Technical background
The Internet produces tremendous influence to present business model, increasing people begins online, enjoy the various services that each ecommerce provider provides, begin to carry out consumption online, also bring into use simultaneously all kinds of online payment systems such as Web bank to carry out the payment of expense.But the opening of the Internet and the confidentiality of payment system have proposed very high requirement to the authentication mechanism of all kinds of online payment systems such as Web bank.
Present online payment system substantially all is directly to use disbursement account and payment cipher to carry out authenticating user identification and authentication on the internet simultaneously.Because the Internet also lacks a widely accepted mechanism aspect safety certification at present, people also generally lack the sense of security to directly using the disbursement account payment on the net, thereby online payment system is not accepted extensively by the user yet.
Present most popular online payment system is Web bank's payment transaction that each tame bank carries out, and mode is to be networked by each tame bank and ecommerce SP, directly uses bank card to pay.As shown in Figure 1, be internet authentication information conveying flow figure in the prior art, the effect of each ecommerce SP is similar to the terminating machine that is placed on each emporium in this manner, the user will give SP oneself bank card account number and password, passes to corresponding bank by SP then and goes to carry out authentication and withhold.Because be directly to use the bank card payment, ecommerce SP is again on the internet, thereby information such as user's bank card account number and password must flow through from the Internet.Because the opening of the Internet and the security requirement of banking system, the range of application of Web bank is very limited.
Present online payment system can not well solve the authentication problem of payment:
1, disbursement account and payment cipher transmit simultaneously on the internet, and account and password may be stolen simultaneously;
2, lack a good payment affirmation link that offers the user.
Simply introduce the relevant knowledge of some intelligent networks below again.
Intelligent Network is a kind of additional " increment " network that new business can be provided on original communication network quickly and efficiently, has the characteristic of quick introducing new business and dynamic load staging business.
Fig. 2 is the system configuration of an intelligent network platform, and it is made up of Service Switching Point (SSP ServiceSwitching Point), service control point (SCP Service Control Point), ip intelligent peripherals (IP Intelligent Peripheral), service management point (SMP Service ManagementPoint), service creation environment (SCE Service Creation Environment), SMAP several parts such as (SMAP Service Management Access Point).
SSP is the tie point that connects existing fixed network and intelligent network, and the function that inserts intelligent network function collection is provided.SSP can detect the request of IN service, and communicates by letter with SCP; Response is made in request to SCP, allows the service logic among the SCP to influence call treatment.
SCP is the core component of intelligent network, its storaging user data and service logic.The major function of SCP is to receive Query Information and the Query Database that SSP sends here, carries out various decodings; Simultaneously, SCP can start different service logics according to the call event of offering on the SSP, sends the calling control command according to service logic to corresponding SSP, thereby realizes various intelligent calls.
IP is a special resource of assisting to finish IN service.Usually have various phonetic functions, as phonetic synthesis, the playback notice receives DTMF pulsing, carries out speech recognition or the like.IP can be an independently physical equipment, also can be used as the part of SSP, and it accepts the control of SCP, carries out the specified operation of SCP service logic.
SMP also is a kind of computer system.SMP generally possesses 5 kinds of functions, i.e. service logic management, Service Data Management, user data management, professional monitoring and traffic management.The new business logic of creating in service creation environment is input among the SMP by service supplier, and the SMP SCP that again it packed into just can provide this new business on communication network.
The function of SCE is the new service logic of demand generation according to the client.SCE provides friendly graphics edition interface for professional designer.The client utilizes various standard pels to design the service logic of new business, and defines corresponding data for it.
SMAP is the part that realizes intelligent network operation management function, is installed in the central machine room and the business hall of operator usually, generally is the application program on the PC terminal, and the operating system according to different can have different forms.
Summary of the invention
The objective of the invention is the intelligent movable network technology is incorporated in the internet authentication mechanism, when guaranteeing user friendliness, create a kind of authentication mode of brand-new online payment system.
A kind of internet authentication method is characterized in that setting up by GSM mobile network and mobile intelligent net the data transmission channel of a mobile network and online payment system, is input terminal with the portable terminal, and then transmits authentication information by this passage, finishes internet authentication.
Described internet authentication method also comprises:
Foundation and mobile terminal number have the disbursement account of binding relationship in payment system;
Set up the authorization interface of a payment system and mobile intelligent net OSP.
Described method also comprises to be registered online payment system in the Service Control Point of mobile intelligent net, and and the OSP interface of SCP physical connection is set.
