Background technology
At present, in e-commerce field, most e-commerce website is all cooperated with the bank, pay by Web bank's payment interface that bank provides, utilize Web bank's payment interface to carry out the unlawful activities of phishing but exist at present, the disabled user who is engaged in phishing therefrom obtains interests.The unlawful activities meeting of phishing brings unnecessary loss for the user, e-commerce website and the businessman that carry out licit traffic, has influenced the safety of payment between user, e-commerce website and the bank.
The flow process that legal users is done shopping by e-commerce platform and use Web bank payment interface is paid comprises as shown in Figure 1:
Step 1A, user buy commodity to e-commerce platform, select Web bank's payment interface to pay, and e-commerce platform generates a link to the website of bank payment for this user;
The operation of payment is provided on the webpage that is linked to Web bank that step 2A, user use e-commerce platform to provide;
Step 3A, this Web bank give e-commerce platform with the result notification of user's payment;
Whether step 4A, e-commerce platform send the commodity of its order for this user in result's decision of bank paying success according to the user.
Phishing (Phishing), claim halieutics or fishing type to attack again, the assailant of phishing (also claiming the fisherman) produces some website of mixing the spurious with the genuine temptation victims (by the fisherman) by certain technological means puppet, operated according to designation method again by the fisherman, make and do not known under the situation of truth that by the fisherman " voluntarily " surrenders important sensitive information (for example information such as the account name of the Internet bank and password).The fisherman does not often need active attack, and the sensitive information of being imported by the fisherman that only needs to extract " rising to the bait " gets final product.With a flow process of utilizing Web bank's payment interface to carry out phishing is that example describes, and as shown in Figure 2, comprising:
Step 1B, user A buy commodity to e-commerce platform, select the payment of Web bank, and e-commerce platform generates a link to the website of bank payment for the user;
Step 2B, user A use the fraudulent mean of phishing, and this link is sent to user B (can be sent to a plurality of users during practical operation);
Step 3B, user B are not knowing under the situation of truth, use and use oneself account and password to finish delivery operation on this webpage that is linked to Web bank;
Step 4B, this Web bank give e-commerce platform with the result notification of user B payment;
Step 5B, e-commerce platform according to user B the payment result decision of bank on the net whether send the commodity of its order to user A.
In the flow process of as shown in Figure 2 phishing, user A is exactly so-called " fisherman ", user B is so-called " by the fisherman ", phishing promptly adopts illegal means to make " by the fisherman " (user B) under unwitting situation, use the Internet bank's account of oneself to buy commodity at e-commerce platform as fisherman (user A), make the legitimate rights and interests of " by the fisherman " be subjected to infringement, for the fail safe of e-commerce transaction has caused harmful effect.
Summary of the invention
The embodiment of the present application provides a kind of network payment method for authenticating, server and system, utilizes Web bank's payment interface to carry out the problem of phishing behavioral implications security of e-commerce transactions in order to solve in the prior art.
A kind of network payment method for authenticating that the embodiment of the present application provides comprises:
The e-business network site server receives Web bank's sign of user's selection and the user's corresponding with this Web bank's sign that this user imports identity is differentiated identification information;
The e-business network site server is created the payment request and is back to described user, carries described identity in the described payment request and differentiates identification information;
The e-business network site server receives the authenticating result that Web bank's server returns, and the identification authentication information that the identification authentication identification information in the described payment request that to be Web bank's server send according to the user of described authenticating result is imported in delivery operation the user is carried out authentication and obtained.
A kind of e-business network site server that the embodiment of the present application provides comprises:
Receiving element is used to receive the identity discriminating identification information corresponding with this Web bank's sign that Web bank identifies and this user imports that the user selects; And receiving the authenticating result that Web bank's server returns, the identification authentication information that the identification authentication identification information after encrypting in the described payment request that to be Web bank's server send according to the user of described authenticating result is imported in delivery operation the user is carried out authentication and is obtained;
Creating unit is used for creating the payment request, carries described identity in the described payment request and differentiates identification information;
Transmitting element is used for described payment request is back to described user.
