CN102223354B - Network payment authentication method, server and system - Google Patents
Network payment authentication method, server and system Download PDFInfo
- Publication number
- CN102223354B CN102223354B CN201010150012.4A CN201010150012A CN102223354B CN 102223354 B CN102223354 B CN 102223354B CN 201010150012 A CN201010150012 A CN 201010150012A CN 102223354 B CN102223354 B CN 102223354B
- Authority
- CN
- China
- Prior art keywords
- user
- identification information
- identity verify
- payment
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The application discloses a network payment authentication method, a server and a system. The method comprises the following steps that an e-commerce website server receives online bank identification selected by a user and identity authentication identification information which is input by the user and corresponds to the online bank identification; the e-commerce website server sets up a payment request and returns the payment request to the user, wherein the payment request contains the identity authentication identification information; and the e-commerce website server receives the authentication result returned by an online bank server, wherein the authentication result is obtained in the way that according to the identity authentication information contained in the payment request transmitted by the user, and the online bank server carries out authentication to the identity authentication information input by the user in the payment operation. The application completely eradicates illegal actions that phishing is carried out by an online bank payment interface, so as to protect the safety of the transaction by utilizing the network payment of the e-commerce website server.
Description
Technical field
The application relates to technical field of network security, particularly relates to a kind of network payment authentication method, server and system.
Background technology
At present, in e-commerce field, most e-commerce website is all cooperated with bank, the Web bank's payment interface provided by bank is paid, but existing at present utilizes Web bank's payment interface to carry out the unlawful activities of phishing, and the disabled user being engaged in phishing therefrom obtains interests.The unlawful activities of phishing can bring unnecessary loss to carrying out the user of licit traffic, e-commerce website and businessman, have impact on user, safety of payment between e-commerce website and bank.
Legal user is done shopping by e-commerce platform and uses flow process that Web bank payment interface pays as shown in Figure 1, comprising:
Step 1A, user buy commodity to e-commerce platform, select Web bank's payment interface to pay, and e-commerce platform is that this user generates a link paid to website of bank;
The webpage of what step 2A, user used e-commerce platform to provide be linked to Web bank completes the operation of payment;
The result that user pays is informed to e-commerce platform by step 3A, this Web bank;
Step 4A, e-commerce platform determine whether be the commodity that this user sends its order according to user in the successful result of bank paying.
Phishing (Phishing), attack also known as halieutics or fishing type, assailant's (also claiming fisherman) of phishing produces some websites temptation victim (by fisherman) of mixing the spurious with the genuine by certain technological means puppet, operated according to designation method again by fisherman, make by fisherman when not knowing truth, " voluntarily " surrenders important sensitive information (information such as the account name of the such as Internet bank and password).Fisherman does not often need active attack, only needs the sensitive information inputted by fisherman extracting " rising to the bait ".The flow process utilizing Web bank's payment interface to carry out phishing for one is described, and as shown in Figure 2, comprising:
Step 1B, user A buy commodity to e-commerce platform, select the payment of Web bank, and e-commerce platform is that user generates a link paid to website of bank;
Step 2B, user A use the fraudulent mean of phishing, this link are sent to user B (can be sent to multiple user during practical operation);
Step 3B, user B, when not knowing truth, use on this webpage being linked to Web bank and use the account of oneself and password to complete delivery operation;
The result that user B pays is informed to e-commerce platform by step 4B, this Web bank;
Step 5B, e-commerce platform determine whether send its commodity ordered to user A according to user B in the payment result of Web bank.
In the flow process of phishing as shown in Figure 2, user A is exactly so-called " fisherman ", user B is so-called " by fisherman ", namely phishing adopts illegal means to make " by fisherman " (user B) in unwitting situation, use the Internet bank's account of oneself for fisherman (user A) is at e-commerce platform purchase commodity, the legitimate rights and interests of " by fisherman " are made to receive infringement, for the fail safe of e-commerce transaction causes harmful effect.
Summary of the invention
The embodiment of the present application provides a kind of network payment authentication method, server and system, in order to solve in prior art the problem utilizing Web bank's payment interface to carry out phishing behavioral implications security of e-commerce transactions.
