CN101309141A - Safe network transaction system - Google Patents
Safe network transaction system Download PDFInfo
- Publication number
- CN101309141A CN101309141A CNA2007101079148A CN200710107914A CN101309141A CN 101309141 A CN101309141 A CN 101309141A CN A2007101079148 A CNA2007101079148 A CN A2007101079148A CN 200710107914 A CN200710107914 A CN 200710107914A CN 101309141 A CN101309141 A CN 101309141A
- Authority
- CN
- China
- Prior art keywords
- user
- disposal password
- order
- distribution unit
- correct
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a network security transaction system which includes a certificate distribution unit used for verifying and delivering an intelligent card to a user and a terminal device used for reading the intelligent card and matching with the personal identification code of the user to generate a one-time password; the website receives the one-time password and provides the user with service when the one-time password is correct; a user identification information pre-process module is used for pre-processing the relative required identification information of the user; an authorizing module is used for judging if the one-time password is correct and authorizing the identification data to the user when the authorizing module verifies that the one-time password is correct.
Description
Technical field
The present invention relates to a kind of affaris safety trade system, and be particularly related to a kind of affaris safety trade system that is applied on the network.
Background technology
Because the transaction of ecommerce is consultation face-to-face as before not, therefore in order to prove negotiator's authenticity, guarantees transaction security, before concluding the business, can carry out individual's authentication earlier, to be confirmed after, carry out follow-up transaction flow again, for example, input credit card number etc.
Yet along with the network defraud case emerges in an endless stream, the consumer deeply is afraid of that at network trading oneself personal data and credit card information stolen, steal brush, and then has influence on the normal development of ecommerce.
Therefore, how on the trade mode that does not change tradition, the fail safe that promotes network trading promptly becomes and pursues one's goal.
Summary of the invention
Therefore, the present invention's main purpose is providing a kind of secured network transactions device of confirming trading object exactly.
The invention provides a kind of network safety trading system for achieving the above object, be connected in voucher distribution unit, this system comprises at least: terminal equipment is in order to reading smart card, and the person's of being used PIN produces disposal password, and wherein this smart card is by this voucher distribution unit distribution; Fore device is in order to receive this disposal password and when this disposal password is correct, to provide this user's service; And back-end device connects this fore device, this back-end device comprise user's authentication information pre-process module in order to the pre-process user authenticate relevant must information and at least one authorization module in order to judge whether this disposal password correct, and when this disposal password was correct, this authorization module can be licensed this smart card credentials distribution this user's solid data that unit had.
Description of drawings
State with other purpose, feature, advantage and embodiment and can become apparent on the present invention for allowing, being described in detail as follows of accompanying drawing:
Fig. 1 with Figure 2 shows that the overall icon of affaris safety trade system of the present invention.
The main element description of symbols
100 transaction systems
101 vouchers distribution unit
102 terminal equipments
103 fore devices
104 back-end device
105 users
1031 login server
1032 back-end servers
1041 user's authentication information pre-process modules
1042 authorization modules
10421 authentication authorization modules
10422 transaction authentication authorization modules
10423 payment authentication authorization modules
1043 information processing mechanisms
1044 accounts databases
1045 member database
1046 authorize gateway
Embodiment
The present invention's device is in conjunction with the smart card with disposal password function, EMV CAPENABLE specification credit card for example, as authentication infrastructure, to form the Secure Transaction device, it should be noted that, other possesses bank finance card, credit card, debit card, prepaid card, cash card, the SIM cards of mobile phones that produces disposal password mechanism, also can be used among the present invention, and wherein SIM cards of mobile phones can use the communication apparatus of this SIM card to be used as disposal password and produce machine.Below will be example explanation the present invention to use EMV CAPENABLE specification credit card.EMV CAPENABLE specification credit card used herein; in its card, can embed IC chip with functions such as computing, memories; make card itself that the processing data can also be provided except can accomplishing storage data, carry out services such as encryption and decryption, to reach the function of protected data.
