TW538357B - Authorization method and system for electronic commerce financial transaction - Google Patents

Abstract

The present invention relates to an authorization method and system for electronic commerce financial transaction. A card holder fills out an order on a web-page and presses a paying key. A network store generates a transaction code and a message abstract value for being transmitted to the java applet, and downloads the java sign applet for reading the card information of the card holder to produce a card issuing bank key. The key is pressed to open an account-transfer web-page, and the transaction code and message abstract value are transmitted to the account-transfer web-page. The ID number and the account number and password of the card holder in the card issuing bank are entered to the account-transfer web-page. The card issuing bank certifies the card information of the card holder. If the ID number and password are correct, the transaction code, message abstract value and account-transfer data are transmitted to the remittee bank. After the remittee bank successfully performs a certification, the card-issuing bank is notified of the message of receiving an account-transfer request, and the transaction code of completing the account-transfer is transmitted to the network store. The card issuing bank notifies the card holder of completing account-transfer and the card balance via the web-page. The network store notifies the card holder of a successful transaction via the web-page.

Description

538357

The sub-business gold places an order, generates a transaction and presses the payment e-code to pass through the account. OK, the card holder enters the identity industry process and the store has received the amount, then the cardholder is informed of the transaction authorization method and system and sends it to the SSL. Code and message summary value, and then press the key to send the downloaded applet over 1 applet to the online applet. The SSL certificate is used by the online bank identification number of the online bank and the issuing bank. If the receiving bank receives the The amount of money, the net know cardholder completes the transaction to achieve both security and the present invention relates to an electrical system, which squeezes cardholders in the online webpage / road shop, and the online shop sends the order to javaapp 1 et ; When the card center signed the applet, and Bank of Communications. The cardholder selects the payment bank to send the parent data to the online bank and confirms that the information is correct. After verifying the account number and password, and then using FED I as the parent, it will immediately inform the online store that it has received the information. The transaction gold and the generation of a parent-friendly success code are transmitted to those who want convenience and reduce costs. With the development of the Internet, the Internet has brought many conveniences to our lives. 2 unified business transaction methods have also been extended to the Internet Road becomes e-commerce, and the most important thing for e-commerce is convenience and security. Finding a balance between the two is the direction that everyone has been working hard for. According to the current secure transaction mechanism of e-commerce, most of the SET (Secure Electronic) promoted by VisaMastei ^ apd

Transation (2.6.10) mechanism and the SSL (Secure Socket Layer) (1.3.18) agreement proposed by Netseape as the main transaction methods ’Both have their advantages and disadvantages. Second, the transaction process of SE payment for shopping (please refer to the first figure), is that the cardholder (10) obtains the electronic wallet, and the cardholder's electronic wallet is soft 538357 V. Description of the invention (2) Animal & ^ & Test of store (11) 1 SET software communication of store (11), _recognize online merchant card bank contact, ^ bank / contacts, cardholder must first issue a sub-certificate with the card issuer Yinwu completed the registration process. The certification authority (13) CA will provide electricity (10). When the transaction card "electronic certificate" is given to its cardholder: (: = shop⑴) and cardholder⑴ decide? = = = 1) Have a talk with the lecturer, when the cardholder ⑽ purchase order and online store; ί will subscribe to the payment card to be used, and when the cardholder (1 °) subscribes, the cardholder (52 will automatically The relevant certificate will be sent, and the software will be accompanied by -I: payment instructions. It will be sent to the special online store ⑴), all: 卄 Feng: public key encryption technology 'special online store (11) cannot be seen = card tribute, only Special online store ⑴) Acquiring bank can dissolve the hero; once the purchase order and payment information are safely delivered, the special online store (11) 's A single bank will require the card-issuing bank's card-issuing bank to authorize it. Just like the current special online store request payment method, after authorization, the special online store (11) will confirm the transaction with the card holder (10). Liquidation and settlement are like the current payment and transaction process. According to the basic idea of SET, the gold flow and logistics information in the transaction are completely separated. There are two core security technologies: encryption and decryption technology to achieve data privacy. (Cryt〇graphy), a digital signature that maintains complete data, and a f-certificate that makes transaction information undeniable. Use these three security cores to protect cardholders and online stores on the Internet. Road transactions in double ...