A kind of network payment authentication method that the embodiment of the present application provides, comprising:
Web bank's mark that e-commerce website server receives user is selected and this user input identify the identity verify identification information of corresponding user with this Web bank;
E-business network site server creates to pay and asks and be back to described user, carries described identity verify identification information in described payment request;
E-business network site server receives the authenticating result that online banking service device returns, and to be online banking service device sends according to user described authenticating result describedly pays the identification authentication identification information in asking and carry out authentication to the identification authentication information that user inputs in delivery operation and obtain.
A kind of e-business network site server that the embodiment of the present application provides, comprising:
Receiving element, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; And receiving the authenticating result that online banking service device returns, to be online banking service device sends according to user described authenticating result describedly pays the identification authentication identification information after encrypting in request and carry out authentication to the identification authentication information that user inputs in delivery operation and obtain;
Creating unit, for creating the request of payment, carries described identity verify identification information in described payment request;
Transmitting element, for being back to described user by described payment request.
A kind of online banking service device that the embodiment of the present application provides, comprising:
Receiving element, for receive user send the payment request carrying identity verify identification information, described identity verify identification information be user input identify corresponding identification authentication identification information with the Web bank that this user selects;
Unit is initiated in delivery operation, for according to described payment request, initiates the delivery operation of described user, receives the identity verify identification information that user inputs in delivery operation;
Authenticating unit, for using the described identity verify mark paid in request to carry out authentication operations to the identity verify identification information that user inputs in delivery operation, returns authenticating result to described e-business network site server.
A kind of network payment right discriminating system that the embodiment of the present application provides, comprising:
E-business network site server, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; Create to pay and ask and be back to described user, in described payment request, carry described identity verify identification information;
Online banking service device, for receiving the described payment request that user sends, initiate the delivery operation of user, and use the described identity verify identification information paid in request to carry out authentication operations to the identity verify identification information that user inputs in delivery operation, return authenticating result to described e-business network site server.
The beneficial effect of the embodiment of the present application comprises:
A kind of network payment authentication method that the embodiment of the present application provides, server and system, what Web bank's mark that e-commerce website server receives user is selected and user inputted identifies corresponding identity verify identification information with this Web bank, e-business network site server creates to pay and asks and be back to this user, described identity verify identification information is carried in this payment request, after online banking service device receives this payment request of user's transmission, initiate the delivery operation of user, the described identity verify identification information paid in request is used to carry out authentication operations to the identity verify identification information that user inputs in delivery operation, and return corresponding authenticating result to e-business network site server.After the fisherman carrying out phishing owing to utilizing Web bank's payment interface often creates transaction on website, just utilize by fisherman as oneself completing the payment of commodity payment for goods, and fisherman is when creating transaction, what impossible to know by the identity verify identification information of fisherman in advance, therefore, the network payment authentication method adopting the embodiment of the present application to provide and system, fisherman in the event of phishing carries out the situation of phishing, when pay payment for goods inputted the identity verify identification information of self by fisherman time, if online banking service device judges that the user now paying payment for goods is not same user with creating the user's (namely truly needing to buy the user of commodity) concluded the business, then can notify the result of e-commerce website server authenticates failure, otherwise, if the user creating transaction is same user with the user carrying out delivery operation, then can notify the successful result of e-commerce website server authenticates.The seller in electronic transaction, the result of the authentication that can receive according to e-business network site server, determine that whether the user identity of current transaction is reliably legal, user only to licit traffic sends its commodity chosen, above-mentioned network payment authentication method, server and system that the embodiment of the present application provides, stop to utilize Web bank's payment interface to carry out the illegal act of phishing, ensured the fail safe utilizing the e-business network site server of network payment to conclude the business.In addition, the network payment authentication method that the embodiment of the present application provides, the identity verify identification information carried in described payment request is that user directly inputs, and need not stand in by server self establishment authentication information when creating transaction by e-business network, and stores described authentication information; When bank system of web carries out authentication operations, directly receive the identity verify identification information of user's input, without the need to searching corresponding authentication information or obtain this authentication information to e-commerce website in authentication information memory cell.Like this from technical scheme on the whole, save on the one hand e-business network site server create and store the system resource that authentication information wastes, save on the other hand the system resource that authentication information that bank system of web searches storage is wasted, and due to decrease e-business network site server, bank system of web to the generation of authentication information, store, the handling process such as to search, the authentication of network payment can be realized fast.
