WO2008089684A1 - Method and system for security authenticating through short message in communication terminal - Google Patents
Method and system for security authenticating through short message in communication terminal Download PDFInfo
- Publication number
- WO2008089684A1 WO2008089684A1 PCT/CN2008/070123 CN2008070123W WO2008089684A1 WO 2008089684 A1 WO2008089684 A1 WO 2008089684A1 CN 2008070123 W CN2008070123 W CN 2008070123W WO 2008089684 A1 WO2008089684 A1 WO 2008089684A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- payment
- account
- communication terminal
- short message
- information
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/04—Payment circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/105—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems involving programming of a portable memory device, e.g. IC cards, "electronic purses"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/26—Debit schemes, e.g. "pay now"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/325—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
- G06Q20/3255—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/12—Accounting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/18—Service support devices; Network management devices
- H04W88/182—Network node acting on behalf of an other network entity, e.g. proxy
Definitions
- the present invention relates to a secure authentication technique for information, and more particularly to a method and system for secure authentication of a communication terminal through short messages.
- an account payment method is to use a communication terminal to perform security authentication and complete payment through short messages.
- the method fully utilizes the huge number of users of communication terminals (including mobile phones, PHS or other devices with short message interaction functions), and the expansion of the number of bank card issuances, and binds a bank account or a third-party virtual account through the communication terminal.
- the communication terminal is used to send an SMS (Short Messaging Service) short message to a specific short message service number for transfer, shopping, and the like.
- SMS Short Messaging Service
- FIG. 1 it is a schematic diagram of current communication terminal performing security authentication by using a short message.
- the user first uses the short message interaction function of the communication terminal 101 to input important information such as the payee account, the payment amount, and the payment password, and sends the information to the short message interaction system 102 in a specific format.
- the short message interaction system 102 extracts the key information in the received short message, including the communication terminal number, the payee account, the payment amount, the payment password and the like, and finds a binding relationship with the communication terminal number.
- the payment account, and then the payment account, the payee account, the payment amount, the payment password and the like are continuously transmitted to the payment system 103.
- the payment system 103 transfers the payment amount from the user payment account to the payee account, and returns the operation information to the user.
- the biggest bottleneck for the communication terminal to perform SMS payment is the security problem.
- the current short message interaction system 102 is usually represented by an SP (Service Provider), and the short message interaction is in a clear format (unencrypted data format), when the user inputs the transfer information, the short message information will be in clear text.
- SP Service Provider
- the form is sent, and the short message information sent by the user is stored in the plaintext form on the user's communication terminal, so the user's payment information may be dangerous in the following two steps:
- the first is that when the proxy SP forwards the short message, since the short message content is extracted by the proxy SP party, if the proxy SP leaks important information such as the payment account, the payment password, the payee account, and the payment amount to others, the huge amount of the payment user will be caused.
- the current SMS gateway has stability problems, and the loss rate and delay rate of the short message are relatively high.
- the user may not receive the successful payment of the short message in time, causing the user to continuously initiate the transaction, or the short message system after the waiting time is reached. Send, causing the user to pay twice or even three times for a transaction.
- the technical problem to be solved by the present invention is to provide a method and a system for a communication terminal to perform security authentication through short messages, so as to solve the security problem that the short message in the short message payment mode is easily leaked by the proxy SP, and the user repeats due to the short message loss and delay.
- the problem of payment is to provide a method and a system for a communication terminal to perform security authentication through short messages, so as to solve the security problem that the short message in the short message payment mode is easily leaked by the proxy SP, and the user repeats due to the short message loss and delay.
- the present invention provides a method for a communication terminal to perform security authentication by using a short message, including:
- the communication terminal sends a short message payment request to the payment system via SP1, the request including the payee account identification and the payment amount;
- the payment system creates a payment record corresponding to the request, and sends the verification information to the communication terminal via the SP2; wherein the verification information includes the payee account identifier and the payment amount;
- the communication terminal After confirming that the payee account identifier and the payment amount in the verification information are correct, the communication terminal
- SP2 replies with confirmation information to the payment system
- the payment system performs a corresponding payment operation based on the payment record.
- the method further includes: when the payment system sends the verification information to the communication terminal via the SP2, randomly selecting one of the plurality of SP2s.
- the method further includes: generating a record number when the payment system creates the payment record, and including the sending of the verification information; and the confirmation information returned by the communication terminal is the record number.
- the record number is formed by combining any number of English letters or numbers, and is randomly generated each time.
- the method further includes: the payment system checking whether the account corresponding to the communication terminal and the payee account identifier exists in the established account information, and if yes, creating a payment record.
