CN101794420A - Payment authentication method, terminal and system - Google Patents
Payment authentication method, terminal and system Download PDFInfo
- Publication number
- CN101794420A CN101794420A CN200910239611A CN200910239611A CN101794420A CN 101794420 A CN101794420 A CN 101794420A CN 200910239611 A CN200910239611 A CN 200910239611A CN 200910239611 A CN200910239611 A CN 200910239611A CN 101794420 A CN101794420 A CN 101794420A
- Authority
- CN
- China
- Prior art keywords
- authentication
- payment
- transaction
- information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The embodiment of the invention provides a payment authentication method, which comprises that the user identification of a mobile terminal is obtained; transaction information is sent to the mobile terminal, wherein the transaction information comprises transaction serial number, transaction time and transaction amount; a transaction ciphertext digitally signed by the mobile terminal is obtained; an authentication request is submitted to an authentication and authorization service platform, wherein the authentication request comprises the user identification, transaction information and the transaction ciphertext; an authentication result fed back by the authentication and authorization service platform is obtained, wherein the authentication result comprises pass information or authentication failure information; and transaction fee deduction is conducted according to the obtained authentication pass information. The embodiment of the invention additionally discloses a payment authentication terminal and a payment authentication system. Through the implementation of the invention, a safe and universal payment method is realized and great convenience is provided for users.
Description
Technical field
The present invention relates to e-commerce field, relate in particular to a kind of payment authentication method, terminal and system.
Background technology
The secure payment authentication is the core research topic of e-commerce field always, the present domestic thousands of e-commerce websites that occurred, nearly 40 third party's payment platforms, but present payment platform, for guaranteeing the security of online transaction, substantially all be the digital certificate that utilizes the original online transaction of bank, not only the user is loaded down with trivial details, need open the client software load certs of corresponding preparation draw bank, commercial bank that some are little or new bank, owing to there is not digital certificate can't participate at all, because the cooperation interface of each businessman and bank is also imperfect, the user usually can not use account No. payment e-commerce transaction simultaneously.
Corresponding this situation, the user usually carries account association cards such as many bank cards, public transport subway card, shopping stored value card, mess card, loses easily even possibility that is replicated arranged, and has brought great risk to user's safe handling.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of payment authentication method, terminal and system, by the built-in digital certificate of issuing through digital certificate authentication mechanism in portable terminal SIM, Transaction Information is carried out mailing to the authentication service platform after the digital signature carry out transaction authentication, realize a kind of method of payment of safety general, bring advantage to the user.
The embodiment of the invention provides a kind of payment authentication method, and described payment authentication method comprises:
Obtain the mobile terminal user sign;
Send Transaction Information to portable terminal, described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
Obtain the transaction ciphertext of carrying out digital signature through portable terminal;
Submit authentication request to the authentication service platform, described authentication request comprises described user ID, Transaction Information and transaction ciphertext;
Obtain the authentication result that the authentication service platform returns, comprise that authentication is by information or authentication failure message;
Conclude the business by information according to the authentication that gets access to and to deduct fees.
Correspondingly, the embodiment of the invention provides a kind of portable terminal, and described portable terminal comprises:
The safety certificate storage element is used at SIM storage safe certificate, and described safety certificate comprises private key;
The digital signature unit is used for using the private key in the safety certificate that described safety certificate storage element stores that Transaction Information is carried out digital signature.
Correspondingly, the embodiment of the invention also provides a kind of payment authentication terminal, it is characterized in that, described payment authentication terminal comprises:
The user ID acquiring unit is used to obtain the mobile terminal user sign;
The Transaction Information transmitting element is used for sending Transaction Information to described portable terminal, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
Transaction ciphertext acquiring unit is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal;
The authentication request unit is used for submitting authentication request to the authentication service platform, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext;
The authentication result acquiring unit obtains the authentication result that the authentication service platform returns, and comprises that authentication is by information or authentication failure message;
The unit of deducting fees, the authentication that is used for getting access to according to the authentication result acquiring unit is concluded the business by information and is deducted fees.
Correspondingly the embodiment of the invention also provides a kind of payment authentication system, it is characterized in that, described payment authentication system comprises portable terminal, authentication payment terminal, authentication service platform and payment platform, wherein:
Portable terminal is used at SIM card embedded digital certificate, and described digital certificate comprises private key, and the Transaction Information that uses described private key that described payment authentication terminal is sent carries out digital signature;
Described authentication payment terminal is used for obtaining user ID from portable terminal, send Transaction Information to described portable terminal, described authentication information comprises transaction sequence number, exchange hour and dealing money, obtain the transaction ciphertext of process portable terminal digital signature from described portable terminal, submit authentication request to the authentication service platform, described authentication request comprises user ID, Transaction Information and transaction ciphertext, obtain the authentication result that described authentication service platform returns, authentication result comprises that authentication is by information or authentication failure message, send deduct fees request by information to payment platform according to the authentication that gets access to, the described request of deducting fees comprises user ID, transaction expressly, authentication is obtained the result that deducts fees by information from described payment platform;
Described authentication service platform is used for obtaining described authentication request from described authentication payment terminal, and described authentication request is carried out authentication and returned authenticating result to described authentication payment terminal;
Described payment platform is used for deducting fees according to the request of deducting fees that described authentication payment terminal is sent, and returns the result that deducts fees to described authentication payment terminal.
