CN100353705C - Disposable cipher protection careless electronic transaction payment method - Google Patents
Disposable cipher protection careless electronic transaction payment method Download PDFInfo
- Publication number
- CN100353705C CN100353705C CNB2004100264627A CN200410026462A CN100353705C CN 100353705 C CN100353705 C CN 100353705C CN B2004100264627 A CNB2004100264627 A CN B2004100264627A CN 200410026462 A CN200410026462 A CN 200410026462A CN 100353705 C CN100353705 C CN 100353705C
- Authority
- CN
- China
- Prior art keywords
- user
- bank
- transaction
- password
- electronic transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention discloses a disposable password protection cardless electronic transaction payment method. Communication and transaction are carried out through text messages of a user's mobile phone and an electronic transaction terminal of a bank. A disposable password comprises a four-digit dynamic password and a six-digit user static password registered in the bank in advance, wherein the four-digit dynamic password is determined after a four-digit random number as a seed and the user's electronic transaction money sum are encrypted by the bank, and is sent to the user through text messages of the mobile phone. The transaction password is sent to the bank through the electronic transaction terminal; after verification, whether transaction can be carried out is determined. The life period of the disposable password is set to be one to five minutes; after used, the disposable password fails so that the security problem of financial transaction is solved. The method has the advantages of cardless transaction and disposable password protection, and can be widely used in finance, Internet ecommerce, etc.
Description
Technical field the present invention relates to the no card-type electronic transaction of a kind of disposal password protection delivery method; more particularly, relate to a kind of disposal password that carries out the e-commerce transaction clearing on bank self-help terminal access money, personal consumption electronic accounting and the Internet that can be applied in effectively and protect no card-type electronic transaction delivery method.
Background technology in the prior art, personal banking electronic accountings such as bank individual debit, deposit, adopt the user to hold the bank card of issued by banks, with confirming subscriber authorisation at the user cipher of bank's registration in advance, carry out electronic accounting, deposit that card is forged, user cipher is stolen in the bank or the offender forces the user tell password after plundering user's bank card, thereby steal the fund of user in bank.The user is carrying out internet electronic business when transaction, if Bank Account Number, user cipher are stolen by the hacker on Network Transmission, transaction platform server or client personal computer, also threatens the safety of user's fund.Generally speaking, there is bigger security risk in present stage electronic transaction clearing.
Summary of the invention the object of the present invention is to provide the no card-type electronic transaction of a kind of disposal password protection delivery method; the user need not to carry bank card; just can carry out the electronic transaction clearing; can avoid effectively being plundered user's bank card, to take precautions against the fund security risk that Bank Account Number, user cipher are stolen and bring by the offender.
In order to achieve the above object; the invention provides following technical scheme: adopt the no card-type electronic transaction of a kind of disposal password protection delivery method; by user's mobile phone short-message and contact of bank electronic transaction terminal and transaction; the electronic transaction terminal comprises the POS machine of bank; ATM and e-commerce website; old-style Chinese private bank's code that user's Bank Account Number that this method adopted is encoded to bank adds user's Mobile Directory Number; disposal password is added in advance by 4 figure place dynamic passwords to be formed at 6 figure place user static passwords of bank's registration; when carrying out the electronic transaction payment; the user is to bank electronic transaction terminal input user account and dealing money; transaction terminal is submitted to bank and is contained user account; the transaction request of dealing money; by bank 4 figure place dynamic passwords are carried out determining behind the cryptographic calculation as seed and user's electronic dealing money by 4 random numbers; and Transaction Informations such as dynamic password and dealing money are sent to user's mobile phone; the user adds 4 figure place dynamic passwords trading password definite could transaction after the electronic transaction terminal sends to bank's empirical tests that 6 figure place user static passwords are formed again; whether transaction terminal concludes the business according to the decision of could concluding the business that bank provides again; the information that the electronic transaction terminal maybe can not be concluded the business Transaction Success is shown to the user, and passage at last Cancels Transaction.
The present invention will solve the coding method of user's Bank Account Number, disposal password generation and the technical problems of being convenient to remember such as method of calibration, disposal password and user interaction method.Because Bank of China's code has only double-digit numeral to form at present, user's Mobile Directory Number user can both remember, therefore, and the very convenient user's memory of user account.Because disposal password is made of at user's static password of notes such as bank in advance 4 figure place dynamic passwords+six figure places, after 4 figure place dynamic passwords carry out cryptographic calculation by 4 random numbers as seed and user's electronic dealing money, get 4 bit digital and be user's dynamic password, transaction each time all generates different dynamic passwords, when password authentification, examine password that user submit with dealing money through identical cryptographic calculation scheme by the dynamic password seed, can effectively prevent the dealing money deception that illegal transaction terminal such as illegal business site produce; Static password uses, and in the time of can preventing that user's mobile phone from illegally being used by other people, user account ground is protected.
The present invention's technical scheme preferably can be: bank is set at 1~5 minute with disposal password life cycle, submits to from the user and comes into force in the electronic transaction request, loses efficacy after reaching setting-up time.Because adopt online transaction, the time of the actual use of disposal password generally got final product at 1~3 minute, will be set at 5 minutes its life cycle with the interior requirement that can satisfy transaction.
Hold with existing user, the static password calibration technology compares, the present invention has following tangible advantage and effect: 1, the user does not need to carry bank card, just can carry out the electronic transaction clearing, can take precautions against stolen, the quilt carrying bank card and bring effectively and be robbed risk; 2, adopt the disposal password protection, can take precautions against user account effectively, user cipher is revealed the risk of bringing to the user account fund; 3, dynamic password is relevant with dealing money, can take precautions against the dealing money deception of illegal transaction platform such as illegal e-commerce website effectively, respectively submits different dealing money to the user with bank as illegal e-commerce website; 4, settlement of transactions each time, all use generate by bank, by the cryptoguard of mobile network's transmission, can solve the user effectively to the worry of internet electronic business to account, cryptoguard, can greatly stimulate internet electronic business ground to develop.
Be description of drawings of the present invention below the description of drawings:
Fig. 1 is the no card-type electronic transaction of a disposal password protection delivery method flow chart;
Fig. 2 is the application of the no card-type electronic transaction delivery method of disposal password protection on the bank self-help terminal;
Fig. 3 is the application of the no card-type electronic transaction delivery method of disposal password protection on internet electronic business;
Fig. 4 is the application of the no card-type electronic transaction delivery method of disposal password protection on the personal consumption electronic accounting.
Among Fig. 1~Fig. 4, the counterparty is user and electronic transaction terminal both sides, by bank settlement Processor is settled accounts, and the electronic transaction terminal among the figure comprises POS machine, the ATM of bank With e-commerce website etc.
With reference to Fig. 1, the user is handed over by electronics to electronic transaction terminal input account number, dealing money Easily terminal proposes transaction request to bank, and bank settlement generates transaction journal number, dynamic password kind Son, dynamic password, while separate users Mobile Directory Number, and with dynamic password, trade gold The Transaction Informations such as volume send to user's mobile phone by note, and the user will be obtained by mobile phone Dynamic password add the 10 figure place trading passwords input electronic transaction terminal that static password forms And submitted to bank by the electronic transaction terminal, bank settlement checking dynamic password, dealing money, Static password, dynamic password be after life cycle, and sending to the electronic transaction terminal could Transaction Information, The electronic transaction terminal will according to bank provide could Transaction Information, conclude the business with the user or get The transaction that disappears, and transaction results is shown to the user, and carry out the relevant processing that writes off with bank. Silver Row also can send to Transaction Information user's mobile phone.
By specific embodiment the present invention is carried out more detailed description below the embodiment:
The application of embodiment 1 on the bank self-help terminal
With reference to Fig. 2, the user imports user account number on ATM, the amount of money of withdrawing the money, to bank transaction request is proposed through ATM, bank settlement generates transaction journal number, the dynamic password seed, dynamic password, while separate users Mobile Directory Number, and with dynamic password, Transaction Informations such as dealing money send to user's mobile phone by note, the user will be added 10 figure place trading passwords input ATM that static password forms by the dynamic password that mobile phone obtains and submit to bank, bank settlement checking dynamic password, dealing money, static password, dynamic password is after life cycle, sending to ATM could Transaction Information, ATM according to bank provide could Transaction Information, conclude the business or Cancel Transaction with the user, and transaction results is shown to the user, ATM is submitted the transaction results report to, and by bank's processing that writes off of being correlated with, bank also can send to Transaction Information user's mobile phone.