- the account identifier is an account number, or a payee communication terminal number, an email address, an account owner name, and an ID card number having a binding relationship with the account number; the verification letter further includes: a payment system
- the operation result is returned to the communication terminal via SP1 or SP2, and the payee communication terminal having a binding relationship with the payee account number.
- the present invention also provides a system for performing security authentication by a communication terminal by using a short message, comprising: a first short message interaction subsystem, configured to receive a short message payment request sent by the communication terminal, and forward the request to the account management subsystem; wherein the request Including the payee account identification and payment amount;
- An account management subsystem configured to create a payment record corresponding to the payment request, and send verification information to the second short message interaction subsystem, where the verification information includes a payee account identifier and a payment amount; and receives the corresponding After confirming the information, the corresponding payment operation is performed according to the payment record.
- a second short message interaction subsystem configured to receive the verification information, and forward the information to the communication terminal; and after receiving the confirmation message that the communication terminal confirms the payee account identifier and the payment amount in the verification information, forward the Account Management Subsystem.
- the second short message interaction subsystem is configured to be multiple, and when the account management subsystem sends the verification information to the second short message interaction subsystem, one of them is randomly selected.
- the account management subsystem includes: a database, configured to store account information, and a binding relationship between the communication terminal and the account information; a payment processing unit, configured to create a payment record corresponding to the communication terminal, and generate a record number;
- a payment processing unit configured to create a payment record corresponding to the communication terminal, and generate a record number;
- the authentication unit passes the authentication, the corresponding payment operation is performed according to the payment record;
- the authentication unit is configured to send the record number in the verification information to the second short message interaction subsystem, and if the received confirmation information is The matching record number is passed.
- the record number is formed by combining any number of English letters or numbers, and is randomly generated each time.
- the account management subsystem further includes: an account checking unit, configured to check whether there is an account corresponding to the communication terminal and the payee account identifier in the account information set up by the database, and if yes, trigger the payment processing unit to create a payment recording.
- the account identifier is a payee account number, or a communication terminal number, an email address, an account owner name, and an ID card number having a binding relationship with the account number; and the verification letter is related to the prior art.
- the present invention has the following advantages:
- the short message between the communication terminal and the payment system adopts the two-channel (SP1 and SP2) asynchronous transmission mechanism to solve the security problem in the transmission of short message plaintext.
- the SMS information is leaked on the proxy SP1 side, the payee account identifier and the payment amount in the short message content are changed to their own account identifier and amount, and after the payment system creates the payment record, it also needs to return the check through the proxy SP2 side.
- the information if the user finds that the payee account identifier and the payment amount are incorrect, the confirmation information will not be sent, and the payment system cannot process the payment, so the SMS information can be secured on the SP1 side.
- the proxy SP2 party leaks the short message information, the payee account identifier and the payment amount in the short message content are changed to their own account identification and amount, and directly reply to the payment system, since the payment record has been created, the reply The SMS is used to confirm that the created payment can be executed, so the SMS will be tampered with on the SP2 side and will not affect the correct payment processing.
- a plurality of agents SP2 are set, and each time the payment system sends the verification information to the user through the SP2, one of the random selections can also ensure the security in the transmission of the plaintext plaintext. Because if SP1 and any of the SP2 servers are controlled at the same time, the probability of randomly selecting the controlled SP2 is small, so illegal payment cannot be successful. Even in the case where SP1 and all SP2 servers are controlled at the same time, since the illegal person must create account information in the payment system to complete the payment, the illegal personnel information can be quickly found.
- the dual channel mechanism also solves the problem of SMS duplicate payment. If the short message sent by the user is resent by himself or the system due to loss or delay, the payment system will create multiple payment records for the same payment request, and the user will receive multiple verification messages, so the user can clearly Know the number of times you send a text message to cancel the double payment.
- the record number randomly generated when the payment record is created is sent to the user, and as the confirmation information returned by the user, on the one hand, the user can more clearly identify the multiple duplicate payment information corresponding to the same payment, and on the other hand, it is convenient.
- the payment system confirms the payment operation. Moreover, in the preferred embodiment of the present invention, any two of the 26 English letters are selected and arranged into a record number, so that the user can operate the reply and is simple and convenient.
- FIG. 1 is a schematic diagram of a communication terminal performing security authentication by using a short message in the prior art
- FIG. 2 is a flowchart of security authentication of a short message payment method according to an embodiment of the present invention
- FIG. 3 is a structural diagram of a security authentication system for a short message payment method according to an embodiment of the present invention.