Correspondingly the embodiment of the invention also provides another kind of payment authentication terminal, and described payment authentication terminal comprises:
The user ID acquiring unit is used to obtain the mobile terminal user sign;
The Transaction Information acquiring unit is used for obtaining Transaction Information from e-commerce website, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
The Transaction Information transmitting element is used for sending described Transaction Information to described portable terminal;
Transaction ciphertext acquiring unit is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal;
The authentication request unit is used for submitting authentication request to e-commerce website, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.
Correspondingly the embodiment of the invention also provides another kind of payment authentication system, and described payment authentication system comprises portable terminal, authentication payment terminal, e-commerce website, authentication service platform and payment platform, wherein:
Portable terminal is used at SIM card embedded digital certificate, and described digital certificate comprises private key, and the Transaction Information that uses described private key that described payment authentication terminal is sent carries out digital signature;
Described authentication payment terminal is used for obtaining user ID from portable terminal, obtain described Transaction Information from described e-commerce website, send Transaction Information to described portable terminal, described authentication information comprises transaction sequence number, exchange hour and dealing money, obtain the transaction ciphertext of process portable terminal digital signature from described portable terminal, submit authentication request to e-commerce website, described authentication request comprises user ID, Transaction Information and transaction ciphertext;
Described e-commerce website is used for obtaining described authentication request from described authentication payment terminal, submit described authentication request to and obtain the authentication result that described authentication service platform returns to the authentication service platform, authentication result comprises that authentication is by information or authentication failure message, send deduct fees request by information to payment platform according to the authentication that gets access to, the described request of deducting fees comprises user ID, transaction plaintext, authenticates the information of passing through; Obtain the result that deducts fees from described payment platform;
Described authentication service platform is used for obtaining described authentication request from described authentication payment terminal, and described authentication request is carried out authentication and returned authenticating result to described authentication payment terminal;
Described payment platform is used for deducting fees according to the request of deducting fees that described authentication payment terminal is sent, and returns the result that deducts fees to described authentication payment terminal.
The embodiment of the invention is by the built-in digital certificate of issuing through digital certificate authentication mechanism in portable terminal SIM, Transaction Information is carried out mailing to the authentication service platform after the digital signature carry out transaction authentication, realized a kind of method of payment of safety general, brought very big facility to the user.
Description of drawings
Fig. 1 is that the structure of a kind of payment authentication system in the first embodiment of the invention is formed synoptic diagram;
Fig. 2 is that the structure of a kind of portable terminal in the embodiment of the invention is formed synoptic diagram;
Fig. 3 is that the structure of a kind of payment authentication terminal in the first embodiment of the invention is formed synoptic diagram;
Fig. 4 is that the structure of a kind of payment authentication system in the second embodiment of the invention is formed synoptic diagram;
Fig. 5 is that the structure of a kind of payment authentication terminal in the second embodiment of the invention is formed synoptic diagram;
Fig. 6 is the schematic flow sheet of a kind of payment authentication method in the embodiment of the invention;
Fig. 7 is a kind of on-site payment authentication method schematic flow sheet in the first embodiment of the invention;
Fig. 8 is a kind of internet payment authentication method schematic flow sheet in the second embodiment of the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is that the structure of a kind of payment authentication system in the first embodiment of the invention is formed synoptic diagram, and this identity authorization system comprises portable terminal 10, payment authentication terminal 20, authentication service platform 30 and payment platform 40 as shown in the figure, wherein:
Fig. 2 is that the structure of a kind of portable terminal in the embodiment of the invention is formed synoptic diagram, and this portable terminal comprises as shown in the figure:
Safety certificate storage element 101 is used at SIM storage safe certificate, and described safety certificate comprises private key.Particularly, described digital certificate is authorized and is write in the SIM card for digital authenticating mechanism issues, bind with subscriber phone number, user's real name information in advance, comprise one based on Public Key Infrastructure (PublicKey Infrastructure, PKI) private key of technology.
Fig. 3 is that the structure of a kind of payment authentication terminal in the first embodiment of the invention is formed synoptic diagram, this payment authentication terminal comprises as shown in the figure: user ID acquiring unit 201, Transaction Information transmitting element 202, transaction ciphertext acquiring unit 203, authentication request unit 204, authentication result acquiring unit 205, the unit 206 of deducting fees, wherein:
User ID acquiring unit 201 is used to obtain the mobile terminal user sign.Particularly, user ID acquiring unit 201 can obtain described user ID by the SIM card of visiting described portable terminal.Described user ID can for subscriber phone number, user security certificate number or user's real name information etc. in can the identification information of unique affirmation user identity any or several.
Transaction Information transmitting element 202 is used for sending Transaction Information to described portable terminal, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money.
Transaction ciphertext acquiring unit 203 is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal.In the specific implementation, after described portable terminal gets access to the Transaction Information that Transaction Information transmitting element 202 sends, the private key that calls the digital certificate in the SIM card carries out digital signature to described Transaction Information, obtain described transaction ciphertext, return to the described transaction ciphertext acquiring unit 203 of authenticating transactions terminal.
Authentication result acquiring unit 205 obtains the authentication result that the authentication service platform returns, and comprises that authentication is by information or authentication failure message.