Accompanying drawing explanation
Fig. 1 is the flow chart that user legal in prior art is paid by Web bank's payment interface;
Fig. 2 utilizes Web bank's payment interface to carry out the flow chart of phishing in prior art;
The user that Fig. 3 provides for the embodiment of the present application creates the flow chart of concluding the business at e-commerce website;
The flow chart of the network payment authentication method that Fig. 4 provides for the embodiment of the present application;
The structural representation of the e-business network site server that Fig. 5 provides for the embodiment of the present application;
The structural representation of the online banking service device that Fig. 6 provides for the embodiment of the present application;
The structural representation of the network payment right discriminating system that Fig. 7 provides for the embodiment of the present application.
Embodiment
Present inventor finds, as can be seen from prior art, utilize Web bank's payment interface to carry out the flow chart (as shown in Figure 2) of phishing behavior, the fisherman why phishing can occur utilizes by fisherman as oneself buying the behavior of commodity, its reason is that Web bank's payment interface cannot judge whether the people of current payment is really buying the user of commodity, and Web bank is when informing e-commerce platform by the result of payment, also cannot inform whether the current user completing payment of e-commerce platform is the user really buying commodity, therefore, in order to solve in existing e-commerce field the problem utilizing Web bank's payment interface to carry out phishing behavioral implications e-commerce platform transaction security, key point is to carry out authentication to the actual user completing delivery operation, only when the actual user completing delivery operation with when the user that e-commerce platform buys commodity is consistent, just allow continuous business.
In order to be illustrated more clearly in the embodiment of network payment authentication method, server and system that the embodiment of the present application provides, in the following description, being called e-business network site server by being responsible for e-commerce transaction e-commerce platform, being called online banking service device by completing the Web bank paying authentication.
Before carrying out network payment, e-commerce website that user generally can provide at e-business network site server selects the required commodity bought, and create a new transaction, this flow process as shown in Figure 3, comprises the steps:
S301, user log in the e-commerce website that e-business network site server provides.
S302, this e-commerce website provide selectable merchandise news to user.
S303, user select the required commodity bought on e-commerce website, and place an order.
S304, e-business network site server create a new transaction record in this locality, return the relevant information of transaction record to this user simultaneously, and prompting user carries out confirming and carries out next step delivery operation.
After above-mentioned steps S301 ~ S304 completes, if user confirms that Transaction Information is errorless, and select to carry out delivery operation, then the network payment authentication method using the embodiment of the present application to provide carries out authentication to the user carrying out delivery operation.The network payment authentication method that the embodiment of the present application provides, as shown in Figure 4, specifically comprises the steps:
S401, e-business network site server send the information of network payment to user, prompting user inputs the identification information of the Web bank that it is selected and identifies corresponding identity verify identification information with this Web bank.
In this step S401, the mark that e-business network site server can show multiple Web bank to user is selected for user, and after user have selected one of them Web bank mark, continue to send to this user the prompting inputting the identity verify identification information identifying this corresponding user with this Web bank, identity verify identification information is used for the identity of identifying user, such as, point out user's input in the account, user ID etc. of this Web bank.In the embodiment of the present application, identity verify identification information comprises: user ID and/or payment account.
The embodiment of the present application is not limited to above-mentioned identity verify identification information, other can this user identity of unique identification information all can, identity verify identification information can be certain single identification information, or the combination of multiple identification information.
Such as, the bank identifier " China Construction Bank " selecting it to select in the e-commerce website that user provides at e-business network site server, under the further prompting of e-commerce website, user have input its user name registered in the bank system of web of " China Construction Bank " in advance.
Web bank's identification information that S402, e-commerce website server receives user are selected and user's input identify the identity verify identification information of this corresponding user with this Web bank.
S403, e-business network site server are encrypted the identity verify identification information that step S402 gets, and create to pay ask and return to this user, are paying the identity verify identification information after carrying encryption in request.
