CN102004977A - Safe network payment method and system - Google Patents
Safe network payment method and system Download PDFInfo
- Publication number
- CN102004977A CN102004977A CN2009101898571A CN200910189857A CN102004977A CN 102004977 A CN102004977 A CN 102004977A CN 2009101898571 A CN2009101898571 A CN 2009101898571A CN 200910189857 A CN200910189857 A CN 200910189857A CN 102004977 A CN102004977 A CN 102004977A
- Authority
- CN
- China
- Prior art keywords
- safety
- terminal
- safety equipment
- internet banking
- banking device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a safe network payment method and a safe network payment system. The method comprises the following steps of: connecting a computer terminal with a network bank server through the Internet; locally connecting safety equipment with the computer terminal, wherein the safety equipment is provided with a microprocessor, safety functional module which uses a safety intelligent card, a bank card reading module, a man-machine interface module and a communication interface module; saving the identity recognition information of a client in the safety functional module; and transmitting the identity recognition information of the client saved in the safety equipment to the network bank server by using the computer terminal for identity recognition and allowing the performance of a transaction if the authentication is passed, wherein the client operates confidential information provided by the computer terminal for the network bank server through a man-machine interface on the safety equipment in a transaction process and the confidential information provided for the computer terminal by the safety equipment is encrypted. A safe and reliable network trade payment platform can be established.
Description
Technical field
The present invention relates to network trading method and system, relate in particular to the method for payment and the system of network trading.
Background technology
On the one hand, safe, reliable in order to ensure what conclude the business in the payment process of existing network trading, must relate to certificate as transaction each side proof of identification.Certificate is dealer's a electronic identity, its management comprises links such as certificate generates, provides, stores, upgrades, cancels, verifies, use, generally speaking, links such as certificate generates, provides, upgrades, verifies, cancels can be by tighter technological means to guarantee safety, and the weak safety problem of relative thin comes from the storage and the use of certificate and key.Storage and use about certificate and key, at present, two kinds of solutions are arranged usually: a kind of is to adopt certificate and key thereof the mode of file to leave in the computing machine, adopt the password control that conducts interviews when using certificate, because computer operating system etc. itself exists bigger potential safety hazard, certificate and key thereof may be stolen by the hacker, password when using certificate is because be to import on computers, also easily by intercepting and capturing such as wooden horses, therefore, certificate and key and password are very easily lost, and potential safety hazard is huge.Another kind is to adopt the U-KEY mode to deposit certificate and key, its relative said method, be greatly improved-can prevent effectively certificate and key thereof stolen by the hacker, but the password during for the use certificate is imported on computers, and by the situation of intercepting and capturing such as wooden horse, powerless, so potential safety hazard is not still eliminated.
On the other hand, the ZT573 cryptosecurity payment terminal that Shenzhen Zhengtong Electronic Co., Ltd. provides, it adopts the single-chip microcomputer hardware platform, possesses: 4x4 numerical function key, LCD, IC-card slot, the SAM card slot that meets the ISO7816 standard, the magnetic stripe card reader that can discern all kinds of banks magnetic stripe card and USB standard interface.Its function comprises: as cipher input equipment, can be used to input password and carry out corresponding cryptographic operation, ensure cryptosecurity; Adopt the SAM card to deposit sensitive information, cooperate the IC-card slot, can realize the transaction based on the IC-card application, the SAM card can be used for depositing encryption keys such as process key simultaneously, guarantees critical data safety; Cooperate the SAM card, can support functions such as encryption, deciphering, signature, authentication, certificate preservations, key generation, perfectly support the application of PKI architectural framework based on the PKI architectural framework; Support computing functions such as MAC, Pin encryption; Use the magnetic stripe card reader, can realize the magnetic stripe card trading function.
Summary of the invention
The objective of the invention is to, safety equipment are applied in the payment process of network trading, and construct the payment platform of a safe and reliable network trading.
For achieving the above object, the present invention proposes a kind of network safety payment method, terminal is coupled together by internet and Internet banking device, safety equipment are coupled together with this terminal local, be provided with safety function module, bank card read module, human-machine interface module and the communication interface modules of microprocessor, employing safety intelligent card at these safety equipment; The client identity authentication identifying information is kept in this safety function module; In the reciprocal process of this terminal and this Internet banking device, this terminal passes to this Internet banking device with the client identity authentication identifying information of preserving in these safety equipment and carries out authentication, approved qualified side must conclude the business, and, the client operates the man-machine interface of the security information that this terminal provides to this Internet banking device and finishes at these safety equipment in process of exchange, and offers the security information of this terminal through encryption by these safety equipment.