The authentication that unit 206 is used for getting access to according to the authentication result acquiring unit of deducting fees is concluded the business by information and is deducted fees.In the specific implementation, the described unit of deducting fees further can comprise:
The request module of deducting fees, the authentication that is used for getting access to when described authentication result acquiring unit sends deducting fees request by information to payment platform, the described request of deducting fees comprise user ID, transaction expressly, authenticate the information of passing through;
The acquiring unit as a result of deducting fees is used for obtaining the result that deducts fees from described payment platform.
Further, the payment authentication terminal among this embodiment can also comprise:
Rfid uint is used for carrying out wireless bidirectional communication with described portable terminal.In the specific implementation, described rfid uint can comprise a built-in RF card reader, when portable terminal near the RF Card Reader zone time, the RF card reader can conduct interviews to the SIM card of portable terminal.
Fig. 4 is that the structure of a kind of payment authentication system in the second embodiment of the invention is formed synoptic diagram, payment authentication system comprises among this embodiment as shown in the figure: portable terminal 10, payment authentication terminal 50, e-commerce platform 60, authentication service platform 70 and payment platform 80, wherein:
Described e-commerce website 60 is used for obtaining described authentication request from described authentication payment terminal, submit described authentication request to and obtain the authentication result that described authentication service platform 70 returns to authentication service platform 70, authentication result comprises that authentication is by information or authentication failure message, obtain the request acknowledge message of deducting fees from payment platform 80, and return the acknowledge message of deducting fees to payment platform 80, obtain the result that deducts fees from described payment platform 80;
Described authentication service platform 70 is used for obtaining described authentication request from described authentication payment terminal, described authentication request is carried out authentication and returned authenticating result to described authentication payment terminal, send deducting fees requests to payment platform 80, described deducting fees asks to comprise that user ID, Transaction Information and authentication pass through information.
The request of deducting fees that described payment platform 80 is used for sending according to described authentication service platform is confirmed to deduct fees to e-commerce website 60 requests, obtain the affirmation back of deducting fees from e-commerce website 60 interlock account of the user ID correspondence the request of deducting fees is deducted fees, and return the result that deducts fees to described authentication payment terminal.Payment platform 80 can be bank account payment system, network trading payment platform etc.
Fig. 5 is that the structure of a kind of payment authentication terminal in the second embodiment of the invention is formed synoptic diagram, this payment authentication terminal comprises user ID acquiring unit 501, Transaction Information acquiring unit 502, Transaction Information transmitting element 503, transaction ciphertext acquiring unit 504 and authentication request unit 505 as shown in the figure, wherein:
User ID acquiring unit 501 is used to obtain the mobile terminal user sign.Particularly, user ID acquiring unit 201 can obtain described user ID by the SIM card of visiting described portable terminal.Described user ID can for subscriber phone number, user security certificate number or user's real name information etc. in can the identification information of unique affirmation user identity any or several.
Transaction Information acquiring unit 502 is used for obtaining Transaction Information from e-commerce website, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money.Particularly, when the user prepared to pay at the e-commerce website option dealing, described Transaction Information acquiring unit just obtained this Transaction Information from e-commerce website.
Transaction Information transmitting element 503 is used for sending described Transaction Information to described portable terminal.
Transaction ciphertext acquiring unit 504 is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal.In the specific implementation, after described portable terminal gets access to the Transaction Information that Transaction Information transmitting element 503 sends, the private key that calls the digital certificate in the SIM card carries out digital signature to described Transaction Information, obtain described transaction ciphertext, return to the described transaction ciphertext acquiring unit 504 of authenticating transactions terminal.
The authentication request unit is used for submitting authentication request to e-commerce website, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.Further, described authentication request can also comprise: BPID e-commerce website numbering, be used to identify e-commerce website through authentication service platform authentication permission, the internet ID authentication request numbering of BSID e-commerce website application is used to identify that this e-commerce website initiates is the internet ID authentication request.Further, the Transaction Information in the described authentication request can also avoid Transaction Information directly to expose earlier through the BASE64 coding.
Fig. 6 is the schematic flow sheet of a kind of payment authentication method in the embodiment of the invention, and this method flow comprises as shown in the figure:
Step S601 obtains the mobile terminal user sign.In the specific implementation, the user swipes the card portable terminal near the payment authentication terminal, and described payment authentication terminal is visited the SIM card of described portable terminal by external RF card reader or built-in RF rfid uint, thereby obtains user ID.Described user ID can be in can the identification information of unique affirmation user identity any one or more such as subscriber phone number, user security certificate number or user's real name information.
Step S602 sends Transaction Information to portable terminal, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money.In the specific implementation, described Transaction Information can generate for the payment authentication terminal, also can obtain from e-commerce website for the payment authentication terminal.
Step S603 obtains the transaction ciphertext of carrying out digital signature through portable terminal.In the specific implementation, after described portable terminal obtains described Transaction Information, use the private key of digital certificate in the SIM card that described Transaction Information is carried out digital signature, obtain described transaction ciphertext and return described transaction ciphertext to the transaction authentication terminal.
