CN1547144A - Internet safety payment system - Google Patents
Internet safety payment system Download PDFInfo
- Publication number
- CN1547144A CN1547144A CNA2003101172670A CN200310117267A CN1547144A CN 1547144 A CN1547144 A CN 1547144A CN A2003101172670 A CNA2003101172670 A CN A2003101172670A CN 200310117267 A CN200310117267 A CN 200310117267A CN 1547144 A CN1547144 A CN 1547144A
- Authority
- CN
- China
- Prior art keywords
- payment
- client
- bank
- trade company
- payment gateway
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a system for payment on the internet safely. The system is made up of paying gateway, business terminal software, the client terminal software and website calling component. Through the call to the browser and the component on the website, each part of the system cooperates and completes the payment of bank card. The communication between the parts of the system uses public key certification safety technology, and embeds the personal code processing model of the third side (bank) in the client terminal software, ensures the safety of transaction. The system supports the magnetism bard card transaction of bank and the standard IC card transaction.
Description
Technical field
The invention belongs to and on the INTETNET network, realize paying by mails, belong to e-commerce field.
Background technology
Realize on the INTERNET network that at present payment of bank card has diversified form, specifically comprises following mode:
● the SET technology of EMV tissue;
● the VISA-3D technology of VISA tissue;
● the domestic first letter is by the mode of each Web bank of commercial bank;
● other electronic money or the like.
In the middle of these modes of payments, the SET technology, EMV oneself promotes failure, may not can go again and promotes; Other electronic money technology are not used on a large scale because huge performance difficulty is arranged yet.Stress that at this VISA relatively payes attention to the VISA-3D technology of popularization and the payment technology of the capital electronic emporium of first letter now.
The payment technology of first letter at first is described.First letter payment is as the intermediary of payment, and just the request that will pay is transferred to the affiliated Web bank of corresponding bank card and got on, and carries out transaction processing by the requirement of the Web bank under the bank card.In this process, need through conversion of page several times: from the e-commerce website to head, believe intermediary's page, the bank under selecting from intermediary's page of head letter; Believe that from head intermediary's page forwards the page of Web bank under the corresponding bank card to then, according to the requirement input card number and the password of Web bank, pay successfully after, transfer to again on the page of e-commerce website.Payment process is long, the operational administrative trouble.The holder will select bank, and contrasts corresponding bank card, requires the holder to know these unpaired messages and correct the selection.Though client is a generic browser, and is easy to use, information such as shopper's address must be handled in addition; And can only utilize the security of browser self, when perhaps there is client in each Web bank of tame bank, consider to download a plurality of client-side program that need different bank, this make use inconvenient more.
As for VISA-3D, then except its emphasis will be promoted second trading password on the internet, process was identical with the processing of first letter, has consistent shortcoming too.
The present invention develops at the shortcoming of existing online payment just.It can solve the problem that payment process is simplified, and can simplify the processing of client under the higher situation of safety requirements, and at the general information of client stores and access customer, as necessary information of ecommerce such as address information, the information of writing to each other; Can also handle the IC-card off line payment transaction that is widely used with safe prospect.
Summary of the invention
The invention discloses the bank card paying system of the safety on a kind of internet.
Internet security payment system of the present invention mainly partly is made up of payment gateway, client, trade company's end and webpage invocation component etc.
Internet security payment system framework of the present invention is referring to Fig. 1.
Following each several part is described respectively below:
Payment gateway
Payment gateway has following 2 class function treatment:
● management function;
● the transaction processing function.
Management function comprises:
● configuration feature; Configuration certificate etc.
● function is set; Controlled variable etc. is set.
● trade company's management function; Manage interpolation, deletion, change attribute of different trade companies etc.
● functions such as printing, inquiry, manual reconciliation.
The transaction processing function comprises:
● with the function that communicates to connect of bank;
● handle magnetic stripe card trading, accounting checking is just being dashed, clearance; The transaction of processing IC-card;
● certificate propagation function, the function that trade company authenticates, safety encipher function.
Client software
The function treatment of client comprises:
● receive the sequence information of trade company's end;
● handle the mutual of man-machine interface, finish the input of bank card information;
● finish data encryption and Control on Communication;
● preserve and inquiry this locality of electronics receipt;
● configuration client parameter comprises: name, address, phone etc.;
● client is downloaded by the website, and user oneself installs and gets final product.