- the present invention adopts a two-channel asynchronous transmission mechanism, and sets an SP server in two SP parties, and the short message information between the communication terminal and the payment system is transmitted through the SP1 plaintext, and is paid by SP2. Authentication, ensuring the security of SMS payments and avoiding duplicate payments.
- the communication terminal utilized by the payer includes a mobile phone, a PHS or other device having a short message interaction function
- the payment system may be set by a financial institution (such as a bank) or a third party providing a payment service, SP1 and SP2.
- the proxy server is set up by different SMS service providers.
- the user who uses the short message payment method sets up an account in advance in the payment system (the third party providing the payment service is a virtual account), registers the communication terminal number, and establishes a binding relationship between the communication terminal number and the account information.
- the account information includes the account number, personal information (name, address, etc.) of the account owner, account fund information, and the like.
- Step 201 The payment party sends a payment request to the SP1 by using the communication terminal in the form of a short message, where the request includes information such as a communication terminal number, a payee user identifier, and a payment amount for sending the short message.
- the payee user identifier may be an account number of the payee in the payment system, or may be a communication terminal number, or an email address (Email), or a payee name, or identity bound to the account number. Information such as the license number that uniquely identifies the user.
- the paying party sends the short message instruction "payee mobile phone number / email + amount" to the first SP (referred to as SP1) special service number 1000 (here, the example is not the actual special service number).
- Step 202 After receiving the short message payment request sent by the communication terminal, the SP1 extracts the communication terminal number, and uses the HTTPS protocol (Hypertext Transfer Protocol Secure Hypertext Transfer Protocol) to include the content of the “payee mobile phone number/email + amount”.
- Short message and payment party communication terminal number Send to the payment system.
- the present invention does not limit the protocol used by short messages in network transmission.
- Step 203 The payment system creates a payment record for the payer according to the short message instruction and according to the binding relationship between the payment party communication terminal number and the account information.
- a record number is also generated when the payment record is created, for example, ABC12345, which represents the transaction number created by the mobile phone short message payment. The use of the record number is detailed below.
- the record number is a string of Arabic numerals. If the user is allowed to reply to the actual record number, the text message input is error-prone and the operation is cumbersome.
- the payment system first checks whether the payer and the payee have the account information before receiving the payment request to create the payment record.
- the account information that is set up there is account information bound to the payee's mobile phone number/Email, and the account information bound to the payer's communication terminal number, before the transfer funds can be received; otherwise, the payment system returns to the payer's communication terminal. Information that the payee account does not exist.
- Step 204 The payment system performs payment authentication by sending verification information to the payer.
- the "payee name + record number + payment amount" and the payer communication terminal number are transmitted to the second SP (referred to as SP2) via the HTTPS protocol.
- the payee name may be extracted from the user personal information in the payee account information, or may be extracted from the short message content including the payee name.
- the payer usually needs to know the name of the payee, so from the perspective of user experience, the payee name is sent to the payer, but this implementation does not limit the information of other identifiable payee status.
- the name of the party is referred to as SP2
- the payee name + record number + payment amount and the payer communication terminal number
- the payee name may be extracted from the user personal information in the payee account information, or may be extracted from the short message content including the payee name.
- the payer usually needs to know the name of the payee, so from the perspective of user experience, the payee name is sent to the payer,
- the SP2 is provided in plurality, and each time the payment system sends the verification information to the payer through the SP2, one of the randomly selected ones is randomly selected, and the uncertainty of the SP2 is increased.
- SP1 is only set one, because SP1 not only provides the function of sending and receiving short messages, but also provides SMS payment function for registered users, that is, setting the SP server corresponding to the special service number, and SP2 can realize the sending and receiving of short messages.
- step 205 the SP2 forwards the short message "payee name + record number + payment amount" to the communication terminal number of the payer.
- step 206 After receiving the verification information, the payment party confirms that the name of the payee in the verification information and the payment amount are all requirements of the user, and then returns the confirmation information to SP2.
- the record number is used as the confirmation information, on the one hand, the user can more clearly recognize the plurality of duplicate payment information corresponding to the same payment, and on the other hand, the payment system can confirm the payment operation.
- Step 207 The SP2 forwards the confirmation information (such as a record number) to the payment system through the HTTPS protocol.
- Step 208 The payment system receives the record number of the payer, and compares with the record number sent in step 205. If the match is complete, the check succeeds and the corresponding payment operation is performed. According to the payment request, the payment amount in the payer's account is deducted, and the payment amount is transferred to the payee account; if the payer's account balance is insufficient, the short message is sent to the payer to indicate the insufficient balance information.
- Step 209 The payment system completes the payment operation, and sends the transfer result information to the SP1.
- Step 210 The SP1 forwards the transfer result information to the communication terminal number of the payer and the payee, and notifies the paying party that the transaction has been successfully completed.