A kind of Web bank server that the embodiment of the present application provides comprises:
Receiving element is used to receive the payment request that carries identity discriminating identification information that the user sends, and described identity differentiates that identification information is that the Web bank with this user selects that the user imports identifies corresponding identification authentication identification information;
The unit is initiated in delivery operation, is used for initiating described user's delivery operation according to described payment request, receives the identity discriminating identification information that the user imports in delivery operation;
Authenticating unit is used for using the identity of described payment request to differentiate that identifying the identity that the user is imported in delivery operation differentiates that identification information carries out authentication operations, returns authenticating result to described e-business network site server.
A kind of network payment right discriminating system that the embodiment of the present application provides comprises:
The e-business network site server is used to receive the identity discriminating identification information corresponding with this Web bank's sign that Web bank identifies and this user imports that the user selects; Create the payment request and be back to described user, carry described identity in the described payment request and differentiate identification information;
Web bank's server, be used to receive the described payment request that the user sends, initiate user's delivery operation, and use the identity in the described payment request to differentiate that identification information carries out authentication operations to the identity discriminating identification information that the user imports in delivery operation, return authenticating result to described e-business network site server.
The beneficial effect of the embodiment of the present application comprises:
A kind of network payment method for authenticating that the embodiment of the present application provides, server and system, the e-business network site server receives Web bank's sign of user's selection and the identity corresponding with this Web bank's sign of user's input differentiated identification information, the e-business network site server is created the payment request and is back to this user, carry described identity in this payment request and differentiate identification information, Web bank's server receives after this payment request of user's transmission, initiate user's delivery operation, use the identity in the described payment request to differentiate that identification information carries out authentication operations to the identity discriminating identification information that the user imports in delivery operation, and return the corresponding authentication result to the e-business network site server.Because the fisherman who utilizes Web bank's payment interface to carry out phishing tends to after creating transaction on the website, just utilize to oneself finishing the payment of commodity payment for goods by the fisherman, and the fisherman is when creating transaction, be impossible know in advance by fisherman's identity to differentiate identification information, therefore, the network payment method for authenticating and the system that adopt the embodiment of the present application to provide, if the fisherman of phishing carry out the situation of phishing, when the identity of being imported self by the fisherman of payment payment for goods is differentiated identification information, (just truly needing to buy the user of commodity) is not same user if Web bank's server is judged user who pays payment for goods this moment and the user who creates transaction, then can notify the result of e-business network site server failed authentication; Otherwise, be same user if create the user of transaction with the user who operates that pays, then can notify the result of e-business network site server authentication success.The seller in the electronic transaction, the result of the authentication that can receive according to the e-business network site server, whether the user identity of determining current transaction is legal reliable, only the user to licit traffic sends the commodity that it is chosen, above-mentioned network payment method for authenticating, server and system that the embodiment of the present application provides, stop to utilize Web bank's payment interface to carry out the illegal act of phishing, ensured the fail safe of the e-business network site server transaction that utilizes network payment.In addition, the network payment method for authenticating that the embodiment of the present application provides, the identity of carrying in the described payment request differentiates that identification information is directly input of user, need not e-business network stands in when creating transaction to create authentication information by server self, and stores described authentication information; When banking system was carried out authentication operations on the net, the identity that directly receives user's input was differentiated identification information, need not to search corresponding authentication information or obtain this authentication information to e-commerce website in the authentication information memory cell.So on the whole from the present techniques scheme, saved the system resource that the e-business network site server is created and the storage authentication information is wasted on the one hand, save bank system of web on the other hand and searched the system resource that the authentication information of storage is wasted, and since reduced e-business network site server, bank system of web to the generation of authentication information, handling process such as store, search, can realize the authentication of network payment fast.
Embodiment
The present inventor finds, from prior art, utilize Web bank's payment interface to carry out the flow chart of phishing behavior (as shown in Figure 2) as can be seen, the fisherman why phishing can take place utilizes by the fisherman and buys the behavior of commodity for oneself, whether really its reason is that Web bank's payment interface can't judge that the people of current payment is buying the user of commodity, and the result that Web bank will pay is when informing e-commerce platform, can't inform also whether the current user who finishes payment of e-commerce platform is the user who is really buying commodity, therefore, utilize Web bank's payment interface to carry out the problem of phishing behavioral implications e-commerce platform transaction security in order to solve in the existing e-commerce field, key point is the actual user who finishes delivery operation is carried out authentication, only finish under the user of the delivery operation situation consistent, just allow continuous business with the user who buys commodity at e-commerce platform actual.