Step S604 submits authentication request to the authentication service platform, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.In the specific implementation, the payment authentication terminal can directly be submitted described authentication request to the authentication service platform, also described authentication request can be mail to e-commerce website, submits described authentication request by e-commerce website to the authentication service platform.Further, described authentication request can also comprise: BPID e-commerce website numbering, be used to identify e-commerce website through authentication service platform authentication permission, the internet ID authentication request numbering of BSID e-commerce website application is used to identify that this e-commerce website initiates is the internet ID authentication request.Further, the Transaction Information in the described authentication request can also avoid Transaction Information directly to expose earlier through the BASE64 coding.
Step S605 obtains the authentication result that the authentication service platform returns, and comprises that authentication is by information or authentication failure message.In the specific implementation, after described authentication service platform obtains described authentication request, described authentication request is carried out authentication, comprising:
The authentication service platform is searched corresponding PKI according to the user ID in the described authentication request;
The authentication service platform uses the PKI that finds that described Transaction Information ciphertext is decrypted;
The PKI that the authentication service platform finds the Transaction Information in the described authentication request and described use is decrypted the result who obtains to described transaction ciphertext and compares, the then authentication success of comparison unanimity, and, comprise that authentication is by information or authentication failure message to described transaction authentication terminal or e-commerce website return authentication result.Authentication information in described authentication request then also needs described coding is carried out just comparing after the BASE64 decoding through the BASE64 coding further.
Step S606 concludes the business by information according to the authentication that gets access to and to deduct fees.In the specific implementation, can send the request of deducting fees for transaction authentication terminal payment platform, also can send the request of deducting fees to described payment platform for e-commerce website, can also send the request of deducting fees to described payment platform for described authentication service platform, the described request of deducting fees comprises that user ID, Transaction Information and authentication pass through information, described payment platform to the interlock account operation of deducting fees, and returns the result that deducts fees to payment authentication terminal or e-commerce website according to the user ID in the request of deducting fees.
Fig. 7 is a kind of on-site payment authentication method schematic flow sheet in the first embodiment of the invention, and this method flow comprises as shown in the figure:
Step S701, the input dealing money, the prompting user is close with portable terminal.In the specific implementation, payment authentication terminal in the present embodiment can be point of sales terminal (the Point ofsale that is embedded with the non-contact RF access function, POS), a built-in RF card reader, when portable terminal near the RF Card Reader zone time, POS can conduct interviews to the SIM card of portable terminal by the RF card reader.Import behind the selected commodity of the amount of money or user behind the POS computer dealing money by the field personnel, on display panel the prompting user with portable terminal near RF Card Reader zone.
Step S702, portable terminal establishes a communications link between portable terminal SIM card and the ID authentication device near RF read head or card reader effective coverage.Particularly, portable terminal establishes a communications link between portable terminal SIM card and the transaction authentication terminal near RF card device effective coverage.Further, the transaction authentication terminal can be obtained user ID from portable terminal this moment, described user ID can be obtained user ID and also can the random time between S702-S706 finish in can the identification information of unique affirmation user identity any one or more such as subscriber phone number, user security certificate number or user's real name information.
Step S703, the payment authentication terminal sends Transaction Information to portable terminal.In the specific implementation, after dealing money is confirmed, the payment authentication terminal promptly generates this Transaction Information, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money, sends described Transaction Information to portable terminal and ask for an autograph after connecting with described portable terminal.
Step S704, portable terminal carries out digital signature to described Transaction Information.Particularly, after described portable terminal obtains described Transaction Information, use the private key of digital certificate in the SIM card that described Transaction Information is carried out digital signature, obtain the ciphertext of concluding the business.
Step S705, portable terminal returns described transaction ciphertext to the transaction authentication terminal.
Step S706, the transaction authentication terminal is submitted authentication request to the authentication service platform, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.In the specific implementation, described authentication request can also comprise: BPID e-commerce website numbering, be used to identify e-commerce website through authentication service platform authentication permission, the internet ID authentication request numbering of BSID e-commerce website application is used to identify that this e-commerce website initiates is the internet ID authentication request.Further, the Transaction Information in the described authentication request can also avoid Transaction Information directly to expose earlier through the BASE64 coding.
Step S707, the authentication service platform carries out authentication to described authentication request.Concrete method for authenticating comprises: the authentication service platform is searched corresponding PKI according to the user ID in the described authentication request;
The authentication service platform uses the PKI that finds that described Transaction Information ciphertext is decrypted;
The PKI that the authentication service platform finds the Transaction Information in the described authentication request and described use is decrypted the result who obtains to described transaction ciphertext and compares, the then authentication success of comparison unanimity, and, comprise that authentication is by information or authentication failure message to described transaction authentication terminal or e-commerce website return authentication result.Authentication information in described authentication request then also needs described coding is carried out just comparing after the BASE64 decoding through the BASE64 coding further.
Step S708, authentication service platform comprise that to transaction authentication payment terminal return authentication result authentication is by information or authentication failure message.If authentication is by information execution in step S709 then, if authentification failure message process ends then.
Step S709, the transaction authentication terminal sends deducting fees request to payment platform, and described deducting fees asks to comprise that user ID, Transaction Information and authentication pass through information.
Step S710, payment platform is deducted fees to interlock account according to the described request of deducting fees.In the specific implementation, information is passed through in the authentication that payment platform can at first be checked in the request of deducting fees, and searches interlock account according to the user ID in the request of deducting fees then, and according to Transaction Information interlock account is deducted fees.