- the payment system can also notify the payer and the payee via SP2.
- the payer sends a payment instruction to SP1, SP1 forwards the payment instruction to the payment system, and the payment system directly completes the payment. If the system resends due to a delay, or if the user does not receive a successful SMS and the user sends the payment instruction again, the user may pay twice for the same transaction.
- the payment system only creates two transactions. The transaction is not completed before the user confirms, and the user sends two transaction messages that need to be confirmed. The user can clearly understand the number of transactions, if With multiple payments due to delays and retransmissions, the user can choose to cancel the transaction.
- the above embodiment preferably transmits the record number as a part of the verification information to the user, and in the case of generating a plurality of payment records for the same payment, the user can more clearly recognize the duplicate payment by the different record number. Moreover, by simply replying to the record number, the payment system can know which payment was created and can be executed. In summary, the use of record numbers makes the operation of the entire certification process simple.
- the dual channel mechanism since the dual channel mechanism is adopted, the security of the short message payment process can be well ensured, so the payment system allows the payer to perform the payment operation without inputting the payment password, thereby avoiding the payment password being The short message was stolen during transmission.
- the present embodiment is stored in the payment system, and the risk that the proxy SP is illegally controlled to leak the user account information can be reduced.
- the present invention also provides a system for implementing the above-described process.
- FIG. 3 it is a structural diagram of a secure authentication system for a short message payment method according to an embodiment of the present invention.
- the system includes a first short message interaction subsystem 302, a second short message interaction subsystem 303, and an account management subsystem 304.
- the communication terminal 301 in the figure is a terminal device having a short message transceiving function, such as a mobile phone, a PHS, a PDA (PDA), etc., and a registered user sends a payment request to a specific short message service number by inputting a short message of a specific format.
- a specific short message service number For example, the payer sends a text message "Payee Phone Number / Email + Amount" to the special service number **** of the first short message interaction subsystem 302.
- the request includes information such as a communication terminal number for sending a short message, a payee user identification, and a payment amount.
- the payee user identifier may be an account number of the payee, or may be a communication terminal number bound with the account number, or an email address (Email), or a payee name, or an ID card number, etc.
- a letter that uniquely identifies the user The first short message interaction subsystem 302 and the second short message interaction subsystem 303 are configured to implement the short message interaction function with the communication terminal 301 through the HTTPS protocol, and are configured by different short message service providers.
- the dual-channel solution proposed for the security issue of payment replaces the original single-channel SMS.
- the first short message interaction subsystem 302 is configured to forward the short message payment request sent by the communication terminal 301 to the account management subsystem 304
- the second short message interaction subsystem 303 is used to forward the account management subsystem 304 to the communication terminal 301.
- a plurality of second short message interaction subsystems 303 are provided, and the account management subsystem 304 randomly selects one of the forwarding verification information to increase the uncertainty of the selection of the second short message interaction subsystem 303, thereby enhancing the security of the short message payment. Sex. As previously mentioned, it is to prevent the first short message interaction subsystem 302 and the second short message interaction subsystem 303 from being simultaneously controlled. However, the first short message interaction subsystem 302 is only provided one, because the first short message interaction subsystem 302 provides the communication terminal number management of the registered short message payment service, corresponding to a short message service number.
- the Account Management Subsystem 304 is used to handle various account services, either by a financial institution (such as a bank) or by a third party providing a payment service. If it is provided by a third party, the user account set by the system is a virtual account.
- the account management subsystem 304 includes a database 305, an account verification unit 306, a payment processing unit 307, and an authentication unit 308.
- the user using the SMS payment method needs to apply for a user account in the account management subsystem 304, and the account information is stored in the database 305.
- the database 305 also stores a binding mapping relationship between the account information and the communication terminal number, thereby reducing the risk of leakage of account information.
- the account verification unit 306 is a preferred setting of the present embodiment for searching the database 305 to check whether the SMS payer and the payee account are present. In order to prevent illegal tampering with the payee, if the tamper-receiving payee does not apply for an account in the account management subsystem 304, the short message payment cannot be performed, and the prompt information is returned to the communication terminal that sent the short message. If the account verification unit 306 finds the payer and payee accounts in the database, the payment processing unit 307 is triggered. The payment processing unit 307 is configured to create a payment record corresponding to the communication terminal number, and then wait for the authentication unit 308 to confirm whether the payment authentication is passed.
- the payment processing can be performed securely, and the processing result is passed through the first short message interaction subsystem. 302 or the second short message interaction subsystem 303 sends the communication terminal to the payer and the payee; otherwise, if the payment may be falsified, the created payment record is not executed, and the payer's account is guaranteed. Safety.