With reference to Figure 1 shows that the overall icon of transaction system of the present invention.The transaction system 100 of transaction system of the present invention comprises voucher distribution unit 101, terminal equipment 102, fore device 103 and back-end device 104.
In the present embodiment, voucher distribution unit 101 for example is bank, telecommunications dealer or hair fastener tissue.And terminal equipment 102, for example produce machine or inline process type disposal password generation machine for the off-line type disposal password that cooperates the voucher encryption and decryption functions, preferably use the disposal password of off-line type EMV CAPENABLE specification credit card to produce machine, snatch password to avoid the hacker to invade by network.Wherein terminal equipment 102 can offer user 105 in free or paid mode by the voucher unit of distribution 101.
Also comprise in the fore device 103 and login server 1031 and back-end server 1032.Wherein login server 1031 and be in order to handling user 105 the program of logining, and cooperate back-end device 104 to carry out virtual corresponding with entity identities of user, and carry out authentication, Trading Authorization or payment authorization etc.The program that this rear end server 1032 is handled is then relevant with website operation kenel.For example, for business site, this rear end server 1032 is successfully to login the follow-up transaction operation of reprocessing the user, selects to buy data processing such as commodity, affirmation number of deals as the person of logining.And for the paying search website, 1032 of this rear end servers are successfully to login the follow-up search of reprocessing the user to handle.In other words, the present invention's transaction system can cooperate any free and paid transaction kenel website to use.According to present embodiment, user 105 uses EMV CAP ENABLE specification credit card collocation terminal equipment 102 to produce disposal password and authenticates to login transaction for fore device 103 and back-end device 104.
Also comprise user's authentication information pre-process module 1041, authorization module 1042, information processing mechanism 1043 and at least two databases in the back-end device 104: accounts database 1044 and member database 1045.
1041 of user's authentication information pre-process modules are to authenticate information needed and can judge whether fore device 103 persons of logining have been the member of website according to member database 1045 in order to the pre-process user.The data of wherein logining server 1031 or back-end server 1032 can transmit user's authentication information pre-process module 1041 so far by information processing mechanism 1043, user's authentication information pre-process module 1041 authenticates relevant necessary information according to the data of logining server 1031 or back-end server 1032 transmission from the whole user of member database 1045 remittances, for example relevant information with the disposal password subsequent treatment, in one embodiment, it must information be the basic sign indicating number (User Key) of use when obtaining the authentication of user's disposal password by user's data that member database 1045 stores that this user authenticates relevant, and this base sign indicating number is stored in part device or member database 1045 outside voucher distribution unit 101 or 101 approvals of voucher distribution unit, or mother's sign indicating number (a Master Key) of issuing this disposal password of unit 101 by voucher dynamically produces with changeableization program (Diversified Procedure) person's of being used in combination information parameter.In addition, in another embodiment, this user authenticates the relevant necessary information of user's base sign indicating number, for example user's the base yard index of obtaining or user's information parameter of above-mentioned changeableization sequential operation when must information obtaining the authentication of user's disposal password for the user's data that store by member database 1045.Then, again this user is authenticated and relevant must information be sent to authorization module 1042 and carry out subsequent authentication process.In one embodiment, user 105 uses EMV CAPENABLE specification credit card collocation terminal equipment 102 to produce disposal password.And the generation of disposal password for example can be produced by user 105 imports user 105 on the terminal equipment 102 that is inserted with EMV CAP ENABLE specification credit card PIN (Personal IdentificationNumber, PIN code).And in other embodiment, the production method of this disposal password, can login number for one group by logining server 1031 generations earlier, input PIN and this is logined number and is produced disposal password on the terminal equipment 102 that is inserted with EMV CAPENABLE specification credit card, cooperate this disposal password subsequent authentication, this logins number also must be transmitted to authorization module 1042.The person of connecing, this disposal password with login relevant information and can pass to user's authentication information pre-process module 1041 and carry out subsequent authentication with authorization module 1042 and handle, wherein user 105 when logining at every turn, the capital uses different passwords to login, and authorization module 1042 also can go out the password that user's 105 these times understand use by good program of agreement or algorithm computation and verifies its identity.