Step S711, payment platform returns the result that deducts fees to the payment authentication terminal, and the payment authentication terminal is shown to the user.
Present embodiment can be applied to market transaction payment, public transport subway ticketing service payment, mess card transaction, the credit card scene business etc. of paying bills.By the built-in digital certificate of issuing through digital certificate authentication mechanism in portable terminal SIM, Transaction Information is carried out mailing to the authentication service platform after the digital signature carry out transaction authentication, realized a kind of method of payment of safety general, brought very big facility to the user.
Fig. 8 is a kind of internet payment authentication method schematic flow sheet in the second embodiment of the invention, and this method flow comprises as shown in the figure:
S801, electronic commercial web site prompts user is with the close RF read head of portable terminal.In the specific implementation, can select payment transaction at e-commerce website for the user, the electronic commercial website produces Transaction Information and points out the user with the close RF read head of portable terminal, described Transaction Information comprises transaction sequence number, exchange hour and dealing money, described RF read head is used to visit the radio frequency read head of portable terminal SIM card, insert computer with the USB form, can set up communication by noncontact mode and portable terminal and be connected.
S802, portable terminal establishes a communications link between portable terminal SIM card and the ID authentication device near RF read head or card reader effective coverage.Particularly, portable terminal establishes a communications link between portable terminal SIM card and the transaction authentication terminal near RF card device effective coverage.
S803, e-commerce website sends Transaction Information to the payment authentication terminal.
S804, the transaction authentication terminal sends described Transaction Information to portable terminal, request portable terminal signature.
S805, portable terminal carries out digital signature to described Transaction Information.Particularly, after described portable terminal obtains described Transaction Information, use the private key of digital certificate in the SIM card that described Transaction Information is carried out digital signature, obtain the ciphertext of concluding the business.
S806, portable terminal returns described transaction ciphertext to the transaction authentication terminal.
S807, the transaction authentication terminal sends authentication request to e-commerce website, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.In the specific implementation, described authentication request can also comprise: BPID e-commerce website numbering, be used to identify e-commerce website through authentication service platform authentication permission, the internet ID authentication request numbering of BSID e-commerce website application is used to identify that this e-commerce website initiates is the internet ID authentication request.Further, the Transaction Information in the described authentication request can also avoid Transaction Information directly to expose earlier through the BASE64 coding.
S808, e-commerce website sends described authentication request to the authentication service platform.
S809, the authentication service platform carries out authentication to described authentication request, and concrete method for authenticating comprises: the authentication service platform is searched corresponding PKI according to the user ID in the described authentication request;
The authentication service platform uses the PKI that finds that described Transaction Information ciphertext is decrypted;
The PKI that the authentication service platform finds the Transaction Information in the described authentication request and described use is decrypted the result who obtains to described transaction ciphertext and compares, the then authentication success of comparison unanimity, and, comprise that authentication is by information or authentication failure message to described transaction authentication terminal or e-commerce website return authentication result.Authentication information in described authentication request then also needs described coding is carried out just comparing after the BASE64 decoding through the BASE64 coding further.
S810, authentication service platform are to e-commerce website return authentication result, and described authentication result comprises that authentication is by information or authentication failure message.
S811, the authentication service platform sends deducting fees request to payment platform, and described deducting fees asks to comprise that user ID, Transaction Information and authentication pass through information.
S812, payment platform send to deduct fees to e-commerce website according to the described request of deducting fees and confirm request, and the request e-commerce website is confirmed this transaction payment.Described deducting fees confirms that request can comprise the described request of deducting fees, and comprises that user ID, Transaction Information and authentication pass through information.
S813, e-commerce website returns the acknowledge message of deducting fees to payment platform, confirms this transaction payment.The described acknowledge message of deducting fees can comprise the described request of deducting fees, and comprises that user ID, Transaction Information and authentication pass through information.
S814, described payment platform according to the described request of deducting fees to the interlock account operation of deducting fees, in the specific implementation, information is passed through in the authentication that payment platform can at first be checked in the request of deducting fees, search interlock account according to the user ID in the request of deducting fees then, and interlock account is deducted fees according to Transaction Information.
S815, payment platform returns the result that deducts fees to e-commerce website, and e-commerce website is showed the described result of deducting fees to the user.
Transaction payment, the credit card internet that present embodiment can be applied to the transaction of each big business web site or the payment platform business etc. of paying bills.By the built-in digital certificate of issuing through digital certificate authentication mechanism in portable terminal SIM, Transaction Information is carried out mailing to the authentication service platform after the digital signature carry out transaction authentication, realized a kind of method of payment of safety general, brought very big facility to the user.
Description by the foregoing description, one of ordinary skill in the art will appreciate that all or part of flow process that realizes the foregoing description, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer-readable medium, this program when carrying out, can comprise as the embodiment of above-mentioned each side method flow process.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Above disclosed is preferred embodiment of the present invention only, can not limit the present invention's interest field certainly with this, and therefore the equivalent variations of doing according to claim of the present invention still belongs to the scope that invention is contained.
