CN1464679A - Internet authentication method - Google Patents
Internet authentication method Download PDFInfo
- Publication number
- CN1464679A CN1464679A CN 02123323 CN02123323A CN1464679A CN 1464679 A CN1464679 A CN 1464679A CN 02123323 CN02123323 CN 02123323 CN 02123323 A CN02123323 A CN 02123323A CN 1464679 A CN1464679 A CN 1464679A
- Authority
- CN
- China
- Prior art keywords
- authentication
- request
- user
- information
- scp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims description 45
- 238000005516 engineering process Methods 0.000 claims description 21
- 230000008676 import Effects 0.000 claims description 15
- 230000011664 signaling Effects 0.000 claims description 12
- 101000794020 Homo sapiens Bromodomain-containing protein 8 Proteins 0.000 claims description 8
- 101001006782 Homo sapiens Kinesin-associated protein 3 Proteins 0.000 claims description 8
- 101000615355 Homo sapiens Small acidic protein Proteins 0.000 claims description 8
- WGKGADVPRVLHHZ-ZHRMCQFGSA-N N-[(1R,2R,3S)-2-hydroxy-3-phenoxazin-10-ylcyclohexyl]-4-(trifluoromethoxy)benzenesulfonamide Chemical compound O[C@H]1[C@@H](CCC[C@@H]1N1C2=CC=CC=C2OC2=C1C=CC=C2)NS(=O)(=O)C1=CC=C(OC(F)(F)F)C=C1 WGKGADVPRVLHHZ-ZHRMCQFGSA-N 0.000 claims description 8
- 102100021255 Small acidic protein Human genes 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 7
- 238000013475 authorization Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 8
- 238000007726 management method Methods 0.000 description 7
- 230000007306 turnover Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 241000282836 Camelus dromedarius Species 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000033228 biological regulation Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000008358 core component Substances 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000007789 sealing Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a online authentication method through intelligent mobile network characterized by that, a mobile network and a data transmission channel for online paying system are established through the intelligent mobile network, using the mobile terminal as the input terminal, then transmitting payment authentication information through the channel, thus completing the authentication for the online payment. The invention can be applied to set up a text based real time data transmission channel between the client and the online payment system and provide safety guarantee for the online client authentiation.
Description
Technical field
The present invention relates to moving communicating field, relate in particular to a kind of method and system that carries out internet authentication by mobile intelligent net.
Technical background
The Internet produces tremendous influence to present business model, increasing people begins online, enjoy the various services that each ecommerce provider provides, begin to carry out consumption online, also bring into use simultaneously all kinds of online payment systems such as Web bank to carry out the payment of expense.But the opening of the Internet and the confidentiality of payment system have proposed very high requirement to the authentication mechanism of all kinds of online payment systems such as Web bank.
Present online payment system substantially all is directly to use disbursement account and payment cipher to carry out authenticating user identification and authentication on the internet simultaneously.Because the Internet also lacks a widely accepted mechanism aspect safety certification at present, people also generally lack the sense of security to directly using the disbursement account payment on the net, thereby online payment system is not accepted extensively by the user yet.
Present most popular online payment system is Web bank's payment transaction that each tame bank carries out, and mode is to be networked by each tame bank and ecommerce SP, directly uses bank card to pay.As shown in Figure 1, be internet authentication information conveying flow figure in the prior art, the effect of each ecommerce SP is similar to the terminating machine that is placed on each emporium in this manner, the user will give SP oneself bank card account number and password, passes to corresponding bank by SP then and goes to carry out authentication and withhold.Because be directly to use the bank card payment, ecommerce SP is again on the internet, thereby information such as user's bank card account number and password must flow through from the Internet.Because the opening of the Internet and the security requirement of banking system, the range of application of Web bank is very limited.
Present online payment system can not well solve the authentication problem of payment:
1, disbursement account and payment cipher transmit simultaneously on the internet, and account and password may be stolen simultaneously;
2, lack a good payment affirmation link that offers the user.
Simply introduce the relevant knowledge of some intelligent networks below again.
Intelligent Network is a kind of additional " increment " network that new business can be provided on original communication network quickly and efficiently, has the characteristic of quick introducing new business and dynamic load staging business.