- the payment processing unit 307 performs a specific payment processing procedure: the payment processing unit 307 searches the payment account bound to the payer communication terminal number in the database 305, determines whether the account balance is greater than or equal to the payment amount, and if so, deducts the payment from the payment account. The amount, then transfer the payment amount to the payee account; if the account balance is insufficient, notify the payer.
- the authentication unit 308 is used to ensure the security of the payment process.
- the second short message interaction subsystem 303 sends the verification information to the payment party communication terminal. If the payment party's confirmation information is received, the payment processing unit 307 is triggered to complete the payment.
- the verification information includes a record number generated by the payment processing unit 307 when the payment record is created, a payee name extracted from the account information of the database 305, and a payment amount. After the payer receives the short message and confirms that the payee name and the payment amount are correct, the record number is returned to the authentication unit 308 through the second short message interaction subsystem 303.
- the authentication unit 308 checks whether the record number in the reply message matches the past transmission. If it is completely correct, the authentication is passed and the payment can be made securely.
- the record number is a string of letters or numbers.
- the coverage of the short message is very large, and the method and system provided by the above embodiments can avoid the security problem of the plaintext of the short message, avoid the problem of repeated transactions caused by the stability and delay of the short message, and bring the user's operation simple. Payment effect.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Technology Law (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/448,967 US8055558B2 (en) | 2007-01-23 | 2008-01-17 | Method and system for authentication via communication terminal using short message |
EP08700780.3A EP2128808A4 (en) | 2007-01-23 | 2008-01-17 | METHOD AND SYSTEM FOR SHORT MESSAGE SECURITY AUTHENTICATION IN A COMMUNICATION TERMINAL |
JP2009546635A JP5241736B2 (ja) | 2007-01-23 | 2008-01-17 | ショートメッセージを使用して通信端末を通じて認証を行うための方法及びシステム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007100027080A CN101232631B (zh) | 2007-01-23 | 2007-01-23 | 通信终端通过短信息进行安全认证的方法及系统 |
CN200710002708.0 | 2007-01-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2008089684A1 true WO2008089684A1 (en) | 2008-07-31 |
Family
ID=39644125
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2008/070123 WO2008089684A1 (en) | 2007-01-23 | 2008-01-17 | Method and system for security authenticating through short message in communication terminal |
Country Status (6)
Country | Link |
---|---|
US (1) | US8055558B2 (zh) |
EP (1) | EP2128808A4 (zh) |
JP (1) | JP5241736B2 (zh) |
CN (1) | CN101232631B (zh) |
HK (1) | HK1120982A1 (zh) |
WO (1) | WO2008089684A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013505601A (ja) * | 2009-09-17 | 2013-02-14 | ロイヤル カナディアン ミント | 高信頼性メッセージ記憶、転送プロトコルおよびシステム |
Families Citing this family (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101615472B1 (ko) | 2007-09-24 | 2016-04-25 | 애플 인크. | 전자 장치 내의 내장형 인증 시스템들 |
US8600120B2 (en) | 2008-01-03 | 2013-12-03 | Apple Inc. | Personal computing device control using face detection and recognition |
CN101730023A (zh) * | 2009-12-07 | 2010-06-09 | 中信银行股份有限公司 | 短信支付的方法和系统 |
CN101916407A (zh) * | 2010-08-16 | 2010-12-15 | 中国电信股份有限公司 | 移动支付平台、终端、方法和系统 |
US20120258693A1 (en) * | 2011-04-11 | 2012-10-11 | Amichay Oren | Systems and methods for providing telephony services |
US9002322B2 (en) | 2011-09-29 | 2015-04-07 | Apple Inc. | Authentication with secondary approver |
CA2845602C (en) * | 2011-10-12 | 2021-10-19 | Boost Payment Solutions, LLC | Electronic payment processing |
CN103095662B (zh) * | 2011-11-04 | 2016-08-03 | 阿里巴巴集团控股有限公司 | 一种网上交易安全认证方法及网上交易安全认证系统 |
CN103366303A (zh) * | 2012-03-28 | 2013-10-23 | 黄金富 | 手机购物方法和相应的手机购物电子商务系统 |
US20140025575A1 (en) * | 2012-07-20 | 2014-01-23 | Jasmeet Chhabra | Techniques for out-of-band transaction verification |
CN103581126A (zh) * | 2012-07-27 | 2014-02-12 | 中国银联股份有限公司 | 安全性信息交互系统、设备及方法 |
CN104182869A (zh) | 2013-05-22 | 2014-12-03 | 深圳市腾讯计算机系统有限公司 | 处理业务的方法、装置及系统 |
CN104424562A (zh) * | 2013-08-30 | 2015-03-18 | 南京中兴群力信息科技有限公司 | 手机支付方法及装置 |
US9898642B2 (en) | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
EP3063608B1 (en) | 2013-10-30 | 2020-02-12 | Apple Inc. | Displaying relevant user interface objects |
CN110807631A (zh) * | 2014-05-29 | 2020-02-18 | 苹果公司 | 用于支付的用户接口 |
US10043185B2 (en) | 2014-05-29 | 2018-08-07 | Apple Inc. | User interface for payments |
KR101627154B1 (ko) * | 2014-07-22 | 2016-06-13 | 주식회사 카카오 | 인스턴트 메시지를 이용한 결제 방법, 서버 및 애플리케이션 |
WO2016036552A1 (en) | 2014-09-02 | 2016-03-10 | Apple Inc. | User interactions for a mapping application |
CN105809443A (zh) * | 2014-12-30 | 2016-07-27 | 中兴通讯股份有限公司 | 自助购物异步支付的方法、移动终端及支付系统 |
CN105574725A (zh) * | 2015-05-07 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | 一种基于终端的交易用户身份识别方法及终端 |
CN106302558B (zh) * | 2015-05-11 | 2020-01-21 | 阿里巴巴集团控股有限公司 | 一种业务处理方法和装置 |
CN106302309A (zh) * | 2015-05-12 | 2017-01-04 | 阿里巴巴集团控股有限公司 | 一种业务处理方法和装置 |
US20160358133A1 (en) | 2015-06-05 | 2016-12-08 | Apple Inc. | User interface for loyalty accounts and private label accounts for a wearable device |
US9940637B2 (en) | 2015-06-05 | 2018-04-10 | Apple Inc. | User interface for loyalty accounts and private label accounts |
WO2017012060A1 (zh) * | 2015-07-21 | 2017-01-26 | 深圳市银信网银科技有限公司 | 开立电子凭证的方法、系统和装置 |
DK179186B1 (en) | 2016-05-19 | 2018-01-15 | Apple Inc | REMOTE AUTHORIZATION TO CONTINUE WITH AN ACTION |
US10621581B2 (en) | 2016-06-11 | 2020-04-14 | Apple Inc. | User interface for transactions |
CN109313759B (zh) | 2016-06-11 | 2022-04-26 | 苹果公司 | 用于交易的用户界面 |
DK201670622A1 (en) | 2016-06-12 | 2018-02-12 | Apple Inc | User interfaces for transactions |
US9842330B1 (en) | 2016-09-06 | 2017-12-12 | Apple Inc. | User interfaces for stored-value accounts |
US10860199B2 (en) | 2016-09-23 | 2020-12-08 | Apple Inc. | Dynamically adjusting touch hysteresis based on contextual data |
US10496808B2 (en) | 2016-10-25 | 2019-12-03 | Apple Inc. | User interface for managing access to credentials for use in an operation |
JP6110006B1 (ja) * | 2016-10-28 | 2017-04-05 | 株式会社リンクス | 携帯端末のショートメッセージ機能を利用した商品の決済方法、サーバ装置 |
US20180349880A1 (en) * | 2017-06-02 | 2018-12-06 | Apple Inc. | Peer transaction system |
CN107491949A (zh) * | 2017-07-29 | 2017-12-19 | 深圳市前海康启源科技有限公司 | 基于随机支付码的医疗支付安全系统及方法 |
CN107316196A (zh) * | 2017-07-29 | 2017-11-03 | 深圳市前海康启源科技有限公司 | 基于短信触发的医疗支付数据处理系统及方法 |
EP4156129A1 (en) | 2017-09-09 | 2023-03-29 | Apple Inc. | Implementation of biometric enrollment |
KR102185854B1 (ko) | 2017-09-09 | 2020-12-02 | 애플 인크. | 생체측정 인증의 구현 |
CN108173866A (zh) * | 2017-12-29 | 2018-06-15 | 苏州麦迪斯顿医疗科技股份有限公司 | 胸痛中心认证数据的集成方法、装置、设备及存储介质 |
CN110119943A (zh) * | 2018-02-05 | 2019-08-13 | 李宝隆 | 一种短信支付方法及系统和支付平台系统 |
JP2019175042A (ja) * | 2018-03-28 | 2019-10-10 | 沖電気工業株式会社 | 取引処理システム、取引処理装置およびプログラム |
US11170085B2 (en) | 2018-06-03 | 2021-11-09 | Apple Inc. | Implementation of biometric authentication |
US10860096B2 (en) | 2018-09-28 | 2020-12-08 | Apple Inc. | Device control using gaze information |
US11100349B2 (en) | 2018-09-28 | 2021-08-24 | Apple Inc. | Audio assisted enrollment |
CN109583872A (zh) * | 2018-11-30 | 2019-04-05 | 阿里巴巴集团控股有限公司 | 支付方法和装置 |