In order to be illustrated more clearly in the embodiment of network payment method for authenticating, server and system that the embodiment of the present application provides, in the following description, to be responsible for finishing the e-commerce transaction e-commerce platform and be called the e-business network site server, the Web bank that finishes the payment authentication will be called Web bank's server.
Before carrying out network payment, the user generally can select the commodity of required purchase at the e-commerce website that the e-business network site server provides, and creates a new transaction, and this flow process comprises the steps: as shown in Figure 3
S301, user login the e-commerce website that the e-business network site server provides.
S302, this e-commerce website provide selectable merchandise news to the user.
S303, user select the commodity of required purchase on e-commerce website, and place an order.
S304, e-business network site server are created a new transaction record in this locality, return the relevant information of transaction record simultaneously to this user, and the prompting user confirms and carry out next step delivery operation.
After above-mentioned steps S301~S304 finishes, if the user confirms that Transaction Information is errorless, and select to pay operation, the network payment method for authenticating that then uses the embodiment of the present application to provide carries out authentication to the user who operates that pays.The network payment method for authenticating that the embodiment of the present application provides as shown in Figure 4, specifically comprises the steps:
S401, e-business network site server send the information of network payment to the user, and the prompting user imports the identification information of Web bank of its selection and the identity discriminating identification information corresponding with this Web bank's sign.
Among this step S401, the e-business network site server can show that the sign of a plurality of Web banks supplies the user to select to the user, and after the user has selected one of them Web bank's sign, the prompting of input this user's corresponding with this Web bank's sign identity discriminating identification information is sent in continuation to this user, identity differentiates that identification information is used for the identity of identifying user, for example points out the user to import number of the account in this Web bank, user ID etc.In the embodiment of the present application, identity differentiates that identification information comprises: user ID and/or payment account.
The embodiment of the present application is not limited to above-mentioned identity and differentiates identification information, the information that other can this user identity of unique identification all can, identity differentiates that identification information can be certain single identification information, the perhaps combination of a plurality of identification informations.
For example, the user selects the bank identifier " China Construction Bank " of its selection in the e-commerce website that the e-business network site server provides, under the further prompting of e-commerce website, the user has inputed its user name of registering in advance in the bank system of web of " China Construction Bank ".
S402, e-business network site server receive Web bank's identification information of user's selection and this user's corresponding with this Web bank's sign that the user imports identity is differentiated identification information.
The identity that S403, e-business network site server get access to step S402 differentiates that identification information encrypts, and creates the payment request and also returns to this user, and the identity carry encryption in the payment request after is differentiated identification information.
Preferably, in the embodiment of the present application, adopted identity has been differentiated that identification information carries out method of encrypting, improved safety of data transmission, certainly can described identity discriminating identification information not encrypted in the middle of concrete the enforcement yet, can realize that still the application improves the basic design of network payment safety.
In this step S403, the e-business network site server also needs equally with prior art except the payment request message that returns its establishment to the user, carries out the step of link of payment interface from the Web bank of its selection to this user that return.
S404, user visit this Web bank's server by the payment interface of this Web bank, identity after this Web bank's server transmission carries encryption is differentiated the payment request of identification information, thereby the operation of further finishing following authentication is following step S405~S409.
S405, Web bank's server receive the payment request that the user sends, and initiate this user's delivery operation, and the prompting user imports this user's identity discriminating identification information in this user's delivery operation flow process.
S406, user be according to the prompting of Web bank's server, and the input identity is differentiated identification information in the webpage of the delivery operation that provides of bank server on the net.
Identity after the encryption in the payment request that S407, Web bank's server send the user differentiates that identification information is decrypted, and the identity after the judgement deciphering differentiates whether the identity discriminating identification information of identification information and user's input is consistent, if it is consistent, execution in step S408 then, if inconsistent, execution in step S409 then;
Certainly, the embodiment of the present application is not if encrypt the identity discriminating identification information in the payment request, and then this step S407 does not need described identity is differentiated that identification information is decrypted.
S408, allow this user to finish delivery operation, and return the message of authentication success to the e-business network site server;
S409, refuse this user and finish delivery operation, and return the message of failed authentication to the e-business network site server.