Trade company's end software
The function treatment of trade company's end interface comprises:
● the address function of configuration payment gateway;
● the certificate function of configuration trade company end;
● signature transmits sequence information;
● data recording;
● check account with payment gateway.
Invocation component
The function treatment of invocation component comprises:
● client is initiated transaction request;
● transmit parameter transaction;
● receive transaction results.
Payment flow
Payment flow is deferred to following step referring to Fig. 2:
1. the client browses the retrieval commodity on the website of trade company, finally places an order.
2. the merchant website backstage requires the order payment to pass to the client by the webpage backstage.
3. after the client confirmed that the paying of this order requires, by the payment assembly of webpage, foundation was connected with the safety communication of payment gateway, and initiated payment transaction.
4., then directly control and carry out the PBOC process of exchange by payment gateway if customer selecting is used the bank card business dealing that meets the PBOC standard.
5. if customer selecting uses bank's magnetic stripe card trading (when taking this mode, the client needs to input Transaction Information such as card number, the term of validity, password and sends to payment gateway in step 3, wherein the password input is responsible for by the module that bank provides), payment gateway will be responsible for this transaction request is forwarded to corresponding bank.Payment gateway will receive the result of bank's processing transaction simultaneously and record in the database.
6. trade company is to payment gateway inquiry order transaction state.
7. payment gateway result that bank is handled combines with order number and sends/return (at the inquiry of trade company) to trade company.
8. the step of the 4th among the figure need reply for after the mandate that obtains bank one of client when the magnetic stripe card payment of using bank, makes the client know the object information of payment clearly.
Above module all is the problem that software is realized.According to the main body payment flow, realize the function of each above module, can realize the present invention.
Description of drawings
The framework of Fig. 1 safety payment system of the present invention;
Fig. 2 payment flow diagram of the present invention;
Concrete embodiment
Enforcement of the present invention is the enforcement of cover software systems.
Internet security payment system framework of the present invention is referring to Fig. 1.
Comprise following several sections in the system respectively:
● payment gateway;
● client software;
● trade company's end;
● the webpage invocation component.
In the present embodiment, the running environment of payment gateway, trade company's end is as follows:
● software environment: Windows 2000.
● hardware environment: CPU: hard disk: internal memory: peripheral hardware.
● network environment: TCP/IP network and communications protocol.
The running environment of client is as follows:
● software environment: Windows 2000.
● hardware environment: CPU: hard disk: internal memory: peripheral hardware.
● network environment: network requirement, communications protocol.
The browser that uses is IE EXPLOER4.0;
The invocation component of using takes the form of com component to realize.
Payment gateway
Payment gateway has 2 following class function treatment:
The ■ management function;
■ transaction processing function.
Management function comprises:
The ■ configuration feature; Configuration certificate etc.
■ is provided with function; Controlled variable etc. is set.
■ trade company management function; Manage interpolation, deletion, change attribute of different trade companies etc.
Functions such as ■ printing, inquiry, manual reconciliation.
The transaction processing function comprises:
■ and bank communicate to connect function;
■ handles the IC-card transaction;
■ handles magnetic stripe card trading, and accounting checking is just being dashed, clearance;
■ certificate propagation function, the function that trade company authenticates, safety encipher function.
Payment gateway disposes certificate, comprises the certificate of self, also comprises the certificate of trade company's end and the certificate of client.
Payment gateway is provided with parameter, controls the different processing parameters and the transaction limits of trade company, such as setting time-out time, limits some trade company and can not do some transaction etc.IC-card card reader messaging parameter etc. is set in addition.
Management function comprises trade company's management function, manages interpolation, deletion, change attribute of different trade companies etc.; The client-side management function, the replacing of administrative client, version etc.; System management function is handled inquiry, is printed; The accounting management function, sorting, manual reconciliation etc.
The more important thing is the transaction processing function, comprising:
● dynamically PSAM card management;
● be connected with client, the many transactions of concurrent processing comprise and handle IC-card transaction and magnetic stripe card trading;
● carry out safe being connected with bank, carry out real-time deal mandate, accounting checking etc.
Client software
The function treatment of client comprises:
■ receives the order information of trade company's end;
■ handles the mutual of man-machine interface;
■ finishes data encryption and Control on Communication;
Preserve and inquiry this locality of ■ electronics receipt;
■ client downloads and installation.
Client on client computer, is used local IC-card card reader by installation and configuration by the Internet download.