Fig. 2 is the system configuration of an intelligent network platform, and it is made up of Service Switching Point (SSP ServiceSwitching Point), service control point (SCP Service Control Point), ip intelligent peripherals (IP Intelligent Peripheral), service management point (SMP Service ManagementPoint), service creation environment (SCE Service Creation Environment), SMAP several parts such as (SMAP Service Management Access Point).
SSP is the tie point that connects existing fixed network and intelligent network, and the function that inserts intelligent network function collection is provided.SSP can detect the request of IN service, and communicates by letter with SCP; Response is made in request to SCP, allows the service logic among the SCP to influence call treatment.
SCP is the core component of intelligent network, its storaging user data and service logic.The major function of SCP is to receive Query Information and the Query Database that SSP sends here, carries out various decodings; Simultaneously, SCP can start different service logics according to the call event of offering on the SSP, sends the calling control command according to service logic to corresponding SSP, thereby realizes various intelligent calls.
IP is a special resource of assisting to finish IN service.Usually have various phonetic functions, as phonetic synthesis, the playback notice receives DTMF pulsing, carries out speech recognition or the like.IP can be an independently physical equipment, also can be used as the part of SSP, and it accepts the control of SCP, carries out the specified operation of SCP service logic.
SMP also is a kind of computer system.SMP generally possesses 5 kinds of functions, i.e. service logic management, Service Data Management, user data management, professional monitoring and traffic management.The new business logic of creating in service creation environment is input among the SMP by service supplier, and the SMP SCP that again it packed into just can provide this new business on communication network.
The function of SCE is the new service logic of demand generation according to the client.SCE provides friendly graphics edition interface for professional designer.The client utilizes various standard pels to design the service logic of new business, and defines corresponding data for it.
SMAP is the part that realizes intelligent network operation management function, is installed in the central machine room and the business hall of operator usually, generally is the application program on the PC terminal, and the operating system according to different can have different forms.
Summary of the invention
The objective of the invention is the intelligent movable network technology is incorporated in the internet authentication mechanism, when guaranteeing user friendliness, create a kind of authentication mode of brand-new online payment system.
A kind of internet authentication method is characterized in that setting up by GSM mobile network and mobile intelligent net the data transmission channel of a mobile network and online payment system, is input terminal with the portable terminal, and then transmits authentication information by this passage, finishes internet authentication.
Described internet authentication method also comprises:
Foundation and mobile terminal number have the disbursement account of binding relationship in payment system;
Set up the authorization interface of a payment system and mobile intelligent net OSP.
Described method also comprises to be registered online payment system in the Service Control Point of mobile intelligent net, and and the OSP interface of SCP physical connection is set.
Described data channel communicates by ICP/IP protocol, and Content of Communication has:
Online payment system sends authentication request;
SCP utilizes each network element of mobile network to work in coordination with the authentication input information that obtains the cellphone subscriber after receiving request, and is right
The back returns to online payment system by authorization interface.
Described mobile network can be the GSM net, also can be 3G network.
Described data transmission channel is to set up by the USSD of mobile network and the OSP interface of mobile intelligent net.
The method of described internet authentication when the mobile subscriber initiates the payment request, may further comprise the steps:
A, mobile subscriber initiate request, and account information is provided, and ecommerce SP initiates the payment request to affiliated payment system;
B, payment system are inquired about this mobile terminal number according to account information in the request, send authentication request to the SCP of this portable terminal ownership;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send the USSD authentication request to the HLR of authentication mobile terminal number ownership, and information then awaits a response;
D, HLR receive the USSD request that SCP sends by the MAP signaling interface, and the VLR address at the present place of enquiry mobile terminal user is transmitted the USSD request to this VLR then;
E, MSC/VLR receive the USSD request that HLR sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the USSD request of transmitting from MSC/VLR by wave point, input authentication responses information on portable terminal, and send back to the mobile network;
The authentication responses information (payment cipher) that g, MSC/VLR mobile terminal receive user beam back is also sent the HLR of user attaching back to;
H, HLR receive user's authentication responses information and reply to the SCP of the request of sending;
The USSD authentication responses information that i, SCP reply from HLR mobile terminal receive user also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
In the described internet authentication method, described data transmission channel is to set up by the OSP interface of short message technology in the GSM mobile network and mobile intelligent net.