US11328352B2 (en) | 2019-03-24 | 2022-05-10 | Apple Inc. | User interfaces for managing an account |
US11663591B2 (en) * | 2019-04-10 | 2023-05-30 | Mastercard International Incorporated | Facilitation of real-time payment network transactions |
US11477609B2 (en) | 2019-06-01 | 2022-10-18 | Apple Inc. | User interfaces for location-related communications |
US11481094B2 (en) | 2019-06-01 | 2022-10-25 | Apple Inc. | User interfaces for location-related communications |
US11169830B2 (en) | 2019-09-29 | 2021-11-09 | Apple Inc. | Account management user interfaces |
AU2020356269B2 (en) | 2019-09-29 | 2023-04-06 | Apple Inc. | Account management user interfaces |
DK180985B1 (da) | 2020-04-10 | 2022-09-02 | Apple Inc | Brugergrænseflader for muliggørelse af en aktivitet |
US11816194B2 (en) | 2020-06-21 | 2023-11-14 | Apple Inc. | User interfaces for managing secure operations |
US11888854B2 (en) | 2021-08-23 | 2024-01-30 | The Toronto-Dominion Bank | Systems and methods for authenticating end users of a web service |
CN114493589B (zh) * | 2021-12-28 | 2023-01-20 | 广州盖盟达工业品有限公司 | 一种网络安全支付方法及其系统 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1794298A (zh) * | 2005-12-31 | 2006-06-28 | 北京易富金川科技有限公司 | 基于手机短信的信息采集、传输、处理系统和方法 |
CN101051372A (zh) * | 2006-04-06 | 2007-10-10 | 北京易富金川科技有限公司 | 电子商务中对金融业务信息安全认证的方法 |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH03179863A (ja) * | 1989-09-04 | 1991-08-05 | Hitachi Ltd | 自動取引方法および装置 |
US6868391B1 (en) | 1997-04-15 | 2005-03-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Tele/datacommunications payment method and apparatus |
US6385596B1 (en) | 1998-02-06 | 2002-05-07 | Liquid Audio, Inc. | Secure online music distribution system |
US6233565B1 (en) | 1998-02-13 | 2001-05-15 | Saranac Software, Inc. | Methods and apparatus for internet based financial transactions with evidence of payment |
EP0986275B1 (de) * | 1998-09-10 | 2009-09-09 | Swisscom AG | Verfahren zum Kaufen von Waren oder Dienstleistungen mit einem Mobiltelefon |
US7069234B1 (en) | 1999-12-22 | 2006-06-27 | Accenture Llp | Initiating an agreement in an e-commerce environment |
US6629081B1 (en) | 1999-12-22 | 2003-09-30 | Accenture Llp | Account settlement and financing in an e-commerce environment |
TW550477B (en) | 2000-03-01 | 2003-09-01 | Passgate Corp | Method, system and computer readable medium for Web site account and e-commerce management from a central location |
US6816721B1 (en) * | 2000-04-05 | 2004-11-09 | Nortel Networks Limited | System and method of purchasing products and services using prepaid wireless communications services account |
FR2814880B1 (fr) * | 2000-10-04 | 2003-03-28 | Magicaxess | Circuit d'inversion pour les conventions directe et indirecte d'un module electronique |
JP2001338250A (ja) * | 2000-05-30 | 2001-12-07 | Yozan Inc | 口座端末、決済端末及び通信端末 |
US6877094B1 (en) | 2000-07-28 | 2005-04-05 | Sun Microsystems, Inc. | Method and apparatus for authentication and payment for devices participating in Jini communities |
JP2002099716A (ja) * | 2000-09-25 | 2002-04-05 | Masanao Kuninobu | 電子決済システム |
EP2284784B1 (en) | 2002-06-12 | 2017-12-13 | CardinalCommerce Corporation | Universal merchant platform for payment authentication |
US20040019564A1 (en) * | 2002-07-26 | 2004-01-29 | Scott Goldthwaite | System and method for payment transaction authentication |
JP2004062771A (ja) * | 2002-07-31 | 2004-02-26 | Show Engineering:Kk | インターネットバンクの口座を用いた決済システム |
ITRM20020656A1 (it) * | 2002-12-30 | 2004-06-30 | Luigi Cicione | Metodo per l'autorizzazione di delegazioni di pagamento, in particolare per pagamenti effettuati su internet con carte di credito, e relativo sistema. |
AU2004252925B2 (en) * | 2003-06-30 | 2006-10-26 | Selvanathan Narainsamy | Transaction verification system |