The application of embodiment 2 on internet electronic business
With reference to Fig. 3, user's order products is to the e-commerce website order products, e-commerce website shows product value, the user imports user account number, to e-commerce website transaction request is proposed, bank settlement generates transaction journal number, the dynamic password seed, dynamic password, while separate users Mobile Directory Number, and with dynamic password, Transaction Informations such as dealing money send to user's mobile phone by note, the user will be added that the 10 figure place trading passwords that static password is formed submit business web site to by the dynamic password that mobile phone obtains after examining dealing money, business web site transmitted transaction password is given bank, bank settlement checking dynamic password, dealing money, static password, dynamic password is after life cycle, sending to business web site could Transaction Information, business web site according to bank provide could Transaction Information, conclude the business or Cancel Transaction with the user, and transaction results is shown to the user, business web site is submitted the transaction results report to, and by bank's processing that writes off of being correlated with, bank is to send to Transaction Information user's mobile phone.
The application of embodiment 3 on the personal consumption electronic accounting
With reference to Fig. 4, trade company imports the amount of money of customer consumption on the POS machine, the user imports user account number on the POS machine, the POS machine proposes transaction request by Unionpay to bank through trade company, bank settlement generates transaction journal number, the dynamic password seed, dynamic password, while separate users Mobile Directory Number, and with dynamic password, Transaction Informations such as dealing money send to user's mobile phone by note, the user will be added 10 figure place trading passwords input POS machine that static password forms by the dynamic password that mobile phone obtains and submit to bank by Unionpay, bank settlement checking dynamic password, dealing money, static password, dynamic password is after life cycle, sending to the POS machine by Unionpay could Transaction Information, the POS machine according to bank provide could Transaction Information, conclude the business or Cancel Transaction with the user, and transaction results is shown to the user, the POS machine is submitted the transaction results report to, and carries out relevant writing off and Account Disposal through Unionpay by Unionpay and bank, and bank sends to user's mobile phone with Transaction Information.
Claims (2)
1; the no card-type electronic transaction of a kind of disposal password protection delivery method; the user is by mobile phone short-message and contact of electronic transaction terminal and transaction; the electronic transaction terminal comprises the POS machine of bank; ATM and e-commerce website; it is characterized in that: old-style Chinese private bank's code that the user's Bank Account Number that is adopted is encoded to bank adds user's Mobile Directory Number; disposal password is added in advance by 4 figure place dynamic passwords to be formed at 6 figure place user static passwords of bank's registration; when carrying out the electronic transaction payment; the user is to electronic transaction terminal input user's Bank Account Number and dealing money; the electronic transaction terminal is submitted to bank and is contained user's Bank Account Number; the transaction request of dealing money; bank carries out determining 4 figure place dynamic passwords behind the cryptographic calculation as seed and with the user's electronic dealing money with 4 random numbers; and the Transaction Information of dynamic password and dealing money sent to user's mobile phone; the user will add that the trading password that 6 figure place user static passwords are formed sends to bank through the electronic transaction terminal by 4 figure place dynamic passwords again; could conclude the business with definite through bank's checking; the electronic transaction terminal could determine whether transaction by Transaction Information according to what bank provided again; the information that the electronic transaction terminal maybe can not be concluded the business Transaction Success is shown to the user, at last by user's passage that Cancels Transaction.