Claims (15)
1. a payment authentication method is characterized in that, described payment authentication method comprises:
Obtain the mobile terminal user sign;
Send Transaction Information to portable terminal, described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
Obtain the transaction ciphertext of carrying out digital signature through portable terminal;
Submit authentication request to the authentication service platform, described authentication request comprises described user ID, Transaction Information and transaction ciphertext;
Obtain the authentication result that the authentication service platform returns, comprise that authentication is by information or authentication failure message;
Conclude the business by information according to the authentication that gets access to and to deduct fees.
2. payment authentication method as claimed in claim 1 is characterized in that, describedly also comprises after portable terminal sends Transaction Information:
After described portable terminal gets access to described Transaction Information, use the private key in the built-in safety certificate of SIM card that described Transaction Information is carried out digital signature.
3. payment authentication method as claimed in claim 2 is characterized in that, describedly also comprises after the authentication service platform is submitted authentication request to:
Described authentication service platform gets access to described authentication request, searches corresponding PKI according to described user ID;
The PKI that use finds is decrypted described transaction ciphertext;
The PKI that authentication information in the described authentication request and described use find is compared the then authentication success of comparison unanimity to the result that described authentication information ciphertext is decrypted.
4. payment authentication method as claimed in claim 2 is characterized in that, the authentication that described basis gets access to is concluded the business to deduct fees by information and comprised:
Send deduct fees request by information to payment platform according to the authentication that gets access to, the described request of deducting fees comprises user ID, transaction plaintext, authenticates the information of passing through;
Payment platform is deducted fees according to the request of deducting fees, and returns the result that deducts fees.
5. as payment authentication method as described in the claim 2, it is characterized in that, describedly before portable terminal sends Transaction Information, also comprise:
Obtain described Transaction Information from e-commerce platform.
6. payment authentication method as claimed in claim 5 is characterized in that, describedly submits to authentication request to comprise to the authentication service platform:
Send described authentication request to e-commerce platform, described e-commerce platform is transmitted described authentication request to the authentication service platform;
Describedly obtain the authentication that the authentication service platform returns and be by information or authentication failure message:
Described e-commerce platform obtains described authentication by information or authentication failure message from described authentication service platform;
The authentication that described basis gets access to is concluded the business to deduct fees by information and is comprised:
The authentication that described e-commerce platform basis gets access to sends the request of deducting fees by information to payment platform, and the described request of deducting fees comprises user ID, transaction plaintext, authenticates the information of passing through;
Payment platform is deducted fees according to the request of deducting fees, and returns the result that deducts fees to e-commerce platform.
7. as each described payment authentication method among the claim 1-6, it is characterized in that, carry out both-way communication by radio frequency identification mode and described portable terminal.
8. a portable terminal is characterized in that, described portable terminal comprises:
The safety certificate storage element is used at SIM storage safe certificate, and described safety certificate comprises private key;
The digital signature unit is used for using the private key in the safety certificate that described safety certificate storage element stores that Transaction Information is carried out digital signature.
9. a payment authentication terminal is characterized in that, described payment authentication terminal comprises:
The user ID acquiring unit is used to obtain the mobile terminal user sign;
The Transaction Information transmitting element is used for sending Transaction Information to described portable terminal, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
Transaction ciphertext acquiring unit is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal;
The authentication request unit is used for submitting authentication request to the authentication service platform, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext;
The authentication result acquiring unit obtains the authentication result that the authentication service platform returns, and comprises that authentication is by information or authentication failure message;
The unit of deducting fees, the authentication that is used for getting access to according to the authentication result acquiring unit is concluded the business by information and is deducted fees.
10. payment authentication terminal as claimed in claim 9 is characterized in that, the described unit of deducting fees comprises:
The request module of deducting fees, the authentication that is used for getting access to when described authentication result acquiring unit sends deducting fees request by information to payment platform, the described request of deducting fees comprise user ID, transaction expressly, authenticate the information of passing through;
The acquiring unit as a result of deducting fees is used for obtaining the result that deducts fees from described payment platform.
11., it is characterized in that described payment authentication terminal also comprises as claim 9 or 10 described payment authentication terminals:
Rfid uint is used for carrying out wireless bidirectional communication with described portable terminal.
12. a payment authentication system is characterized in that, described payment authentication system comprises portable terminal, authentication payment terminal, authentication service platform and payment platform, wherein:
Portable terminal is used at SIM card embedded digital certificate, and described digital certificate comprises private key, and the Transaction Information that uses described private key that described payment authentication terminal is sent carries out digital signature;
Described authentication payment terminal is used for obtaining user ID from portable terminal, send Transaction Information to described portable terminal, described authentication information comprises transaction sequence number, exchange hour and dealing money, obtain the transaction ciphertext of process portable terminal digital signature from described portable terminal, submit authentication request to the authentication service platform, described authentication request comprises user ID, Transaction Information and transaction ciphertext, obtain the authentication result that described authentication service platform returns, authentication result comprises that authentication is by information or authentication failure message, send deduct fees request by information to payment platform according to the authentication that gets access to, the described request of deducting fees comprises user ID, transaction expressly, authentication is obtained the result that deducts fees by information from described payment platform;
Described authentication service platform is used for obtaining described authentication request from described authentication payment terminal, and described authentication request is carried out authentication and returned authenticating result to described authentication payment terminal;
Described payment platform is used for deducting fees according to the request of deducting fees that described authentication payment terminal is sent, and returns the result that deducts fees to described authentication payment terminal.
