More exciting technical comics, all in the programmers stand up
Postscript: After reading this article, can I steal other people's Alipay? Of course not! Can the solution in the article be used directly? Of course not! There are too many details to deal with, for example, the result of the hash may be too long and needs to be intercepted. For example, how to deal with the big difference in time between mobile phone and server side? How to update token, how to deal with insufficient balance, etc.
In fact, the key to offline payment in comics (payer is offline, receiver is online) is otp, one-time-password. If you search otp or totp (time-based one-time password), you will find a lot of information. This is a recognized and reliable solution and has been written into the international standard RFC6238. There is a key point in the comic. Divide the integer of the timestamp by 30 to achieve the same hash calculated by the mobile phone and the server, so that the mobile phone has ample time (30 seconds) to perform payment-related operations without timeout.
Another problem is that in the offline payment scenario, the offline QR code generation logic is on the mobile phone. If the security algorithm needs to be upgraded, then the mobile app must be upgraded.
How does Alipay realize offline payment? I don't know the specific details either. The general idea should be similar, but the details should be considered more comprehensively.
This cartoon is adapted from the contribution of Xiao Hei brother downstairs, "The mobile phone is out of internet, but can still pay. What is the principle? ", thanks here.