2, method according to claim 1 is characterized in that: bank is set at 1~5 minute with disposal password life cycle, submits to from the user and comes into force in the electronic transaction request, loses efficacy after reaching setting-up time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100264627A CN100353705C (en) | 2004-03-09 | 2004-03-09 | Disposable cipher protection careless electronic transaction payment method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100264627A CN100353705C (en) | 2004-03-09 | 2004-03-09 | Disposable cipher protection careless electronic transaction payment method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1560801A CN1560801A (en) | 2005-01-05 |
| CN100353705C true CN100353705C (en) | 2007-12-05 |
Family
ID=34441227
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100264627A Expired - Fee Related CN100353705C (en) | 2004-03-09 | 2004-03-09 | Disposable cipher protection careless electronic transaction payment method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100353705C (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101582763B (en) * | 2009-04-02 | 2011-05-18 | 北京飞天诚信科技有限公司 | Method and system for identity authentication based on dynamic password |
| CN101882343A (en) * | 2009-05-05 | 2010-11-10 | 中国移动通信集团公司 | Method, system and equipment for cardless operation of automatic teller machine |
| CN101901306A (en) * | 2009-06-01 | 2010-12-01 | 北京焜安信息技术有限公司 | Network transaction encryption method and dynamic password equipment used by same |
| CN101958024B (en) * | 2009-07-16 | 2013-06-26 | 全宏科技股份有限公司 | Financial transaction system, automated teller machine and method for operating automated teller machine |
| CN102637273A (en) * | 2011-02-09 | 2012-08-15 | 周锡卫 | Safe real-time bank payment system and method |
| CN104778384A (en) * | 2014-01-13 | 2015-07-15 | 全宏科技股份有限公司 | Authorization server, authorization method and computer program product |
| CN105096111A (en) * | 2015-08-31 | 2015-11-25 | 宇龙计算机通信科技(深圳)有限公司 | No-card account transfer or withdrawal protection method and mobile phone system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1283827A (en) * | 2000-08-18 | 2001-02-14 | 郝孟一 | Universal electronic information network authentication system and method |
| CN1435985A (en) * | 2002-01-30 | 2003-08-13 | 鸿联九五信息产业股份有限公司 | Dynamic cipher safety system and dynamic cipher generating method |
| CN1472915A (en) * | 2002-08-01 | 2004-02-04 | 苗 原 | Method for identification in Internet application by utilizing mobile device |
| CN1477810A (en) * | 2003-06-12 | 2004-02-25 | 上海格尔软件股份有限公司 | Dynamic password authentication method based on digital certificate implement |
-
2004
- 2004-03-09 CN CNB2004100264627A patent/CN100353705C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1283827A (en) * | 2000-08-18 | 2001-02-14 | 郝孟一 | Universal electronic information network authentication system and method |
| CN1435985A (en) * | 2002-01-30 | 2003-08-13 | 鸿联九五信息产业股份有限公司 | Dynamic cipher safety system and dynamic cipher generating method |
| CN1472915A (en) * | 2002-08-01 | 2004-02-04 | 苗 原 | Method for identification in Internet application by utilizing mobile device |
| CN1477810A (en) * | 2003-06-12 | 2004-02-25 | 上海格尔软件股份有限公司 | Dynamic password authentication method based on digital certificate implement |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1560801A (en) | 2005-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2322356C (en) | Credit card system and method | |
| EP1153375B1 (en) | Credit card system and method | |
| US20070170247A1 (en) | Payment card authentication system and method | |
| US20090055319A1 (en) | Novel card-less, name-less, number-less, and paper-less method and system of highly secure completely anonymous customer-merchant transactions | |
| CN1906629A (en) | Secure payment system | |
| WO2014108916A1 (en) | A computer implemented system and method for cashless and cardless transactions | |
| CN100353705C (en) | Disposable cipher protection careless electronic transaction payment method | |
| AU2004241345A1 (en) | Security method and apparatus for preventing credit card fraud | |
| Smith | Internet payment systems and their security risks | |
| CA2381074A1 (en) | Secure system for conducting electronic transactions and method for use thereof | |
| US20200410493A1 (en) | Computer Implemented System and Method for Cashless and Cardless Transactions | |
| Rizvi et al. | Smart Cards: The Future Gate | |
| CA2627108A1 (en) | A pin number security system for debit card and credit card | |
| Theophilus et al. | Academic Journal of Applied Mathematical Sciences | |
| AU753159B2 (en) | Credit card system and method | |
| Binitie et al. | Synthetic software method: panacea for combating internet fraud in Nigeria | |
| Gaskill et al. | Chip and spin: Shifting burdens and new threats in retail card fraud | |
| by Visa | Card not present fraud | |
| WO2007058519A1 (en) | On line banking security method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071205 |