Page 5 538357 V. Outline of the invention ⑶ "" —— the right of the party; also because it needs to guarantee the security in the transaction process, it is in the SET e-commerce mechanism. Cardholders, online stores, and banks must all obtain Certificate Authority (CA) certification. In addition, the four elements that constitute the SET software specification are cardholder's "wallet" software, special store software, and payment gates. Server software, certification and authorization software. Although the three security cores of SET provide high security for e-commerce, they have high complexity and high costs due to the need to obtain CA certification in each link and the introduction of the four elements of SET software specifications. Factors such as low profitability have made it difficult to promote SET. Obviously, SET has a lack of convenience and high cost, resulting in a lack of market acceptance. For the transaction flow of SSL · shopping payment, please refer to the second picture. The cardholder (20) enters the shopping page that can provide SSL. The "03 page" can ensure the security of the data transmission process. The cardholder (20) entrusts the online store (21) to authorize the card. The cardholder (20) enters the product information and card-related information to be purchased , Please ask the online store (21) to authorize it. The online store (21) card and other information should be transferred to the payment bank. (21) Notify the cardholder (20) of the authorization result and complete the transaction. The online store (21) according to its authorization The result is to complete the transaction, and inform the cardholder (20) of the authorization transaction result. After the goods are delivered, the online store (21) will be exposed to the credit card center (22). According to the SSL system, it will provide complete integrity through the channel encryption. Because the data can be transmitted securely through open channels, & when cardholders communicate with trusted online stores, SSL can provide sufficient security; SSL e-commerce systems are networked by the CA Store certification

Page 6 538357 V. Description of the invention ⑷ — —- is a trusted store; because the cost of SSL is lower than SET, and for cardholders = considerations such as the need to install an electronic wallet, the current global usage of SSL is high; However, in the SSL transaction process, the cardholder authorizes the transaction through the online store. Therefore, the online store will have the personal information and credit card information of the cardholder. Once a hacker invades the online store, the cardholder will be able to steal the cardholder's account. It is expected that major losses will be caused; such things are happening constantly. Although many top names, and stations have called the online parent-exchange mechanism safe and secure, they are still hacked: users ’data is stolen, such as: record companies ⑸ “You ^ ^ ^ ^ website, Shuyou website Travelocity and the world ’s largest online retail website Asia Ϊ 网: 2Bibi〇find, etc., so despite the industry ’s continuous emphasis on online safety, safety, but generally use ss [as an online Transaction machine: The security of m is still a serious threat to online stores and cardholders. ^ SSL is only concerned about the security of transmission on the Internet. In addition, I 3: I require all online stores to spend a lot of cost Lai Bao My own website. Researching the lack of SSL, the inventors, etc. have been actively working on it. I've finally developed the advantages of SE and SSL, and the shortcomings of Tongtong as SET and SSL. The balance point of this month is the method and system for authorizing commercial financial transactions. The purpose of the cardholder is to provide a way to prevent online stores from obtaining store construction costs. Convenience, using the existing mechanism to receive the order and generate a real payment, and then press the payment key, the online store parent code and message summary value, and send it to java

538357 V. Description of the invention (5) ^ ^ '—

Applet; When the cardholder presses the payment button, the java "叩 applet" will be downloaded to buy the card information in the file on the cardholder's computer, and the key of the card issuing bank will be generated. After pressing the button of the card issuing bank, , Java s / gn applet 'opens the transfer webpage of the card-issuing bank, and transmits the transaction code and Λ heart summary value to the transfer webpage. The cardholder enters the cardholder's identity number and the issuing bank's authentication account number and Password; the card-issuing bank receives the f cardholder card information, cardholder identification number and account number, password, transaction, and digest value, and confirms the cardholder card information; if the cardholder identification number and password are correct, the transaction Code, message summary value, and transfer information to the sending bank, and the receiving bank verifies that the message 1 is not available according to the transaction code, then the party receives the transfer, and accepts the transfer request message to inform the issuing bank of the light, and the transfer has been completed. The transaction code is sent to the online store, _ ,: S: A message to accept the transfer request *; inform the cardholder via the webpage 3 = the current card balance, and the online store has received the payment from the bank, After the transaction code is issued, the cardholder will be notified immediately via the webpage ::: The easy code does not match the value of the message summary, so please do n’t know clearly and tell the card-issuing bank, and the card-issuing bank will report the success. Your reviewing committee has a thorough understanding of the technical purpose of the present invention and its effectiveness. It is attached with a detailed description of the implementation as follows.: Issue: The flow of authorization methods for electronic commerce financial transactions: Please assign someone to see what is not in the first picture. After making the cardholder (30) first greet ::: select: business 4Γ, and fill in the contact information of the person in charge of the consignee. The mailing address), the cardholder (30) presses the payment