Described data channel communicates by ICP/IP protocol, and Content of Communication has:
Online payment system sends authentication request;
SCP utilizes each network element of mobile network to work in coordination with the authentication input information that obtains the cellphone subscriber after receiving request, and is right
The back returns to online payment system by authorization interface.
Described mobile network can be the GSM net, also can be 3G network.
Described data transmission channel is to set up by the USSD of mobile network and the OSP interface of mobile intelligent net.
The method of described internet authentication when the mobile subscriber initiates the payment request, may further comprise the steps:
A, mobile subscriber initiate request, and account information is provided, and ecommerce SP initiates the payment request to affiliated payment system;
B, payment system are inquired about this mobile terminal number according to account information in the request, send authentication request to the SCP of this portable terminal ownership;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send the USSD authentication request to the HLR of authentication mobile terminal number ownership, and information then awaits a response;
D, HLR receive the USSD request that SCP sends by the MAP signaling interface, and the VLR address at the present place of enquiry mobile terminal user is transmitted the USSD request to this VLR then;
E, MSC/VLR receive the USSD request that HLR sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the USSD request of transmitting from MSC/VLR by wave point, input authentication responses information on portable terminal, and send back to the mobile network;
The authentication responses information (payment cipher) that g, MSC/VLR mobile terminal receive user beam back is also sent the HLR of user attaching back to;
H, HLR receive user's authentication responses information and reply to the SCP of the request of sending;
The USSD authentication responses information that i, SCP reply from HLR mobile terminal receive user also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
In the described internet authentication method, described data transmission channel is to set up by the OSP interface of short message technology in the GSM mobile network and mobile intelligent net.
Described internet authentication method, authorizing procedure is as follows:
A, ecommerce SP ask the user to import its disbursement account information after receiving the service request that the mobile subscriber initiates, and send the payment request according to user's disbursement account information and the payment system of dealing money information under the user;
B, online payment system inquire the mobile terminal number that this account is bound according to the account information in the payment request, and the SCP to this mobile terminal number ownership sends authentication request then;
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message to the SMSC of authentication mobile terminal number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of enquiry mobile terminal user sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the portable terminal that the user holds;
F, portable terminal receive the short message of transmitting from MSC/VLR by wave point, directly import authentication responses and send back to the mobile network with short message way on portable terminal;
The authentication responses information that g, MSC/VLR mobile terminal receive are beamed back is also sent the SMSC of short message service center that portable terminal belongs to back to;
The authentication responses short message of h, SMSC mobile terminal receive also is transmitted to SCP by the SMPP agreement;
I, SCP reply to payment system from the authentication responses short message of SMSC mobile terminal receive answer and with the authentication content;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP; If this user's service request is then cancelled in failure;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request.
Described internet authentication method also comprises:
SCE increases internet authentication professional required service logic and business datum in business, form the internet authentication business logic modules, generates the internet authentication business;
SMS is loaded into SCP with service logic, business datum and the corresponding software module of this internet authentication business, and at SMAP the relevant configuration data of this business is set;
SCP receives the authentication request message that online payment system is sent here by the OSP interface, start the authentication service logic, and the HLR and the current visited MSC/VLR of authentication user that belong to by authentication user carry out information interaction, obtain user's input information, and give online payment system by the OSP interface, finish the transmission of authentication information.
By the present invention, mobile phone users can use online payment system to carry out the payment of various e-commerce transactions relievedly, not worry the safety problem of own disbursement account, thereby can enjoy the convenience and the enjoyment of electronic commerce times consumption online.
Embodiment
Below in conjunction with Figure of description the specific embodiment of the present invention is described.
Because the present invention has used the USSD technology in the present GSM mobile network, earlier it is briefly introduced.
In present GSM mobile network, application has the USSD technology, full name is unstructured supplementary service data (Unstuctured Supplementary Service Data), this is a kind of novel interactive data service based on the GSM network, it is on the short-message system technical foundation of GSM and the new business of releasing, and is to a kind of data service bearing capacity of GSM network definition in the CAMEL standard.GSM 02.90, GSM03.90, and GSM04.90, GSM09.02, GSM02.78, GSM0 3.78, and GSM09.78 has carried out detailed regulation to the technical specification of USSD.By USSD, can carry out two-way exchange between mobile subscriber MS and the GSM network functional entity based on text message, modal voice messaging information interchange mode has a great difference in this same GSM network in the past.Therefore, in the GSM network realization of USSD function can for mobile intelligent net new business provide and professional management etc. brings many convenience.That considers mobile intelligent net itself can provide the characteristics of new business flexibly, fast, and the realization of USSD function in mobile intelligent net can provide colourful data service for the GSM network.Simultaneously, this also be SCP support comprehensively CAMEL Phase2 standard must realize function.