Desire to carry out trade confirmation or when payment when user 105 finishes in transaction, then can carry out Certificate Authority by transaction authentication authorization module 10422 or payment authentication authorization module 10423.In one embodiment, user 105 uses EMV CAP ENABLE specification credits card collocation terminal equipments 102 to produce that disposal password is concluded the business or payment affirmation.And the generation of disposal password for example can be produced by user 105 imports user 105 on the terminal equipment 102 that is inserted with EMV CAP ENABLE specification credit card PIN (Personal Identification Number, PIN code).In another preferred embodiment, back-end server 1032 can be finished sign indicating number according to one group of transaction of generations such as transaction commodity, exchange hour or dealing money of user, digital signature for example, sign indicating number is finished in this transaction can be transmitted to user 105, PIN by user 105, transaction are finished sign indicating number and EMV CAP ENABLE specification credit and are stuck in terminal equipment 102 and produce disposal password, cooperate this disposal password subsequent authentication, sign indicating number is finished in this transaction also must be transmitted to authorization module 1042; In another embodiment, this disposal password or transaction are finished sign indicating number and can be started sign indicating number (an Activation Code) as the mandate of digital content (DigitalContent) product.Then, send this disposal password and transaction related information to user's authentication information pre-process module 1041 and transaction authentication authorization module 10422 or payment authentication authorization module 10423 by information processing mechanism 1043, carry out corresponding with user 105 entity identities, after transaction authentication authorization module 10422 or payment authentication authorization module 10423 checking users' 105 disposal password is errorless, authorize carrying out of this transaction simultaneously, or confirm user 105 the qualification and authorize carrying out of this transaction of withholing.And transaction record or the information of withholing be stored in accounts database 1044, and send relevant information to back-end server 1032 by information processing mechanism 1043.It should be noted that, in this embodiment, voucher distribution unit 101 delegable modules 1042 are on behalf of carrying out every mandate, in other words, in this embodiment, voucher distribution unit 101 only can link up with back-end device 104 in fixing or on-fixed time, issues the unusual fluctuation data of unit 101 to upgrade voucher.And in another embodiment, with reference to shown in Figure 2, the action of its above authorization module 1042 license confirmations can self be carried out by building the authorization module 1042 that places voucher distribution unit 101, authorizes gateway 1046 only as the intercourse platform of 101 of back-end device 104 and voucher distribution units.
Comprehensive above-mentioned institute says, the present invention's system is no matter when the user logins or transaction when finishing, all can carry out corresponding with the entity identities that the voucher unit of distribution is had, therefore can allow the virtual identity of user on network definitely be connected, guarantee the authenticity and the integrality of authentication with its personal entity's account.In addition,, can verify holder's credit line by the authentication of voucher distribution unit, guaranteeing its ability to pay, and by this checking and the non-repudiation that guarantees transaction.
Though the present invention discloses as above with preferred embodiment; right its is not in order to limit the present invention; any person of ordinary skill in the field; without departing from the spirit and scope of the invention; certainly do various changes and retouching, so the present invention's protection range is when being as the criterion with the claim person of defining.
Claims (12)
1. a network safety trading system is connected in voucher distribution unit, and this system comprises at least:
Terminal equipment is in order to reading smart card, and the person's of being used PIN produces disposal password, and wherein this smart card is by this voucher distribution unit distribution;
Fore device is in order to receive this disposal password and when this disposal password is correct, to provide this user's service; And
Back-end device connects this fore device, and this back-end device comprises:
User's authentication information pre-process module is in order to obtain the relevant necessary information of this disposal password authentication; And
The authorization module of at least one this voucher distribution unit approval, whether correct in order to judge this disposal password, wherein when this disposal password was correct, this authorization module can be licensed this voucher distribution this user's solid data that unit had.