Because the fisherman who utilizes Web bank's payment interface to carry out phishing in the prior art tends to after creating transaction on the e-commerce website, utilization by the fisherman for oneself finishing the payment of commodity payment for goods, and can be which user can not determine (because fisherman can send deceptive information to a plurality of users in advance) in advance before this by the fisherman, from the flow process of above-mentioned network payment authentication as can be seen, the fisherman can not know in advance by fisherman's identity and differentiate identification information, the identity of its input is differentiated identification information, differentiate that with the identity of being imported by the fisherman identification information is inconsistent most probably, therefore can avoid the fisherman to utilize and finish delivery operation, the safety problem of having avoided phishing that the transaction of network payment and e-commerce platform is caused for oneself by the fisherman.In addition, the network payment method for authenticating that the embodiment of the present application provides, the identity of carrying in the described payment request differentiates that identification information is directly input of user, need not e-business network stands in when creating transaction to create authentication information by server self, and stores described authentication information; When banking system was carried out authentication operations on the net, the identity that directly receives user's input was differentiated identification information, need not to search corresponding authentication information or obtain this authentication information to e-commerce website in the authentication information memory cell.So on the whole from the present techniques scheme, saved the system resource that the e-business network site server is created and the storage authentication information is wasted on the one hand, save bank system of web on the other hand and searched the system resource that the authentication information of storage is wasted, and since reduced e-business network site server, bank system of web to the generation of authentication information, handling process such as store, search, can realize the authentication of network payment fast.
Based on same inventive concept, the embodiment of the present application also provides a kind of e-business network site server, Web bank's server and network payment right discriminating system, because this e-business network site server, Web bank's server are similar to aforementioned a kind of network payment method for authenticating with the principle that the network payment right discriminating system is dealt with problems, therefore the enforcement of this system can repeat part and not give unnecessary details referring to the enforcement of method.
The e-business network site server that the embodiment of the present application provides as shown in Figure 5, comprising:
Receiving element 501, receiving element is used to receive the identity discriminating identification information corresponding with this Web bank's sign that Web bank identifies and this user imports that the user selects; And receiving the authenticating result that Web bank's server returns, the identification authentication information that the identification authentication identification information after encrypting in the described payment request that to be Web bank's server send according to the user of described authenticating result is imported in delivery operation the user is carried out authentication and is obtained;
Ciphering unit 502 is used to encrypt the identity discriminating identification information that receiving element 501 receives;
The embodiment of the present application adopts 502 pairs of identity discriminatings of ciphering unit identification information to encrypt can improve safety of data transmission, and the embodiment of the present application also can not adopt ciphering unit 502 certainly, equally also can realize the application's basic design.
Creating unit 503 is used for creating the payment request, carries the identity discriminating identification information after the encryption in this payment request;
Transmitting element 504 is used for this payment request is back to the user.
Further, the transmitting element 504 in the e-business network site server that the embodiment of the present application provides also is used for Web bank's sign of selecting according to the user further, returns the link of payment interface of the Web bank of its selection to described user.
Web bank's server that the embodiment of the present application provides as shown in Figure 6, comprising:
Receiving element 601, be used to receive that the user sends carries the payment request that identity after the encryption is differentiated identification information, the identity after the encryption differentiates that identification information is the e-business network site server the corresponding identification authentication identification information of Web bank's sign of selecting with this user of user's input is encrypted the back generation;
Unit 602 is initiated in delivery operation, is used for initiating this user's delivery operation according to the payment request, receives the identity discriminating identification information that the user imports in delivery operation;
Decrypting device 603, the identity that is used to decipher the encryption that the payment request carries is differentiated identification information;
The embodiment of the present application then also can not be provided with decrypting device 603 herein if 502 pairs of identity discriminatings of ciphering unit identification information is not set to be encrypted.
Authenticating unit 604 is used for using identity after the deciphering to differentiate that the identity that sign is imported in delivery operation the user differentiates that identification information carries out authentication operations, returns authenticating result to described e-business network site server.
Above-mentioned authenticating unit 604 specifically is used for the identity after the deciphering is differentiated that identifying the identity discriminating identification information of importing in delivery operation with the user compares, if consistent, then allow it to finish delivery operation, and returns the results messages of authentication success; If inconsistent, then refuse its operation of paying, and return the results messages of failed authentication.
