Secure Online Payment System And Online Payment Authentication Method

US 20070288392A1
Filed: 12/31/2004
Published: 12/13/2007
Est. Priority Date: 12/31/2003
Status: Abandoned Application

First Claim

Patent Images

1. An online payment system, comprising:

a customer'"'"'s bank of account or agency bank, i.e., the party that can confirm the customer'"'"'s account information and execute deduction for payment, wherein the customer, i.e., the buyer, is the party that a certain amount of money will be deducted from his/her account to pay a merchant, the merchant'"'"'s bank of collecting account or agency bank, wherein the merchant, which is also referred to as the service provider or the merchandise provider, is the party that will collect the payment, a payment gateway, which is a system responsible for handling payment information from the network, authenticating the customer and the merchant, and confirming authenticity and validity of a transaction;

the customer, the merchant, and the payment gateway being connected to each other over Internet;

after processing system of the payment gateway confirms legality of the transaction, the payment gateway sending a payment request, and, after the payment is completed, the payment gateway informing the two parties (i.e., the customer and the merchant) involved in the transaction of the payment information;

the payment gateway communicating with the customer and the merchant at one side to authenticate identity of the customer and identity of the merchant (password-based identity authentication for the customer, and certificate-based identity authentication for the merchant) and confirming the transaction and transaction value; and

the payment gateway communicating with the bank of paying account and the bank of collecting account at the other side, to transfer payment request and deduction information;

wherein said payment gateway has a customer information database, which stores the customer'"'"'s actual identity, the customer'"'"'s identity for online transaction, and the basic information of the customer'"'"'s account;

there is arranged an assistant customer identity authentication system between said payment gateway and said customer, and said assistant authentication system connects said customer to said payment gateway in a non-Internet approach;

after the payment gateway verifies the customer'"'"'s identity for online transactions has been logged in the customer information database (i.e., the customer'"'"'s identity is valid), it generates an authorization code for the received payment request, and sends the authorization code to the customer via the assistant customer identity authentication system;

after the customer receives that authorization code, the customer enter the authorization code on the correct page in the payment gateway;

after verifying the authorization code successfully, the payment gateway confirms the customer has passed the identity authentication, sends the payment information, obtains the processing result from the bank, and forwards the processing result to the customer and the merchant.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An online payment system and a secure authentication method, including a customer, a merchant and a payment gateway connected over Internet; said payment gateway is responsible for processing payment information from the network, authenticating identities of the customer and the merchant and validating the validity of transaction; after a processing system in the payment gateway confirms the transaction is valid, said payment gateway sends a payment request and informs the two parties in the transaction of the payment information after the payment is accomplished; an assistant customer identity authentication system is arranged between the payment gateway and the customer, which connects the customer to the payment gateway in a non-Internet approach; the payment gateway generates an authorization code dynamically and transfers it to the customer via the assistant customer identity authentication system; the customer enters the authorization code on correct page in the payment gateway to pass identity authentication. The authentication method and the payment system greatly reduce the possibility that online data is stolen, by using both Internet and non-Internet authentication mode, and thereby improves security of online payment and delivers flexibility and convenience.

71 Citations

View as Search Results

26 Claims

1. An online payment system, comprising:
- a customer'"'"'s bank of account or agency bank, i.e., the party that can confirm the customer'"'"'s account information and execute deduction for payment, wherein the customer, i.e., the buyer, is the party that a certain amount of money will be deducted from his/her account to pay a merchant, the merchant'"'"'s bank of collecting account or agency bank, wherein the merchant, which is also referred to as the service provider or the merchandise provider, is the party that will collect the payment, a payment gateway, which is a system responsible for handling payment information from the network, authenticating the customer and the merchant, and confirming authenticity and validity of a transaction;
  
  the customer, the merchant, and the payment gateway being connected to each other over Internet;
  
  after processing system of the payment gateway confirms legality of the transaction, the payment gateway sending a payment request, and, after the payment is completed, the payment gateway informing the two parties (i.e., the customer and the merchant) involved in the transaction of the payment information;
  
  the payment gateway communicating with the customer and the merchant at one side to authenticate identity of the customer and identity of the merchant (password-based identity authentication for the customer, and certificate-based identity authentication for the merchant) and confirming the transaction and transaction value; and
  