Preferably, in the embodiment of the present application, have employed the method that identity verify identification information is encrypted, improve the fail safe of transfer of data, certainly also can not be encrypted described identity verify identification information in the middle of concrete enforcement, still can realize the basic conception that the application improves network payment safety.
In this step S403, e-business network site server, except return the payment request message of its establishment to user except, also needs like the prior art, performs the step of the link returning the payment interface of the Web bank that it is selected to this user.
S404, user access this online banking service device by the payment interface of this Web bank, send the payment request of the identity verify identification information after carrying encryption to this online banking service device, thus complete operation and the following step S405 ~ S409 of following authentication further.
S405, online banking service device receive the payment request that user sends, and initiate the delivery operation of this user, the identity verify identification information of pointing out user to input this user in the delivery operation flow process of this user.
S406, user, according to the prompting of online banking service device, input identity verify identification information in the webpage of the delivery operation provided at online banking service device.
Identity verify identification information after encryption in the payment request that S407, online banking service device send user is decrypted, and judge that whether the identity verify identification information after deciphering is consistent with the identity verify identification information that user inputs, if consistent, then perform step S408, if inconsistent, then perform step S409;
Certainly, if the embodiment of the present application is not encrypted the identity verify identification information paid in request, then this step S407 does not need to be decrypted described identity verify identification information.
S408, allow this user to complete delivery operation, and return the successful message of authentication to e-business network site server;
S409, refuse this user and complete delivery operation, and return the message of failed authentication to e-business network site server.
After the fisherman carrying out phishing owing to utilizing Web bank's payment interface in prior art often creates transaction on e-commerce website, utilize by fisherman as oneself completing the payment of commodity payment for goods, and can be which user can not determine (because fisherman can send deceptive information to multiple user in advance) in advance before this by fisherman, as can be seen from the flow process of above-mentioned network payment authentication, fisherman can not know by the identity verify identification information of fisherman in advance, the identity verify identification information of its input, inconsistent most probably with the identity verify identification information inputted by fisherman, therefore, it is possible to avoid fisherman to utilize by fisherman as oneself completes delivery operation, avoid the safety problem that the transaction of phishing to network payment and e-commerce platform causes.In addition, the network payment authentication method that the embodiment of the present application provides, the identity verify identification information carried in described payment request is that user directly inputs, and need not stand in by server self establishment authentication information when creating transaction by e-business network, and stores described authentication information; When bank system of web carries out authentication operations, directly receive the identity verify identification information of user's input, without the need to searching corresponding authentication information or obtain this authentication information to e-commerce website in authentication information memory cell.Like this from technical scheme on the whole, save on the one hand e-business network site server create and store the system resource that authentication information wastes, save on the other hand the system resource that authentication information that bank system of web searches storage is wasted, and due to decrease e-business network site server, bank system of web to the generation of authentication information, store, the handling process such as to search, the authentication of network payment can be realized fast.
Based on same inventive concept, the embodiment of the present application additionally provides a kind of e-business network site server, online banking service device and network payment right discriminating system, because this e-business network site server, online banking service device and the principle that network payment right discriminating system is dealt with problems are similar to aforementioned a kind of network payment authentication method, therefore the enforcement of this system see the enforcement of method, can repeat part and is not repeating.
The e-business network site server that the embodiment of the present application provides, as shown in Figure 5, comprising:
Receiving element 501, receiving element, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; And receiving the authenticating result that online banking service device returns, to be online banking service device sends according to user described authenticating result describedly pays the identification authentication identification information after encrypting in request and carry out authentication to the identification authentication information that user inputs in delivery operation and obtain;
Ciphering unit 502, for encrypting the identity verify identification information that receiving element 501 receives;
The embodiment of the present application adopts ciphering unit 502 pairs of identity verify identification informations to be encrypted the fail safe that can improve transfer of data, and certain the embodiment of the present application also can not adopt ciphering unit 502, equally also can realize the basic conception of the application.
Creating unit 503, for creating the request of payment, carries the identity verify identification information after encryption in this payment request;
Transmitting element 504, for being back to user by this payment request.
Further, the transmitting element 504 in the e-business network site server that the embodiment of the present application provides, the Web bank's mark further also for selecting according to user, returns the link of the payment interface of the Web bank that it is selected to described user.
