CN102694768A - Secure payment method for mobile electronic commerce based on 3-D secure - Google Patents
Secure payment method for mobile electronic commerce based on 3-D secure Download PDFInfo
- Publication number
- CN102694768A CN102694768A CN2011100686811A CN201110068681A CN102694768A CN 102694768 A CN102694768 A CN 102694768A CN 2011100686811 A CN2011100686811 A CN 2011100686811A CN 201110068681 A CN201110068681 A CN 201110068681A CN 102694768 A CN102694768 A CN 102694768A
- Authority
- CN
- China
- Prior art keywords
- payment
- information
- mobile
- credit card
- business
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a secure payment method for mobile electronic commerce based on 3-D secure, which transmits all transaction information and authentication information needed through one-way transmission, wherein sensitive user information is transmitted in an encrypted way, guaranteeing the security of personal information of a payer and reducing dependence on the security of a transmission network. Meanwhile, an identity is authenticated without establishing extra connections and a payment amount restriction is relaxed. The user can use a common mobile terminal for mobile payment without replacing the common mobile terminal with a new one and can use the method for mobile payment anytime and anywhere as long as a wireless communication network is available in an area. Compared with prior art, the method is better than prior payment protocols with respect to both security and performance, therefore the method is more suitable for current mobile payment business.
Description
Technical field
The present invention relates to a kind of movable electric commerce payment method, especially relate to a kind of based on 3-D secure mobile e-business safe payment method.
Background technology
E-Payment is meant that with electronic instrument of commercialization and all kinds of electronic money be media, is means with the computer technology and the communication technology, on computer network system, realizes the circulation and the payment of fund through the form of electronic data storage and transmission.
In recent years, along with the combination of technology such as internet, mobile communication and computer, be that the mobile e-business of representative is arisen at the historic moment with the mobile payment.Relevant market survey report shows that mobile e-business qualitative leap will occur in recent years, and global mobile e-business user reached 1.7 hundred million in 2009, and turnover reaches 10,800,000,000 dollars; Expect mobile e-business in the end of the year 2010 market value and can reach 25,000,000,000 dollars, mobile e-business when the time comes accounts for 15% of global online transaction market.As emerging electronic payment mode, mobile payment has whenever and wherever possible and many characteristics such as convenient, fast, that payment cost is low.As long as the consumer has a mobile phone, just can accomplish financing or transaction, enjoy the facility that mobile payment brings.Nowadays, mobile-phone payment is just becoming the ecommerce new highlight
Because the difference of operating mode, various payment systems have different features at aspects such as fail safe, risk and payment efficient.But no matter in ecommerce, adopt any payment instrument, all must possess following condition: safe, processing cost is low, widely global financial market is accepted, and fail safe is primary.The authenticity of the information of guaranteeing payment is that financial circles realize paying by mails institute's problem demanding prompt solution under network environment with the legal identity that can discern the disburser.The key that addresses this problem is to use safe E-Payment pattern.
To the potential market of mobile payment, existing people proposes some mobile-payment system schemes.These mobile-payment systems that propose all have certain weak point, or system is very different the change that the needs work is very big with current payment flow; Or security of system is not enough, and user's payment information can be monitored by other people, thereby forges payment.Mobile payment at present generally is a small amount payment, and such payment is lower to security requirement.Along with further developing of Mobile business, also increasingly high to the Mobile business transaction-based requirements, improved the security of payment requirement, small amount payment has been difficult to satisfy the demand of e-commerce development, and this has become a big obstacle of popularizing Mobile business; Perhaps user's use cost is too high, and the user need buy the mobile phone of supporting certain function; Lose when user's mobile phone, account information just possibly had things stolen.
To be Visa in 2002 propose 3-D secure agreement and the electronic payment protocol of exploitation, also is comparatively perfect electronic payment safety agreement at present, and become the pay a bill standard architecture of authentication of electronics of new generation.Visa, Mast~rCard, JCB, China Unionpay and American Express etc. have all added this 3-D secure protocol platform.
