Apple Pay 整体流程

下图为目前国内 Apple Pay 支付接入的一个通用的流程(银联 API 模式),仅供参考:

整个流程中如下:

  • 客户端通过苹果 API,在 APP 应用内展示 Apple Pay 支付控件。
  • 用户在 Apple Pay 的支付控件上进行生物验证(指纹或者人脸识别)或者手机密码验证。
  • 苹果在用户验证通过之后,会生成一个用户选中的银行卡相关的 PaymentToken 加密数据,Apple Pay 必须在有网情况下才能进行,苹果需要从开发者网站上使用证书的公钥进行加密,完成后通过 API 回调返回给客户端前端。
  • 客户端获取到 PaymentToken 后,给服务端发送扣款请求,等待支付结果。
  • 服务端收到客户端上送的 PaymentToken,解密 PaymentToken 取出一些关键字段信息,附带其他订单信息,再与支付供应商(如国内银联)进行通信发起扣款。
  • 服务端收到扣款结果后,再返支付结果给手机客户端,最终通知用户支付结果。

Apple Pay 数据加密

Apple Pay 中传输中的 PaymentToken 有着一套非常完善的加密安全机制。 国外统一用的是 ECC 加密方式,只有中国用的是 RSA 加密方式,详见官方 PaymentToken 说明。 PaymentToken 数据是 JSON 数据格式,其中包含了苹果加密后的支付信息数据。

国内 RSA 加密方式,得到的 PaymentToken 格式:

Printing description of dicFormatToken:
{
    data = "bSKyYz/U4dEgX3g8h8lC7irJbki3j0fwtG7F6O3xqkt5ictPFz5YzcSPt+yhcWcAeW814Ntzz0OUvIiLDeCZqtVyQ123j/SkpX/5P+tb4f+f9stmxQ/7IFPZP9Bhdz68RbUoZv8vRYxM9fs7ubd7GJMeJFSJpAhEo3swWwUpXNBx4onz3MLakDDDtkC5TvP5JYe7az1rqxKEPotdx4pw9DoIWR0x7R9t+KE4Vjni8AWw9hXU5k4YeYKqVfzOITj2E+iN3xSwInAfwrqSSUwmbz4SeFhX1N8y5aTVZPKiuHuGp8n/sKRO2HhyYUurRYtsoGD9jrHfoI/QaSwWiViTvobrseZbuTJcOvGcG+W88mvMfdYD+xb1fAc2Qa3Ma0L7LogtIPM830YtHG+l+thUDkhh22K+oZb6SGrHPxrPsjiFUSB+2+suOI5j2Pq4SNg3YMdKfWTzQhVdR3+SBr5S55ytK6ysZtVijMnrJBqhtA2CUaVQvH5EWNRE8p8kS9EHfZqR2OwEQyQRj20m42x2LeHJfDMSnIYchAhkjycEXugSt1/myXVcxoe76zzkpg2HWqxIRgYTHXorTY0iGxudzfdgbmtDRTmEovM9tpszovGMQiTja8lvzYo=";
    header = {
        publicKeyHash = "SZkR3HHxbFs5OhazAr+lFsAbZZnfhj8Cv/yx3c/Qb5k=";
        transactionId = d5cc4b5741ba1a184680c7d78aecbac1c43cd6bb9f739f9b5a3536f6c532b2a5;
        wrappedKey = "DJF5TsSip7sQoh4NqK6XtDpWIqliSk/WqPslsaG8dx2O27Fhnc6VMj3t+i00WNYk/IcLMh7HRXgEnMeH5VYz8+hmxxt/1Rf/Gwiwj2RphIeCSvmaShgIMIiLCIzelzRneS6fylfnELlywff6twWxeb+0Zlfpkk2a3Dm6oasv7KRfBljoJ68p1cDZ6/lkTSb3PNQLWkfltB8IeqP/w9lqgGENX5E5z85EbxkXNNhd41uPhCVH7XYQk6xx5mRdTlI6Xb4DQ8yoryUVsKgRlO8laNaMDiEpRiTwzu5jBJiYxsXDYfO6G+KZqYZDXAm11wn/nUj7ZwNVFnkmI+5hfstHQg==";
    };
    signature = "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCAMIIEtTCCBFugAwIBAgIIEVmL4CjCUF8wCgYIKoZIzj0EAwIwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTMB4XDTE0MTIwMzAxMDAyNloXDTE5MTIwMjAxMDAyNlowZzEtMCsGA1UEAwwkZWNjLXNtcC1icm9rZXItc2lnbl9VQzQtUFJPRF9LcnlwdG9uMRQwEgYDVQQLDAtpT1MgU3lzdGVtczETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBRNEIluA8efJ+qjjcC6oRldDBPqTNcTSqivO24ZqXz9Pudacvfw4REUByWBWx5LRMm5GQwp2k5Vp4qWHUko3X09LMnqaq7x+44pRi0u3pAFgm6fZmY7QrnorQKIAFFvHn4+leubvdIcHbSQJ8xzrXSvf9dGjiZNig9PZWz7zJOW+AmzZx5oSSA4jbQe9/kvC+KNAKz6zS7Wq4yNOLk6Axel7QzW+66VD8Rrdo7A2tDoqQJ1Y6VKdDBZHlTa26ZTnBueXEIHRXAk55ZsLjTFVly1WbBIP8kZIONxdDrdLvGQe4sqX4V6GVvoJr7tHSI+SA+rPfY9B5qj7iXwNAVuUlAgMBAAGjggIRMIICDTBFBggrBgEFBQcBAQQ5MDcwNQYIKwYBBQUHMAGGKWh0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDQtYXBwbGVhaWNhMzAzMB0GA1UdDgQWBBS19Y4mQcuxFO3LCXUoceHL7vlCpjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCPyScRPk+TvJ+bE9ihsP6K7/S5LMIIBHQYDVR0gBIIBFDCCARAwggEMBgkqhkiG92NkBQEwgf4wgcMGCCsGAQUFBwICMIG2DIGzUmVsaWFuY2Ugb24gdGhpcyBjZXJ0aWZpY2F0ZSBieSBhbnkgcGFydHkgYXNzdW1lcyBhY2NlcHRhbmNlIG9mIHRoZSB0aGVuIGFwcGxpY2FibGUgc3RhbmRhcmQgdGVybXMgYW5kIGNvbmRpdGlvbnMgb2YgdXNlLCBjZXJ0aWZpY2F0ZSBwb2xpY3kgYW5kIGNlcnRpZmljYXRpb24gcHJhY3RpY2Ugc3RhdGVtZW50cy4wNgYIKwYBBQUHAgEWKmh0dHA6Ly93d3cuYXBwbGUuY29tL2NlcnRpZmljYXRlYXV0aG9yaXR5LzA0BgNVHR8ELTArMCmgJ6AlhiNodHRwOi8vY3JsLmFwcGxlLmNvbS9hcHBsZWFpY2EzLmNybDAOBgNVHQ8BAf8EBAMCB4AwDwYJKoZIhvdjZAYdBAIFADAKBggqhkjOPQQDAgNIADBFAiEAuv9BKTa0PFxBHH2KT2obNStv9FTgSOPXJTifIajDDwECIFvrqXN5ulXXfyjQkrma+q6gndExs82r7kriZgSXmWeFMIIC7jCCAnWgAwIBAgIISW0vvzqY2pcwCgYIKoZIzj0EAwIwZzEbMBkGA1UEAwwSQXBwbGUgUm9vdCBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwHhcNMTQwNTA2MjM0NjMwWhcNMjkwNTA2MjM0NjMwWjB6MS4wLAYDVQQDDCVBcHBsZSBBcHBsaWNhdGlvbiBJbnRlZ3JhdGlvbiBDQSAtIEczMSYwJAYDVQQLDB1BcHBsZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATwFxGEGddkhdUaXiWBB3bogKLv3nuuTeCN/EuT4TNW1WZbNa4i0Jd2DSJOe7oI/XYXzojLdrtmcL7I6CmE/1RFo4H3MIH0MEYGCCsGAQUFBwEBBDowODA2BggrBgEFBQcwAYYqaHR0cDovL29jc3AuYXBwbGUuY29tL29jc3AwNC1hcHBsZXJvb3RjYWczMB0GA1UdDgQWBBQj8knET5Pk7yfmxPYobD+iu/0uSzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFLuw3qFYM4iapIqZ3r6966/ayySrMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxlcm9vdGNhZzMuY3JsMA4GA1UdDwEB/wQEAwIBBjAQBgoqhkiG92NkBgIOBAIFADAKBggqhkjOPQQDAgNnADBkAjA6z3KDURaZsYb7NcNWymK/9Bft2Q91TaKOvvGcgV5Ct4n4mPebWZ+Y1UENj53pwv4CMDIt1UQhsKMFd2xd8zg7kGf9F3wsIW2WT8ZyaYISb1T4en0bmcubCYkhYQaZDwmSHQAAMYICTTCCAkkCAQEwgYYwejEuMCwGA1UEAwwlQXBwbGUgQXBwbGljYXRpb24gSW50ZWdyYXRpb24gQ0EgLSBHMzEmMCQGA1UECwwdQXBwbGUgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxEzARBgNVBAoMCkFwcGxlIEluYy4xCzAJBgNVBAYTAlVTAggRWYvgKMJQXzANBglghkgBZQMEAgEFAKCBmDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTAzMTQwNjAxNDlaMC0GCSqGSIb3DQEJNDEgMB4wDQYJYIZIAWUDBAIBBQChDQYJKoZIhvcNAQELBQAwLwYJKoZIhvcNAQkEMSIEINF957ty++ucfEaejNSu72gCFg2nNMrTOkCqghkJeWU+MA0GCSqGSIb3DQEBCwUABIIBALrzDDqcGGihBBPAloA8Z4fprmV8iT0ZTfBf1zG7CqsxSrT2W65SqPDJiOh5FPMCmLe8SEM+gzMx/r/8DDRqwMNuPE+KcS9vRTpKEsLqljW+ANh3uzN6HB8JwffNWJ1ciAH+ZvdUHQ4dx6MfVGZFq+jjMUNRzQyOBUFgZL6GNwE+FIGYS186iB3XYXGKBlZf5HwN0DIi2IjVBB9/xGel8v50DZM5R6zWk90u1sqSWty9vNo8rxqyWKAHElbLPUhD6gpcCn2uyiqC6CWV4QF55kRhAvRS/MANM2GE1IkxQuKH+iQ/paisx7RmfsZdPv9kvDOElZnJGE5NvfUQ2zygeLgAAAAAAAA=";
    version = "RSA_v1";
}

国内的 Apple Pay 加密方式是其实是 RSA + AESRSA 是一种非对称加密,AES 是一种对称加密。上面的 data 实际由 AES 加密后得到。AES 的密钥藏在 Header 里面的 wrappedKey 中,被 RSA 加密保护着。

国内加密 data 解密后,如下:

{    
  "applicationPrimaryAccountNumber":"62583300888880215",   
  "applicationExpirationDate": "270101",      
  "currencyCode": "156",      
  "transactionAmount": 0,      
  "deviceManufacturerIdentifier": "062010011111",      
  "paymentDataType": "EMV",      
  "paymentData": {
    "emvData":"nyYItis3L6CiQbufNgIACYECAE2DgZCgujJqvZh6gtCOicVyx2tOh1ncXHOQ9bhYMObxz+IHR5a4PD93thtwu7RKyIFb2zab3wkj0oMcra5Cf+J+JbXdk0FxxxxxxxxxxT56HVqNMBp4M/7Uh36lblsiLkvW0H3rwLVWE/CV4/h0="       
  }
}

解密后我们都可以看到的 deviceManufacturerIdentifier 就是手机 Wallet 里面绑定银行卡的虚拟卡号,这个是要给到支付供应商发起扣款用到的。

引用

https://juejin.im/entry/5b743d355188256148253671

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

扫码关注云+社区

领取腾讯云代金券