Described internet authentication method, authorizing procedure is as follows:
A, ecommerce SP ask the user to import its disbursement account information after receiving the service request that the mobile subscriber initiates, and send the payment request according to user's disbursement account information and the payment system of dealing money information under the user;
B, online payment system inquire the mobile terminal number that this account is bound according to the account information in the payment request, and the SCP to this mobile terminal number ownership sends authentication request then;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message to the SMSC of authentication mobile terminal number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of enquiry mobile terminal user sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the short message of transmitting from MSC/VLR by wave point, directly import authentication responses and send back to the mobile network with short message way on portable terminal;
The authentication responses information that g, MSC/VLR mobile terminal receive are beamed back is also sent the SMSC of short message service center that portable terminal belongs to back to;
The authentication responses short message of h, SMSC mobile terminal receive also is transmitted to SCP by the SMPP agreement;
I, SCP reply to payment system from the authentication responses short message of SMSC mobile terminal receive answer and with the authentication content;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
Described internet authentication method also comprises:
SCE increases internet authentication professional required service logic and business datum in business, form the internet authentication business logic modules, generates the internet authentication business;
SMS is loaded into SCP with service logic, business datum and the corresponding software module of this internet authentication business, and at SMAP the relevant configuration data of this business is set;
SCP receives the authentication request message that online payment system is sent here by the OSP interface, start the authentication service logic, and the HLR and the current visited MSC/VLR of authentication user that belong to by authentication user carry out information interaction, obtain user's input information, and give online payment system by the OSP interface, finish the transmission of authentication information.
By the present invention, mobile phone users can use online payment system to carry out the payment of various e-commerce transactions relievedly, not worry the safety problem of own disbursement account, thereby can enjoy the convenience and the enjoyment of electronic commerce times consumption online.
Description of drawings
Fig. 1 is current internet authentication information conveying flow figure;
Fig. 2 is the structural representation of intelligent network;
Fig. 3 is the bang path of the USSD that user side is initiated in the mobile intelligent net;
Fig. 4 is the bang path of the USSD that network terminal is initiated in the mobile intelligent net;
Fig. 5 is the authentication information conveying flow that adopts wireless transmission;
Fig. 6 is a subscription authentication flow process of utilizing the USSD technology;
Fig. 7 is a subscription authentication flow process of utilizing the short message technology.
Embodiment
Below in conjunction with Figure of description the specific embodiment of the present invention is described.
Because the present invention has used the USSD technology in the present GSM mobile network, earlier it is briefly introduced.
In present GSM mobile network, application has the USSD technology, full name is unstructured supplementary service data (Unstuctured Supplementary Service Data), this is a kind of novel interactive data service based on the GSM network, it is on the short-message system technical foundation of GSM and the new business of releasing, and is to a kind of data service bearing capacity of GSM network definition in the CAMEL standard.GSM 02.90, GSM03.90, and GSM04.90, GSM09.02, GSM02.78, GSM0 3.78, and GSM09.78 has carried out detailed regulation to the technical specification of USSD.By USSD, can carry out two-way exchange between mobile subscriber MS and the GSM network functional entity based on text message, modal voice messaging information interchange mode has a great difference in this same GSM network in the past.Therefore, in the GSM network realization of USSD function can for mobile intelligent net new business provide and professional management etc. brings many convenience.That considers mobile intelligent net itself can provide the characteristics of new business flexibly, fast, and the realization of USSD function in mobile intelligent net can provide colourful data service for the GSM network.Simultaneously, this also be SCP support comprehensively CAMEL Phase2 standard must realize function.
The standard of USSD has experienced the evolution of three phases:
USSD phase 1: only support the USSD operation that portable terminal is initiated, the MAP operation of definition has only one, i.e. Proces s Unstructed SS Data (user side initiation);
USSD pha se 2: this is the present stage of supporting of USSD, and portable terminal and network side all can be initiated USSD operation, and in USSD conversation procedure, supports a plurality of continuous USSD operations.Network side both can have been initiated the USSD operation, also can send Notify message.This stage has increased the definition of three MAP operations: Unstructed SS Request (network terminal initiation), Unstructed SS Notify (network terminal initiation) and Process Unstructed SS Request (user side initiation);
USSD phase 2+: enhancement mode USSD (Enhanced USSD), supporting has a plurality of sessions between portable terminal and the network simultaneously, and supports to distinguish MMI pattern and bearing mode with DCS (Data Coding Scheme).Also do not form the final draft protocol specification at present.
