件上进行生物验证(指纹或者人脸识别)或者手机密码验证。 - 苹果在用户验证通过之后,会生成一个用户选中的银行卡相关的
PaymentToken加密数据,Apple Pay必须在有网情况下才能进行,苹果需要从开发者网站上使用证书的公钥进行加密,完成后通过API回调返回给客户端前端。 - 客户端获取到
PaymentToken后,给服务端发送扣款请求,等待支付结果。 - 服务端收到客户端上送的
PaymentToken,解密PaymentToken取出一些关键字段信息,附带其他订单信息,再与支付供应商(如国内银联)进行通信发起扣款。 - 服务端收到扣款结果后,再返支付结果给手机客户端,最终通知用户支付结果。
Apple Pay 数据加密
Apple Pay 中传输中的 PaymentToken 有着一套非常完善的加密安全机制。
国外统一用的是 ECC 加密方式,只有中国用的是 RSA 加密方式,详见官方 PaymentToken 说明。
PaymentToken 数据是 JSON 数据格式,其中包含了苹果加密后的支付信息数据。
国内 RSA 加密方式,得到的 PaymentToken 格式:
Printing description of dicFormatToken:
{
data = "bSKyYz/U4dEgX3g8h8lC7irJbki3j0fwtG7F6O3xqkt5ictPFz5YzcSPt+yhcWcAeW814Ntzz0OUvIiLDeCZqtVyQ123j/SkpX/5P+tb4f+f9stmxQ/7IFPZP9Bhdz68RbUoZv8vRYxM9fs7ubd7GJMeJFSJpAhEo3swWwUpXNBx4onz3MLakDDDtkC5TvP5JYe7az1rqxKEPotdx4pw9DoIWR0x7R9t+KE4Vjni8AWw9hXU5k4YeYKqVfzOITj2E+iN3xSwInAfwrqSSUwmbz4SeFhX1N8y5aTVZPKiuHuGp8n/sKRO2HhyYUurRYtsoGD9jrHfoI/QaSwWiViTvobrseZbuTJcOvGcG+W88mvMfdYD+xb1fAc2Qa3Ma0L7LogtIPM830YtHG+l+thUDkhh22K+oZb6SGrHPxrPsjiFUSB+2+suOI5j2Pq4SNg3YMdKfWTzQhVdR3+SBr5S55ytK6ysZtVijMnrJBqhtA2CUaVQvH5EWNRE8p8kS9EHfZqR2OwEQyQRj20m42x2LeHJfDMSnIYchAhkjycEXugSt1/myXVcxoe76zzkpg2HWqxIRgYTHXorTY0iGxudzfdgbmtDRTmEovM9tpszovGMQiTja8lvzYo=";
header = {
publicKeyHash = "SZkR3HHxbFs5OhazAr+lFsAbZZnfhj8Cv/yx3c/Qb5k=";
transactionId = d5cc4b5741ba1a184680c7d78aecbac1c43cd6bb9f739f9b5a3536f6c532b2a5;
wrappedKey = "DJF5TsSip7sQoh4NqK6XtDpWIqliSk/WqPslsaG8dx2O27Fhnc6VMj3t+i00WNYk/IcLMh7HRXgEnMeH5VYz8+hmxxt/1Rf/Gwiwj2RphIeCSvmaShgIMIiLCIzelzRneS6fylfnELlywff6twWxeb+0Zlfpkk2a3Dm6oasv7KRfBljoJ68p1cDZ6/lkTSb3PNQLWkfltB8IeqP/w9lqgGENX5E5z85EbxkXNNhd41uPhCVH7XYQk6xx5mRdTlI6Xb4DQ8yoryUVsKgRlO8laNaMDiEpRiTwzu5jBJiYxsXDYfO6G+KZqYZDXAm11wn/nUj7ZwNVFnkmI+5hfstHQg==";
};
signature = "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIIEtTCCBFugAwIBAgIIEVmL4CjCUF8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MTIwMzAxMDAyNloXDTE5MTIwMjAxMDAyNlowZzEtMCsGA1UEAwwkZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRF9LcnlwdG9uMRQwEgYDVQQLDAtpT1MgU3lzdGVtczETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBRNEIluA8efJ+qjjcC6oRldDBPqTNcTSqivO24ZqXz9Pudacvfw4REUByWBWx5LRMm5GQwp2k5Vp4qWHUko3X09LMnqaq7x+44pRi0u3pAFgm6fZmY7QrnorQKIAFFvHn4+leubvdIcHbSQJ8xzrXSvf9dGjiZNig9PZWz7zJOW+AmzZx5oSSA4jbQe9/kvC+KNAKz6zS7Wq4yNOLk6Axel7QzW+66VD8Rrdo7A2tDoqQJ1Y6VKdDBZHlTa26ZTnBueXEIHRXAk55ZsLjTFVly1WbBIP8kZIONxdDrdLvGQe4sqX4V6GVvoJr7tHSI+SA+rPfY9B