For achieving the above object, the present invention also proposes a kind of network safety payment system, comprise terminal and Internet banking device by Internet connection, also be included in the local safety equipment that link to each other with this terminal, these safety equipment comprise microprocessor, adopt the safety function module of safety intelligent card, the bank card read module, human-machine interface module and communication interface modules, preserve the client identity authentication identifying information in this safety function module, in the reciprocal process of this terminal and this Internet banking device, this Internet banking device is by the authentication of these safety equipment to the client identity authentication identifying information, the client operates the man-machine interface of the security information that this terminal provides to this Internet banking device and finishes at these safety equipment, and offers the security information of this terminal through encryption by these safety equipment.
Compare with prior art, network safety payment method and system of the present invention can construct the payment platform of a safe and reliable network trading.
Description of drawings
Fig. 1 is a network safety payment system architecture synoptic diagram of the present invention.
Fig. 2 carries out initialized schematic flow sheet for the Internet bank in the network safety payment method of the present invention to safety equipment.
The schematic flow sheet that Fig. 3 registers the client for the Internet bank in the network safety payment method of the present invention.
Fig. 4 is for adopting the transaction flow synoptic diagram of network safety payment method of the present invention.
Embodiment
Be described in further detail below in conjunction with the most preferred embodiment shown in each accompanying drawing.
The structural representation of network safety payment system embodiment of the present invention as shown in Figure 1, comprises the terminal 2 and the Internet banking device 4 that connect by internet 1, also is included in the local safety equipment 3 that link to each other with this terminal 2.
These safety equipment 3 comprise microprocessor, adopt safety function module, bank card read module, human-machine interface module and the communication interface modules of safety intelligent card, preserve the client identity authentication identifying information in this safety function module.
In the reciprocal process of this terminal 2 and this Internet banking device 4, this Internet banking device 4 is by the authentication of 3 pairs of client identity authentication identifying informations of these safety equipment, the client operates the man-machine interface of the security information that this terminal 2 provides to this Internet banking device 4 and finishes at these safety equipment 3, and offers the security information of this terminal 2 through encryption by these safety equipment 3.
Wherein, the safety function module in these safety equipment 3 comprises PSAM card and/or ESAM chip.
Bank card read module in these safety equipment 3 comprises magnetic card reading submodule and IC-card reading submodule.
Human-machine interface module in these safety equipment 3 comprises keyboard and liquid crystal display.
Communication interface modules in these safety equipment 3 comprises in RS232, USB, bluetooth and the infrared communication interface one or more.
Network safety payment method of the present invention adopts above-mentioned network safety payment system to realize, its process comprises: at first with safety equipment 3 by being connected with Internet banking device 4 with internet 1, and carry out identification, can carry out follow-up transaction after effectively; After the identification, safety equipment 3 are used to collect and encrypt client's important information, as account number, password, information such as dealing money, Internet banking device 4 is submitted to by internet 1 in the combustion back, and Internet banking device 4 is confirmed the validity of transaction, and make corresponding processing, return process information then and give terminal 2 and point out the result of client trading.
In order to ensure the safety of system, safety equipment 3 are issued to the Internet bank by 5 unifications of third-party certification authority, in actual application, provide to its client by the Internet bank again through registration, particularly, the initialization procedure of safety equipment 3 is finished by Internet banking device 4, as shown in Figure 2, its process roughly comprises, step 201: judge whether effective equipment?, be step 202: generate primary key information, then, step 203: initialization safety equipment; Otherwise, directly withdraw from.Client enrollment is registered the process with the mandate that obtains corresponding safety equipment 3, as shown in Figure 3, roughly comprise step 301: client's application for registration of filling in a form, step 302: bank's audit customer information, it is qualified to examine, and carry out step 303: binding PSAM card and/or ESAM chip safety equipment are also provided these safety equipment and are given the client, examine underproof words, both can be by step 304, directly turn back to step 301: client's application for registration of filling in a form, also can directly withdraw from by step 305.
The client holds the process that safety equipment 3 are concluded the business by terminal 2 and this Internet banking device 3, as shown in Figure 4, roughly comprises landfall process and process of exchange, and wherein, landfall process may further comprise the steps:
101, this terminal reads the information of coupled safety equipment;
102 and security device information packing that will read generate logon information stream back and land this Internet banking device by SSL remote encryption communication construction;
103, this Internet banking device is verified the validity of these safety equipment, if effectively, then by this terminal to this safety equipment distribution or new key more;
104, this safety equipment computation key, and verify whether its verification is correct, if incorrect, then think illegal intrusion, will not upgrade processing, give this Internet banking device otherwise return corresponding renewal result;
105, these safety equipment of this Internet banking device request generate authentication information at random; With,
106, this Internet banking device judge whether according to the random information of encrypting into effective access be, land and successfully allow transaction, forbid transaction otherwise land failure.