In the GSM network, the mobile subscriber is exactly a speech data with the mutual modal mode of exchange of information between the GSM network, and this also is the most basic business that the GSM network provides.For more information exchange way except that speech data is provided in the GSM network, ETSI has introduced the USSD function in MAP standard and CAMEL standard, its purpose is exactly the ability of carrying out information interchange by text mode mutually between mobile subscriber and the GSM network in order to offer.And USSD has a very important characteristic, is about to existing GSM network as a transparent carrying entity, and Virtual network operator is formulated the corresponding service that meets local user's demand voluntarily by USSD.So, the USSD business just can almost not have any influence and increase new business to original system easily for the mobile subscriber provides data service, has kept the stability of original system.Therefore, USSD is a kind of supplementary service of GSM network.
In standard about USSD, the USSD data passes still by traditional speech data pipeline: MS<==MSC<==VLR<==HLR.Considered afterwards that mobile intelligent net used the needs of USSD function, in new standard, increased again HLR<==this USSD passing interface of gsmSCF to mobile intelligent net, what both sides used on this interface is the MAP signaling protocol of standard.Subscription data U-CSI (specific user's) and the UG-CSI (all users') of relevant USSD in HLR, have been increased simultaneously, to realize the triggering and the Route Selection of USSD service logic.USSD at the bang path in the mobile intelligent net system shown in Fig. 3 and 4, wherein:
Fig. 3 is that the user initiates the USSD service request from portable terminal, and network side is responded;
Fig. 4 then is that network side is initiated the USSD request, and mobile terminal side is replied after receiving.
The USSD signaling difference that dual mode uses.
The MAP operation of the relevant USSD that CAMEL Phase 2 gsmSCF need realize is as follows:
(a) Process Unstructed SS Data (handling the USS data) HLR-〉gsmSCF
(b) Process Unstructed SS Request (handling the USS request) HLR-〉gsmSCF
(c) Unstructed SS Notify (USS notice) gsmSCF-〉HLR
(d) Unstructed SS Request (USS request) gsmSCF-〉HLR
The not only payment information of present online payment system (comprises disbursement account, information such as payment) need be by the Internet transmission, payment authentication information (mainly being payment cipher) also transmits from the Internet together with payment information, thereby make Personal Finance information such as user's account and password expose fully on the internet, fail safe can not well be guaranteed, also is to use wideless main cause at present.
As shown in Figure 5, core of the present invention is exactly to set up the data transmission channel of a mobile network and online payment system between mobile network and the mobile intelligent net, with the portable terminal is input terminal, and then by this passage transmission payment authentication information, finish the authentication of online payment, thereby realize the active user authentication.
In actual use, in payment system, set up the disbursement account that and mobile terminal number have binding relationship,, use all payments of the user of internet authentication all to unify from this disbursement account, to transfer with the disbursement account of this account as the mobile subscriber; Because present mobile subscriber number all is single unduplicated, therefore, with the binding information of this mobile terminal number as disbursement account, is satisfactory, also is very easily.
Set up the authorization interface of payment system and mobile intelligent net open service platform (OSP) again.OSP is the external interface subsystem of SCP, and OSP and SCP are one-to-one relationships.OSP plays a part to insert external entity, communication carrier, message conversion in whole system.The SCP of standard only links to each other by standard agreement with GSM network entity and intelligent network entity, but can not link to each other with other off-gauge external entities.OSP then is the protocol conversion machine of SCP and various non-standard systems.Also played the effect that the ability opening of mobile network and intelligent network is used to external entity simultaneously.
Foregoing online payment system is registered in the Service Control Point of mobile intelligent net, and and the OSP interface of SCP physical connection is set, use for transfer of data.Both sides communicate by ICP/IP protocol, and Content of Communication mainly is:
Online payment system sends authentication request; In actual applications, the content of this authentication mainly contains: authentication phone number, dealing money, relevant informations such as authentication sign;
SCP utilizes each network element of mobile network to work in coordination with the authentication input information that obtains the cellphone subscriber after receiving request, returns to online payment system by authorization interface then, and this content mainly contains: authentication phone number, dealing money, trading password.
Mobile network of the present invention, can be the GSM mobile network that generally uses at present, also can be the mobile network that 3G uses, such as cdma network etc., on function realizes, do not have any difference, be chosen in realization internet authentication of the present invention on the GSM network of present use below.