13. a payment authentication terminal is characterized in that, described payment authentication terminal comprises:
The user ID acquiring unit is used to obtain the mobile terminal user sign;
The Transaction Information acquiring unit is used for obtaining Transaction Information from e-commerce website, and described Transaction Information comprises transaction sequence number, exchange hour and dealing money;
The Transaction Information transmitting element is used for sending described Transaction Information to described portable terminal;
Transaction ciphertext acquiring unit is used to obtain the transaction ciphertext of carrying out digital signature through portable terminal;
The authentication request unit is used for submitting authentication request to e-commerce website, and described authentication request comprises described user ID, Transaction Information and transaction ciphertext.
14. payment authentication terminal as claimed in claim 13 is characterized in that, described payment authentication terminal also comprises:
Rfid uint is used for carrying out wireless bidirectional communication with described portable terminal.
15. a payment authentication system is characterized in that, described payment authentication system comprises portable terminal, authentication payment terminal, e-commerce website, authentication service platform and payment platform, wherein:
Portable terminal is used at SIM card embedded digital certificate, and described digital certificate comprises private key, and the Transaction Information that uses described private key that described payment authentication terminal is sent carries out digital signature;
Described authentication payment terminal is used for obtaining user ID from portable terminal, obtain described Transaction Information from described e-commerce website, send Transaction Information to described portable terminal, described authentication information comprises transaction sequence number, exchange hour and dealing money, obtain the transaction ciphertext of process portable terminal digital signature from described portable terminal, submit authentication request to e-commerce website, described authentication request comprises user ID, Transaction Information and transaction ciphertext;
Described e-commerce website is used for obtaining described authentication request from described authentication payment terminal, submit described authentication request to and obtain the authentication result that described authentication service platform returns to the authentication service platform, authentication result comprises that authentication is by information or authentication failure message, send deduct fees request by information to payment platform according to the authentication that gets access to, the described request of deducting fees comprises user ID, transaction plaintext, authenticates the information of passing through; Obtain the result that deducts fees from described payment platform;
Described authentication service platform is used for obtaining described authentication request from described authentication payment terminal, and described authentication request is carried out authentication and returned authenticating result to described authentication payment terminal;
Described payment platform is used for deducting fees according to the request of deducting fees that described authentication payment terminal is sent, and returns the result that deducts fees to described authentication payment terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910239611A CN101794420A (en) | 2009-12-31 | 2009-12-31 | Payment authentication method, terminal and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910239611A CN101794420A (en) | 2009-12-31 | 2009-12-31 | Payment authentication method, terminal and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101794420A true CN101794420A (en) | 2010-08-04 |
Family
ID=42587095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910239611A Pending CN101794420A (en) | 2009-12-31 | 2009-12-31 | Payment authentication method, terminal and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101794420A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102263792A (en) * | 2011-08-05 | 2011-11-30 | 常钧 | Wireless security key equipment, electronic commerce service system and method |
| CN102467789A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Retail outlet account transfer operating system and transaction data encryption transmission method |
| CN102609842A (en) * | 2012-01-19 | 2012-07-25 | 上海海基业高科技有限公司 | Payment cipher device based on hardware signature equipment, and application method of payment cipher device |
| CN103020547A (en) * | 2012-11-13 | 2013-04-03 | 中兴通讯股份有限公司 | Method and device for executing commands, intelligent card and mobile terminal |
| CN103136668A (en) * | 2011-11-28 | 2013-06-05 | 中兴通讯股份有限公司 | Terminal payment method, terminal and payment platform |
| CN103198401A (en) * | 2013-03-06 | 2013-07-10 | 天地融科技股份有限公司 | Smart card transaction method and smart card transaction system with electronic signature function |
| CN103716158A (en) * | 2012-09-28 | 2014-04-09 | 卓望数码技术(深圳)有限公司 | Service processing method, service processing device and corresponding retail terminal |
| CN104657850A (en) * | 2015-03-12 | 2015-05-27 | 张运泉 | Mobile payment method and mobile payment system |
| CN105184557A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Payment authentication method and system |
| CN105335848A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Broadband account number payment method and system, broadband payment platform and security certification platform |
| CN105405005A (en) * | 2015-12-18 | 2016-03-16 | 宁波大学 | Mobile wallet payment method based on optical communication and near field communication |
| CN105809443A (en) * | 2014-12-30 | 2016-07-27 | 中兴通讯股份有限公司 | Self-service shopping asynchronous payment method, mobile terminal and payment system |
| CN106656479A (en) * | 2016-10-31 | 2017-05-10 | 北京小米移动软件有限公司 | Equipment password authentication method, servers and terminal |