Process of exchange may further comprise the steps:
107, the client trading data is pointed out and obtained to this Internet banking device by this terminal;
108, this terminal will obtain encrypted transaction message by these safety equipment;
109, this terminal generates the safe packet of transaction, and submits to this Internet banking device; With,
110, this Internet banking device returns the content of transaction, and the result of prompting client trading.
Comprise at the encrypted transaction message described in the step 108: the account number and the password corresponding of transaction each side with account number.
Generating in the process of the safe packet of concluding the business at this terminal described in the step 109, is that the transaction data message calculates mac authentication by these safety equipment.
The present invention's enforcement is not limited to the disclosed mode of above most preferred embodiment, and is all based on above-mentioned mentality of designing, simply deduces and replace, and the concrete network safety payment method and system that obtain all belong to enforcement of the present invention.
Claims (10)
1. network safety payment method, terminal is coupled together by internet and Internet banking device, it is characterized in that, safety equipment are coupled together with this terminal local, be provided with safety function module, bank card read module, human-machine interface module and the communication interface modules of microprocessor, employing safety intelligent card at these safety equipment; The client identity authentication identifying information is kept in this safety function module; In the reciprocal process of this terminal and this Internet banking device, this terminal passes to this Internet banking device with the client identity authentication identifying information of preserving in these safety equipment and carries out authentication, approved qualified side must conclude the business, and, the client operates the man-machine interface of the security information that this terminal provides to this Internet banking device and finishes at these safety equipment in process of exchange, and offers the security information of this terminal through encryption by these safety equipment.
2. network safety payment method as claimed in claim 1 is characterized in that, in the reciprocal process of this terminal and this Internet banking device, comprises landfall process, and this landfall process may further comprise the steps:
A, this terminal read the information of coupled safety equipment;
B also will land this Internet banking device by SSL remote encryption communication construction behind the security device information packing generation logon information stream that read;
C, this Internet banking device are verified the validity of these safety equipment, if effectively, then by this terminal to this safety equipment distribution or new key more;
D, this safety equipment computation key, and verify whether its verification is correct, if incorrect, then think illegal intrusion, will not upgrade processing, give this Internet banking device otherwise return corresponding renewal result;
E, these safety equipment of this Internet banking device request generate authentication information at random; With,
F, this Internet banking device judge whether according to the random information of encrypting, and land and successfully allow transaction, forbid transaction otherwise land failure.
3. network safety payment method as claimed in claim 2 is characterized in that, in the reciprocal process of this terminal and this Internet banking device, also is included in and lands the successfully process of exchange of back generation, and this process of exchange may further comprise the steps:
The client trading data is pointed out and obtained to g, this Internet banking device by this terminal;
H, this terminal will obtain encrypted transaction message by these safety equipment;
I, this terminal generate the safe packet of transaction, and submit to this Internet banking device; With,
J, this Internet banking device return the content of transaction, and the result of prompting client trading.
4. network safety payment method as claimed in claim 3 is characterized in that, comprises at the encrypted transaction message described in the step h: the account number and the password corresponding with account number of transaction each side.
5. network safety payment method as claimed in claim 3 is characterized in that, generates in the process of the safe packet of concluding the business at this terminal described in the step I, and be that the transaction data message calculates mac authentication by these safety equipment.
6. network safety payment system, comprise terminal and Internet banking device by Internet connection, it is characterized in that, also be included in the local safety equipment that link to each other with this terminal, these safety equipment comprise microprocessor, adopt the safety function module of safety intelligent card, the bank card read module, human-machine interface module and communication interface modules, preserve the client identity authentication identifying information in this safety function module, in the reciprocal process of this terminal and this Internet banking device, this Internet banking device is by the authentication of these safety equipment to the client identity authentication identifying information, the client operates the man-machine interface of the security information that this terminal provides to this Internet banking device and finishes at these safety equipment, and offers the security information of this terminal through encryption by these safety equipment.
7. network safety payment as claimed in claim 6 system is characterized in that the safety function module in these safety equipment comprises PSAM card and/or ESAM chip.
8. network safety payment as claimed in claim 6 system is characterized in that the bank card read module in these safety equipment comprises magnetic card reading submodule and IC-card reading submodule.