In the present invention, a kind of mode is to set up a data transmission channel by the OSP interface of above-mentioned mobile network USSD technology and mobile intelligent net, on this passage, transmit user authentication information, because the USSD technology can make and carry out the text based two-way communication between user and the network functional entity, therefore, mobile phone users can send its authentication information with the mode of text, on the data transmission channel of the sealing that GSM provides, realize the splendid authentication of confidentiality.
The generation that the present invention is above professional, can be in the following way:
Service creation environment (SCE) increases internet authentication professional required service logic and business datum in business, form the internet authentication business logic modules, generates the internet authentication business;
Business management system (SMS) is loaded into SCP with service logic, business datum and the corresponding software module of this internet authentication business, and at SMAP (SMAP) the relevant configuration data of this business is set;
SCP receives the authentication request message that online payment system is sent here by OSP (Open Service Proxy) interface, start the authentication service logic, and the HLR and the current visited MSC/VLR of authentication user that belong to by authentication user carry out information interaction by USSD mechanism, obtain user's input information, and give online payment system by the OSP interface, finish the transmission of authentication information.
As shown in Figure 6, be based on the new authentication system framework of the payment system of USSD technology and intelligent movable network technology, it is mainly by SCP, MSC/VLR, and HLR, MS and online payment system are formed, and peripheral entity is mainly ecommerce SP.Wherein, SCP/OSP is meant the SCP that has the OSP interface, and MSC/VLR then is two different functional entitys, but these two functions realize together in a physical entity that generally so general literary style is MSC/VLR, expression has this two functions simultaneously.VLR is exactly the dynamic data base that MSC uses in fact.USSD information can be passed to VLR by HLR, passes to MSC (being generally internal interface) by VLR then, and then passes to mobile phone.
When the mobile subscriber initiates the payment request, may further comprise the steps:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by portable terminal terminal (WAP mode or short message way), after ecommerce SP receives user's service request, prompting asks the user to import its disbursement account information, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the mobile terminal number that this account is bound according to the account information in the payment request, and the SCP to this mobile terminal number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send USSD authentication request (as: your this turnover is an XX unit, please import your payment cipher) to the HLR of authentication mobile terminal number ownership, and information then awaits a response;
D, HLR receive the USSD request that SCP sends by the MAP signaling interface, and the VLR address at the present place of enquiry mobile terminal user is transmitted the USSD request to this VLR then;
E, MSC/VLR receive the USSD request that HLR sends by the MAP signaling interface, and then are forwarded on the portable terminal terminal that the user holds;
F, mobile subscriber receive the USSD request of transmitting from MSC/VLR by wave point, and (as: your this turnover is an XX unit, please import your payment cipher), directly on the portable terminal terminal, import own authentication responses information (payment cipher) and send back to the mobile network;
The authentication responses information (payment cipher) that g, MSC/VLR mobile terminal receive user beam back is also sent the HLR of user attaching back to;
H, HLR receive user's authentication responses information (payment cipher) and reply to the SCP of the request of sending;
The USSD authentication responses information (payment cipher) that i, SCP reply from HLR mobile terminal receive user also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Except the USSD technology is arranged, use short message technology widely in addition on the present GSM network.Both differences are that USSD is a kind of GSM network data transmission technology of dialogue-based connection, and short message then is a kind of GSM network data transmission technology of transmitting based on storage.So because the application of USSD technology on China's existing network at present is extensive not enough, also can use based on-short message way and carry the transmission of authentication information, handling process is similar, just HLR has changed SMSC into, transmits agreement simultaneously and has also changed SMPP and MAP (short message) into by MAP (USSD).As shown in Figure 7, idiographic flow is as follows:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by mobile phone terminal (WAP mode or short message way), ecommerce SP asks the user to import its disbursement account information after receiving user's service request, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the phone number that this account is bound according to the account information in the payment request, and the SCP to this phone number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message (your this turnover is an XX unit, please import your payment cipher) to the SMSC of authentication phone number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of inquiry cellphone subscriber sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the mobile phone terminal that the user holds;
F, mobile subscriber receive the short message of transmitting from MSC/VLR by wave point, and (your this turnover is an XX unit, please import your payment cipher), directly on mobile phone terminal, import own authentication responses (payment cipher) and send back to the mobile network with short message way;