5qj7iXwNAVuUlAgMBAAGjggIRMIICDTBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGGKWh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVhaWNhMzAzMB0GA1UdDgQWBBS19Y4mQcuxFO3LCXUoceHL7vlCpjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7/S5LMIIBHQYDVR0gBIIBFDCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZWFpY2EzLmNybDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNIADBFAiEAuv9BKTa0PFxBHH2KT2obNStv9FTgSOPXJTifIajDDwECIFvrqXN5ulXXfyjQkrma+q6gndExs82r7kriZgSXmWeFMIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWBB3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knET5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoqhkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQAAMYICTTCCAkkCAQEwgYYwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAggRWYvgKMJQXzANBglghkgBZQMEAgEFAKCBmDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTAzMTQwNjAxNDlaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIBBQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEINF957ty++ucfEaejNSu72gCFg2nNMrTOkCqghkJeWU+MA0GCSqGSIb3DQEBCwUABIIBALrzDDqcGGihBBPAloA8Z4fprmV8iT0ZTfBf1zG7CqsxSrT2W65SqPDJiOh5FPMCmLe8SEM+gzMx/r/8DDRqwMNuPE+KcS9vRTpKEsLqljW+ANh3uzN6HB8JwffNWJ1ciAH+ZvdUHQ4dx6MfVGZFq+jjMUNRzQyOBUFgZL6GNwE+FIGYS186iB3XYXGKBlZf5HwN0DIi2IjVBB9/xGel8v50DZM5R6zWk90u1sqSWty9vNo8rxqyWKAHElbLPUhD6gpcCn2uyiqC6CWV4QF55kRhAvRS/MANM2GE1IkxQuKH+iQ/paisx7RmfsZdPv9kvDOElZnJGE5NvfUQ2zygeLgAAAAAAAA=";
version = "RSA_v1";
}国内的 Apple Pay 加密方式是其实是 RSA + AES,RSA 是一种非对称加密,AES 是一种对称加密。上面的 data 实际由 AES 加密后得到。AES 的密钥藏在 Header 里面的 wrappedKey 中,被 RSA 加密保护着。
国内加密 data 解密后,如下:
{
"applicationPrimaryAccountNumber":"62583300888880215",
"applicationExpirationDate": "270101",
"currencyCode": "156",
"transactionAmount": 0,
"deviceManufacturerIdentifier": "062010011111",
"paymentDataType": "EMV",
"paymentData": {
"emvData":"nyYItis3L6CiQbufNgIACYECAE2DgZCgujJqvZh6gtCOicVyx2tOh1ncXHOQ9bhYMObxz+IHR5a4PD93thtwu7RKyIFb2zab3wkj0oMcra5Cf+J+JbXdk0FxxxxxxxxxxT56HVqNMBp4M/7Uh36lblsiLkvW0H3rwLVWE/CV4/h0="
}
}解密后我们都可以看到的 deviceManufacturerIdentifier 就是手机 Wallet 里面绑定银行卡的虚拟卡号,这个是要给到支付供应商发起扣款用到的。
引用
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2019.03.14 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
人脸识别
腾讯云神图·人脸识别(Face Recognition)基于腾讯优图强大的面部分析技术,提供包括人脸检测与分析、比对、搜索、验证、五官定位、活体检测等多种功能,为开发者和企业提供高性能高可用的人脸识别服务。 可应用于在线娱乐、在线身份认证等多种应用场景,充分满足各行业客户的人脸属性识别及用户身份确认等需求。