CN103971240A - Method for dependable network payment - Google Patents
Method for dependable network payment Download PDFInfo
- Publication number
- CN103971240A CN103971240A CN201310034394.8A CN201310034394A CN103971240A CN 103971240 A CN103971240 A CN 103971240A CN 201310034394 A CN201310034394 A CN 201310034394A CN 103971240 A CN103971240 A CN 103971240A
- Authority
- CN
- China
- Prior art keywords
- payment
- buyer
- account
- platform
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
Abstract
The method belongs to the field of information security and e-commerce, and discloses a method for dependable network payment. According to the method, dependable computing is carried out on a digital certificate installed on or connected to a user client and a payment webpage of a payment platform to confirm the identity of a user and an associated account number, payment by the transfer of accounts is automatically achieved, and the user does not need to input an account name or a password in the payment process.
Description
Technical field
The invention belongs to information security and e-commerce field, relate to a kind of method of network trusted payment, be applied to network electronic commerce environment, for user provides safety, believable means of payment, ecommerce is carried out smoothly.
Background technology
Since network trading application is that the first day that ecommerce occurs rises, network payment is exactly one of gordian technique of this application.Initial network trading platform only provides information flow, both parties are at transaction platform communicate information, complete selected commodity, negotiated prices, the information such as quantification and delivery, completes after order, and the buyer leaves platform, pay by traditional remittance or the mode of transferring accounts, the seller receives that payment for goods starts delivery (except cashing on delivery mode).Such way is very inconvenient for the buyer, for the bad management of the seller.Therefore, a kind of buyer does not need to leave the network payment mode that platform (accurately saying, is that buyer feels not leave platform) just can direct payment and has just arisen at the historic moment.
Now, the common way of network payment is: buyer needs in advance its bank account to be opened to Internet bank's function, or set up the account that a network third party pays company and supplement with money in account, when completing after order at transaction platform, click " payment " button of transaction platform, at this moment, platform occur list show promising this platform provide the Net silver of payment services or third party to pay the link identification of company, buyer selects to control oneself to have bank or the company of account, click enters, confirm the amount of money and the commodity of buying, input account and payment cipher, complete payment.
Although above-mentioned way is all very convenient to both parties, but there is great risk: assailant can lure that user clicks its link into by extremely preferential commodity price, its webpage representation form and bank or third party's payment platform are about the same, but except collecting buyer's account name and password, do not complete payment function, buyer's account name and password just fall into assailant's hand.
In fact, the means of this phishing attack are not brilliant, as long as the careful browser Web address field of observing the payment page of buyer just can be found out difference, except this point, counterfeit web page can do identically with true webpage.Problem is that safety can not be based upon on user's carefulness basis.Unfortunately, there is millions of not careful buyers to become the victim of phishing attack every year.
Therefore, how to stop phishing attack, can complete fast, efficiently, credibly network payment has again become significant problem urgently to be resolved hurrily in ecommerce.
Summary of the invention
The object of the invention is, in order to strengthen network payment safety, to propose a kind of method of network trusted payment, when phishing attack is stopped in realization, ensured the convenient payment of user in ecommerce.
Technical scheme of the present invention is:
1, first buyer downloads, installs the client with credible computing function; In offering trusted payment account to trusted payment platform application digital certificate.Set private key (or U-KEY) the protection password that activates certificate.
2, seller's transaction platform is disposed the peer link of trusted payment.
3, in the time that buyer completes order click " trusted payment " link, jump to the trusted payment page, buyer clicks payment after confirming that the amount of money and a commodity of purchasing are errorless, and trusted payment platform automatic Verification buyer digital certificate, completes payment.
Advantage of the present invention is:
1, convenient: buyer only needs single-point " payment " button just can automatically complete payment at the payment page, needn't input account and the password of payment again.
2, safety: because buyer need not input account and the password of payment, assailant cannot carry out " fishing ".
Embodiment
1, first buyer downloads, installs the client with credible computing function, this client has the key pair of generation, the public key certificate of storing software form or connect the digital certificate of USB-KEY form, certificate activates and encrypted private key, the function such as communicate by letter with the trusted payment page.
2, buyer applies for trusted payment account: the relevant identity information of input, credible platform checking buyer identity (be convenient to when user account is lost give for change, limited subscriber is not selected anonymous), distributes an account, and operation serial number.
3, buyer applies for certificate: open client, input account and operation serial number, set private key (or U-KEY) the protection password that activates certificate, clicks by " application certificate ".Client generates key pair automatically, and private key is kept to client with password encryption, and PKI, account and operation serial number are uploaded to credible platform, and the latter's generating digital certificate, is issued to client.
4, account charging: buyer needed its account to supplement with money before using payment function, still uses traditional modes of payments (difference is that user uses certificate to realize single-sign-on in the time of login trusted payment platform, and fishing website cannot imitate).To there is no the buyer of Net silver or other third party's means of payment, can carry out generation by other people and supplement with money.
5, seller's transaction platform is disposed the peer link of trusted payment.In the time that buyer completes order click " trusted payment " link, transaction platform passes to sequence information the payment page of trusted payment.