The standard of USSD has experienced the evolution of three phases:
USSD phase 1: only support the USSD operation that portable terminal is initiated, the MAP operation of definition has only one, i.e. Proces s Unstructed SS Data (user side initiation);
USSD pha se 2: this is the present stage of supporting of USSD, and portable terminal and network side all can be initiated USSD operation, and in USSD conversation procedure, supports a plurality of continuous USSD operations.Network side both can have been initiated the USSD operation, also can send Notify message.This stage has increased the definition of three MAP operations: Unstructed SS Request (network terminal initiation), Unstructed SS Notify (network terminal initiation) and Process Unstructed SS Request (user side initiation);
USSD phase 2+: enhancement mode USSD (Enhanced USSD), supporting has a plurality of sessions between portable terminal and the network simultaneously, and supports to distinguish MMI pattern and bearing mode with DCS (Data Coding Scheme).Also do not form the final draft protocol specification at present.
In the GSM network, the mobile subscriber is exactly a speech data with the mutual modal mode of exchange of information between the GSM network, and this also is the most basic business that the GSM network provides.For more information exchange way except that speech data is provided in the GSM network, ETSI has introduced the USSD function in MAP standard and CAMEL standard, its purpose is exactly the ability of carrying out information interchange by text mode mutually between mobile subscriber and the GSM network in order to offer.And USSD has a very important characteristic, is about to existing GSM network as a transparent carrying entity, and Virtual network operator is formulated the corresponding service that meets local user's demand voluntarily by USSD.So, the USSD business just can almost not have any influence and increase new business to original system easily for the mobile subscriber provides data service, has kept the stability of original system.Therefore, USSD is a kind of supplementary service of GSM network.
In standard about USSD, the USSD data passes still by traditional speech data pipeline: MS<==MSC<==VLR<==HLR.Considered afterwards that mobile intelligent net used the needs of USSD function, in new standard, increased again HLR<==this USSD passing interface of gsmSCF to mobile intelligent net, what both sides used on this interface is the MAP signaling protocol of standard.Subscription data U-CSI (specific user's) and the UG-CSI (all users') of relevant USSD in HLR, have been increased simultaneously, to realize the triggering and the Route Selection of USSD service logic.USSD at the bang path in the mobile intelligent net system shown in Fig. 3 and 4, wherein:
Fig. 3 is that the user initiates the USSD service request from portable terminal, and network side is responded;
Fig. 4 then is that network side is initiated the USSD request, and mobile terminal side is replied after receiving.
The USSD signaling difference that dual mode uses.
The MAP operation of the relevant USSD that CAMEL Phase 2 gsmSCF need realize is as follows:
(a) Process Unstructed SS Data (handling the USS data) HLR-〉gsmSCF
(b) Process Unstructed SS Request (handling the USS request) HLR-〉gsmSCF
(c) Unstructed SS Notify (USS notice) gsmSCF-〉HLR
(d) Unstructed SS Request (USS request) gsmSCF-〉HLR
The not only payment information of present online payment system (comprises disbursement account, information such as payment) need be by the Internet transmission, payment authentication information (mainly being payment cipher) also transmits from the Internet together with payment information, thereby make Personal Finance information such as user's account and password expose fully on the internet, fail safe can not well be guaranteed, also is to use wideless main cause at present.
As shown in Figure 5, core of the present invention is exactly to set up the data transmission channel of a mobile network and online payment system between mobile network and the mobile intelligent net, with the portable terminal is input terminal, and then by this passage transmission payment authentication information, finish the authentication of online payment, thereby realize the active user authentication.
In actual use, in payment system, set up the disbursement account that and mobile terminal number have binding relationship,, use all payments of the user of internet authentication all to unify from this disbursement account, to transfer with the disbursement account of this account as the mobile subscriber; Because present mobile subscriber number all is single unduplicated, therefore, with the binding information of this mobile terminal number as disbursement account, is satisfactory, also is very easily.
Set up the authorization interface of payment system and mobile intelligent net open service platform (OSP) again.OSP is the external interface subsystem of SCP, and OSP and SCP are one-to-one relationships.OSP plays a part to insert external entity, communication carrier, message conversion in whole system.The SCP of standard only links to each other by standard agreement with GSM network entity and intelligent network entity, but can not link to each other with other off-gauge external entities.OSP then is the protocol conversion machine of SCP and various non-standard systems.Also played the effect that the ability opening of mobile network and intelligent network is used to external entity simultaneously.