The online banking service device that the embodiment of the present application provides, as shown in Figure 6, comprising:
Receiving element 601, for receiving the payment request carrying the identity verify identification information after encryption that user sends, the identity verify identification information after encryption be e-business network site server user input identify corresponding identification authentication identification information with the Web bank that this user selects and encrypt and generate afterwards;
Unit 602 is initiated in delivery operation, for according to payment request, initiates the delivery operation of this user, receives the identity verify identification information that user inputs in delivery operation;
Decryption unit 603, for deciphering the identity verify identification information paying and ask the encryption of carrying;
If the embodiment of the present application does not arrange ciphering unit, 502 pairs of identity verify identification informations are encrypted, then also can not arrange decryption unit 603 herein.
Authenticating unit 604, identifies for using the identity verify after deciphering and carries out authentication operations to the identity verify identification information that user inputs in delivery operation, return authenticating result to described e-business network site server.
Above-mentioned authenticating unit 604, specifically for the identity verify mark after deciphering being compared with the identity verify identification information that user inputs in delivery operation, if unanimously, then allowing it to complete delivery operation, and returning the successful results messages of authentication; If inconsistent, then refuse it and carry out delivery operation, and return the results messages of failed authentication.
The network payment right discriminating system that the embodiment of the present application provides, as shown in Figure 7, comprising: e-business network site server 701 and online banking service device 702; Wherein:
E-business network site server 701, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; And crypto identity identification mark information; Create to pay and ask and be back to this user, pay in request the identity verify identification information after carrying encryption;
Online banking service device 702, for receiving the described payment request that user sends, initiate the delivery operation of user, and decipher the described identity verify identification information paying encryption in request, and use the identity verify identification information after deciphering to carry out authentication operations to the identity verify identification information that user inputs in delivery operation, return authenticating result to described e-business network site server.
Above-mentioned identity verify identification information, includes but not limited to: user ID and/or payment accounts.
Further, the e-business network site server 701 in the network payment right discriminating system that the embodiment of the present application provides, also for sending the information of network payment to user; Information inputs its Web bank's mark selected for pointing out user and identifies corresponding identity verify identification information with this Web bank.
Further, e-business network site server 701, also for returning the link of the payment interface of the Web bank that this user selects to user;
Online banking service device 702, also for receiving the payment request that user uses the chain of its payment interface to receive and send.
The above-mentioned e-business network site server that the embodiment of the present application provides and online banking service device, in the specific implementation, the software function module that can realize corresponding function can be used to realize, the mode that also software function module can be adopted to combine with hardware realizes, and the embodiment of the present application does not limit this.
A kind of network payment authentication method that the embodiment of the present application provides, server and system, what Web bank's mark that e-commerce website server receives user is selected and user inputted identifies corresponding identity verify identification information with this Web bank, crypto identity identification mark information, e-business network site server creates to pay and asks and be back to this user, the identity verify identification information after encryption is carried in this payment request, after online banking service device receives this payment request of user's transmission, initiate the delivery operation of user, deciphering simultaneously pays the identity verify identification information of encryption in request, the identity verify identification information after deciphering is used to carry out authentication operations to the identity verify identification information that user inputs in delivery operation, and return corresponding authenticating result to e-business network site server.
After the fisherman carrying out phishing owing to utilizing Web bank's payment interface often creates transaction on website, just utilize by fisherman as oneself completing the payment of commodity payment for goods, and fisherman is when creating transaction, what impossible to know by the identity verify identification information of fisherman in advance, therefore, the network payment authentication method adopting the embodiment of the present application to provide and system, fisherman in the event of phishing carries out the situation of phishing, when pay payment for goods inputted the identity verify identification information of self by fisherman time, if online banking service device judges that the user now paying payment for goods is not same user with creating the user's (namely truly needing to buy the user of commodity) concluded the business, then can notify the result of e-commerce website server authenticates failure, otherwise, if the user creating transaction is same user with the user carrying out delivery operation, then can notify the successful result of e-commerce website server authenticates.The seller in electronic transaction, the result of the authentication that can receive according to e-business network site server, determine that whether the user identity of current transaction is reliably legal, user only to licit traffic sends its commodity chosen, above-mentioned network payment authentication method, server and system that the embodiment of the present application provides, stop to utilize Web bank's payment interface to carry out the illegal act of phishing, ensured the fail safe utilizing the e-business network site server of network payment to conclude the business.In addition, the network payment authentication method that the embodiment of the present application provides, system, the identity verify identification information carried in described payment request is that user directly inputs, and need not stand in by server self establishment authentication information when creating transaction by e-business network, and stores described authentication information; When bank system of web carries out authentication operations, directly receive the identity verify identification information of user's input, without the need to searching corresponding authentication information or obtain this authentication information to e-commerce website in authentication information memory cell.Like this from technical scheme on the whole, save on the one hand e-business network site server create and store the system resource that authentication information wastes, save on the other hand the system resource that authentication information that bank system of web searches storage is wasted, and due to decrease e-business network site server, bank system of web to the generation of authentication information, store, the handling process such as to search, the authentication of network payment can be realized fast.