CN1494283A (zh) * | 2003-09-25 | 2004-05-05 | 邵军利 | 短信息支付网关 |
JP2005293343A (ja) * | 2004-04-01 | 2005-10-20 | Hitachi Software Eng Co Ltd | 電子商取引システムにおける与信処理方法 |
JP2006238128A (ja) * | 2005-02-25 | 2006-09-07 | Sony Corp | 通信システム、通信装置、および通信方法 |
US7472822B2 (en) * | 2005-03-23 | 2009-01-06 | E2Interactive, Inc. | Delivery of value identifiers using short message service (SMS) |
US20070156579A1 (en) * | 2006-01-05 | 2007-07-05 | Ubequity, Llc | System and method of reducing or eliminating change in cash transaction by crediting at least part of change to buyer's account over electronic medium |
CN1811807A (zh) * | 2006-03-07 | 2006-08-02 | 刘进 | 利用语音和短信通讯完成个人对个人支付的方法和系统 |
-
2007
- 2007-01-23 CN CN2007100027080A patent/CN101232631B/zh active Active
-
2008
- 2008-01-17 WO PCT/CN2008/070123 patent/WO2008089684A1/zh active Application Filing
- 2008-01-17 JP JP2009546635A patent/JP5241736B2/ja active Active
- 2008-01-17 EP EP08700780.3A patent/EP2128808A4/en not_active Ceased
- 2008-01-17 US US12/448,967 patent/US8055558B2/en active Active
- 2008-12-30 HK HK08114058.2A patent/HK1120982A1/xx unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1794298A (zh) * | 2005-12-31 | 2006-06-28 | 北京易富金川科技有限公司 | 基于手机短信的信息采集、传输、处理系统和方法 |
CN101051372A (zh) * | 2006-04-06 | 2007-10-10 | 北京易富金川科技有限公司 | 电子商务中对金融业务信息安全认证的方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2128808A4 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013505601A (ja) * | 2009-09-17 | 2013-02-14 | ロイヤル カナディアン ミント | 高信頼性メッセージ記憶、転送プロトコルおよびシステム |
US9071444B2 (en) | 2009-09-17 | 2015-06-30 | Royal Canadian Mint/Monnaie Royale Canadienne | Trusted message storage and transfer protocol and system |
Also Published As
Publication number | Publication date |
---|---|
US20100082462A1 (en) | 2010-04-01 |
EP2128808A4 (en) | 2015-01-21 |
EP2128808A1 (en) | 2009-12-02 |
CN101232631B (zh) | 2011-08-31 |
CN101232631A (zh) | 2008-07-30 |
JP2010517390A (ja) | 2010-05-20 |
HK1120982A1 (en) | 2009-04-09 |
JP5241736B2 (ja) | 2013-07-17 |
US8055558B2 (en) | 2011-11-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008089684A1 (en) | Method and system for security authenticating through short message in communication terminal | |
US11595368B2 (en) | Secure communications using loop-based authentication flow | |
US20200336315A1 (en) | Validation cryptogram for transaction | |
US7606560B2 (en) | Authentication services using mobile device | |
US8285640B2 (en) | System and methods for facilitating fund transfers over a network | |
US20090106138A1 (en) | Transaction authentication over independent network | |
JP2013514556A (ja) | 安全に取引を処理するための方法及びシステム | |
CN110073387A (zh) | 证实通信设备与用户之间的关联 | |
KR20100054757A (ko) | 대역밖 인증을 이용한 지불 거래 처리 | |
WO2015065249A1 (ru) | Способ и система защиты информации от несанкционированного использования (её варианты) | |
US8577766B2 (en) | Secure transactions using non-secure communications | |
US20210258324A1 (en) | System and method for message recipient verification | |
US11978032B2 (en) | System and method for performing peer to peer transfers | |
Cobourne et al. | Using the smart card web server in secure branchless banking | |
US20220122177A1 (en) | Blockchain-based transaction | |
Kumar et al. | A system model and protocol for Mobile Payment Consortia System | |
Wafula Muliaro et al. | Enhancing Personal Identification Number (Pin) Mechanism To Provide Non-Repudiation Through Use Of Timestamps In Mobile Payment Systems. | |
Ugwu et al. | A Secured Mobile Payment Transaction Protocol for Android Systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08700780 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12448967 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2009546635 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2008700780 Country of ref document: EP |