The network payment right discriminating system that the embodiment of the present application provides as shown in Figure 7, comprising: e-business network site server 701 and Web bank's server 702; Wherein:
E-business network site server 701 is used to receive the identity discriminating identification information corresponding with this Web bank's sign that Web bank identifies and this user imports that the user selects; And crypto identity is differentiated identification information; Create the payment request and also be back to this user, the identity of carrying in the payment request after the encryption is differentiated identification information;
Web bank's server 702, be used to receive the described payment request that the user sends, initiate user's delivery operation, and decipher the identity of encrypting in the described payment request and differentiate identification information, and use the identity after the deciphering to differentiate that identification information carries out authentication operations to the identity discriminating identification information that the user imports in delivery operation, return authenticating result to described e-business network site server.
Above-mentioned identity is differentiated identification information, includes but not limited to: user ID and/or payment accounts.
Further, the e-business network site server 701 in the network payment right discriminating system that the embodiment of the present application provides also is used for sending to the user information of network payment; Information is used to Web bank's sign of pointing out the user to import its selection and identifies corresponding identity with this Web bank differentiate identification information.
Further, e-business network site server 701 also is used for returning to the user link of the payment interface of the Web bank that this user selects;
Web bank's server 702 also is used to receive the payment request that chain that the user uses its payment interface receives and sends.
Above-mentioned e-business network site server and Web bank's server that the embodiment of the present application provides, in the specific implementation, can use the software function module that to realize corresponding function to realize, also the mode that can adopt software function module to combine with hardware realizes, the embodiment of the present application is not done qualification to this.
A kind of network payment method for authenticating that the embodiment of the present application provides, server and system, the e-business network site server receives Web bank's sign of user's selection and the identity corresponding with this Web bank's sign of user's input differentiated identification information, crypto identity is differentiated identification information, the e-business network site server is created the payment request and is back to this user, the identity that carries in this payment request after the encryption is differentiated identification information, Web bank's server receives after this payment request of user's transmission, initiate user's delivery operation, the identity of encrypting in the request of deciphering payment is simultaneously differentiated identification information, use the identity after deciphering to differentiate that identification information carries out authentication operations to the identity discriminating identification information that the user imports in delivery operation, and return the corresponding authentication result to the e-business network site server.
Because the fisherman who utilizes Web bank's payment interface to carry out phishing tends to after creating transaction on the website, just utilize to oneself finishing the payment of commodity payment for goods by the fisherman, and the fisherman is when creating transaction, be impossible know in advance by fisherman's identity to differentiate identification information, therefore, the network payment method for authenticating and the system that adopt the embodiment of the present application to provide, if the fisherman of phishing carry out the situation of phishing, when the identity of being imported self by the fisherman of payment payment for goods is differentiated identification information, (just truly needing to buy the user of commodity) is not same user if Web bank's server is judged user who pays payment for goods this moment and the user who creates transaction, then can notify the result of e-business network site server failed authentication; Otherwise, be same user if create the user of transaction with the user who operates that pays, then can notify the result of e-business network site server authentication success.The seller in the electronic transaction, the result of the authentication that can receive according to the e-business network site server, whether the user identity of determining current transaction is legal reliable, only the user to licit traffic sends the commodity that it is chosen, above-mentioned network payment method for authenticating, server and system that the embodiment of the present application provides, stop to utilize Web bank's payment interface to carry out the illegal act of phishing, ensured the fail safe of the e-business network site server transaction that utilizes network payment.In addition, network payment method for authenticating, system that the embodiment of the present application provides, the identity of carrying in the described payment request differentiates that identification information is directly input of user, need not e-business network stands in when creating transaction to create authentication information by server self, and stores described authentication information; When banking system was carried out authentication operations on the net, the identity that directly receives user's input was differentiated identification information, need not to search corresponding authentication information or obtain this authentication information to e-commerce website in the authentication information memory cell.So on the whole from the present techniques scheme, saved the system resource that the e-business network site server is created and the storage authentication information is wasted on the one hand, save bank system of web on the other hand and searched the system resource that the authentication information of storage is wasted, and since reduced e-business network site server, bank system of web to the generation of authentication information, handling process such as store, search, can realize the authentication of network payment fast.
Obviously, those skilled in the art can carry out various changes and modification and the spirit and scope that do not break away from the application to the application.Like this, if these of the application are revised and modification belongs within the scope of the application's claim and equivalent technologies thereof, then the application also is intended to comprise these changes and modification interior.