Obviously, those skilled in the art can carry out various change and modification to the application and not depart from the spirit and scope of the application.Like this, if these amendments of the application and modification belong within the scope of the application's claim and equivalent technologies thereof, then the application is also intended to comprise these change and modification.
Claims (15)
1. a network payment authentication method, is characterized in that, comprising:
What Web bank's mark that e-commerce website server receives user is selected and this user inputted identifies corresponding identity verify identification information with this Web bank;
E-business network site server creates to pay and asks and be back to described user, carries described identity verify identification information in described payment request;
E-business network site server receives the authenticating result that online banking service device returns, the described authenticating result described identification authentication identification information paid in request that to be online banking service device send according to user, carries out to the identity verify identification information of this user inputted in the delivery operation flow process of this user that authentication obtains.
2. the method for claim 1, is characterized in that, Web bank's mark that e-commerce website server receives user is selected and before identifying corresponding identity verify identification information with this Web bank, also comprises:
E-business network site server sends the information of network payment to described user, and described information inputs its Web bank's mark selected for pointing out user and identifies corresponding identity verify identification information with this Web bank.
3. the method for claim 1, is characterized in that, also comprises: Web bank's mark that e-business network site server is selected according to user, returns the link of the payment interface of the Web bank that it is selected to described user;
Described online banking service device receives the payment request that user uses the chain of described payment interface to receive and send.
4. the method for claim 1, it is characterized in that, what online banking service device sent according to user describedly pays the identification authentication identification information that carries in request, the identity verify identification information of this user inputted in the delivery operation flow process of this user is carried out to authentication obtains, and comprising:
Online banking service device receives the described payment request that user sends, initiate the delivery operation of user, the identity verify identification information of pointing out user to input this user in the delivery operation flow process of this user, make user according to the prompting of online banking service device, in the page of the delivery operation provided at online banking service device, input identity verify identification information;
The described identity verify identification information inputted in the delivery operation page that identity verify identification information in request and user provide at website bank server that pays is compared, if consistent, then allow it to complete delivery operation, and export the successful results messages of authentication; If inconsistent, then refuse it and carry out delivery operation, and export the results messages of failed authentication.
5. the method for claim 1, is characterized in that, after the identity verify identification information of e-commerce website server receives user input, also comprises: encrypt described identity verify identification information;
E-business network site server creates the request of payment, comprising: described e-business network site server creates the payment request of the identity verify identification information after carrying encryption;
What the identity verify identification information of online banking service device to this user pointing out user to input in the delivery operation flow process of this user carried out that authentication obtains comprises: the described identification information paid in request of online banking service device deciphering, carries out that authentication obtains according to the identity verify identification information of identification information to this user pointing out user to input in the delivery operation flow process of this user after deciphering.
6. the method as described in any one of claim 1-5, is characterized in that, described identity verify mark comprises: user ID and/or payment accounts.
7. an e-business network site server, is characterized in that, comprising:
Receiving element, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; And the authenticating result that reception online banking service device returns, identification authentication identification information in the payment request that to be online banking service device send according to user of described authenticating result, carries out to the identity verify identification information of this user inputted in the delivery operation flow process of this user that authentication obtains;
Creating unit, for creating the request of payment, carries described identity verify identification information in described payment request;
Transmitting element, for being back to described user by described payment request.
8. e-business network site server as claimed in claim 7, is characterized in that, described transmitting element, and the Web bank's mark further also for selecting according to user, returns the link of the payment interface of the Web bank that it is selected to described user.
9. e-business network site server as claimed in claim 7, is characterized in that, also comprise: ciphering unit, for encrypting the identity verify identification information that receiving element receives;
Described creating unit, also for creating the payment request of the identification information after carrying encryption.
10. an online banking service device, is characterized in that, comprising:
Receiving element, for receive user send the payment request carrying identity verify identification information, described identity verify identification information be user input identify corresponding identification authentication identification information with the Web bank that this user selects;
Unit is initiated in delivery operation, for according to described payment request, initiates the delivery operation of described user, receives the identity verify identification information that user inputs in delivery operation;
Authenticating unit, for using the described identity verify mark paid in request, carrying out authentication to the identity verify identification information of this user inputted in the delivery operation flow process of this user, returning authenticating result to e-business network site server.
11. online banking service devices as claimed in claim 10, it is characterized in that, described authenticating unit, the identity verify identification information inputted in the delivery operation page provided at website bank server specifically for described identity verify mark and user is compared, if consistent, then allow it to complete delivery operation, and return the successful results messages of authentication; If inconsistent, then refuse it and carry out delivery operation, and return the results messages of failed authentication, wherein, the identity verify identification information inputted in the delivery operation page that described user provides at website bank server is the identity verify identification information inputting this user in the delivery operation flow process of Website server this user, make user according to the prompting of online banking service device, in the page of the delivery operation provided at online banking service device, input obtains.
12. online banking service devices as claimed in claim 11, is characterized in that, also comprise: decryption unit;
Described receiving element, also for receiving the payment request carrying the rear identity verify identification information of encryption;
Described decryption unit, for deciphering the described identity verify identification information paying request and carry;
Described authenticating unit, also for use the identity verify identification information after deciphering to provide at website bank server user the delivery operation page in the identity verify identification information that inputs carry out authentication operations.
13. 1 kinds of network payment right discriminating systems, is characterized in that, comprising:
E-business network site server, what Web bank's mark and this user for receiving user's selection inputted identifies corresponding identity verify identification information with this Web bank; Create to pay and ask and be back to described user, in described payment request, carry described identity verify identification information;
Online banking service device, for receiving the described payment request that user sends, initiate the delivery operation of user, and use the described identity verify identification information paid in request, authentication is carried out to the identity verify identification information of this user inputted in the delivery operation flow process of this user, returns authenticating result to described e-business network site server.
14. systems as claimed in claim 13, it is characterized in that, described e-business network site server also for sending the information of network payment to described user, described information for point out user input its select Web bank mark and this user input identify corresponding identity verify identification information with this Web bank.
15. systems as claimed in claim 13, is characterized in that, described e-business network site server is also for returning the link of the payment interface of the Web bank that this user selects to described user;
Described online banking service device is also for receiving the payment request that user uses the chain of described payment interface to receive and send.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150012.4A CN102223354B (en) | 2010-04-14 | 2010-04-14 | Network payment authentication method, server and system |
| HK12100156.6A HK1159897A1 (en) | 2010-04-14 | 2012-01-06 | Method, server and system for authenticating network payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150012.4A CN102223354B (en) | 2010-04-14 | 2010-04-14 | Network payment authentication method, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102223354A CN102223354A (en) | 2011-10-19 |
| CN102223354B true CN102223354B (en) | 2015-05-13 |
Family
ID=44779785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010150012.4A Active CN102223354B (en) | 2010-04-14 | 2010-04-14 | Network payment authentication method, server and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102223354B (en) |
| HK (1) | HK1159897A1 (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632258A (en) * | 2012-08-27 | 2014-03-12 | 深圳市一兆科技发展有限公司 | Consumption payment method and system, and equipment |
| CN103778528B (en) * | 2012-10-26 | 2017-11-21 | 华为技术有限公司 | The processing method and system and device of payment |
| CN103093341B (en) * | 2012-12-27 | 2016-02-24 | 惠州市德赛工业研究院有限公司 | A kind of safe payment method based on RFID intelligence payment system |
| CN103996114B (en) * | 2014-05-16 | 2017-10-20 | 网银在线(北京)科技有限公司 | A kind of method and apparatus of on-line payment |
| CN111260343B (en) * | 2014-12-24 | 2023-07-07 | 创新先进技术有限公司 | Information authentication method, device and system based on confirmation code |
| CN105184559B (en) * | 2015-08-18 | 2018-12-28 | 中国联合网络通信集团有限公司 | A kind of payment system and method |
| CN106157027B (en) * | 2016-07-27 | 2020-01-10 | 北京小米移动软件有限公司 | Payment method, device and system |
| CN110298678B (en) * | 2018-03-23 | 2023-12-05 | 阿里巴巴集团控股有限公司 | User rights and interests information processing method, device and system |
| CN112118206B (en) * | 2019-06-19 | 2022-04-12 | 贵州白山云科技股份有限公司 | Decryption method, device, system, medium and equipment |
| CN114363307B (en) * | 2022-03-18 | 2022-08-26 | 浙江网商银行股份有限公司 | Information processing method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1893355A (en) * | 2005-07-05 | 2007-01-10 | 淘宝控股有限公司 | Method and system for identifying identity of network user end |
| CN101527070A (en) * | 2009-04-15 | 2009-09-09 | 唐宇良 | Safe transaction control method and system thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409719B (en) * | 2007-10-08 | 2013-06-05 | 联想(北京)有限公司 | Method and client terminal for implementing network safety payment |
-
2010
- 2010-04-14 CN CN201010150012.4A patent/CN102223354B/en active Active
-
2012
- 2012-01-06 HK HK12100156.6A patent/HK1159897A1/en unknown
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1893355A (en) * | 2005-07-05 | 2007-01-10 | 淘宝控股有限公司 | Method and system for identifying identity of network user end |
| CN101527070A (en) * | 2009-04-15 | 2009-09-09 | 唐宇良 | Safe transaction control method and system thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102223354A (en) | 2011-10-19 |
| HK1159897A1 (en) | 2012-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102223354B (en) | Network payment authentication method, server and system | |
| US11729150B2 (en) | Key pair infrastructure for secure messaging | |
| CN110493261B (en) | Verification code obtaining method based on block chain, client, server and storage medium | |
| CN101373528B (en) | Electronic payment system, device and method based on position authentication | |
| JP5766199B2 (en) | Secure mobile payment processing | |
| CA2758117C (en) | Method for carrying out an application with the help of a portable data carrier | |
| CN108243176B (en) | Data transmission method and device | |
| RU2560810C2 (en) | Method and system for protecting information from unauthorised use (versions thereof) | |
| CN112333198A (en) | Secure cross-domain login method, system and server | |
| TW200929974A (en) | System and method for performing electronic transactions | |
| CN102790767B (en) | Information safety control method, information safety display equipment and electronic trading system | |
| WO2012155644A1 (en) | Bill entrustment payment management method, device, and system | |
| CN102271124A (en) | Data processing equipment and data processing method | |
| CN108605037B (en) | Method for transmitting digital information | |
| CN106302328A (en) | Sensitive user data processing system and method | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| CN105871805A (en) | Anti-stealing-link method and device | |
| CN103903140A (en) | O2O safety payment method, system and safety payment background | |
| CN115276978A (en) | Data processing method and related device | |
| CN102055764A (en) | Method and device for monitoring operation of accessing business system | |
| CN108701200B (en) | Improved memory system | |
| US20100146605A1 (en) | Method and system for providing secure online authentication | |
| CN104811421A (en) | Secure communication method and secure communication device based on digital rights management | |
| Sanyal et al. | A multifactor secure authentication system for wireless payment | |
| TW201619880A (en) | Network authentication method using card device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 1159897 Country of ref document: HK |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: GR Ref document number: 1159897 Country of ref document: HK |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191210 Address after: P.O. Box 31119, grand exhibition hall, hibiscus street, 802 West Bay Road, Grand Cayman, Cayman Islands Patentee after: Innovative advanced technology Co., Ltd Address before: Cayman Islands Grand Cayman capital building, a four storey No. 847 mailbox Patentee before: Alibaba Group Holding Co., Ltd. |