In this system, if the consumer pays through portable terminal, then mobile payment person realizes that based on this system the flow process of paying by mails is following: portable terminal will determine the merchandise news of buying, disburser's information such as bank account to send to business server; Business server sends to the Visa LIST SERVER with disburser's information such as bank account; The Visa LIST SERVER is searched the access control server (ACS) whether available credit card issuer is arranged according to the information that receives, if do not have, then directly to business server return can't authentication response; If have, the above-mentioned information that then will receive is transmitted to the ACS of corresponding credit card issuer, and whether information such as the above-mentioned account of inquiry ACS are legal; After ACS receives the inquiry message of Visa LIST SERVER, to Visa LIST SERVER echo reply; The Visa LIST SERVER returns replying of ACS to business server again; Business server is transmitted to ACS with the payment authorization request through portable terminal; Whether the disburser's that this payment authorization request of mobile terminal check is entrained payment information is complete, if incomplete, then behind the polishing, this payment authorization request sent to ACS; After ACS receives this request, disburser's identity is carried out authentication, produce the payment authorization response message afterwards, and this payment authorization response message is carried out digital signature; ACS is transmitted to business server with above-mentioned payment authorization response message through portable terminal, relevant information is deposited in authorize in the historical record simultaneously; Business server receives the payment authorization response message, and the digital signature of checking ACS, after checking is passed through, the payment authorization response message is sent to the receipts single file server of businessman; Receiving single file server and asking of issuers server settles accounts.
In whole payment flow; Portable terminal is as the promoter of mobile payment request because need and credit card issuer and businessman between carry out frequent information interaction, cause the communications of Mobile Terminals burden heavier; Also therefore increase the expenditure of communication cost, prolonged exchange hour.In addition, in the above-mentioned payment flow, important informations such as disburser's bank card account number all are visible concerning businessman.The mandate though after ACS carries out authentication through password to disburser's identity, just pay provides opportunity but still carry out commercial fraud for the businessman that grasps a large amount of payment informations of disburser.Therefore, but existing based on 3-D secure agreement payment system and realize that also there are improvements in the flow process of payment.And payment authorization request that defines in the 3-D secure core protocol and payment authorization response are all too big for most of mobile devices.
Summary of the invention
The object of the invention is exactly to provide the perfect mechanism of a cover to combine Bank Account Number with mobile device for the defective that overcomes above-mentioned prior art existence, sets up the Payment System of a cover safety; Integrate key elements such as information transmission and authentication, fund transfer.Both relaxed restriction, ensured the personal information security of payer again payment.This cover mechanism not only is suitable for mobile e-business, and the method for payment of compatible traditional ecommerce.
As follows safety-optimized:
1. originally payment authorization request and payment authorization response policy in the 3-D secure agreement have been optimized, after businessman accepts the payment information of portable terminal submission, by the promoter of businessman as whole mobile payment request; Credit card issuer directly sends the payment authorization response to businessman, and this payment authorization response sends in fixed network, and the processing speed guaranteeing to have accelerated on its basis of safety mobile payment make it more appropriate to mobile payment service.And portable terminal proposes the payment authorization request as the promoter of whole mobile payment request in 3-D secure agreement; Credit card issuer responds the payment authorization of portable terminal; Send the payment authorization response message to the disburser, by the disburser this information is forwarded to businessman again.
2. in the method, credit card issuer can carry out authentication to mobile payment terminal and payment received terminal after receiving the payment authorization solicited message, in a conversation request, can accomplish: need not send information to the terminal in addition it is carried out authentication.And in 3-D secuFe agreement, credit card issuer needs to send ID authentication request information separately to payment terminal, waits for that the authentication response message of payment terminal could be accomplished the authentication process.
3. this method adopts respectively the encryption mechanism of encrypting, encapsulating respectively.Be encapsulated in the payment information after the relevant disburser's in mobile payment terminal sensitive information use and credit card issuer shared session key encrypted, make it to become ciphertext and be transferred to businessman; Businessman can only check the plaintext part after receiving payment information, and can't know the sensitive information that the ciphertext part has promptly been protected the disburser.Businessman adds shroff account number information, and this partial information is encrypted, signed, and submits the payment authorization request to credit card issuer then.This method of mobile payment adopts respectively and encrypts, the mechanism of encapsulation is respectively handled, and has improved the fail safe of mobile payment service.And in the negotiations process of 3-D secure agreement, the important informations relevant with bank card such as disburser's number of the account, number of the account identifier all are visible concerning businessman, and carrying out commercial fraud to businessman provides opportunity.
4. this method adopts off-line key generting machanism, is different from the 3-Dsecure agreement, any message of transmission between the participant before key is expired, and employed key all remains unchanged; Also being different from simultaneously in the wireless access AKA agreement connects at every turn and all holds consultation more new session key before communicating.This method of mobile payment adopts a kind of off-line key generting machanism, and session key generates in this locality and need not be in transmission through network, even need not set up additional communication and hold consultation new key more just can reach the cipher round results of one-time pad.