| CN106888089A (en) * | 2015-12-16 | 2017-06-23 | 卓望数码技术(深圳)有限公司 | The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature |
| CN106875173B (en) * | 2010-12-14 | 2021-06-25 | 粘稠大作战有限公司 | Method for authenticating transaction |
-
2009
- 2009-12-31 CN CN200910239611A patent/CN101794420A/en active Pending
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102467789A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Retail outlet account transfer operating system and transaction data encryption transmission method |
| CN106875173B (en) * | 2010-12-14 | 2021-06-25 | 粘稠大作战有限公司 | Method for authenticating transaction |
| CN102263792A (en) * | 2011-08-05 | 2011-11-30 | 常钧 | Wireless security key equipment, electronic commerce service system and method |
| CN103136668A (en) * | 2011-11-28 | 2013-06-05 | 中兴通讯股份有限公司 | Terminal payment method, terminal and payment platform |
| CN102609842B (en) * | 2012-01-19 | 2016-02-24 | 上海海基业高科技有限公司 | A kind of payment cipher device based on hardware signature equipment and application process thereof |
| CN102609842A (en) * | 2012-01-19 | 2012-07-25 | 上海海基业高科技有限公司 | Payment cipher device based on hardware signature equipment, and application method of payment cipher device |
| CN103716158A (en) * | 2012-09-28 | 2014-04-09 | 卓望数码技术(深圳)有限公司 | Service processing method, service processing device and corresponding retail terminal |
| CN103020547A (en) * | 2012-11-13 | 2013-04-03 | 中兴通讯股份有限公司 | Method and device for executing commands, intelligent card and mobile terminal |
| CN103198401A (en) * | 2013-03-06 | 2013-07-10 | 天地融科技股份有限公司 | Smart card transaction method and smart card transaction system with electronic signature function |
| CN103198401B (en) * | 2013-03-06 | 2016-09-14 | 天地融科技股份有限公司 | There is smart card method of commerce and the system of electronic signature functionality |
| CN105335848A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Broadband account number payment method and system, broadband payment platform and security certification platform |
| CN105809443A (en) * | 2014-12-30 | 2016-07-27 | 中兴通讯股份有限公司 | Self-service shopping asynchronous payment method, mobile terminal and payment system |
| CN104657850A (en) * | 2015-03-12 | 2015-05-27 | 张运泉 | Mobile payment method and mobile payment system |
| CN105184557A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Payment authentication method and system |
| CN105184557B (en) * | 2015-08-14 | 2019-01-01 | 中国联合网络通信集团有限公司 | Payment authentication method and system |
| CN106888089A (en) * | 2015-12-16 | 2017-06-23 | 卓望数码技术(深圳)有限公司 | The method and system of Electronic Signature and the mobile communication terminal for Electronic Signature |
| CN106888089B (en) * | 2015-12-16 | 2019-12-13 | 卓望数码技术(深圳)有限公司 | method and system for electronic signature and mobile communication terminal for electronic signature |
| CN105405005A (en) * | 2015-12-18 | 2016-03-16 | 宁波大学 | Mobile wallet payment method based on optical communication and near field communication |
| CN105405005B (en) * | 2015-12-18 | 2019-05-17 | 宁波大学 | Mobile wallet method of payment based on optic communication and near-field communication |
| CN106656479A (en) * | 2016-10-31 | 2017-05-10 | 北京小米移动软件有限公司 | Equipment password authentication method, servers and terminal |
| CN106656479B (en) * | 2016-10-31 | 2020-08-04 | 北京小米移动软件有限公司 | Equipment password authentication method, server and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101794420A (en) | Payment authentication method, terminal and system | |
| US11875317B2 (en) | Electronic money transfer method and system for the same | |
| CN101354770B (en) | Use the system and method that five side's protocol realization bank cards pay | |
| RU2520392C2 (en) | Electronic payment system and payment authorisation method | |
| CN201910100U (en) | Bus one-card business system, bus one-card business platform and POS (point-of-sale) machine | |
| CN105493116A (en) | Methods and systems for provisioning payment credentials | |
| CN103380435A (en) | Credit card payment system including a repeater and a mobile communication terminal, apparatus included in the system, and method for being performed for a credit card payment in the apparatus | |
| CN103218715A (en) | Dynamic payment code implementation method in cloud payment system | |
| CN101599150A (en) | A kind of implementation method of payable by installment business and system | |
| CN101261708A (en) | Online payment method and system based on the mobile terminal supporting eNFC function | |
| CN101238482A (en) | Electronic settlement system, method therefor, settlement server used therein, communication terminal, and program | |
| CN101916476A (en) | Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology | |
| CN105556550A (en) | Method for securing a validation step of an online transaction | |
| US20140365364A1 (en) | Method of payment for a product or a service on a commercial site through an internet connection and a corresponding terminal | |
| WO2016060618A1 (en) | A dynamic multiple- application systematic framework for integrated circuit card and information processing methods based on the framework | |
| KR20050019674A (en) | Payment method for mobile credit card using mobile communication device | |
| CN101872454A (en) | Sales terminal transaction processing method, equipment and mobile terminal transaction processing method | |
| CN103077460A (en) | System and method for financial certificate transaction by mobile device | |
| CN101261709B (en) | Online payment method and system using the mobile terminal supporting eNFC function | |
| TW201317911A (en) | Cloud credit card transaction system and transaction method thereof | |
| JP2004164597A (en) | Method for purchasing goods and services | |
| CN103077457B (en) | A kind of intelligent RFID payment terminal and method | |
| CN102737309A (en) | Method and system of card transaction | |
| Madlmayr et al. | Secure communication between web browsers and NFC targets by the example of an e-ticketing system | |
| KR20040055843A (en) | System and Method for Payment by Using Authorized Authentication Information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100804 |