Client is resident to be operated in the client computer, and the wait component call is communicated by letter with it.After the communication of receiving assembly, client establishes a communications link according to the address information and the payment gateway of assembly transmission, transmits and verify the identity characteristic of trade company.
Embed the certificate of client in the client-side program, comprised PKI and private key.Use its PKI and private key, client is set up safe communication with payment gateway and is connected.
Client is provided with in this locality and preserves client's parameter, comprising: mailing address, and telephone number, name, or the like.And can inquire about and revise.In addition, client also is provided with the journal file of payment processes, and result and the digital signature information that payment gateway can be returned are preserved, and handles as the electronics receipt.In the effect that the preservation of this locality can get up to back up, be convenient to the mental habit that the client inquired about and met the client simultaneously.The electronics receipt is kept at this locality, and to be payment gateway confirm the later confirmation of replying to the payment behavior with so-called electronics receipt, generally will comprise descriptor and signing messages, as bank to public receipt.
The payment parameter ground of finishing alternately of man-machine interface is imported and is heavily failed, returns or the like.
In addition, client embeds third party's confidential information load module, such as the encrypted message load module that is provided by bank and manage.In the time of the input password, just eject software keyboard, the input of control password by this module controls.This module outputs to later client with password and out of Memory encryption.Client can't be deciphered this enciphered message.Client can embed how tame third-party confidential information input control module.
Trade company's end software
Software is held by trade company, comprises 2 parts, and trade company holds and pays the irrelevant partly and later payment interface processing section of interpolation payment function own.
In the present embodiment, trade company's end is a simple example with the part that payment has nothing to do; Emphasis is and relevant control and the processing of payment: i.e. the function treatment of trade company's end interface.
The function treatment of trade company's end interface comprises:
The address function of ■ configuration payment gateway;
The certificate of ■ configuration trade company end;
The ■ signature transmits order information;
The data recording of ■ transaction;
■ is connected with payment gateway and checks account.
The parameter of trade company's end configuration payment gateway, and in transaction, give client by component passes with it, client is connected with payment gateway in view of the above.
The configuration of trade company certificate is configured in trade company's end with the certificate of trade company, by this certificate order is signed, and verifies the authenticity of this signature with the affirmation Payment Request at payment gateway.
Trade company's end is by webpage assembly and the mutual processing orders information of client.
Trade company's end keeps long with payment gateway and is connected, so that in time transmit the response message of payment; And processing such as trade company holds and payment gateway will be checked account.
Invocation component
The function treatment of invocation component comprises:
■ initiates transaction request to client;
■ transmits parameter transaction;
■ receives transaction results.
Invocation component mainly is to handle and being connected of client, and transmits process information between holding in client and trade company.Invocation component is the form realization with com component.
Payment flow
Payment flow is deferred to following step referring to Fig. 2:
1. the client browses the retrieval commodity on the website of trade company, finally places an order.
2. the merchant website backstage requires the order payment to pass to the client by the webpage backstage.
3. after the client confirmed that the paying of this order requires, by the payment assembly of webpage, foundation was connected with the safety communication of payment gateway, and initiated payment transaction.
4., then directly control and carry out the PBOC process of exchange by payment gateway if customer selecting is used the bank card business dealing that meets the PBOC standard.
5. if customer selecting uses bank's magnetic stripe card trading (when taking this mode, the client needs to input Transaction Information such as card number, the term of validity, password and sends to payment gateway in step 3, wherein the password input is responsible for by the module that bank provides), payment gateway will be responsible for this transaction request is forwarded to corresponding bank.Payment gateway will receive the result of bank's processing transaction and record in the database.
6. trade company's end is to payment gateway inquiry order transaction state.
7. payment gateway result that bank is handled combines with order number and sends/return (at the inquiry of trade company) to trade company.
8. the step of the 4th among the figure need reply for after the mandate that obtains bank one of client when the magnetic stripe card payment of using bank, makes the client know the object information of payment clearly.
According to above-mentioned flow process, use described assembly and module, just can finish the designed function of the present invention.
Claims (9)
1. internet security payment system is characterized in that: system comprises payment gateway, trade company end software, client software and four ingredients of webpage invocation component.By the mode of browser online, in conjunction with above each several part software module, payment flow is according to the rules finished safe bank card (comprising magnetic stripe card and IC-card) payment.Wherein:
● payment gateway, be connected with client with trade company end, processing transaction request and transaction are replied; Is connected simultaneously with bank, handle with the transaction request of bank with reply.Payment gateway is also handled the management to trade company and account, handles the fund sorting.