6, buyer pay the page confirm the amount of money and institute the commodity of purchasing errorless after, click and pay, trusted payment platform automatic search buyer client digital certificate (if now user's un-activation certificate, go out prompting), initiate random challenge authentication certificate, the corresponding account of matching certificates afterwards, the payment of having withholdd.
Claims (1)
1. the method for a network trusted payment; it is characterized in that: when user registers payment accounts, bind a digital certificate, this certificate is activated by local challenge password, when payment; payment platform page automatic Verification certificate also completes payment, no longer requires input account and password.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310034394.8A CN103971240A (en) | 2013-01-30 | 2013-01-30 | Method for dependable network payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310034394.8A CN103971240A (en) | 2013-01-30 | 2013-01-30 | Method for dependable network payment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103971240A true CN103971240A (en) | 2014-08-06 |
Family
ID=51240702
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310034394.8A Pending CN103971240A (en) | 2013-01-30 | 2013-01-30 | Method for dependable network payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103971240A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046485A (en) * | 2014-11-17 | 2015-11-11 | 中兴通讯股份有限公司 | Method for payment transaction via mobile terminal, service provider, and system for payment transaction via mobile terminal |
| CN105225100A (en) * | 2015-10-15 | 2016-01-06 | 大庆万朵物联网科技有限公司 | Automatic induction method and device |
| CN109784893A (en) * | 2018-11-22 | 2019-05-21 | 江苏瑞祥科技集团有限公司 | A kind of member card management Internet-based and payment system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030065761A (en) * | 2002-01-31 | 2003-08-09 | 주식회사 애드시큐 | Fingerprint USB-Key authentication system |
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| WO2007143932A1 (en) * | 2006-06-12 | 2007-12-21 | Nian Chen | Usb digital authentication control method and atm and pos terminal applied to thereof |
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101183456A (en) * | 2007-12-18 | 2008-05-21 | 中国工商银行股份有限公司 | Encryption device, system and method for encryption, identification using the encryption device |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
-
2013
- 2013-01-30 CN CN201310034394.8A patent/CN103971240A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20030065761A (en) * | 2002-01-31 | 2003-08-09 | 주식회사 애드시큐 | Fingerprint USB-Key authentication system |
| CN1556449A (en) * | 2004-01-08 | 2004-12-22 | 中国工商银行 | Device and method for proceeding encryption and identification of network bank data |
| WO2007143932A1 (en) * | 2006-06-12 | 2007-12-21 | Nian Chen | Usb digital authentication control method and atm and pos terminal applied to thereof |
| CN101127111A (en) * | 2006-08-18 | 2008-02-20 | 中信银行 | Internet bank U disc KEY ciphering, authentication device and method |
| CN101183456A (en) * | 2007-12-18 | 2008-05-21 | 中国工商银行股份有限公司 | Encryption device, system and method for encryption, identification using the encryption device |
| CN102184353A (en) * | 2011-04-02 | 2011-09-14 | 方园 | Method for preventing online payment data from being intercepted |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105046485A (en) * | 2014-11-17 | 2015-11-11 | 中兴通讯股份有限公司 | Method for payment transaction via mobile terminal, service provider, and system for payment transaction via mobile terminal |
| CN105225100A (en) * | 2015-10-15 | 2016-01-06 | 大庆万朵物联网科技有限公司 | Automatic induction method and device |
| CN109784893A (en) * | 2018-11-22 | 2019-05-21 | 江苏瑞祥科技集团有限公司 | A kind of member card management Internet-based and payment system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Uddin et al. | E-wallet system for Bangladesh an electronic payment system | |
| Niranjanamurthy et al. | The study of e-commerce security issues and solutions | |
| Upadhayaya | Electronic Commerce and E-wallet | |
| KR20180026498A (en) | Security processing of electronic payment | |
| CN108352013A (en) | The token service provider of electronics/Mobile business transaction | |
| KR20070103043A (en) | Fraud-free payment for internet purchase | |
| WO2014079330A1 (en) | Synchronous payment system | |
| Niranjanamurthy | E-commerce: Recommended online payment method-Paypal | |
| TW201909085A (en) | Financing system for accounts receivable based on blockchain smart contract and method thereof | |
| CN103971240A (en) | Method for dependable network payment | |
| US20120233021A1 (en) | Online Transaction System | |
| He et al. | Research on online payment mode of e-commerce | |
| KR102263220B1 (en) | E-commerce Payment Method using Block Chain | |
| Abdellaoui et al. | Integration of new electronic payment systems into B2C internet commerce | |
| Bouch | 3-D Secure: A critical review of 3-D Secure and its effectiveness in preventing card not present fraud | |
| Geva | Mobile payments and Bitcoin: Concluding reflections on the digital upheaval in payments | |
| CA3123658C (en) | Online transaction method, device and system | |
| Sharma et al. | An approach to risk management for e-commerce | |
| Basu | E-Commerce | |
| Pande et al. | E-Payment Gateway Model | |
| WO2017012058A1 (en) | Method and system for issuing electronic certificate | |
| Neethidevan | Influence of Crypto Currency in E-commerce | |
| CA3087610C (en) | Online transaction method, device and system | |
| Huang | Research on the security of online payment | |
| CN113379401B (en) | Secure processing of electronic payments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140806 |