538357 V. Description of the invention (6)

Press and the online store (32) receives the order. Generate the transaction code of the transaction, and use the MAC (Message authentication Code) key to generate a set of message digest values for the transaction code. The online store (31) then sends the transaction code and message digest value to the java applet. And when the cardholder (3 0) presses the payment key, the java sign applet from the financial center (32) (FEDI) (BANK NET) will also be downloaded, and the java sign applet will automatically read the cardholder (30 ) The file in the computer to get the card information in the file, and generate the key of the issuing bank of the card based on its card information, press ―press the key of the issuing bank, the java sign applet will open the transfer page of the issuing bank, and the java sign applet also Send the transaction code and message summary value to the card transfer bank's transfer web page, and at the same time, the cardholder (30) will check whether the transaction information is correct on the transfer page. If the transaction is correct, enter the cardholder (3 0 ) The identity number and account password (丨 ^ & password) of the card issuer set the cardholder ’s identity summary value, and the identity number and message summary value (34) are based on the mistake, the bank will be accepted, and The recipient of the bank (30) has completed the payment from the receiving bank, and the information received by the card-issuing bank is the cardholder's (30) card information, font size, card-issuing bank authentication account number and password, transaction, stamp, and bank confirmation cardholder (30) Card information. Cardholder (° 3 (^ Is the password correct? If it is correct, send the transaction code and transfer information to the beneficiary bank (34), and the beneficiary bank's e-code to verify the message summary value Is it correct? If the helmet account is correct, and inform the card issuer of the message of accepting the transfer request: E-code is sent to the online store (3). After the message of the transfer request is sent, the transfer and the current card will be sent.罔 f. Know the balance of the card Λ '. The online store (3 1) received the transaction code of the completed transfer, and then real-time via the webpage 538357. 5. Description of the invention (7) Inform the cardholder (30) that the transaction was successful. If Shima does not pay the sum of the message summary, the transfer request will not be accepted, and the card issuer will be informed that the card issuer will know the cardholder's (30) message that the transfer was unsuccessful. Success message sent to the web Road stores, online stores inform the cardholder of the "successful transaction" message through the webpage. Among them, the java sign applet can generate several keys of the payment bank (33) based on the cardholder card information, allowing the cardholder to freely choose which to use The payment bank for transfer (33). Furthermore, the e-commerce financial transaction authorization system of the present invention includes a ... transfer tool, jaVa Slgn appl. ; Let cardholders use it to transmit data to the card-issuing bank; Account asset receiving and processing system and system are set up at the bank to receive transaction data and the use-send processing system is set up at online stores to send transaction data, A transmission network for transmitting or receiving transaction data and user data. The user is used for the use of the parent. Among them, the client can be a tool for browsing the web. The following is a specific application process of the present invention: The present invention E-commerce financial system

Payment Gateway is the role of the store and the show as described below: Preparation: The communication bridge of the financial bank

538357 V. Description of the invention (8) Receiving payments / requests from stores via the Internet for Electronic Commerce (EC) demand messages. The EC demand message of the store is converted into the current transaction format is 08583, which is transmitted to the host of the financial bank through the communication interface, and the response is accepted. The host response of the bank is converted into an EC response message, which is sent back to the store via dagger ^. The method of the Web Base system: To solve the problem of cardholders who need to install an electronic wallet in the SET system, we use the Web Base method and use a signed Java applet to achieve this goal; our method is When the cardholder makes a transaction, download and execute the signed java applet provided by the financial center, the online store transmits data to the online bank through the applet, and provides the cardholder to choose the bank to transfer money. The detailed steps to achieve this goal are as follows: The cardholder first selects the product information on the order on the online store webpage, and fills in the relevant information of the consignee (such as the consignee's name, contact information, and delivery address). , The cardholder presses the payment key again, the online store receives the order, and generates the parent easy code of the transaction, and uses the MAC (Message Authentication Code) Key to generate a set of message summary values. The online store Then send the transaction code and message summary value to javaapp 1 et; and when the cardholder presses the payment key, it will download the signed applet from the financial center, and the online store uses the MAC (Message Authentication Code) given by the beneficiary bank. ) Key to ensure data integrity; the applet reads the text file containing only the bank account number stored by the cardholder in the hard disk, and