● trade company end software, is connected with payment gateway, handle mutual between payment information and the payment gateway, by the webpage assembly handle sequence information and client alternately.
● client software, reside in the client computer, hold with trade company by the webpage invocation component to be connected; Receiver address is connected with payment gateway, handles the input and the interactive operation of payment information, and receives the result of payment and return to the webpage invocation component.
● the webpage invocation component, browser by invocation component realize with client between communicate by letter, transmit sequence information and Payment Request/response message.
2. internet security payment system according to claim 1 is characterized in that: payment gateway can be connected with how tame bank; Dispose a plurality of PSAM cards that meet People's Bank of China's standard IC-card transaction, and support the IC-card transaction of multipath concurrence; Support the concurrent transaction of bank's magnetic stripe card;
3. according to the internet security payment system of claim 2, it is characterized in that: payment gateway authenticates trade company's end and client by the mode of public key certificate, takes the authentication and the communication encryption of PKI (indicating English) framework processing and trade company's end and client.
4. according to the internet security payment system of claim 2, it is characterized in that: payment gateway is cleared account and the trade company that payment forms, and the function of manual setting account is provided; Simultaneously, client is carried out version management and grouping management.
5. internet security payment system according to claim 1 is characterized in that: trade company's end software is by the IP address configuration of public key certificate configuration, payment gateway, with cipher mode and payment gateway and client communication.
6. internet security payment system according to claim 1 is characterized in that: client software is self-contained private key and certificate information (comprising version, group etc.), and realize interactive authentication and coded communication between the trade company end, payment gateway.Client software is configurable at PC, and the PDA palm PC is on the multiple hardwares platforms such as mobile phone.
7. internet security payment system according to claim 6 is characterized in that: client software can be selected a nested cover or overlap third-party confidential data input control module more.Such as the one-way function that bank provides, be used for the input of the holder of bank password.
8. internet security payment system according to claim 6 is characterized in that: the read-write of client software control IC-card read write line, handle the IC-card transaction that meets the People's Bank's standard; And handle the electronics receipt that payment gateway returns, store.
9. internet security payment system according to claim 6 is characterized in that: client software is after download, at the general information of this machine configure user, such as name, address, phone or the like.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2003101172670A CN1547144A (en) | 2003-12-10 | 2003-12-10 | Internet safety payment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2003101172670A CN1547144A (en) | 2003-12-10 | 2003-12-10 | Internet safety payment system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1547144A true CN1547144A (en) | 2004-11-17 |
Family
ID=34337752
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2003101172670A Pending CN1547144A (en) | 2003-12-10 | 2003-12-10 | Internet safety payment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1547144A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009005A (en) * | 2006-01-24 | 2007-08-01 | 中国电信股份有限公司 | Method, system and platform for securing safety of payment based on internet |
| CN102034323A (en) * | 2009-12-01 | 2011-04-27 | 孙伟 | Public traffic one-card service system and implementation method, service platform and point of sale (POS) machine thereof |
| CN102096872A (en) * | 2011-02-12 | 2011-06-15 | 中国工商银行股份有限公司 | Method and device for safety detection of online banking payment information |
| CN102938120A (en) * | 2011-08-15 | 2013-02-20 | 徐雷 | IP multimedia subsystem (IMS) trade payment system |
| CN103856458A (en) * | 2012-12-04 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Page authentication method and device |
| WO2014101078A1 (en) * | 2012-12-28 | 2014-07-03 | 华为技术有限公司 | Payment method, payment gateway and payment client |
| CN101515939B (en) * | 2008-01-18 | 2016-04-13 | 黑莓有限公司 | For carrying out the system and method for network interaction between computing equipment |
| WO2017152753A1 (en) * | 2016-03-07 | 2017-09-14 | 阿里巴巴集团控股有限公司 | Service execution method and device |