  the payment gateway communicating with the bank of paying account and the bank of collecting account at the other side, to transfer payment request and deduction information;
  
  wherein said payment gateway has a customer information database, which stores the customer'"'"'s actual identity, the customer'"'"'s identity for online transaction, and the basic information of the customer'"'"'s account;
  
  there is arranged an assistant customer identity authentication system between said payment gateway and said customer, and said assistant authentication system connects said customer to said payment gateway in a non-Internet approach;
  
  after the payment gateway verifies the customer'"'"'s identity for online transactions has been logged in the customer information database (i.e., the customer'"'"'s identity is valid), it generates an authorization code for the received payment request, and sends the authorization code to the customer via the assistant customer identity authentication system;
  
  after the customer receives that authorization code, the customer enter the authorization code on the correct page in the payment gateway;
  
  after verifying the authorization code successfully, the payment gateway confirms the customer has passed the identity authentication, sends the payment information, obtains the processing result from the bank, and forwards the processing result to the customer and the merchant.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The online payment system as in claim 1, wherein said assistant customer identity authentication system comprises a customer terminal and an switch system;
    - said customer terminal has its initial information registered in the payment gateway;
      
      said switch system connects said customer terminal to said payment gateway, and receives information from said payment gateway and forwards the information to said customer terminal.
  - 3. The online payment system as in claim 2, wherein the information received by said switch system from said payment gateway comprises an authorization code and transaction information.
  - 4. The online payment system as in claim 1, wherein said authorization code is generated dynamically and has a validity period;
    - said authorization code is deemed as valid only when it is inputted on the correct page in the payment gateway within the validity period;
      
      otherwise said authorization code will be deemed as invalid.
  - 5. The online payment system as in claim 2, wherein said customer terminal of the assistant customer identity authentication system is a dedicated device, and has its initial information registered in the payment gateway.
  - 6. The online payment system as in claim 5, wherein said customer terminal is a dedicated device separately configured, and is provided by said payment gateway.
  - 7. The online payment system as in claim 5, wherein said customer terminal is a device conforming to the standard of said payment gateway.
  - 8. The online payment system as in claim 5, wherein said customer terminal is a dedicated switching card provided by said payment gateway, and is inserted in a personal or home electronic or electrical device such as a STB or a remote controller, etc.
  - 9. The online payment system as in claim 2, wherein the customer terminal of said assistant customer identity authentication system is a non-dedicated device, such as a telephone, a mobile telephone, a BP, or a PDA, etc.;
    - before said non-dedicated device can be used as the customer terminal, it shall have its initial information registered in the payment gateway or a place designated by the payment gateway.
  - 10. The online payment system as in claim 2, wherein the initial information of said customer terminal registered in the payment gateway may be one or more information of the customer terminal.
  - 11. The online payment system as in claim 2, wherein said customer terminal that is used to receive the authorization code may not be a customer terminal with initial information registered in the payment gateway.
  - 12. The online payment system as in claim 1, wherein there is a bank'"'"'s information processing system between the payment gateway and the bank;
    - said bank'"'"'s information processing system is connected to the payment gateway, the payer'"'"'s bank of paying account or agency bank, and the payee'"'"'s bank of collecting account or agency bank;
      
      the payment gateway sends the payment request to said bank'"'"'s information processing system and obtains the processing result (successful deduction or payment rejection) of the payment request from said bank'"'"'s information processing system.
  - 13. The online payment system as in claim 12, wherein said payment gateway and said bank'"'"'s information processing system are network platforms provided by different entities.
  - 14. The online payment system as in claim 12, wherein said payment gateway and said bank'"'"'s information processing system are network platforms provided by the same entity.
  - 15. The online payment system as in claim 12, wherein said bank'"'"'s information processing system is a network platform provided by the payer'"'"'s bank of account.
  - 16. The online payment system as in claim 12, wherein said bank'"'"'s information processing system is a network platform provided by the payment collecting bank or its agency bank.
  - 17. The online payment system as in claim 13, wherein said payment gateway and said bank'"'"'s information processing system are network platforms provided by a third party irrelevant to the transaction.
  - 18. The online payment system as in claim 1, wherein said payment gateway has a customer information database, which stores the customer'"'"'s information and the customer'"'"'s bank account information;
    - the customer'"'"'s identity in said customer information comprises the customer'"'"'s actual identity and identity for online transactions;
      
      said identity for online transaction can be the customer'"'"'s actual identity or an identity specified by the customer freely.