Foregoing online payment system is registered in the Service Control Point of mobile intelligent net, and and the OSP interface of SCP physical connection is set, use for transfer of data.Both sides communicate by ICP/IP protocol, and Content of Communication mainly is:
Online payment system sends authentication request; In actual applications, the content of this authentication mainly contains: authentication phone number, dealing money, relevant informations such as authentication sign;
SCP utilizes each network element of mobile network to work in coordination with the authentication input information that obtains the cellphone subscriber after receiving request, returns to online payment system by authorization interface then, and this content mainly contains: authentication phone number, dealing money, trading password.
Mobile network of the present invention, can be the GSM mobile network that generally uses at present, also can be the mobile network that 3G uses, such as cdma network etc., on function realizes, do not have any difference, be chosen in realization internet authentication of the present invention on the GSM network of present use below.
In the present invention, a kind of mode is to set up a data transmission channel by the OSP interface of above-mentioned mobile network USSD technology and mobile intelligent net, on this passage, transmit user authentication information, because the USSD technology can make and carry out the text based two-way communication between user and the network functional entity, therefore, mobile phone users can send its authentication information with the mode of text, on the data transmission channel of the sealing that GSM provides, realize the splendid authentication of confidentiality.
The generation that the present invention is above professional, can be in the following way:
Service creation environment (SCE) increases internet authentication professional required service logic and business datum in business, form the internet authentication business logic modules, generates the internet authentication business;
Business management system (SMS) is loaded into SCP with service logic, business datum and the corresponding software module of this internet authentication business, and at SMAP (SMAP) the relevant configuration data of this business is set;
SCP receives the authentication request message that online payment system is sent here by OSP (Open Service Proxy) interface, start the authentication service logic, and the HLR and the current visited MSC/VLR of authentication user that belong to by authentication user carry out information interaction by USSD mechanism, obtain user's input information, and give online payment system by the OSP interface, finish the transmission of authentication information.
As shown in Figure 6, be based on the new authentication system framework of the payment system of USSD technology and intelligent movable network technology, it is mainly by SCP, MSC/VLR, and HLR, MS and online payment system are formed, and peripheral entity is mainly ecommerce SP.Wherein, SCP/OSP is meant the SCP that has the OSP interface, and MSC/VLR then is two different functional entitys, but these two functions realize together in a physical entity that generally so general literary style is MSC/VLR, expression has this two functions simultaneously.VLR is exactly the dynamic data base that MSC uses in fact.USSD information can be passed to VLR by HLR, passes to MSC (being generally internal interface) by VLR then, and then passes to mobile phone.
When the mobile subscriber initiates the payment request, may further comprise the steps:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by portable terminal terminal (WAP mode or short message way), after ecommerce SP receives user's service request, prompting asks the user to import its disbursement account information, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the mobile terminal number that this account is bound according to the account information in the payment request, and the SCP to this mobile terminal number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send USSD authentication request (as: your this turnover is an XX unit, please import your payment cipher) to the HLR of authentication mobile terminal number ownership, and information then awaits a response;
D, HLR receive the USSD request that SCP sends by the MAP signaling interface, and the VLR address at the present place of enquiry mobile terminal user is transmitted the USSD request to this VLR then;
E, MSC/VLR receive the USSD request that HLR sends by the MAP signaling interface, and then are forwarded on the portable terminal terminal that the user holds;
F, mobile subscriber receive the USSD request of transmitting from MSC/VLR by wave point, and (as: your this turnover is an XX unit, please import your payment cipher), directly on the portable terminal terminal, import own authentication responses information (payment cipher) and send back to the mobile network;
The authentication responses information (payment cipher) that g, MSC/VLR mobile terminal receive user beam back is also sent the HLR of user attaching back to;
H, HLR receive user's authentication responses information (payment cipher) and reply to the SCP of the request of sending;
The USSD authentication responses information (payment cipher) that i, SCP reply from HLR mobile terminal receive user also replies to payment system;
J, online payment system carry out authentication from the payment cipher information of portable terminal input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Except the USSD technology is arranged, use short message technology widely in addition on the present GSM network.Both differences are that USSD is a kind of GSM network data transmission technology of dialogue-based connection, and short message then is a kind of GSM network data transmission technology of transmitting based on storage.So because the application of USSD technology on China's existing network at present is extensive not enough, also can use based on-short message way and carry the transmission of authentication information, handling process is similar, just HLR has changed SMSC into, transmits agreement simultaneously and has also changed SMPP and MAP (short message) into by MAP (USSD).As shown in Figure 7, idiographic flow is as follows:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by mobile phone terminal (WAP mode or short message way), ecommerce SP asks the user to import its disbursement account information after receiving user's service request, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the phone number that this account is bound according to the account information in the payment request, and the SCP to this phone number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message (your this turnover is an XX unit, please import your payment cipher) to the SMSC of authentication phone number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of inquiry cellphone subscriber sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the mobile phone terminal that the user holds;
F, mobile subscriber receive the short message of transmitting from MSC/VLR by wave point, and (your this turnover is an XX unit, please import your payment cipher), directly on mobile phone terminal, import own authentication responses (payment cipher) and send back to the mobile network with short message way;
Authentication responses information (payment cipher) that g, MSC/VLR reception cellphone subscriber beams back and the SMSC of short message service center that sends user attaching back to;
H, SMSC receive user's authentication responses short message (payment cipher) and are transmitted to SCP by the SMPP agreement;
I, SCP receive the authentication responses short message (payment cipher) of cellphone subscriber's answer and the authentication content are replied to payment system from SMSC;
J, online payment system carry out authentication from the payment cipher information of mobile phone input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Except the USSD technology is arranged, use short message technology widely in addition on the present GSM mobile network.Both differences are that USSD is a kind of GSM network data transmission technology of dialogue-based connection, and short message then is a kind of GSM network data transmission technology of transmitting based on storage.So because the application of USSD technology on China's existing network at present is extensive not enough, also can use based on-short message way and carry the transmission of authentication information, handling process is similar, just HLR has changed SMSC into, transmits agreement simultaneously and has also changed SMPP and MAP (short message) into by MAP (USSD).Idiographic flow is as follows:
A, mobile subscriber's internet usage terminal or the special service or the commodity of directly asking ecommerce SP by mobile phone terminal (WAP mode or short message way), ecommerce SP asks the user to import its disbursement account information after receiving user's service request, sends the payment request according to user's disbursement account information and the payment system of dealing money information under the user then.
B, online payment system inquire the phone number that this account is bound according to the account information in the payment request, and the SCP to this phone number ownership sends authentication request then.
C, SCP receive the authentication request that payment system is sent by the OSP interface, send SMPP authentication request short message (as: your this turnover is an XX unit, please import your payment cipher) to the SMSC of authentication phone number ownership;
D, SMSC receive the short message information that SCP sends by the SMPP interface, and the MSC address at the present place of inquiry cellphone subscriber sends this short message to this MSC then;
E, MSC/VLR receive the short message that SMSC sends by the MAP signaling interface, and then are forwarded on the mobile phone terminal that the user holds;
F, mobile subscriber receive the short message of transmitting from MSC/VLR by wave point, and (as: your this turnover is an XX unit, please import your payment cipher), directly on mobile phone terminal, import own authentication responses (payment cipher) and send back to the mobile network with short message way;
Authentication responses information (as: payment cipher) that g, MSC/VLR reception cellphone subscriber beams back and the SMSC of short message service center that sends user attaching back to;
H, SMSC receive user's authentication responses short message (as: payment cipher) and are transmitted to SCP by the SMPP agreement;
I, SCP receive the authentication responses short message (as: payment cipher) of cellphone subscriber's answer and the authentication content are replied to payment system from SMSC;
J, online payment system carry out authentication from the payment cipher information of mobile phone input and the disbursement account that obtains from the Internet and dealing money information to this time transaction according to the user; Whether authentication success is then deducted fees to disbursement account, and successful according to withholing, and returns the corresponding payment response message for ecommerce SP;
K, ecommerce SP will judge according to the content of payment response message, if deduct fees successfully, then realize user's service request, if this user's service request is then cancelled in failure.
Because short message is that a kind of store-and-forward mechanism carries out work, transmission speed comparison USSD mode has certain decline, to being not so good as the USSD mode in the cooperation of real-time deal.
By technical scheme of the present invention, can between user and online payment system, build a text based real time data interchange channel, thereby can give online payment system by this passage user's information.As long as the user is mobile terminal number of binding in the account information of payment system on the net, then promptly can realize the input of payment cipher and the affirmation process of transaction by the pairing terminal of this mobile terminal number, in use, in fact user's public information transmits by two different data channel with authentication information, strengthened fail safe greatly, for user's internet authentication provides safe assurance.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.