9. network safety payment as claimed in claim 6 system is characterized in that the human-machine interface module in these safety equipment comprises keyboard and liquid crystal display.
10. network safety payment as claimed in claim 6 system is characterized in that, the communication interface modules in these safety equipment comprises in RS232, USB, bluetooth and the infrared communication interface one or more.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101898571A CN102004977A (en) | 2009-09-02 | 2009-09-02 | Safe network payment method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101898571A CN102004977A (en) | 2009-09-02 | 2009-09-02 | Safe network payment method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102004977A true CN102004977A (en) | 2011-04-06 |
Family
ID=43812324
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101898571A Pending CN102004977A (en) | 2009-09-02 | 2009-09-02 | Safe network payment method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102004977A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254264A (en) * | 2011-08-17 | 2011-11-23 | 广州广电运通金融电子股份有限公司 | Security control method and security control system of mobile payment |
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
| CN102880982A (en) * | 2012-09-03 | 2013-01-16 | 常州嘴馋了信息科技有限公司 | Online safety shopping system |
| CN103095669A (en) * | 2011-11-08 | 2013-05-08 | 联想(北京)有限公司 | Method, device and equipment for connection establishment |
| CN104980276A (en) * | 2014-04-10 | 2015-10-14 | 中国银联股份有限公司 | Identity authentication method for security information interaction |
| CN105631672A (en) * | 2016-02-18 | 2016-06-01 | 深圳市文鼎创数据科技有限公司 | Transaction data processing method and device, and safety equipment |
-
2009
- 2009-09-02 CN CN2009101898571A patent/CN102004977A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102254264A (en) * | 2011-08-17 | 2011-11-23 | 广州广电运通金融电子股份有限公司 | Security control method and security control system of mobile payment |
| CN103095669A (en) * | 2011-11-08 | 2013-05-08 | 联想(北京)有限公司 | Method, device and equipment for connection establishment |
| CN102811224A (en) * | 2012-08-02 | 2012-12-05 | 天津赢达信科技有限公司 | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection |
| CN102880982A (en) * | 2012-09-03 | 2013-01-16 | 常州嘴馋了信息科技有限公司 | Online safety shopping system |
| CN104980276A (en) * | 2014-04-10 | 2015-10-14 | 中国银联股份有限公司 | Identity authentication method for security information interaction |
| CN104980276B (en) * | 2014-04-10 | 2018-08-07 | 中国银联股份有限公司 | Identity identifying method for safety information interaction |
| CN105631672A (en) * | 2016-02-18 | 2016-06-01 | 深圳市文鼎创数据科技有限公司 | Transaction data processing method and device, and safety equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11664996B2 (en) | Authentication in ubiquitous environment | |
| CN101751629B (en) | Method and system for authenticating multifactor with changing unique values | |
| RU2537795C2 (en) | Trusted remote attestation agent (traa) | |
| US10586229B2 (en) | Anytime validation tokens | |
| JP6046765B2 (en) | System and method enabling multi-party and multi-level authorization to access confidential information | |
| US8661520B2 (en) | Systems and methods for identification and authentication of a user | |
| CA2914956C (en) | System and method for encryption | |
| KR20080100786A (en) | Internet business security system | |
| CN104040555A (en) | A smart card reader with a secure logging feature | |
| CN102004977A (en) | Safe network payment method and system | |
| CN105550928A (en) | System and method of network remote account opening for commercial bank | |
| CN111460525A (en) | Data processing method and device based on block chain and storage medium | |
| KR20170124510A (en) | Verification mehod and appratus based on security tunnel | |
| CN102622642A (en) | Blank smart card device issuance system | |
| KR20080084728A (en) | Internet business security method | |
| KR101360843B1 (en) | Next Generation Financial System | |
| JP2006215699A (en) | Authentication apparatus, authentication system, authentication support system and function card | |
| AU2015200701B2 (en) | Anytime validation for verification tokens | |
| KR20060043953A (en) | Access method for electronic certificate stored in storage medium | |
| TW201810153A (en) | Cross-validation fund transfer methods and systems | |
| WO2023056569A1 (en) | A method and a validation device for executing blockchain transactions | |
| CN115293885A (en) | User side loan credit scoring method and system based on trusted execution environment | |
| CN100588157C (en) | Network information authorization ensuring method and device | |
| TW202319998A (en) | System for using multiple security levels to verify customer identity and transaction services and method thereof | |
| WO2024097761A1 (en) | A method, an apparatus and a system for securing interactions between users and computer-based applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110406 |