538357 V. Description of the invention (9) According to the bank account number, app 1 et submits the page and automatically enters the account number. Cardholders only need to confirm their information and account password; wait for the result of the transfer. The Key must never make a transaction. 'If the transaction is correct, the transfer result is notified to the cardholder. Send the data to the online bank transfer network. The online bank will display whether the received funds are correct, and then enter the identity card number. The payment bank is correct to transfer the data to the receiving bank. If it is not correct, it will be rejected. After receiving the transaction, the paying bank will provide the detailed transaction authorization process of the present invention (please refer to the figure below): Cardholder (30) selects the product information on the web store (31) webpage and fills in the consignee Greedy (consignee name, contact address, etc.), send the data to the online store using SSL (31); after receiving the order, the online store (31) generates a "transaction code", and Add the "transaction code" to the MAC. When the cardholder presses the payment button, the applet signed by the Financial Center (32) will be downloaded, and the "transaction code" will be sent to the online bank through this apPiet. After selecting the payment bank (33) account number on the applet, the applet uses SSL to transfer the transaction information to the card issuing bank; after the cardholder confirms that the information is correct on the card issuing bank's page, he enters his ID number and account password. Card issuing silver Send the received data to the Payment Gateway. The Payment Gateway converts the data into a specific format for electronic data exchange in the bank network, and then sends it to the host of the payment bank (33). The host of the payment bank (33) sends the data The transaction information is transmitted to the beneficiary bank (34) through the fund center (32) to perform a "transfer request"; the beneficiary bank (34) verifies that the transaction MAC with the MAC is correct.

538357 V. The description of the invention (10) is incorrect, then the transaction is accepted. If it is set up, the bank transfers the "transfer ^ response, 蛉 giant ^ the transaction, and the machine is parallel; the payment bank (33) host will "Transfer;:, ::: Line (33) The main Gateway, Payment Gateway receives the" ^ "transfer ⑺ Pay-nt Gan Gong on J transfer response" and converts it into an imr: card, the transfer result; if the payment is received ) After picking up the parent, it will immediately inform the online store (31 stores (31) that it has received the transaction, then notify the cardholder (3 Yuan Yuan), and generate a "transaction success code" to send to the cardholder tablet Send by apricot; cardholder (30) can use "transaction success code" to check the transaction delivery situation. Chemical commerce is not as transparent and traditional as the traditional transaction method. Because the online transaction process is complicated, so It is necessary and important to prevent and resolve possible errors in each payment process; the bank's online transfer1 will be recorded in the bank with each transaction situation, so this record can be provided to cardholders and online stores 11 士 t 性 In addition, through the online shop and receiving bank signature mechanism, you can The integrity of the system is 70. Since the system transmission process is built on s SL ·, the privacy of the transaction is also guaranteed. In addition, the system forces apput to read the disk data, so sandb〇x is used to indirectly host the malicious jplet — Therefore, only the signed applet can read the account number smoothly, so confirm the reliability of this applet, and prevent similar incidents such as someone setting up the ICBC website and obtaining the cardholder account and Mi Ma. = This, according to the above With reference to the appendix of the present invention, as shown, we can summarize the following features of the present invention:

538357 V. Description of Invention (11) " ------ 1. FSEC can provide cardholders without credit cards to use financial cards for e-commerce services. 2 · Cardholders can flexibly use the personal accounts of banks to make immediate or post-payment methods to make ideal and efficient financial management. On 3 • Not affected by the operating system. 4. Cardholders do not need to install an electronic wallet. 5 · Cardholder card information will not be known to online stores. ^ 6. The cardholder is authenticated by the bank. Compared with the current SSL · payment mechanism, the online store provides a more rigorous authentication method by the member authentication method. 7. Use signed aPPiet instead of e-wallet, so if there is a version update, it only needs to be replaced by the issuer. 8. It can be used for real-time fundraising, securities transactions (without restrictions on bank payments), etc.: SL's functions for e-commerce are covered and provide more rigorous security ’and improve its convenience. 9. Since the present invention is based on SSL, the legal and transactional issues that may occur during the network transaction process are solved in the same way as the objective solution. ^ "How to use technology to create a more comfortable and convenient living environment 疋 Everyone's ideals and goals, I hope that in the future, we can create an environment where transactions can be carried out without carrying cash or cards", even without these devices. Card holders ^ No Electronic wallet software needs to be installed; the present invention takes the advantages of SET and SSL and has the disadvantages of improving both systems. The technical content specifically defined in the scope of the patent application 'actually meets the e-commerce invention patent requirements. Eyes only, please ask the Bureau to grant patents in accordance with the law in order to maintain the legality of the applicant

Page 14 538357 V. Rights of Invention Statement (12).

Page 15 538357 Schematic description (1) Schematic part The first diagram is a schematic diagram of the known SET transaction authorization relationship structure. / The second diagram is a schematic diagram of a conventional SSL transaction authorization relationship architecture. The third diagram is a schematic diagram of the transaction authorization architecture of the present invention. Attachment 1 is a comparison table between the present invention, SET and SSL. (2) Part of drawing number: (1 0) (2 0) (3 0) Cardholder (1 1) (21) (3 1) Online Banking (22) Credit Card Center (2 3) (33) Payment Bank -(3 2) Funding Center (3 4) Receiving Bank

Page 16

Claims (1)

538357 1 · An e-commerce financial transaction authorization method, where the cardholder selects the product information on the order on the online store webpage and fills in the relevant information of the consignee (such as the consignee's name, contact information, and delivery address). When the cardholder presses the payment key again, the online store receives the order, generates a transaction code for the transaction, and uses the MAC (Message and Authentication Code) Key to generate a set of message summary values. The store will then send the transaction code and message summary value to the java sign applet, which will automatically read the file in the cardholder's computer to obtain the card information in the file, and then generate the key of the card-issuing bank of the card based on its card information. After the card-issuing bank presses the button, the java sign applet will open the transfer page of the card-issuing bank, and the java sign applet will also send the transaction code and message summary value to the transfer page of the card-issuing bank. At the same time, the cardholder will check on the transfer account page Whether the transaction information is correct. If it is correct, lose the second holder: the identity number set by the issuing bank, the verification account of the issuing bank and Code (id & passw 〇rd); card issuing bank received the information from Gongfeng λ uploading information, cardholder identification number and password, transaction, information card silver card confirmation cardholder card information, cardholder share Whether the font size and password are correct. If they are correct, send the transaction code, message summary value, and transfer information to the beneficiary bank. 'The beneficiary bank verifies the message summary value based on the transaction code. Is it correct?' If it is correct, accept the reed. Transfer the funds, and inform the card-issuing bank of the message that the request for the transfer is accepted, and send the transaction code of the completed transfer to the online store. After the card-issuing bank receives the message to accept the transfer request, 'the cardholder is notified via the webpage that the transfer has been completed and The current card balance, after receiving the transaction code from the beneficiary bank that the bank has completed the transfer, > 38357 / 、 'Patent application scope webpage real-time notification matches, then; function, * transaction code and message summary value are not available, then inform the cardholder to transfer funds, and inform the card-issuing bank that the card-issuing bank and the person did not transfer successfully. The power authorization method described in item 1 of the scope of patent application; among which, h · Baoqian Business Finance, Fangyi, and Java S1gn applet can generate several payment bank deposits and credit transfers according to Geshi Renfeng's second debt. Payment bank. A cardholder is free to choose to use 3. A kind of electronic commerce financial transaction authorization system, which includes: a transmission tool, java sign applet, which is used by online stores to transmit data to hair card banks; also allows cardholders A person is used to transmit data to the card-issuing bank-receiving processing system; a sending processing system is set up at the bank 'to receive transaction data and is set up at an online store to send transaction data; a transmission network is used to transmit data Send or receive transaction and user information; a client, a tool used to conduct transactions. 4. The electronic commerce financial transaction authorization system as described in item 3 of the scope of patent application; wherein the client can be a tool for browsing the web.