19. An online payment authentication method, comprising authenticating the two parties (i.e., the customer and the merchant) involved in the online transaction (certificate-based identity authentication for the merchant, and password-based identity authentication for the customer), are confirming the transaction and transaction value;
- wherein said method further comprises performing a dynamic assistant identity authentication for the customer; and
  
  said dynamic assistant identity authentication for the customer comprises sending an authorization code to the customer through a non-Internet approach.
- View Dependent Claims (20, 21, 22, 23, 25)
- - 20. The online payment authentication method as in claim 19, wherein said method comprises the following steps:
    - initializing a transaction request by the customer when he/she browses on the network;
      
      receiving, by the merchant, said transaction request;
      
      sending, by the customer, a payment request and entering into the interface of a payment gateway;
      
      requesting, by said payment gateway, the customer to enter his/her password for online payment over Internet for customer identity authentication and verifying said password;
      
      when the password is incorrect, rejecting, by said payment gateway, said transaction request;
      
      when the password is correct, generating an authorization code dynamically;
      
      sending, by the payment gateway, the authorization code to the customer via an assistant customer identity authentication system;
      
      entering, by the customer, the authorization code on the correct page in the payment gateway after he/she receives the authorization code;
      
      confirming, by the payment gateway, the customer identity has passed the authentication after verifying by the payment gateway the authorization code successfully, and then sending a payment request;
      
      wherein said step of sending by the payment gateway the authorization code to the customer via an assistant customer identity authentication system is performed through a non-Internet approach.
  - 21. The online payment authentication method as in claim 20, wherein said step of confirming by the payment gateway the customer identity has passed the authentication after verifying by the payment gateway the authorization code successfully and then sending a payment request comprises, notifying, by said bank'"'"'s information processing system, the payer'"'"'s bank of account to deduct the specified payment amount, and returning the processing result to said payment gateway.
  - 22. The online payment authentication method as in claim 20, further comprising the following steps:
    - choosing, by the customer, merchandise at the merchant'"'"'s website and creating an order;
      
      choosing, by the customer, “
      
      authentication with mobile telephone short message”
      
      as the assistant identity authentication mode;
      
      entering, by the customer, into the interface of the payment gateway of the online payment system, and entering the mobile telephone number and the password for online payment at a prompt on the interface;
      
      when receiving customer information, judging, by the payment gateway, the mobile telephone number and the password for online payment;
      
      when said mobile telephone number has initial information registered in the payment gateway and the password is correct, generating, by the payment gateway, an authorization code dynamically;
      
      sending, by the payment gateway, said authorization code and the payment amount to SMS center;
      
      sending, by the SMS center, the received authorization code to the customer'"'"'s mobile telephone;
      
      when receiving the short message, entering, by the customer, the authorization code on the payment page at a prompt on the page;
      
      after verifying the authorization code successfully, deeming, by the payment gateway, the customer'"'"'s identity has passed the authentication, and executing the next subsequent payment step.
  - 23. The online payment authentication method as in claim 20, wherein said step of when the password is correct, generating an authorization code dynamically comprises, specifying a valid period for the authorization code;
    - and the correct authorization code must be inputted within the specified validity period.
  - 25. The online payment authentication method as in claim 20, wherein said step of sending by the payment gateway the authorization code to the customer via an assistant customer identity authentication system comprises sending by the payment gateway the authorization code to the customer via an assistant customer identity authentication system to the customer terminal.

24. (canceled)
- View Dependent Claims (26)
- - 26. The online payment authentication method as in claim 24, wherein the customer terminal is specified by the customer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Unionpay Company Limited
Original Assignee
China Unionpay Company Limited
Inventors
Kang, Jianming, Wang, Nan, Zhang, Lili, Liang, Jian, Peng, Guilin, Wei, Gang, Yao, Jiaxian

Application Number

US10/584,991
Publication Number

US 20070288392A1
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/18   involving self-service term...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/3255   using mobile network messag...

G06Q 20/4012   Verifying personal identifi...

Secure Online Payment System And Online Payment Authentication Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Online Payment System And Online Payment Authentication Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links