Authentication responses information (payment cipher) that g, MSC/VLR reception cellphone subscriber beams back and the SMSC of short message service center that sends user attaching back to;
H, SMSC receive user's authentication responses short message (payment cipher) and are transmitted to SCP by the SMPP agreement;
I, SCP receive the authentication responses short message (payment cipher) of cellphone subscriber's answer and the authentication content are replied to payment system from SMSC;
J, online payment system carry out authentication from the payment cipher information of mobile phone input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Except the USSD technology is arranged, use short message technology widely in addition on the present GSM mobile network.Both differences are that USSD is a kind of GSM network data transmission technology of dialogue-based connection, and short message then is a kind of GSM network data transmission technology of transmitting based on storage.So because the application of USSD technology on China's existing network at present is extensive not enough, also can use based on-short message way and carry the transmission of authentication information, handling process is similar, just HLR has changed SMSC into, transmits agreement simultaneously and has also changed SMPP and MAP (short message) into by MAP (USSD).Idiographic flow is as follows:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by mobile phone terminal (WAP mode or short message way), ecommerce SP asks the user to import its disbursement account information after receiving user's service request, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the phone number that this account is bound according to the account information in the payment request, and the SCP to this phone number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message (as: your this turnover is an XX unit, please import your payment cipher) to the SMSC of authentication phone number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of inquiry cellphone subscriber sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the mobile phone terminal that the user holds;
F, mobile subscriber receive the short message of transmitting from MSC/VLR by wave point, and (as: your this turnover is an XX unit, please import your payment cipher), directly on mobile phone terminal, import own authentication responses (payment cipher) and send back to the mobile network with short message way;
Authentication responses information (as: payment cipher) that g, MSC/VLR reception cellphone subscriber beams back and the SMSC of short message service center that sends user attaching back to;
H, SMSC receive user's authentication responses short message (as: payment cipher) and are transmitted to SCP by the SMPP agreement;
I, SCP receive the authentication responses short message (as: payment cipher) of cellphone subscriber's answer and the authentication content are replied to payment system from SMSC;
J, online payment system carry out authentication from the payment cipher information of mobile phone input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Because short message is that a kind of store-and-forward mechanism carries out work, transmission speed comparison USSD mode has certain decline, to being not so good as the USSD mode in the cooperation of real-time deal.
By technical scheme of the present invention, can between user and online payment system, build a text based real time data interchange channel, thereby can give online payment system by this passage user's information.As long as the user is mobile terminal number of binding in the account information of payment system on the net, then promptly can realize the input of payment cipher and the affirmation process of transaction by the pairing terminal of this mobile terminal number, in use, in fact user's public information transmits by two different data channel with authentication information, strengthened fail safe greatly, for user's internet authentication provides safe assurance.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.
Claims (10)
1, a kind of internet authentication method, it is characterized in that setting up the data transmission channel of a mobile network and online payment system by mobile network and mobile intelligent net, with the portable terminal is input terminal, and then by this passage transmission payment authentication information, finishes the authentication of online payment.
2, internet authentication method as claimed in claim 1 is characterized in that also comprising:
Foundation and mobile terminal number have the disbursement account of binding relationship in payment system;
Set up the authorization interface of payment system and mobile intelligent net open service platform (OSP).
3, internet authentication method as claimed in claim 2 is characterized in that also comprising online payment system is registered in the Service Control Point of mobile intelligent net, and and the OSP interface of SCP physical connection is set.
4, internet authentication method as claimed in claim 3 is characterized in that described data channel, communicates by ICP/IP protocol, and Content of Communication has:
Online payment system sends authentication request;
SCP utilizes each network element of mobile network to work in coordination with the authentication input information that obtains the cellphone subscriber after receiving request, returns to online payment system by authorization interface then.
5, as claim 1,2,3 or 4 described internet authentication methods, it is characterized in that described mobile network is the GSM net, also can be the 3G mobile network.
6, internet authentication method as claimed in claim 5 is characterized in that described data transmission channel, is to set up by the USSD of mobile network and the OSP interface of mobile intelligent net.
7, internet authentication method as claimed in claim 6 when it is characterized in that described mobile subscriber initiates the payment request, may further comprise the steps:
A, mobile subscriber initiate request, and account information is provided, and ecommerce SP initiates the payment request to affiliated payment system;
B, payment system are inquired about this mobile terminal number according to account information in the request, send authentication request to the SCP of this portable terminal ownership;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send the USSD authentication request to the HLR of authentication mobile terminal number ownership;
D, HLR receive the USSD request that SCP sends by the MAP signaling interface, and the VLR address at the present place of enquiry mobile terminal user is transmitted the USSD request to this VLR then;
E, MSC/VLR receive the USSD request that HLR sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the USSD request of transmitting from MSC/VLR by wave point, input authentication responses information on portable terminal, and send back to the mobile network;
Authentication responses information that g, MSC/VLR mobile terminal receive user beam back and the HLR that sends user attaching back to;
H, HLR receive user's authentication responses information and reply to the SCP of the request of sending;
The USSD authentication responses information that i, SCP reply from HLR mobile terminal receive user also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Authentication success is then deducted fees to disbursement account, returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
8, internet authentication method as claimed in claim 5 is characterized in that described data transmission channel, is to set up by the OSP interface of short message technology in the mobile network and mobile intelligent net.
9, internet authentication method as claimed in claim 8 is characterized in that authorizing procedure is as follows:
A, mobile subscriber initiate request, and account information is provided, and ecommerce SP initiates the payment request to affiliated payment system;
B, payment system are inquired about this mobile terminal number according to the account information in the request, send authentication request to the SCP of this portable terminal ownership;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message to the SMSC of authentication mobile terminal number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of enquiry mobile terminal user sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the short message of transmitting from MSC/VLR by wave point, directly import authentication responses and send back to the mobile network with short message way on portable terminal;
The authentication responses information that g, MSC/VLR mobile terminal receive are beamed back is also sent the SMSC of short message service center that portable terminal belongs to back to;
The authentication responses short message of h, SMSC mobile terminal receive also is transmitted to SCP by the SMPP agreement;
The authentication responses short message that i, SCP reply from the SMSC mobile terminal receive also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
10, as claim 1,2,3 or 4 described internet authentication methods, it is characterized in that also comprising: service creation environment (SCE) increases internet authentication professional required service logic and business datum in business, form the internet authentication business logic modules, generate the internet authentication business;
Business management system (SMS) is loaded into SCP with service logic, business datum and the corresponding software module of this internet authentication business, and at SMAP (SMAP) this business relevant configuration data is set;
SCP receives the authentication request message that online payment system is sent here by OSP (Open Service Proxy) interface, start the authentication service logic, and the HLR and the current visited MSC/VLR of authentication user that belong to by authentication user carry out information interaction, obtain user's input information, and give online payment system by the OSP interface, finish the transmission of authentication information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123323 CN1274106C (en) | 2002-06-18 | 2002-06-18 | Internet authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02123323 CN1274106C (en) | 2002-06-18 | 2002-06-18 | Internet authentication method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1464679A true CN1464679A (en) | 2003-12-31 |
| CN1274106C CN1274106C (en) | 2006-09-06 |
Family
ID=29743494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02123323 Expired - Lifetime CN1274106C (en) | 2002-06-18 | 2002-06-18 | Internet authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1274106C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102376049A (en) * | 2010-08-27 | 2012-03-14 | 黄金富 | Cell phone payment confirmation system based on security verification and corresponding method thereof |
| CN101686453B (en) * | 2008-09-24 | 2012-08-01 | 中国移动通信集团安徽有限公司 | Management instruction processing method, system, instruction management centre and HLR |
| CN1968092B (en) * | 2006-09-30 | 2012-09-05 | 北京握奇数据系统有限公司 | Method for realizing data interaction between digital signature device and opposite-end device |
| CN103782564A (en) * | 2011-07-15 | 2014-05-07 | 瓦里德索弗特英国有限公司 | Authentication system and method therefor |
| WO2014075269A1 (en) * | 2012-11-15 | 2014-05-22 | 华为技术有限公司 | Service message processing method, device and system |
| CN103905194A (en) * | 2012-12-26 | 2014-07-02 | 中国电信股份有限公司 | Identity traceability authentication method and system |
| CN107491967A (en) * | 2017-09-02 | 2017-12-19 | 刘兴丹 | A kind of method, apparatus of network payment input password |
| CN117575613A (en) * | 2024-01-15 | 2024-02-20 | 山东鼎信数字科技有限公司 | Authentication payment method and system for dynamic access environment |
-
2002
- 2002-06-18 CN CN 02123323 patent/CN1274106C/en not_active Expired - Lifetime
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1968092B (en) * | 2006-09-30 | 2012-09-05 | 北京握奇数据系统有限公司 | Method for realizing data interaction between digital signature device and opposite-end device |
| CN101686453B (en) * | 2008-09-24 | 2012-08-01 | 中国移动通信集团安徽有限公司 | Management instruction processing method, system, instruction management centre and HLR |
| CN102376049A (en) * | 2010-08-27 | 2012-03-14 | 黄金富 | Cell phone payment confirmation system based on security verification and corresponding method thereof |
| CN103782564A (en) * | 2011-07-15 | 2014-05-07 | 瓦里德索弗特英国有限公司 | Authentication system and method therefor |
| WO2014075269A1 (en) * | 2012-11-15 | 2014-05-22 | 华为技术有限公司 | Service message processing method, device and system |
| CN103959732A (en) * | 2012-11-15 | 2014-07-30 | 华为技术有限公司 | Service message processing method, device and system |
| CN103959732B (en) * | 2012-11-15 | 2016-11-09 | 华为技术有限公司 | Service message processing method, equipment and system |
| CN103905194A (en) * | 2012-12-26 | 2014-07-02 | 中国电信股份有限公司 | Identity traceability authentication method and system |
| CN103905194B (en) * | 2012-12-26 | 2017-05-24 | 中国电信股份有限公司 | Identity traceability authentication method and system |
| CN107491967A (en) * | 2017-09-02 | 2017-12-19 | 刘兴丹 | A kind of method, apparatus of network payment input password |
| CN117575613A (en) * | 2024-01-15 | 2024-02-20 | 山东鼎信数字科技有限公司 | Authentication payment method and system for dynamic access environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1274106C (en) | 2006-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1182748C (en) | Implementation method and system for radio value-adding business based on short message service | |
| CN1242596C (en) | Instantaneous communication | |
| CN1200536C (en) | Method for realizing content fee-conunting process | |
| CN1158886C (en) | Method and system for over-the-air service programming | |
| CN1889730A (en) | Wireless user identification module, communication terminal equipment and communication control method | |
| CN1852094A (en) | Method and system for protecting account of network business user | |
| CN1798204A (en) | Payment system and implement method | |
| CN1902881A (en) | A communication system for providing instant messaging and presence services | |
| CN1946023A (en) | Authentication and authorization architecture for an access gateway | |
| CN1640175A (en) | System, method and apparatus for federated single sign-on services | |
| CN1235737A (en) | System and method for subscriber activity supervision | |
| CN1867102A (en) | Method for transmitting short message | |
| CN101060403A (en) | Wireless communication terminal-based interactive dynamic password safety service system | |
| CN1274106C (en) | Internet authentication method | |
| CN1658636A (en) | Immediate voice communication method for implementing interactive of 3G network and internet | |
| CN1285229C (en) | Method, system for acquiring status information of mobile subscriber and corresponding subscriber identification module | |
| CN1387364A (en) | Short speech message transmission system | |
| CN113747375A (en) | One-key acquisition system and method for third-party application user sensitive information in 5G message | |
| CN1176556C (en) | Mobile data service network system and its communication method | |
| CN1828651A (en) | Method for achieving payment of one individual to another using voice and short message communication | |
| CN1859647A (en) | Method and system for realizing dynamic grouping and cancelling grouping of mobile terminal | |
| CN1852466A (en) | Method and system for realizing virtual-number-like voice increment business | |
| CN1960344A (en) | Instant communication method of combining manual service | |
| CN1225133C (en) | Method of opening control point business capacity of intelligent network service to the third party | |
| CN1454358A (en) | A trading and auction system, and methods for the authentication of buyers and sellers and for the transmission of trading instructions in a trading and auction system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: TENGXUN SCI-TECH (SHENZHEN) CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20150518 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150518 Address after: 518057 Tencent Building, Nanshan District hi tech park, Shenzhen, Guangdong Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. Address before: 518057 Guangdong city of Shenzhen province Nanshan District Science Park Branch Road No. 1 HUAWEI Service Center Building Patentee before: Huawei Technologies Co., Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20060906 |
|
| CX01 | Expiry of patent term |