2. system according to claim 1 is characterized in that this authorization module also comprises:
The authentication authorization module when this disposal password is correct, is licensed this user's solid data;
The transaction authentication authorization module when this disposal password is correct, is basic authorized transactions with this user's solid data; And
The payment authentication authorization module, when this disposal password was correct, requiring this voucher distribution unit mandate when finishing in this user's transaction served as that the basis mandate is withholdd with this user's solid data.
3. system according to claim 1 is characterized in that this fore device also comprises:
Login server, login and send this disposal password to this back-end device in order to handle this disposal password; And
Back-end server is in order to provide website service.
4. system according to claim 1 is characterized in that this back-end device also comprises:
The accounts database is in order to store this and login, conclude the business or to withhold information; And
Member database is in order to store this website members data.
5. system according to claim 1 is characterized in that this back-end device comprises that also information processing mechanism is in order to link up the information between this back-end device and this fore device.
6. a network safety trading system is connected in voucher distribution unit, and this system comprises at least:
Terminal equipment is in order to reading smart card, and the person's of being used PIN produces disposal password, and wherein this smart card is by this voucher distribution unit distribution;
Fore device is in order to receive this disposal password and when this disposal password is correct, to provide this user's service; And
Back-end device connects this fore device, and this back-end device comprises:
User's authentication information pre-process module is in order to obtain the relevant necessary information of this disposal password authentication; And
At least one authorizes gateway, the third party who issues unit or the approval of voucher distribution unit in order to transmission user authentication information to voucher carries out the disposal password authentication, wherein when this disposal password is correct, this mandate gateway can require the third party of this voucher distribution unit or the approval of voucher distribution unit to license this voucher distribution this user's solid data that unit had, or be basic authorized transactions, or serve as that the basis is authorized and withholdd with this user's solid data with this user's solid data.
7. system according to claim 6 is characterized in that this fore device also comprises:
Login server, login and send this disposal password to this back-end device in order to handle this disposal password; And
Back-end server is in order to provide website service.
8. system according to claim 6 is characterized in that this back-end device also comprises:
The accounts database is in order to store this and login, conclude the business or to withhold information; And
Member database is in order to store this website members data.
9. system according to claim 6 is characterized in that this back-end device comprises that also information processing mechanism is in order to link up the information between this back-end device and this fore device.
10. network safety trading system, this system comprises at least:
Voucher distribution unit gives the user in order to authorize smart card, and wherein this voucher distribution unit has this user's identity data;
Terminal equipment is in order to reading this smart card, and cooperates this user's PIN to produce disposal password;
The website is in order to receive this disposal password and when this disposal password is correct, to provide this user's service;
User's authentication information pre-process module connects this website, in order to obtain the relevant necessary information of this disposal password authentication; And
At least one authorization module connects this voucher distribution unit, and wherein when this authorization module verified that this disposal password is correct, this authorization module can require this voucher distribution unit to license this voucher distribution this user's solid data that unit had.
11. system according to claim 10 is characterized in that this authorization module also comprises:
The authentication authorization module when this disposal password is correct, requires this voucher distribution unit to license this user's identity data;
The transaction authentication authorization module, when this disposal password was correct, requiring this voucher distribution unit was basic authorized transactions with this user's identity data; And
The payment authentication authorization module, when this disposal password was correct, requiring this voucher distribution unit mandate when finishing in this user's transaction served as that the basis mandate is withholdd with this user's identity data.
12. a network safety trading system, this system comprises at least:
Voucher distribution unit gives the user in order to authorize smart card, and wherein this voucher distribution unit has this user's identity data;
Terminal equipment is in order to reading this smart card, and cooperates this user's PIN to produce disposal password;
The website is in order to receive this disposal password and when this disposal password is correct, to provide this user's service;
User's authentication information pre-process module connects this website, in order to obtain the relevant necessary information of this disposal password authentication; And
At least one authorizes gateway to connect this voucher distribution unit, the third party who issues unit or the approval of voucher distribution unit in order to transmission user authentication information to voucher carries out the disposal password authentication, wherein when this disposal password is correct, this mandate gateway can require the third party of this voucher distribution unit or the approval of voucher distribution unit to license this voucher distribution this user's solid data that unit had, or be basic authorized transactions, or serve as that the basis is authorized and withholdd with this user's solid data with this user's solid data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101079148A CN101309141A (en) | 2007-05-15 | 2007-05-15 | Safe network transaction system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101079148A CN101309141A (en) | 2007-05-15 | 2007-05-15 | Safe network transaction system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101309141A true CN101309141A (en) | 2008-11-19 |
Family
ID=40125377
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101079148A Pending CN101309141A (en) | 2007-05-15 | 2007-05-15 | Safe network transaction system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101309141A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800645B (en) * | 2010-02-05 | 2012-02-08 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN101789864B (en) * | 2010-02-05 | 2012-10-10 | 中国工商银行股份有限公司 | On-line bank background identity identification method, device and system |
| CN110691355A (en) * | 2018-07-06 | 2020-01-14 | 小白投资有限公司 | Wireless network identification method |
-
2007
- 2007-05-15 CN CNA2007101079148A patent/CN101309141A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101800645B (en) * | 2010-02-05 | 2012-02-08 | 中国工商银行股份有限公司 | Identity authentication method, device and system |
| CN101789864B (en) * | 2010-02-05 | 2012-10-10 | 中国工商银行股份有限公司 | On-line bank background identity identification method, device and system |
| CN110691355A (en) * | 2018-07-06 | 2020-01-14 | 小白投资有限公司 | Wireless network identification method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI587225B (en) | Secure payment method, mobile device and secure payment system | |
| KR101236957B1 (en) | System for paying credit card using mobile otp security of mobile phone and method therefor | |
| US9589260B2 (en) | System and method for authenticating electronic money using a smart card and a communication terminal | |
| CN102081821B (en) | IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal | |
| TW200845690A (en) | Business protection system in internet | |
| CN103562973B (en) | Electronic system for quickly and securely processing transactions using mobile devices | |
| KR20110033150A (en) | Method and system for authenticating an electronic payment request | |
| CN109716373A (en) | Cipher authentication and tokenized transaction | |
| CN111552954A (en) | Account management method and device | |
| KR20100103463A (en) | A method for secure transactions | |
| CN108431848A (en) | The commission of transaction | |
| CN101309141A (en) | Safe network transaction system | |
| KR101236960B1 (en) | System for paying credit card using mobile security click of mobile phone and method therefor | |
| JP2008243199A (en) | Internet business security method | |
| CN102236855A (en) | Method and system for electronic transaction by using QR (Quick Response) codes | |
| KR20080079714A (en) | A system and method of certifying cardholder using mobile phone | |
| KR20030082018A (en) | Method of a credit card approval using interactive short message service | |
| CN111192052B (en) | Payment method, payment server and payment terminal | |
| CN103679528A (en) | Method and system for giving card-off account to card holding user | |
| RU2589847C2 (en) | Method of paying for goods and services using biometric parameters of customer and device therefore | |
| KR20120075588A (en) | System for paying credit card using internet otp security of mobile phone and method therefor | |
| KR101872261B1 (en) | Ic card information security transmission system and online payment method using the same | |
| TW200841262A (en) | A method using telephone number and identification number for double-verification of online credit card payment | |
| KR20050015475A (en) | System and Method For Accounting By Certification Code | |
| KR100664878B1 (en) | Settlement method and system of using the IC chip |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20081119 |