| CN108256837A (en) * | 2016-12-28 | 2018-07-06 | 天津邦新翔科技有限公司 | A kind of convenient and safe payment software system |
| CN109690594A (en) * | 2016-07-01 | 2019-04-26 | 万事达卡国际股份有限公司 | Promote the method for payment using instant messaging application program |
-
2003
- 2003-12-10 CN CNA2003101172670A patent/CN1547144A/en active Pending
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009005A (en) * | 2006-01-24 | 2007-08-01 | 中国电信股份有限公司 | Method, system and platform for securing safety of payment based on internet |
| CN101009005B (en) * | 2006-01-24 | 2013-03-20 | 中国电信股份有限公司 | Method, system and platform for securing safety of payment based on internet |
| CN101515939B (en) * | 2008-01-18 | 2016-04-13 | 黑莓有限公司 | For carrying out the system and method for network interaction between computing equipment |
| CN102034323A (en) * | 2009-12-01 | 2011-04-27 | 孙伟 | Public traffic one-card service system and implementation method, service platform and point of sale (POS) machine thereof |
| CN102034323B (en) * | 2009-12-01 | 2012-11-28 | 孙伟 | Public traffic one-card service system and implementation method, service platform and point of sale (POS) machine thereof |
| CN102096872B (en) * | 2011-02-12 | 2015-07-29 | 中国工商银行股份有限公司 | A kind of Web bank's payment information safety detection method and device |
| CN102096872A (en) * | 2011-02-12 | 2011-06-15 | 中国工商银行股份有限公司 | Method and device for safety detection of online banking payment information |
| CN102938120A (en) * | 2011-08-15 | 2013-02-20 | 徐雷 | IP multimedia subsystem (IMS) trade payment system |
| CN102938120B (en) * | 2011-08-15 | 2016-08-10 | 徐雷 | IMS trading payment system |
| CN103856458A (en) * | 2012-12-04 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Page authentication method and device |
| CN103856458B (en) * | 2012-12-04 | 2018-12-11 | 腾讯科技(深圳)有限公司 | Page authentication method and device |
| US10755328B2 (en) | 2012-12-04 | 2020-08-25 | Tencent Technology (Shenzhen) Company Limited | Method and mobile terminal device for certifying webpage |
| WO2014101078A1 (en) * | 2012-12-28 | 2014-07-03 | 华为技术有限公司 | Payment method, payment gateway and payment client |
| WO2017152753A1 (en) * | 2016-03-07 | 2017-09-14 | 阿里巴巴集团控股有限公司 | Service execution method and device |
| US11347825B2 (en) | 2016-03-07 | 2022-05-31 | Advanced New Technologies Co., Ltd. | Service execution method and device |
| US11755679B2 (en) | 2016-03-07 | 2023-09-12 | Advanced New Technologies Co., Ltd. | Service execution method and device |
| CN109690594A (en) * | 2016-07-01 | 2019-04-26 | 万事达卡国际股份有限公司 | Promote the method for payment using instant messaging application program |
| CN108256837A (en) * | 2016-12-28 | 2018-07-06 | 天津邦新翔科技有限公司 | A kind of convenient and safe payment software system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1166146C (en) | Course, system and telephone set for remote payment using mobile radio telephone set | |
| CN1647089A (en) | Electronic transfer system | |
| CN1941009A (en) | Method for realizing fee payment by mobile telecommunication terminal | |
| CN1681260A (en) | Processing system between enterprise and bank service abutting joint | |
| CN101034449A (en) | Method, system and mobile terminal for implementing electronic payment | |
| CN1700641A (en) | Digital signature assurance system, method, program and apparatus | |
| CN1270682A (en) | Retail method over a wide area network | |
| CN1514978A (en) | Automated transaction machine digital signature system and method | |
| CN1401104A (en) | Member information registration method and system, and member verification method and system | |
| CN1355910A (en) | Person-to-person, Person-to-bussiness, business-to-person, and bank-to-bank system financial transaction | |
| CN1473303A (en) | User authentication method in network | |
| CN1744135A (en) | Electronic evidence realizing method and device | |
| CN1667632A (en) | Method of mobile payment based on payment confirmation codes | |
| CN1716302A (en) | Confirmation system and method using incoming number and authentication method | |
| CN1514635A (en) | Method of realizing mobile electronic business using finger print intelligence terminal and intelligent hand set | |
| CN1638332A (en) | Information processing system | |
| CN1809847A (en) | Method for autorising mandates of payment by credit cards and related apparatuses | |
| CN1798204A (en) | Payment system and implement method | |
| CN1503180A (en) | System and Method for Electronic Purchase | |
| CN1726686A (en) | Providing convenience and authentication for trade | |
| CN101034486A (en) | Account safety payment method and system based on user control | |
| CN1692360A (en) | Charging method, information system, and program | |
| CN1547144A (en) | Internet safety payment system | |
| CN1610922A (en) | Information providing system and authentication medium access control method and computer program | |
| CN1521674A (en) | Electronic market cooperating method and electronic market system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |