WO2015007198A1 - Internet-based secure payment system and secure payment method - Google Patents

Internet-based secure payment system and secure payment method Download PDF

Info

Publication number
WO2015007198A1
WO2015007198A1 PCT/CN2014/082197 CN2014082197W WO2015007198A1 WO 2015007198 A1 WO2015007198 A1 WO 2015007198A1 CN 2014082197 W CN2014082197 W CN 2014082197W WO 2015007198 A1 WO2015007198 A1 WO 2015007198A1
Authority
WO
WIPO (PCT)
Prior art keywords
internet
information
payment
verification
module
Prior art date
Application number
PCT/CN2014/082197
Other languages
French (fr)
Chinese (zh)
Inventor
苏宁
胡莹
彭小军
宋汉石
吴宏
夏智
刘剑
韩登峰
薛治平
屠佳平
杨慧雄
周泊仰
陆亚伟
Original Assignee
***股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***股份有限公司 filed Critical ***股份有限公司
Priority to MYPI2016700136A priority Critical patent/MY187192A/en
Publication of WO2015007198A1 publication Critical patent/WO2015007198A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/351Virtual cards

Definitions

  • the present invention relates to Internet-based data processing techniques, and more particularly to an Internet-based secure payment system and a secure payment method.
  • the first type, online banking payment A payment method provided by each card issuing bank, the cardholder needs to leave the merchant page to the bank page when paying, and complete payment after performing a series of verifications.
  • the online banking opening method is cumbersome, and the online banking verification methods of different issuing banks are not the same, and it is impossible to provide a unified payment method for cardholders.
  • Fast payment A new type of Internet cardless payment method, UnionPay and some third party payment institutions provide this type of product to cardholders.
  • Fast payment is an improvement of online banking payment, which provides cardholders with a unified operation process, but still separates the cardholder's shopping process and payment process, and there is still some difference from the offline shopping process.
  • the present invention is directed to an Internet-based secure payment system and a secure payment method capable of securing payment account information security and simplifying the processing flow of payment on the Internet.
  • the Internet-based secure payment system of the present invention includes: an acceptance system, an Internet transaction system, that is, a UPOP, an Internet transit clearing processing system, and a card issuing bank system, and the receiving system includes:
  • a card number input module configured to input only the payment card number, and can determine whether the payment card has been serviced according to the input payment card number
  • a verification information transceiver module configured to send, receive, and perform verification of the verification information between the acceptance system and the mobile terminal bound to the payment card number;
  • An information sending module configured to send, to the internet transaction system, transaction information including a payment card number from the card number input module, if the verification information transceiver module is successfully verified;
  • An account communication module configured to: when the card number input module determines that the payment card has not completed service opening, perform service opening of the payment card and send service opening result information to the internet transaction system, the internet transaction system For forwarding information sent from the information uploading module or the account opening module to the internet transfer clearing processing system, and on the other hand, for returning the result fed back from the internet transfer clearing processing system Go to the information delivery module or the account activation module.
  • the internet transit clearing processing system for forwarding information from the internet transaction system to the card issuing banking system, and on the other hand for returning an execution result fed back from the card issuing banking system to the internet transaction System,
  • the card issuing bank system is operative to verify information from the internet transit clearing system and/or to perform debits and to feed back execution results to the internet transit clearing system.
  • the receiving system and the internet transaction system are connected by an encrypted channel.
  • the receiving system and the internet transaction system are connected by an HTTPS channel.
  • the data transmission between the account opening module and the internet transaction system adopts a message digest algorithm.
  • the data transmission between the information uploading module and the internet transaction system uses a message digest algorithm.
  • the internet transaction system is further configured to perform compliance verification on information sent from the information delivery module.
  • the account opening module is configured to collect sensitive information by using a security control and synchronize encryption during the collection process.
  • the account opening module passes the collected sensitive information through the Internet transaction system.
  • the internet transfer clearing processing system sends the verification to the card issuing bank system for verification, and the card issuing bank system returns the verification result to the account opening module through the internet transfer clearing processing system and the internet transaction system. .
  • the verification information transceiver module is configured to directly determine that the verification fails if the number of verification failures exceeds a predetermined number of times when the information is verified.
  • the Internet-based secure payment method of the present invention is a method for completing a secure payment by using an acceptance system, an Internet transaction system, an Internet transfer clearing processing system, and a card issuance banking system, and is characterized in that it comprises the following steps:
  • Card number input step Enter only the payment card number in the merchant page, and determine whether the payment card has been serviced according to the entered payment card number;
  • the account opening step in the case that the card number input step determines that the payment card has not been opened for service, performing service opening and transmitting the service opening result information to the internet transaction system;
  • Verification step in the case where the card number input step determines that the payment card has been service-enabled, the verification information is transmitted to the mobile terminal bound to the payment card to perform verification based on the verification information; And sending the transaction information including the payment card number to the internet transaction system;
  • the Internet transaction system verifies the transaction information sent and forwards the transaction information to the card issuing bank system through the Internet transit clearing processing system, and passes the service opening result information Transmitting, by the Internet transfer clearing processing system, the card issuing bank system; processing an execution step, the card issuing bank system verifying the transaction information to determine whether to execute the debit, or performing registration of the service opening result information, and passing the execution result
  • the internet transfer clearing processing system the internet transaction system feeds back to the merchant page.
  • the data is transmitted between the receiving system and the internet transaction system through an encrypted channel.
  • the data is transmitted between the receiving system and the internet transaction system via an HTTPS channel.
  • the data transmission between the receiving system and the internet transaction system adopts a message digest algorithm.
  • the security information is collected by using a security control and is in the process of collecting Synchronous encryption.
  • the verifying step if the number of verification verification failures exceeds a predetermined number of times, it is directly determined that the verification fails.
  • the account opening step is implemented by embedding a security page for completing service opening on the merchant page.
  • the security information carried by the security page is used to collect sensitive information, and the sensitive information is synchronously encrypted during the collection process.
  • the Internet-based secure payment system and the secure payment method of the present invention can eliminate the above-mentioned defects in the prior art, and only collect payment account information on the merchant's e-commerce website embedded in the security page when the payment service is opened, and the payment service is opened. And the payment transaction realizes the non-jumping payment, which reduces the risk of phishing, can ensure the security of the payment account information, greatly simplifies the shopping interaction action, and enhances the user experience.
  • FIG. 1 is a flow chart showing an Internet-based secure payment method of the present invention.
  • FIG. 2 is a block diagram showing the structure of an Internet-based secure payment system of the present invention.
  • FIG. 1 is a flow chart showing an Internet-based secure payment method of the present invention. An Internet-based secure payment method according to an embodiment of the present invention will be described with reference to Fig. 1 .
  • S101 In the merchant page, the merchandise is successfully placed, and the “payment card” is selected for payment; S102; in the merchant page, input the payment card number;
  • S104 Determine, according to the input payment card number, whether the payment card has been serviced
  • step S106 If it is determined in the step S105 that the payment card has been service-enabled, the verification information is sent to the mobile terminal bound to the payment card to perform verification based on the verification information: S107: performing a confirmation payment step, specifically: the cardholder inputs the verification information on the merchant page; the merchant page sends the transaction information including the payment card number and the verification information to the internet transaction system; and the internet transaction system sends the verification information Transaction information and forward the transaction information to the issuing bank system via the Internet transfer clearing processing system; the issuing bank system verifies the transaction information to determine whether to execute the debit, and transfers the execution results to the clearing processing system and the internet trading system via the Internet Feedback to the merchant page.
  • a confirmation payment step specifically: the cardholder inputs the verification information on the merchant page; the merchant page sends the transaction information including the payment card number and the verification information to the internet transaction system; and the internet transaction system sends the verification information Transaction information and forward the transaction information to the issuing bank system via the Internet transfer clearing processing system; the issuing bank system verifies the transaction
  • S108 determining, according to the execution result of the feedback to the merchant page, whether the payment is successful
  • the cardholder inputs a card number on the merchant page, and the merchant invokes the card status inquiry interface to determine the card opening state.
  • the merchant will collect the payment account information by inserting the card opening interface on the merchant page to insert the payment service opening security page, otherwise directly calling the dynamic verification information sending interface, and the Internet transaction system or the issuing bank system
  • the card person pushes the dynamic verification information on the mobile phone number reserved by the bank.
  • the "payment service opening security page” is provided by the internet transaction system or the card issuing bank system, and the dynamic verification information sender in the transaction process ⁇ the internet transaction system automatically judges according to the card number sent by the merchant.
  • the cardholder only needs to input a complete verification element in the security page designated by the Internet transaction system or the card issuing bank system to perform the verification of the issuing bank and open the "online payment service" when the first service is opened.
  • the security control is used to synchronize the encryption during the acquisition process, thereby ensuring the security of the information collection process.
  • information exchange between the merchant and the Internet transaction system is performed through an encrypted channel, so that the security of the information can be ensured.
  • HTTPS Hypertext Transfer Protocol over Secure Socket Layer
  • SSL Secure Socket Layer
  • the SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication.
  • SSL Protocol can be divided into two layers: SSL Record Protocol: It is built on a reliable transport protocol (such as TCP) to provide basic functions such as data encapsulation, compression, and encryption for higher layer protocols.
  • SSL Handshake Protocol It is built on top of the SSL record protocol for identity authentication, negotiation of encryption algorithms, exchange of encryption keys, etc. before the actual data transmission begins.
  • the Internet-based secure payment system of the present invention includes: a receiving system, that is, a merchant 100, an Internet transaction system 200 (g ⁇ UPOP), an Internet transit clearing processing system 300, and a card issuing bank system 400.
  • the receiving system 100 includes: a card number input module 101, configured to input only the payment card number, and can determine whether the payment card has been service-enabled according to the input payment card number; and the verification information transceiver module 102 is configured to Sending and receiving verification information between the receiving system and the mobile terminal bound to the payment card number and performing verification of the verification information; the information sending module 103 is configured to: if the verification information transceiver module 102 is successful The transaction information including the payment card number and the like from the card number input module 101 is sent to the internet transaction system; and the account opening module 104 is configured to determine, in the card number input module 101, that the payment card has not completed the service opening. Performing service opening of the payment card and transmitting service opening result information to the internet transaction system,
  • the Internet transaction system 200 is configured to forward information sent from the information uploading module 103 or the account opening module 104 to the Internet transit clearing processing system (300), and on the other hand The result of the feedback from the Internet transfer clearing processing system is returned to the information uploading module 103 or the account opening module 104.
  • the Internet Transfer Clearing Processing System 300 is configured to forward information from the Internet Trading System to the issuing bank system and, on the other hand, to return an execution result fed back from the issuing bank system to the Internet Trading System,
  • the card issuing bank system 400 is configured to verify information from the Internet transit clearing processing system 300 And/or execute the debit and feedback the execution results to the internet transfer clearing processing system.
  • the receiving system 100 and the Internet transaction system 200 are connected by an encrypted channel.
  • the receiving system 100 and the Internet transaction system 200 are connected by an HTTPS channel.
  • the data transmission between the account opening module 104 and the Internet transaction system 200 employs a message digest algorithm
  • the data transmission between the information delivery module 103 and the Internet transaction system 200 employs a message digest algorithm.
  • the message digest algorithm ensures data integrity and credibility.
  • the message digest algorithm will be specifically described.
  • the two parties jointly determine the secret key string, which can be re-determined when necessary.
  • This string is used for the calculation summary of the communication between the merchant and the UnionPay Internet system.
  • the length of the key string is 32.
  • the message digest is a digest value for the ⁇ key, value> pair and the key information pair of the key information.
  • the digest algorithm (tentatively) is MD5, and the result of the digest is an ASCII code of length 32 (tentative).
  • a key information ⁇ 1 ⁇ , vahie ⁇ and the cooperative key information pair splicing method is -
  • the name activation module 104 collects the name elements, the elements with higher sensitivity such as passwords and CVN2 are synchronously encrypted during the collection process through the security controls, thereby ensuring the security of the information collection process.
  • the account opening module 104 sends the collected sensitive information to the card issuing bank system 400 for verification and card issuance through the Internet transaction system 200 and the Internet transfer clearing processing system 300.
  • the banking system 400 returns the verification result to the account opening module 104 via the Internet transfer clearing processing system 300 and the Internet transaction system 200.
  • the verification information transceiver module 102 may be configured to directly determine that the verification fails if the number of verification failures exceeds a predetermined number of times in the verification information. In this way, the behavior of attempting to obtain dynamic verification information multiple times can reduce the risk of violent attacks by limiting the number of dynamic verification information acquisitions during the transaction process.
  • the Internet transaction system 200 can establish a trusted list of the account terminal, for example, establishing trust according to the operating terminal, that is, the merchant's IP address, MAC address, CPU serial number, hard disk serial number, and the like. List. Specifically, when the merchant interacts, the merchant collects the signal of the cardholder operating terminal and reports it to the internet transaction system 200, and the internet transaction system 200 manages the terminal information and the account information to establish a list of trusted terminals. Thus, when a cardholder account is operated through an untrusted terminal, the payment transaction request is rejected. Thereby, the security of the payment can be further ensured.
  • the Internet-based secure payment method and the Internet-based secure payment system of the present invention can not only collect a payment account information on a merchant's e-commerce website embedded in a security page when the payment service is opened, but also realize the payment service opening and payment transaction. No jump payment, that is, the transaction is initiated from the merchant side and completed by the merchant side and the cardholder does not leave the merchant page during the payment process, thereby reducing the risk of fishing and ensuring the security of the payment account information, It also greatly simplifies the shopping interaction and enhances the user experience.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to an Internet-based secure payment system and a secure payment method. The method is a method that utilizes an acceptance system, an Internet transaction system, an Internet transfer clearing processing system, and a card-issuing bank system to complete a secure payment and comprises primarily: a card number input step, an account opening step, a verification step, an information submission step, a verification forwarding step, and a processing execution step. Utilization of the present invention allows for implementation of the goal that a payment is completed at a merchant-end insofar that Internet payment security is ensured. This not only satisfies demands of a merchant and a cardholder for payment experience, but also allows the security of an Internet transaction to be ensured.

Description

一种基于互联网的安全支付***以及安全支付方法 技术领域  Internet-based secure payment system and secure payment method
[0001] 本发明涉及基于互联网的数据处理技术, 尤其是涉及基于互联网的安全支 付***以及安全支付方法。 [0001] The present invention relates to Internet-based data processing techniques, and more particularly to an Internet-based secure payment system and a secure payment method.
背景技术 Background technique
[0002] 在现有技术中, 业界普遍采用以下几种互联网支付方式:  [0002] In the prior art, the following Internet payment methods are generally adopted in the industry:
第一种, 网银支付: 由各发卡银行提供的一种支付方式, 持卡人在支付时需离开 商户页面到银行页面, 进行一系列验证后完成付款。 网银开通方式繁琐, 不同发 卡银行的网银验证方式不尽相同, 无法为持卡人提供一种统一的支付方式。 The first type, online banking payment: A payment method provided by each card issuing bank, the cardholder needs to leave the merchant page to the bank page when paying, and complete payment after performing a series of verifications. The online banking opening method is cumbersome, and the online banking verification methods of different issuing banks are not the same, and it is impossible to provide a unified payment method for cardholders.
[0003] 第二种, 快捷支付: 一种新出现的互联网无卡支付方式, 银联和部分第三 方支付机构均向持卡人提供了这种类型的产品。 快捷支付是网银支付的一种改 进, 为持卡人提供一种统一的操作流程, 但是仍然割裂了持卡人的购物流程和支 付流程, 与线下购物流程仍然存在一定差异。 [0003] Second, fast payment: A new type of Internet cardless payment method, UnionPay and some third party payment institutions provide this type of product to cardholders. Fast payment is an improvement of online banking payment, which provides cardholders with a unified operation process, but still separates the cardholder's shopping process and payment process, and there is still some difference from the offline shopping process.
[0004】 第三种: 手机客户端支付: 各种常规互联网支付方式的手机端实现, 受限 于手机的特殊应用方式, 目前的手机端支付均需要持卡人安装某一特定的 App后 方能实现支付功能, 这回造成持卡人在其手机设备上安装大量功能类似或者重复 的 App。  [0004] The third type: mobile phone client payment: The mobile phone terminal implementation of various conventional Internet payment methods is limited to the special application mode of the mobile phone. Currently, the mobile phone terminal payment requires the card holder to install a specific app. Implementing the payment function, this time causes the cardholder to install a large number of similar or duplicate apps on their mobile devices.
[0005] 虽然以上方式均可实现互联网支付, 但出于安全原因, 每次支付时必须离 开商户页面, 到指定页面输入***、 CVN2/有效期 (***) 、 密码 (借记卡) 等各类验证要素后方能完成付款。 在木马、 病毒和网络钓鱼迅速发展的今天, 更 多地输入意味着更大的信息泄露风险, 故上述几种方式均存在支付流程复杂和不 同程度信息泄露的安全风险隐患的问题。 [0005] Although the above methods can implement Internet payment, for security reasons, each payment must leave the merchant page, enter the card number, CVN2 / validity period (credit card), password (debit card) and other verifications on the specified page. The payment can be completed after the element. In today's rapid development of Trojans, viruses and phishing, more input means greater risk of information leakage. Therefore, all of the above methods have the problem of security risks of complex payment processes and different levels of information leakage.
发明内容 Summary of the invention
[0006] 鉴于上述问题,本发明旨在提供一种能够保障支付账户信息安全性并且能 够简化互联网的支付的处理流程的基于互联网的安全支付***以及安全支付方 法。 [0007] 本发明的基于互联网的安全支付***, 其特征在于, 包括: 受理***、 互 联网交易***即 UPOP、 互联网转接清算处理***以及发卡银行***, 所述受理***包括: In view of the above problems, the present invention is directed to an Internet-based secure payment system and a secure payment method capable of securing payment account information security and simplifying the processing flow of payment on the Internet. [0007] The Internet-based secure payment system of the present invention includes: an acceptance system, an Internet transaction system, that is, a UPOP, an Internet transit clearing processing system, and a card issuing bank system, and the receiving system includes:
***输入模块, 用于仅输入支付卡***, 并且能够根据输入的支付卡***判定该 支付卡是否已经进行了业务开通; a card number input module, configured to input only the payment card number, and can determine whether the payment card has been serviced according to the input payment card number;
验证信息收发模块, 用于在所述受理***和与该支付卡***绑定的移动终端之间 发送、 接收验证信息并且执行验证信息的验证; a verification information transceiver module, configured to send, receive, and perform verification of the verification information between the acceptance system and the mobile terminal bound to the payment card number;
信息上送模块, 用于在验证信息收发模块验证成功的情况下将包括来自所述*** 输入模块的支付卡***的交易信息上送到所述互联网交易***; 以及 An information sending module, configured to send, to the internet transaction system, transaction information including a payment card number from the card number input module, if the verification information transceiver module is successfully verified;
帐号幵通模块, 用于在所述***输入模块判定该支付卡未完成业务开通的情况下 执行该支付卡的业务开通并且将业务开通结果信息发送给所述互联网交易***, 所述互联网交易***用于将从所述信息上送模块或者所述帐号开通模块发送来 的信息转发到所述互联网转接清算处理***, 另一方面用于将从所述互联网转接 清算处理***反馈的结果返回到信息上送模块或者帐号开通模块, An account communication module, configured to: when the card number input module determines that the payment card has not completed service opening, perform service opening of the payment card and send service opening result information to the internet transaction system, the internet transaction system For forwarding information sent from the information uploading module or the account opening module to the internet transfer clearing processing system, and on the other hand, for returning the result fed back from the internet transfer clearing processing system Go to the information delivery module or the account activation module.
所述互联网转接清算处理***用于将来自所述互联网交易***的信息转发到所 述发卡银行***, 并且另一方面用于将从所述发卡银行***反馈的执行结果返回 到所述互联网交易***, The internet transit clearing processing system for forwarding information from the internet transaction system to the card issuing banking system, and on the other hand for returning an execution result fed back from the card issuing banking system to the internet transaction System,
所述发卡银行***用于对来自所述互联网转接清算处理***的信息进行验证、 以 及 /或者执行扣款并且将执行结果反馈到所述互联网转接清算处理***。 The card issuing bank system is operative to verify information from the internet transit clearing system and/or to perform debits and to feed back execution results to the internet transit clearing system.
[0008] 优选地, 所述受理***和所述互联网交易***之间通过加密信道连接。 [0008] Preferably, the receiving system and the internet transaction system are connected by an encrypted channel.
[0009] 优选地,所述受理***和所述互联网交易***之间通过 HTTPS通道连接。 [0009] Preferably, the receiving system and the internet transaction system are connected by an HTTPS channel.
[0010] 优选地,所述帐号开通模块和所述互联网交易***之间的数据传输采用报 文摘要算法, [0010] Preferably, the data transmission between the account opening module and the internet transaction system adopts a message digest algorithm.
所述信息上送模块和所述互联网交易***之间的数据传输采用报文摘要算法。 The data transmission between the information uploading module and the internet transaction system uses a message digest algorithm.
[0011] 优选地,所述互联网交易***还用于对从所述信息上送模块上送的信息进 行合规性验证。 [0011] Preferably, the internet transaction system is further configured to perform compliance verification on information sent from the information delivery module.
[0012] 优选地,所述帐号开通模块设置为利用安全控件采集敏感信息并且在采集 过程中同步加密。  [0012] Preferably, the account opening module is configured to collect sensitive information by using a security control and synchronize encryption during the collection process.
[0013] 优选地, 所述帐号开通模块将采集到的敏感信息通过所述互联网交易系  [0013] Preferably, the account opening module passes the collected sensitive information through the Internet transaction system.
- I - 统、 所述互联网转接清算处理***发送到所述发卡银行***进行验证, 所述发卡 银行***将验证结果通过所述互联网转接清算处理***、 所述互联网交易***返 回到所述帐号开通模块。 - I - The internet transfer clearing processing system sends the verification to the card issuing bank system for verification, and the card issuing bank system returns the verification result to the account opening module through the internet transfer clearing processing system and the internet transaction system. .
[0014] 优选地,所述验证信息收发模块设置为在验证信息时如果验证失败次数超 过规定次数则直接判定为验证失败。  [0014] Preferably, the verification information transceiver module is configured to directly determine that the verification fails if the number of verification failures exceeds a predetermined number of times when the information is verified.
[0015] 本发明的基于互联网的安全支付方法,是利用受理***、互联网交易***、 互联网转接清算处理***以及发卡银行***完成安全支付的方法, 其特征在于, 包括下述步骤:  [0015] The Internet-based secure payment method of the present invention is a method for completing a secure payment by using an acceptance system, an Internet transaction system, an Internet transfer clearing processing system, and a card issuance banking system, and is characterized in that it comprises the following steps:
***输入步骤: 在商户页面中仅输入支付卡***, 根据输入的支付卡***判定该 支付卡是否已经进行了业务开通; Card number input step: Enter only the payment card number in the merchant page, and determine whether the payment card has been serviced according to the entered payment card number;
帐号开通步骤: 在所述***输入步骤判定为该支付卡未进行业务开通的情况下, 进行业务开通并且将业务开通结果信息发送给所述互联网交易***; The account opening step: in the case that the card number input step determines that the payment card has not been opened for service, performing service opening and transmitting the service opening result information to the internet transaction system;
验证步骤: 在所述***输入步骤判定为该支付卡已经进行了业务幵通的情况下, 将验证信息发送到与支付卡绑定的移动终端, 以执行基于验证信息的验证; 信息上送步骤, 用于将包括所述支付卡***的交易信息上送到所述互联网交易系 统; Verification step: in the case where the card number input step determines that the payment card has been service-enabled, the verification information is transmitted to the mobile terminal bound to the payment card to perform verification based on the verification information; And sending the transaction information including the payment card number to the internet transaction system;
验证转发步骤, 所述述互联网交易***验证上送来的交易信息并且将该交易信息 转发通过所述互联网转接清算处理***转发到所述发卡银行***, 并且, 将所述 业务开通结果信息通过所述互联网转接清算处理***转发到所述发卡银行***; 处理执行步骤, 所述发卡银行***验证交易信息以确定是否执行扣款, 或者执行 业务开通结果信息的登记, 并且将这些执行结果通过所述互联网转接清算处理系 统、 所述互联网交易***反馈到所述商户页面。 Verifying the forwarding step, the Internet transaction system verifies the transaction information sent and forwards the transaction information to the card issuing bank system through the Internet transit clearing processing system, and passes the service opening result information Transmitting, by the Internet transfer clearing processing system, the card issuing bank system; processing an execution step, the card issuing bank system verifying the transaction information to determine whether to execute the debit, or performing registration of the service opening result information, and passing the execution result The internet transfer clearing processing system, the internet transaction system feeds back to the merchant page.
[0016] 优选地,所述受理***和所述互联网交易***之间通过加密信道进行数据 传输。  [0016] Preferably, the data is transmitted between the receiving system and the internet transaction system through an encrypted channel.
[0017】 优选地, 所述受理***和所述互联网交易***之间通过 HTTPS通道进行 数据传输。 [0017] Preferably, the data is transmitted between the receiving system and the internet transaction system via an HTTPS channel.
[0018] 优选地,所述受理***和所述互联网交易***之间的数据传输采用报文摘 要算法,  [0018] Preferably, the data transmission between the receiving system and the internet transaction system adopts a message digest algorithm.
优选地, 在所述帐号开通步骤中, 利用安全控件采集敏感信息并且在采集过程中 同步加密。 Preferably, in the account opening step, the security information is collected by using a security control and is in the process of collecting Synchronous encryption.
[0019] 优选地,在所述验证步骤中,如果验证信息验证失败次数超过规定次数时, 则直接判断为验证失败。  [0019] Preferably, in the verifying step, if the number of verification verification failures exceeds a predetermined number of times, it is directly determined that the verification fails.
[0020] 优选地, 在所帐号幵通步骤中, 通过在商户页面嵌入用于完成业务开通的 安全页面来实现帐号开通步骤。  [0020] Preferably, in the account copying step, the account opening step is implemented by embedding a security page for completing service opening on the merchant page.
[0021] 优选地, 在所帐号开通步骤中, 利用所述安全页面所带的安全控件采集敏 感信息, 并且在采集过程中对敏感信息进行同步加密。  [0021] Preferably, in the account opening step, the security information carried by the security page is used to collect sensitive information, and the sensitive information is synchronously encrypted during the collection process.
[0022] 本发明的基于互联网的安全支付***以及安全支付方法能够消除现有技 术中的上述缺陷, 仅在支付业务开通时在商户的电子商务网站嵌入安全页面采集 一次支付账户信息, 支付业务开通和支付交易都实现无跳转的支付, 减少了钓鱼 的风险 , 能够保障支付账户信息的安全, 极大的简化了购物交互动作, 增强了 用户体验。  [0022] The Internet-based secure payment system and the secure payment method of the present invention can eliminate the above-mentioned defects in the prior art, and only collect payment account information on the merchant's e-commerce website embedded in the security page when the payment service is opened, and the payment service is opened. And the payment transaction realizes the non-jumping payment, which reduces the risk of phishing, can ensure the security of the payment account information, greatly simplifies the shopping interaction action, and enhances the user experience.
附图说明 DRAWINGS
[0023] 图 1是表示本发明的基于互联网的安全支付方法的流程示意图。  1 is a flow chart showing an Internet-based secure payment method of the present invention.
[0024] 图 2是表示本发明的基于互联网的安全支付***的结构框图。 2 is a block diagram showing the structure of an Internet-based secure payment system of the present invention.
具体实施方式 detailed description
[0025] 下面介绍的是本发明的多个实施例中的一些, 旨在提供对本发明的基本了 解。 并不旨在确认本发明的关键或决定性的要素或限定所要保护的范围。  [0025] The following are some of the various embodiments of the invention, which are intended to provide a basic understanding of the invention. It is not intended to identify key or critical elements of the invention or the scope of the invention.
[0026] 图 1是表示本发明的基于互联网的安全支付方法的流程示意图。 参照图 1 对于本发明的一实施方式的基于互联网的安全支付方法进行说明。 1 is a flow chart showing an Internet-based secure payment method of the present invention. An Internet-based secure payment method according to an embodiment of the present invention will be described with reference to Fig. 1 .
[0027] S101 : 在商户页面中, 商品下单成功, 选择 "支付卡 "进行支付; S102; 在商户页面中, 输入支付卡***;  [0027] S101: In the merchant page, the merchandise is successfully placed, and the “payment card” is selected for payment; S102; in the merchant page, input the payment card number;
S103 : 点击免费获取短信验证码; S103 : Click to get the SMS verification code for free;
S104: 根据输入的支付卡***判定该支付卡是否已经进行了业务开通;  S104: Determine, according to the input payment card number, whether the payment card has been serviced;
S 105: 在所述***输入步骤判定为该支付卡未进行业务开通的情况下, 则进行业 务开通 (在图中未示出业务开通) 并且将业务开通结果信息发送给所述互联网交 易***; S105: If the card number input step determines that the payment card is not service-enabled, then the service is activated (the service is not shown in the figure) and the service opening result information is sent to the Internet transaction system;
S106: 在所述步骤 S105中判定为该支付卡已经进行了业务开通的情况下, 将验 证信息发送到与支付卡绑定的移动终端, 以执行基于验证信息的验证: S107: 进行确认支付步骤, 具体包括: 持卡人在商户页面输入验证信息; 商户页 面将包括所述支付卡***和验证信息等的交易信息上送到互联网交易***; 互联 网交易***验证上送来的交易信息并且将该交易信息通过互联网转接清算处理 ***转发到发卡银行***; 发卡银行***验证交易信息以确定是否执行扣款, 并 且将这些执行结果通过互联网转接清算处理***、 互联网交易***反馈到商户页 面。 S106: If it is determined in the step S105 that the payment card has been service-enabled, the verification information is sent to the mobile terminal bound to the payment card to perform verification based on the verification information: S107: performing a confirmation payment step, specifically: the cardholder inputs the verification information on the merchant page; the merchant page sends the transaction information including the payment card number and the verification information to the internet transaction system; and the internet transaction system sends the verification information Transaction information and forward the transaction information to the issuing bank system via the Internet transfer clearing processing system; the issuing bank system verifies the transaction information to determine whether to execute the debit, and transfers the execution results to the clearing processing system and the internet trading system via the Internet Feedback to the merchant page.
[0028] S108: 根据反馈到商户页面的执行结果判断支付是否成功;  [0028] S108: determining, according to the execution result of the feedback to the merchant page, whether the payment is successful;
S109: 在判断支付失败的情况下向持卡人提示支付失败; S109: prompting the cardholder to fail the payment in the case of determining that the payment fails;
S110: 在判断支付成功的情况下向持卡人提示支付成功。 S110: In the case that the payment is successful, the cardholder is prompted to pay successfully.
[0029] 其中, 在步骤 S101〜S106中, 持卡人在商户页面输入***, 商户调用卡 片状态査询接口判断卡片的开通状态。 如果未开通 "在线支付业务" , 则由商户 通过调用卡片开通接口在商户页面嵌入支付业务开通安全页面采集支付账户信 息, 否则直接调用动态验证信息发送接口, 由互联网交易***或发卡银行***向 持卡人在银行预留的手机号上推送动态验证信息。 这里, "支付业务开通安全页 面" 由互眹网交易***或发卡银行***提供, 交易过程中动态验证信息发送方 ώ 互联网交易***根据商户上送的***自动进行判断。  [0029] wherein, in steps S101 to S106, the cardholder inputs a card number on the merchant page, and the merchant invokes the card status inquiry interface to determine the card opening state. If the "online payment service" is not activated, the merchant will collect the payment account information by inserting the card opening interface on the merchant page to insert the payment service opening security page, otherwise directly calling the dynamic verification information sending interface, and the Internet transaction system or the issuing bank system The card person pushes the dynamic verification information on the mobile phone number reserved by the bank. Here, the "payment service opening security page" is provided by the internet transaction system or the card issuing bank system, and the dynamic verification information sender in the transaction process ώ the internet transaction system automatically judges according to the card number sent by the merchant.
[0030] 因此, 在本发明中, 持卡人仅在首次业务开通时需在互联网交易***或者 发卡银行***指定的安全页面输入完整的验证要素以进行发卡银行验证并开通 "在线支付业务" 。 在要素采集环节, 对于密码、 CVN2等敏感程度较高要素, 通过安全控件, 在采集过程中同步加密, 由此能够确保信息采集过程的安全性。  [0030] Therefore, in the present invention, the cardholder only needs to input a complete verification element in the security page designated by the Internet transaction system or the card issuing bank system to perform the verification of the issuing bank and open the "online payment service" when the first service is opened. In the feature collection process, for the higher sensitivity factors such as password and CVN2, the security control is used to synchronize the encryption during the acquisition process, thereby ensuring the security of the information collection process.
[0031] 进一步, 所有要素均送发卡银行进行验证, 验证结果均以发卡银行的反馈 为准, 而且反馈结果仅含发卡银行验证结果, 不涉及具体详细原因, 这样能够有 效降低恶意尝试的可能性。 [0031] Further, all the elements are sent to the issuing bank for verification, and the verification results are subject to the feedback of the issuing bank, and the feedback result only includes the verification result of the issuing bank, and does not involve specific detailed reasons, which can effectively reduce the possibility of malicious attempts. .
[0032] 在本发明中, 商户与互联网交易***之间通过加密信道完成信息交互, 这 样能够保证信息的安全性。  [0032] In the present invention, information exchange between the merchant and the Internet transaction system is performed through an encrypted channel, so that the security of the information can be ensured.
[0033] 作为商户与互联网交易***之间的加密信道, 可以是商户和银联之间通过 互联网建立可信的物理通信链路, 加密信道构建起商户和银联之间的专用信息交 互通道。 例如, 采用 HTTPS作为通信信道的主要加密技术, 每家商户入网之前 均会发放唯一的加密证书, 以确保商户与银联通道之间信息的安全。 [0034] HTTPS (全称: Hypertext Transfer Protocol over Secure Socket Layer) , 是 以安全为目标的 HTTP通道,简单讲是 HTTP的安全版。即 HTTP下加入 SSL层, HTTPS的安全基础是 SSL。 SSL协议位于 TCP/IP协议与各种应用层协议之间, 为数据通讯提供安全支持。 SSL协议可分为两层: SSL记录协议 (SSL Record Protocol ) : 它建立在可靠的传输协议 (如 TCP ) 之上, 为高层协议提供数据封 装、 压缩、 加密等基本功能的支持。 SSL握手协议 (SSL Handshake Protocol ) : 它建立在 SSL记录协议之上, 用于在实际的数据传输开始前, 通讯双方进行身份 认证、 协商加密算法、 交换加密密钥等。 [0033] As an encrypted channel between the merchant and the Internet transaction system, a trusted physical communication link may be established between the merchant and the UnionPay through the Internet, and the encrypted channel constructs a dedicated information interaction channel between the merchant and the UnionPay. For example, HTTPS is used as the primary encryption technology for communication channels. Each merchant will issue a unique encryption certificate before entering the network to ensure the security of information between the merchant and the UnionPay channel. [0034] HTTPS (full name: Hypertext Transfer Protocol over Secure Socket Layer), is an HTTP channel for security purposes, and is simply a secure version of HTTP. That is, the SSL layer is added under HTTP, and the security foundation of HTTPS is SSL. The SSL protocol is located between the TCP/IP protocol and various application layer protocols to provide security support for data communication. The SSL protocol can be divided into two layers: SSL Record Protocol: It is built on a reliable transport protocol (such as TCP) to provide basic functions such as data encapsulation, compression, and encryption for higher layer protocols. SSL Handshake Protocol: It is built on top of the SSL record protocol for identity authentication, negotiation of encryption algorithms, exchange of encryption keys, etc. before the actual data transmission begins.
[0035] 以上对于本发明的基于互联网的安全支付方法进行了说明。下面对于本发 明的基于互联网的安全支付***进行介绍。  [0035] The Internet-based secure payment method of the present invention has been described above. The following is an introduction to the Internet-based secure payment system of the present invention.
[0036] 图 2是表示本发明的基于互联网的安全支付***的结构框图。如图 2所示, 本发明的基于互联网的安全支付***包括: 受理***即商户 100、 互联网交易系 统 200 ( g卩 UPOP ) 、 互联网转接清算处理*** 300以及发卡银行*** 400。  2 is a block diagram showing the structure of an Internet-based secure payment system of the present invention. As shown in FIG. 2, the Internet-based secure payment system of the present invention includes: a receiving system, that is, a merchant 100, an Internet transaction system 200 (g卩UPOP), an Internet transit clearing processing system 300, and a card issuing bank system 400.
[0037] 进一步, 受理*** 100包括: ***输入模块 101, 用于仅输入支付卡***, 并且能够根据输入的支付卡***判定该支付卡是否已经进行了业务开通; 验证信 息收发模块 102, 用于在所述受理***和与该支付卡***绑定的移动终端之间发 送、 接收验证信息并且执行验证信息的验证; 信息上送模块 103, 用于在验证信 息收发模块 102验证成功的情况下将包括来自所述***输入模块 101的支付卡卡 号等的交易信息上送到所述互联网交易***; 以及帐号开通模块 104, 用于在所 述***输入模块 101判定该支付卡未完成业务开通的情况下执行该支付卡的业务 开通并且将业务开通结果信息发送给所述互联网交易***, [0037] Further, the receiving system 100 includes: a card number input module 101, configured to input only the payment card number, and can determine whether the payment card has been service-enabled according to the input payment card number; and the verification information transceiver module 102 is configured to Sending and receiving verification information between the receiving system and the mobile terminal bound to the payment card number and performing verification of the verification information; the information sending module 103 is configured to: if the verification information transceiver module 102 is successful The transaction information including the payment card number and the like from the card number input module 101 is sent to the internet transaction system; and the account opening module 104 is configured to determine, in the card number input module 101, that the payment card has not completed the service opening. Performing service opening of the payment card and transmitting service opening result information to the internet transaction system,
其中, 互联网交易*** 200用于将从所述信息上送模块 103或者所述帐号开通模 块 104发送来的信息转发到所述互联网转接清算处理*** (300) , 另一方面用 于将从所述互联网转接清算处理***反馈的结果返回到信息上送模块 103或者帐 号开通模块 104, The Internet transaction system 200 is configured to forward information sent from the information uploading module 103 or the account opening module 104 to the Internet transit clearing processing system (300), and on the other hand The result of the feedback from the Internet transfer clearing processing system is returned to the information uploading module 103 or the account opening module 104.
互联网转接清算处理*** 300用于将来自互联网交易***的信息转发到所述发卡 银行***, 并且另一方面用于将从所述发卡银行***反馈的执行结果返回到所述 互联网交易***, The Internet Transfer Clearing Processing System 300 is configured to forward information from the Internet Trading System to the issuing bank system and, on the other hand, to return an execution result fed back from the issuing bank system to the Internet Trading System,
发卡银行*** 400用于对来自所述互联网转接清算处理*** 300的信息进行验 证、 以及 /或者执行扣款并且将执行结果反馈到所述互联网转接清算处理***。 The card issuing bank system 400 is configured to verify information from the Internet transit clearing processing system 300 And/or execute the debit and feedback the execution results to the internet transfer clearing processing system.
[0038] 而且, 受理*** 100和所述互联网交易*** 200之间通过加密信道连接, 例如, 所述受理*** 100和所述互联网交易*** 200之间通过 HTTPS通道连接。  Moreover, the receiving system 100 and the Internet transaction system 200 are connected by an encrypted channel. For example, the receiving system 100 and the Internet transaction system 200 are connected by an HTTPS channel.
[0039] 帐号开通模块 104和互联网交易*** 200之间的数据传输采用报文摘要算 法, 所述信息上送模块 103和所述互联网交易*** 200之间的数据传输采用报文 摘要算法。 利用报文摘要算法, 能够保证数据的完整性和可信性。 [0039] The data transmission between the account opening module 104 and the Internet transaction system 200 employs a message digest algorithm, and the data transmission between the information delivery module 103 and the Internet transaction system 200 employs a message digest algorithm. The message digest algorithm ensures data integrity and credibility.
[0040] 这里,具体地说明一下报文摘要算法。商户和互联网***签订接入协议时, 由双方共同确定合作密钥串 secret— key, 该值可以在必要的时候双方重新确定。 该串用于商户和银联互联网***通信时的计算摘要。 密钥串的长度为 32。 [0040] Here, the message digest algorithm will be specifically described. When the merchant and the Internet system sign an access agreement, the two parties jointly determine the secret key string, which can be re-determined when necessary. This string is used for the calculation summary of the communication between the merchant and the UnionPay Internet system. The length of the key string is 32.
[0041] 该报文摘要是对关键信息的 <key, value>对和合作密钥信息对的摘要值。 [0041] The message digest is a digest value for the <key, value> pair and the key information pair of the key information.
[0042] 摘要算法(暂定)为 MD5 , 摘要的结果是长度为 32 (暂定) 的 ASCII码。 [0042] The digest algorithm (tentatively) is MD5, and the result of the digest is an ASCII code of length 32 (tentative).
[0043] 摘要计算方法如下: [0043] The summary calculation method is as follows:
A 关键信息<1<^, vahie^^ 和合作密钥信息对的拼接方法为- A key information <1<^, vahie^^ and the cooperative key information pair splicing method is -
1 ) 单个 <key, value:^ 的表示方式为 key=value。 如果该 key对应的 value为空, 则表示方式为 key= 1) A single <key, value:^ is represented as key=value. If the value corresponding to the key is null, the mode is key=
2 ) 多个 <key, &1^>对的拼接方式为 keyl=valuel&key2=&key3=value3  2) The splicing method of multiple <key, &1^> pairs is keyl=valuel&key2=&key3=value3
3 ) 合作密钥信息的拼接方式为 keyl=valuel&key2=&key3=value3&md5  3) The splicing method of the cooperation key information is keyl=valuel&key2=&key3=value3&md5
( secret— key) , 密钥信息经过 MD5计算后拼接在 <key, value>对的尾端。  ( secret_key), the key information is spliced at the end of the <key, value> pair after MD5 calculation.
[0044] B摘要方法  [0044] B summary method
signature = Signature =
md5(keyl=valuel &key2=&key3=value3...&keyn=valuen&md5(secret_key)) 将摘要中的 <1<^,^1^>对 (不包含合作密钥) 根据 key值作升序排列。 其中 key 应包含报文格式中除 "签名方法"和 "签名信息"外的所有取值。 若<1^^ ^1 ½> 对中含有&、 @等特殊字符或者中文字符时,要保持原样计算摘要值。发送时 HTTP 请求时, 再进行 URL编码。 Md5(keyl=valuel &key2=&key3=value3...&keyn=valuen&md5(secret_key)) Sorts the <1<^,^1^> pairs in the digest (without the cooperation key) in ascending order according to the key value. Where key should contain all values except the "signature method" and "signature information" in the message format. If the <1^^ ^1 1⁄2> pair contains special characters such as &, @ or Chinese characters, the digest value should be calculated as it is. When sending an HTTP request, the URL is encoded.
[0045] 还有, 帐号开通模块 104在采集名要素时, 对于密码、 CVN2等敏感程度 较高要素, 通过安全控件, 在采集过程中同步加密, 由此能够确保信息采集过程 的安全性。帐号开通模块 104将采集到的敏感信息通过所述互联网交易*** 200、 所述互联网转接清算处理*** 300发送到所述发卡银行*** 400进行验证, 发卡 银行*** 400将验证结果通过所述互联网转接清算处理*** 300、 所述互联网交 易*** 200返回到所述帐号开通模块 104。 [0045] Further, when the name activation module 104 collects the name elements, the elements with higher sensitivity such as passwords and CVN2 are synchronously encrypted during the collection process through the security controls, thereby ensuring the security of the information collection process. The account opening module 104 sends the collected sensitive information to the card issuing bank system 400 for verification and card issuance through the Internet transaction system 200 and the Internet transfer clearing processing system 300. The banking system 400 returns the verification result to the account opening module 104 via the Internet transfer clearing processing system 300 and the Internet transaction system 200.
[0046] 进一步, 在本发明中, 验证信息收发模块 102可以设置成在验证信息时如 果验证失败次数超过规定次数则直接判定为验证失败。 这样, 对于尝试多次获取 动态验证信息的行为, 通过在交易过程中限制动态验证信息获取次数, 能够降低 暴力攻击的风险。  Further, in the present invention, the verification information transceiver module 102 may be configured to directly determine that the verification fails if the number of verification failures exceeds a predetermined number of times in the verification information. In this way, the behavior of attempting to obtain dynamic verification information multiple times can reduce the risk of violent attacks by limiting the number of dynamic verification information acquisitions during the transaction process.
[0047] 而且, 进一步为了防止账户盗用, 在互联网交易*** 200能够建立账户终 端的可信名单, 例如, 根据操作终端即商户的 IP地址、 MAC地址、 CPU序列号、 硬盘序列号等建立可信名单。 具体地, 在商户进行交互的时候, 商户采集持卡人 操作终端的信号并上报到互联网交易*** 200, 互联网交易*** 200将终端信息 和账户信息管理, 建立可信终端名单。 这样, 当通过不可信终端操作持卡人账户 时, 支付交易请求就会被拒绝。 由此, 能够进一步保证支付的安全性。  [0047] Moreover, in order to prevent account theft, the Internet transaction system 200 can establish a trusted list of the account terminal, for example, establishing trust according to the operating terminal, that is, the merchant's IP address, MAC address, CPU serial number, hard disk serial number, and the like. List. Specifically, when the merchant interacts, the merchant collects the signal of the cardholder operating terminal and reports it to the internet transaction system 200, and the internet transaction system 200 manages the terminal information and the account information to establish a list of trusted terminals. Thus, when a cardholder account is operated through an untrusted terminal, the payment transaction request is rejected. Thereby, the security of the payment can be further ensured.
[0048] 本发明的基于互联网的安全支付方法以及基于互联网的安全支付***不 仅能够在支付业务开通时在商户的电子商务网站嵌入安全页面采集一次支付账 户信息, 而且支付业务开通和支付交易都实现无跳转的支付, 即交易均在从商户 侧发起并由商户侧完成而且持卡人在支付过程中没有离开商户页面, 由此能够减 少了钓鱼的风险, 保障了支付账户信息的安全, 同时也极大地简化了购物交互动 作, 增强了用户体验。 [0048] The Internet-based secure payment method and the Internet-based secure payment system of the present invention can not only collect a payment account information on a merchant's e-commerce website embedded in a security page when the payment service is opened, but also realize the payment service opening and payment transaction. No jump payment, that is, the transaction is initiated from the merchant side and completed by the merchant side and the cardholder does not leave the merchant page during the payment process, thereby reducing the risk of fishing and ensuring the security of the payment account information, It also greatly simplifies the shopping interaction and enhances the user experience.
[0049] 以上例子主要说明了本发明的基于互联网的安全支付方法以及基于互联 网的安全支付***。 尽管只对其中一些本发明的具体实施方式进行了描述, 但是 本领域普通技术人员应当了解, 本发明可以在不偏离其主旨与范围内以许多其他 的形式实施。 因此, 所展示的例子与实施方式被视为示意性的而非限制性的, 在 不脱离如所附各权利要求所定义的本发明精神及范围的情况下, 本发明可能涵盖 各种的修改与替换。  [0049] The above examples mainly illustrate the Internet-based secure payment method of the present invention and the Internet-based secure payment system. Although only a few of the specific embodiments of the present invention have been described, it is understood that the invention may be embodied in many other forms without departing from the spirit and scope of the invention. Accordingly, the present invention is to be construed as illustrative and not restrictive, and the invention may cover various modifications without departing from the spirit and scope of the invention as defined by the appended claims With replacement.

Claims

权利要求书 Claim
1. 一种基于互联网的安全支付***, 其特征在于, 包括: 受理*** (100) 、 互 联网交易*** (200) 即 UPOP、 互联网转接清算处理*** (300) 以及发卡银行 *** (400) , An internet-based secure payment system, comprising: an acceptance system (100), an internet transaction system (200), that is, a UPOP, an internet transit clearing processing system (300), and a card issuing bank system (400),
所述受理*** (100) 包括: The receiving system (100) includes:
***输入模块 (101 ) , 用于仅输入支付卡***, 并且能够根据输入的支付卡卡 号判定该支付卡是否已经进行了业务开通; The card number input module (101) is configured to input only the payment card number, and can determine whether the payment card has been serviced according to the input payment card number;
验证信息收发模块 (102) , 用于在所述受理***和与该支付卡***绑定的移动 终端之间发送、 接收验证信息并且执行验证信息的验证; The verification information transceiver module (102) is configured to send, receive, and perform verification of the verification information between the acceptance system and the mobile terminal bound to the payment card number;
信息上送模块 (103 ) , 用于在验证信息收发模块 (102) 验证成功的情况下将包 括来自所述***输入模块 (101 ) 的支付卡***的交易信息上送到所述互联网交 易***; 以及 The information sending module (103) is configured to send the transaction information including the payment card number from the card number input module (101) to the internet transaction system if the verification information transceiver module (102) succeeds in verifying; as well as
帐号开通模块 (104) , 用于在所述***输入模块 (101 ) 判定该支付卡未完成业 务开通的情况下执行该支付卡的业务开通并且将业务开通结果信息发送给所述 互联网交易***, The account opening module (104) is configured to perform service opening of the payment card and send the service opening result information to the internet transaction system, if the card number input module (101) determines that the payment card has not completed service opening,
所述互联网交易*** (200) 用于将从所述信息上送模块 (103 ) 或者所述帐号开 通模块 (104) 发送来的信息转发到所述互联网转接清算处理*** (300) , 另一 方面用于将从所述互联网转接清算处理***反馈的结果返回到信息上送模块 ( 103 ) 或者帐号开通模块 (104) , The Internet transaction system (200) is configured to forward information sent from the information delivery module (103) or the account activation module (104) to the Internet transit clearing processing system (300), and another The aspect is for returning the result fed back from the Internet transit clearing processing system to the information uploading module (103) or the account opening module (104),
所述互联网转接清算处理*** (300) 用于将来自所述互联网交易***的信息转 发到所述发卡银行***, 并且另一方面用于将从所述发卡银行***反馈的执行结 果返回到所述互联网交易***, The internet transit clearing processing system (300) is configured to forward information from the internet transaction system to the card issuing banking system, and on the other hand to return an execution result fed back from the issuing bank system to the Internet trading system,
所述发卡银行*** (400) 用于对来自所述互联网转接清算处理*** (300) 的信 息进行验证、以及 /或者执行扣款并且将执行结果反馈到所述互联网转接清算处理 ***。 The card issuing bank system (400) is configured to verify information from the Internet transit clearing processing system (300), and/or to perform debiting and to feed back execution results to the Internet transit clearing processing system.
2. 如权利要求 1所述的基于互联网的安全支付***, 其特征在于,  2. The Internet-based secure payment system of claim 1 wherein:
所述受理*** (100) 和所述互联网交易*** (200) 之间通过加密信道连接。 The receiving system (100) and the internet transaction system (200) are connected by an encrypted channel.
- y - - y -
3. 如权利要求 2所述的基于互联网的安全支付***, 其特征在于, 3. The Internet-based secure payment system of claim 2, wherein
所述受理*** (100) 和所述互联网交易*** (200) 之间通过 HTTPS通道连接。 The receiving system (100) and the internet transaction system (200) are connected by an HTTPS channel.
4. 如权利要求 2所述的基于互联网的安全支付***, 其特征在于,  4. The Internet-based secure payment system of claim 2, wherein
所述帐号开通模块和所述互联网交易***之间的数据传输采用报文摘要算法, 所述信息上送模块 (103 ) 和所述互联网交易***之间的数据传输采用报文摘要 算法。 The data transmission between the account opening module and the internet transaction system adopts a message digest algorithm, and the data transmission between the information delivery module (103) and the internet transaction system adopts a message digest algorithm.
5. 如权利要求 2所述的基于互联网的安全支付***, 其特征在于,  5. The Internet-based secure payment system of claim 2, wherein
所述互联网交易*** (200) 还用于对从所述信息上送模块 (103 ) 上送的信息进 行合规性验证。 The internet transaction system (200) is also for performing compliance verification on information sent from the information delivery module (103).
6. 如权利要求 2所述的基于互联网的安全支付***, 其特征在于, 6. The Internet-based secure payment system of claim 2, wherein
所述帐号开通模块 (104) 设置为利用安全控件采集敏感信息并且在采集过程中 同步加密。 The account activation module (104) is configured to utilize the security controls to collect sensitive information and to synchronize encryption during the acquisition process.
7. 如权利要求 6所述的基于互联网的安全支付***, 其特征在于,  7. The Internet-based secure payment system of claim 6 wherein:
所述帐号开通模块(104)将采集到的敏感信息通过所述互联网交易***(200) 、 所述互联网转接清算处理***(300)发送到所述发卡银行***(400)进行验证, 所述发卡银行***(400)将验证结果通过所述互联网转接清算处理***(300) 、 所述互联网交易*** (200) 返回到所述帐号开通模块 (104) 。 The account opening module (104) sends the collected sensitive information to the card issuing bank system (400) through the Internet transaction system (200), the Internet transfer clearing processing system (300) for verification, The card issuing bank system (400) returns the verification result to the account opening module (104) through the Internet transfer clearing processing system (300) and the Internet transaction system (200).
8. 如权利要求 2所述的基于互联网的安全支付***, 其特征在于,  8. The Internet-based secure payment system of claim 2, wherein
所述验证信息收发模块 (102) 设置为在验证信息时如果验证失败次数超过规定 次数则直接判定为验证失败。 The verification information transceiver module (102) is configured to directly determine that the verification fails if the number of verification failures exceeds a specified number of times when the information is verified.
9. 一种基于互联网的安全支付方法, 是利用受理***、 互联网交易***、 互联网 转接清算处理***以及发卡银行***完成安全支付的方法, 其特征在于, 包括下 述步骤:  9. An Internet-based secure payment method, which is a method for completing a secure payment by using an acceptance system, an internet transaction system, an internet transfer clearing processing system, and a card issuance banking system, and is characterized in that it comprises the following steps:
***输入步骤: 在商户页面中仅输入支付卡***, 根据输入的支付卡***判定该 支付卡是否已经进行了业务开通; Card number input step: Enter only the payment card number in the merchant page, and determine whether the payment card has been serviced according to the entered payment card number;
帐号开通步骤: 在所述***输入步骤判定为该支付卡未进行业务开通的情况下, 进行业务开通并且将业务开通结果信息发送给所述互联网交易***; The account opening step: in the case that the card number input step determines that the payment card has not been opened for service, performing service opening and transmitting the service opening result information to the internet transaction system;
验证步骤: 在所述***输入步骤判定为该支付卡巳经进行了业务开通的情况下, 将验证信息发送到与支付卡绑定的移动终端, 以执行基于验证信息的验证; a verification step: in the case where the card number input step determines that the payment card has been service-enabled, transmitting the verification information to the mobile terminal bound to the payment card to perform verification based on the verification information;
- ιυ - 信息上送步骤, 用于将包括所述支付卡***的交易信息上送到所述互联网交易系 统; - ιυ - An information sending step, configured to send transaction information including the payment card number to the internet transaction system;
验证转发步骤, 所述述互联网交易***验证上送来的交易信息并且将该交易信息 转发通过所述互联网转接清算处理***转发到所述发卡银行***, 并且, 将所述 业务开通结果信息通过所述互联网转接清算处理***转发到所述发卡银行***; 处理执行步骤, 所述发卡银行***验证交易信息以确定是否执行扣款, 或者执行 业务开通结果信息的登记, 并且将这些执行结果通过所述互联网转接清算处理系 统、 所述互联网交易***反馈到所述商户页面。 Verifying the forwarding step, the Internet transaction system verifies the transaction information sent and forwards the transaction information to the card issuing bank system through the Internet transit clearing processing system, and passes the service opening result information Transmitting, by the Internet transfer clearing processing system, the card issuing bank system; processing an execution step, the card issuing bank system verifying the transaction information to determine whether to execute the debit, or performing registration of the service opening result information, and passing the execution result The internet transfer clearing processing system, the internet transaction system feeds back to the merchant page.
10. 如权利要求 9所述的基于互联网的安全支付方法, 其特征在于,  10. The Internet-based secure payment method according to claim 9, wherein:
所述受理***和所述互联网交易***之间通过加密信道进行数据传输。 Data transmission is performed between the receiving system and the Internet transaction system through an encrypted channel.
11. 如权利要求 10所述的基于互联网的安全支付方法, 其特征在于, 所述受理***和所述互联网交易***之间通过 HTTPS通道进行数据传输。  11. The Internet-based secure payment method according to claim 10, wherein the acceptance system and the Internet transaction system perform data transmission via an HTTPS channel.
12. 如权利要求 9所述的基于互联网的安全支付方法, 其特征在于,  12. The Internet-based secure payment method according to claim 9, wherein:
所述受理***和所述互联网交易***之间的数据传输采用报文摘要算法。 The data transmission between the acceptance system and the internet transaction system uses a message digest algorithm.
13. 如权利要求 9所述的基于互联网的安全支付方法, 其特征在于, 13. The Internet-based secure payment method according to claim 9, wherein:
在所述帐号开通步骤中, 利用安全控件采集敏感信息并且在釆集过程中同歩加 密。 In the account opening step, the security control is used to collect sensitive information and encrypt it during the collection process.
14. 如权利要求 9所述的基于互联网的安全支付方法, 其特征在于,  14. The Internet-based secure payment method according to claim 9, wherein:
在所述验证步骤中, 如果验证信息验证失败次数超过规定次数时, 则直接判断为 验证失败。 In the verification step, if the number of verification failures of the verification information exceeds the prescribed number of times, it is directly determined that the verification has failed.
15. 如权利要求 14所述的基于互联网的安全支付方法, 其特征在于, 在所帐号开通步骤中, 通过在商户页面嵌入用于完成业务开通的安全页面来实现 帐号开通步骤。  The Internet-based secure payment method according to claim 14, wherein in the account opening step, the account opening step is implemented by embedding a security page for completing service opening on the merchant page.
16. 如权利要求 15所述的基于互联网的安全支付方法, 其特征在于, 在所帐号开通步骤中, 利用所述安全页面所带的安全控件采集敏感信息, 并且在 采集过程中对敏感信息进行同步加密。  The Internet-based secure payment method according to claim 15, wherein in the account opening step, the security information carried by the security page is used to collect sensitive information, and the sensitive information is collected during the collection process. Synchronous encryption.
PCT/CN2014/082197 2013-07-17 2014-07-15 Internet-based secure payment system and secure payment method WO2015007198A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
MYPI2016700136A MY187192A (en) 2013-07-17 2014-07-15 Internet-based secure payment system and secure payment method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310299175.2 2013-07-17
CN201310299175.2A CN104299130A (en) 2013-07-17 2013-07-17 Security payment system and security payment method based on internet

Publications (1)

Publication Number Publication Date
WO2015007198A1 true WO2015007198A1 (en) 2015-01-22

Family

ID=52318851

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/082197 WO2015007198A1 (en) 2013-07-17 2014-07-15 Internet-based secure payment system and secure payment method

Country Status (5)

Country Link
CN (1) CN104299130A (en)
HK (1) HK1206467A1 (en)
MY (1) MY187192A (en)
TW (1) TWI539392B (en)
WO (1) WO2015007198A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114049214A (en) * 2021-11-15 2022-02-15 深圳前海鸿泰源兴科技发展有限公司 Big data information acquisition and processing system and operation method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553942B (en) * 2015-12-08 2019-07-02 中国建设银行股份有限公司 Using the method and system jumped
CN105590210A (en) * 2015-12-17 2016-05-18 大贺传媒股份有限公司 Network security payment method
CN115719224A (en) 2016-01-25 2023-02-28 创新先进技术有限公司 Credit payment method and device based on mobile terminal card simulation
CN106997527A (en) 2016-01-25 2017-08-01 阿里巴巴集团控股有限公司 Credit payment method and device based on mobile terminal P2P
CN106485480A (en) * 2016-10-13 2017-03-08 上海众人网络安全技术有限公司 A kind of terminal recharge method and system, a kind of network payment system
CN111027950B (en) * 2019-11-20 2023-05-23 网联清算有限公司 Payment signing system, method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 ***股份有限公司 Finance data processing method and mobile terminal equipment
CN102332127A (en) * 2011-09-15 2012-01-25 深圳市酷开网络科技有限公司 Network TV (television) online payment service based account binding method and payment method
CN102880959A (en) * 2012-09-18 2013-01-16 汇付天下有限公司 Quick internet payment method and system
CN103186857A (en) * 2011-12-31 2013-07-03 ***股份有限公司 Bank card payment method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1635525A (en) * 2003-12-31 2005-07-06 ***股份有限公司 Security Internet payment system and security Internet payment authentication method
KR100837059B1 (en) * 2006-09-28 2008-06-11 (주) 엘지텔레콤 System and Method for Payment Using Smart Card via Mobile Communication Network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 ***股份有限公司 Finance data processing method and mobile terminal equipment
CN102332127A (en) * 2011-09-15 2012-01-25 深圳市酷开网络科技有限公司 Network TV (television) online payment service based account binding method and payment method
CN103186857A (en) * 2011-12-31 2013-07-03 ***股份有限公司 Bank card payment method and system
CN102880959A (en) * 2012-09-18 2013-01-16 汇付天下有限公司 Quick internet payment method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114049214A (en) * 2021-11-15 2022-02-15 深圳前海鸿泰源兴科技发展有限公司 Big data information acquisition and processing system and operation method

Also Published As

Publication number Publication date
TW201523476A (en) 2015-06-16
MY187192A (en) 2021-09-09
CN104299130A (en) 2015-01-21
HK1206467A1 (en) 2016-01-08
TWI539392B (en) 2016-06-21

Similar Documents

Publication Publication Date Title
JP6734330B2 (en) Query system and method for determining authentication capabilities
TWI539392B (en) Secure payment system based on Internet and safe payment method
JP6648110B2 (en) System and method for authenticating a client to a device
CN106664208B (en) System and method for establishing trust using secure transport protocol
US9160732B2 (en) System and methods for online authentication
US9083533B2 (en) System and methods for online authentication
CA2875503C (en) Enterprise triggered 2chk association activation
EP1710980B1 (en) Authentication services using mobile device
JP6012125B2 (en) Enhanced 2CHK authentication security through inquiry-type transactions
US20170249633A1 (en) One-Time Use Password Systems And Methods
CN101916388B (en) Smart SD card and method for using same for mobile payment
US20130036456A1 (en) Credential provision and proof system
WO2012123727A1 (en) Personal identity control
CN102202300A (en) System and method for dynamic password authentication based on dual channels
WO2007121631A1 (en) System and method of electronic bank safety certification based on cpk
WO2009094949A1 (en) Creditable remote service method and system
CN101013942A (en) System and method for improving the safety of intelligent key equipment
WO2015161690A1 (en) Secure data interaction method and system
WO2010057405A1 (en) Identity authentication method using short messages
WO2012034339A1 (en) Method and mobile terminal for realizing network payment
WO2015135392A1 (en) O2o secure payment method and system
KR20210142180A (en) System and method for efficient challenge-response authentication
US20230020611A1 (en) User device gated secure authentication computing systems and methods
WO2012072022A1 (en) Remote payment method
JPWO2021003038A5 (en)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14827130

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 29/03/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14827130

Country of ref document: EP

Kind code of ref document: A1