5. in this method, credit card issuer will send feedback information to payment terminal after having accomplished the payment authorization response to businessman, except the information of disbursing funds, also comprises the balance of funding information (ciphertext form) of current bank paying number of the account.This information will dynamically update the fund state of this number of the account in the mobile payment terminal, make things convenient for the consumer that the fund of payment account is in time understood and grasp; Send response message to payment terminal after credit card issuer has been accomplished payment authorization in 3-D SE '-cure agreement, because relate to the restriction of factors such as safety and response message forwarding, but this information only comprises several limited payment data.
6. in this method, the user is before carrying out mobile payment, and payment terminal is paid the number of the account remaining sum relatively at local side in advance, if Sorry, your ticket has not enough value with payment transaction this time, then points out user and payment terminal not to carry out session connection with other-end; In 3-D secure agreement, only, mobile payment service judges by issuers server whether disburser's fund is enough to payment transaction this time, has all expended user cost and Internet resources if the session negotiation that insufficient funds are then set up before is connected with circuit in the middle of carrying out process.
7. this method adopts the treatment mechanism of pouring the account fund into.This method of mobile payment carries out the authentication success to mobile payment terminal and businessman and receives after the affirmation information that the user agrees to pay; Fund to payment accounts is handled; But credit card issuer does not change fund in the shroff account number of businessman over to the processing of fund immediately; But in the guarantor's number of paying a bill that is transferred to one's own profession that will disburse funds, send the certified check voucher to businessman; Businessman regularly carries out capital settlement, transferred account service to receiving single file with the certified check voucher.This mechanism makes businessman's relieved delivery under credit card issuer is guaranteed payment the guarantee of fund; The position that makes mobile payment service stand in the consumer has simultaneously been protected consumer's rights and interests to greatest extent; In case professional dispute occurs; Can prevent consumer's capital loss to greatest extent, increase the trust of consumer mobile payment service.
8. this method adopts force users to send the acknowledgement mechanism of payment affirmation receipt.Credit card issuer only after receiving the affirmation receipt at mobile payment terminal, is just handled disbursing funds of user, and sends payment processes information to businessman.Certified check information comprising credit card issuer.Force users is sent the authenticity that the payment affirmation receipt has been guaranteed this business, has strengthened the fail safe of whole payment process simultaneously
Performance optimization is following:
1. by the promoter of businessman as whole mobile payment request, credit card issuer directly to businessman's authorization response of paying, has reduced the communications of Mobile Terminals burden, has also alleviated the communications of Mobile Terminals expense simultaneously.
2. this payment authorization response is sent in fixed network, is guaranteeing to have reduced mobile payment wireless network traffic carrying capacity on its basis of safety, and is reducing the exchange hour of whole mobile payment service.
3. through all Transaction Informations that need of one-way transmission, need not extraly connect it is carried out authentication with portable terminal, convenient, fast.
The object of the invention can be realized through following technical scheme:
A kind of based on 3-D secure mobile e-business safe payment method, this method comprises following point:
The user can adopt multiple mode to do shopping, and has played to check after the order shopping information such as payment, businessman's sign, transaction sequence number etc., and errorless user afterwards uses the mobile payment terminal to carry out mobile payment
Description of drawings
Fig. 1 is a flow chart of the present invention;
Embodiment
Below in conjunction with accompanying drawing and specific embodiment the present invention is elaborated.
As shown in Figure 1, a kind of based on 3-D secure mobile e-business safe payment method, this method is a kind of safe mobile electric paying method, needed Transaction Information of one-way transmission and authentication information.User sensitive information encrypted transmission has wherein ensured and the personal information security of payer has also reduced the dependence to the transmission network fail safe, need not extraly connect simultaneously and carry out authentication; And relaxed restriction to payment.The user use common mobile terminal and need not more renew can carry out mobile payment; As long as the area that cordless communication network covers is with using this method to carry out mobile payment whenever and wherever possible per family.This method has been avoided the extra trade center database of setting up, the safety problem that has greatly reduced financial cost and caused therefrom; The fund processing mode protection consumer of account and the both sides' of businessman interests are poured in employing into.This method combines Bank Account Number with the perfect mechanism of a cover with mobile device, set up the Payment System of a cover safety, integrates key elements such as information transmission and authentication, fund transfer.This cover mechanism not only is suitable for mobile e-business, and compatible traditional ecommerce.
Below be payment arrangement idiographic flow of the present invention:
1. like Fig. 1 step 1.: between portable terminal and the issuers server two ends based on identical algorithm synchronized generation session random sequence number SEQNO, the session key K that sequence number is communicated by letter between local off-line under root key-effect generates portable terminal and credit card issuer
1, in communication after this, use the privacy key of session key as intercommunication.Each communication uses new session random sequence number to produce different session key, thereby guarantees a first secretary's secure communication.
2. like Fig. 1 step 2.: the balance amount information of the payment accounts of the payment terminal local storage of inspection earlier before paying.If remaining sum is enough paid transaction this time, then send payment information to business server.Wherein sensitive data uses the session key transmission; Otherwise prompting user insufficient funds.
3. like Fig. 1 step 3.: cleartext information values such as business server verification ID, TID, AMOUNT, if wrong then end transaction this time; Otherwise server adds the shroff account number information of businessman, generates the payment authorization solicited message, sends to payment gateway, by payment gateway this payment authorization solicited message is forwarded to corresponding ID, credit card issuer.
4. like Fig. 1 step 4.: credit card issuer validation of payment authorization requests information integrity and validity, check the remaining sum of payment accounts simultaneously.Then send the payment response message if checking is legal, and wait for user's receipt within a certain period of time to portable terminal.Credit card issuer only after receiving the affirmation receipt at mobile payment terminal, just produces disbursing funds of user, and sends payment processes information to businessman.Credit card issuer sends to the balance amount information that comprises this payment accounts after the transaction this time in the payment response message of portable terminal.
5. like Fig. 1 step 5.: payment terminal was sent the affirmation receipt that this pays response message with force users after the user browsed the payment response message, and acknowledgement information comprises the response value ACCEPT or the REJECT of subscriber authorisation payment.If response message is lost because some reason is as paying, the user confirms that acknowledgement information is lost, the user cancels credit card issuers such as sending the affirmation receipt and in the certain hour scope, do not receive user's receipt; Credit card issuer will repeat to send the payment response message to the mobile payment terminal so, until the receipt of receiving the user.Payment terminal is if send the acknowledgement information of agreeing payment to credit card issuer, and payment terminal is upgraded the balance amount information of local payment accounts after the then transmission information.
6. like Fig. 1 step 6.: confirm the payment acknowledgement information if receive; Credit card issuer then will disburse funds and from user's payment accounts, produce; Deposit in guarantor's number of paying a bill of one's own profession; And pass through payment gateway and send successful Payment Request process information to businessman, comprising the certified check credential information of credit card issuer; Otherwise credit card issuer sends the Payment Request process information of payment failure, trading suspension to businessman through payment gateway.Businessman delivers according to order after receiving the Payment Request process information of success.
7. like Fig. 1 step 7.: the payment processes information of the success that businessman will receive regularly sends to be received single file and settles accounts, and receives the legal back of single file checking certified check information and credit card issuer and carries out the internal finance processing of transferring accounts.
Claims (5)
1. one kind based on 3-D secure mobile e-business safe payment method, and this method may further comprise the steps:
1) between portable terminal and the issuers server two ends based on identical algorithm synchronized generation session random sequence number
2) pay before the balance amount information of payment accounts of the payment terminal local storage of inspection earlier.
3) business server checking data
4) credit card issuer validation of payment authorization requests information integrity and validity are checked the remaining sum of payment accounts simultaneously.
5) payment terminal was sent the affirmation receipt that this pays response message with force users after the user browsed the payment response message.
6) credit card issuer will disburse funds and from user's payment accounts, produce or credit card issuer sends the Payment Request process information of payment failure, trading suspension to businessman through payment gateway.
7) the payment processes information of the success that will receive of businessman regularly sends to and receives single file and settle accounts, and receives the legal back of single file checking certified check information and credit card issuer and carries out the internal finance processing of transferring accounts.
2. according to claim 1 a kind of based on 3-D secure mobile e-business safe payment method; It is characterized in that; Sequence number in the described step 1) comprises: the session key of between local off-line under the root key effect generates portable terminal and credit card issuer, communicating by letter uses the privacy key of session key as intercommunication in communication after this.Each communication uses new session random sequence number to produce different session key.
3. according to claim 1 a kind of based on 3-D secure mobile e-business safe payment method; It is characterized in that; Said described step 2) balance amount information in comprises: if remaining sum is enough paid transaction this time, then send payment information to business server.Wherein sensitive data uses the session key transmission; Otherwise prompting user insufficient funds.
4. according to claim 1ly a kind ofly it is characterized in that based on 3-D secure mobile e-business safe payment method the checking data in the said described step 3) comprises: cleartext information values such as ID, TID, AMOUNT
5. according to claim 1ly a kind ofly it is characterized in that based on 3-D secure mobile e-business safe payment method the acknowledgement information in the said described step 5) comprises: the response value ACCEPT or the REJECT of subscriber authorisation payment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100686811A CN102694768A (en) | 2011-03-22 | 2011-03-22 | Secure payment method for mobile electronic commerce based on 3-D secure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100686811A CN102694768A (en) | 2011-03-22 | 2011-03-22 | Secure payment method for mobile electronic commerce based on 3-D secure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102694768A true CN102694768A (en) | 2012-09-26 |
Family
ID=46860055
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100686811A Pending CN102694768A (en) | 2011-03-22 | 2011-03-22 | Secure payment method for mobile electronic commerce based on 3-D secure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102694768A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248483A (en) * | 2013-03-22 | 2013-08-14 | 张经纶 | Real-name authentication apparatus |
| WO2020098245A1 (en) * | 2018-11-12 | 2020-05-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for session management |
-
2011
- 2011-03-22 CN CN2011100686811A patent/CN102694768A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103248483A (en) * | 2013-03-22 | 2013-08-14 | 张经纶 | Real-name authentication apparatus |
| CN103248483B (en) * | 2013-03-22 | 2016-12-28 | 张经纶 | A kind of real name verification device |
| WO2020098245A1 (en) * | 2018-11-12 | 2020-05-22 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for session management |
| US11539847B2 (en) | 2018-11-12 | 2022-12-27 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for a chargeable party at a session management with required quality of service |
| US11882234B2 (en) | 2018-11-12 | 2024-01-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for granting or not granting a chargeable party at a session management with required quality of service utilizing a MAC address |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2149084B1 (en) | Method and system for authenticating a party to a transaction | |
| US7280981B2 (en) | Method and system for facilitating payment transactions using access devices | |
| JP6031524B2 (en) | Safely refillable electronic wallet | |
| EP2212842B1 (en) | System and method for secure management of transactions | |
| US20130073463A1 (en) | Issuer trusted party system | |
| US20080257952A1 (en) | System and Method for Conducting Commercial Transactions | |
| CN108476227A (en) | System and method for equipment push supply | |
| US20100010932A1 (en) | Secure wireless deposit system and method | |
| US20130054417A1 (en) | Methods and systems aggregating micropayments in a mobile device | |
| US20020042776A1 (en) | System and method for unifying electronic payment mechanisms | |
| KR20060022304A (en) | Interactive financial settlement service method using mobile phone number or virtual number | |
| WO2008144487A1 (en) | Method and system for payment authorization and card presentation using pre-issued identities | |
| US20070284436A1 (en) | Credit card payment system | |
| WO2012040713A2 (en) | Method and system for secure mobile remittance | |
| WO2014032549A1 (en) | Telecommunication service provider based mobile identity authentication and payment method and system | |
| MX2011010300A (en) | Secure transactions using non-secure communications. | |
| WO2014032206A1 (en) | Quick payment system and corresponding method | |
| CN102694768A (en) | Secure payment method for mobile electronic commerce based on 3-D secure | |
| US8595131B2 (en) | Method for paying for a service offered by means of a data network | |
| EP4191495A1 (en) | Devices, methods and a system for secure electronic payment transactions | |
| EP4191496A1 (en) | Devices, methods and a system for secure electronic payment transactions | |
| KR20040055843A (en) | System and Method for Payment by Using Authorized Authentication Information | |
| EP4191497A1 (en) | Devices, methods and a system for secure electronic payment transactions | |
| AU2008254851B2 (en) | Method and system for payment authorization and card presentation using pre-issued identities | |
| KR20130052435A (en) | Recording medium, method and system for information processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Shanghai Creative Digital Platform Technology Co., Ltd. Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| DD01 | Delivery of document by public notice |
Addressee: Shanghai Creative Digital Platform Technology Co., Ltd. Document name: Notification that Application Deemed to be Withdrawn |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120926 |