Secure Online Payment System And Online Payment Authentication Method
First Claim
1. An online payment system, comprising:
- a customer'"'"'s bank of account or agency bank, i.e., the party that can confirm the customer'"'"'s account information and execute deduction for payment, wherein the customer, i.e., the buyer, is the party that a certain amount of money will be deducted from his/her account to pay a merchant, the merchant'"'"'s bank of collecting account or agency bank, wherein the merchant, which is also referred to as the service provider or the merchandise provider, is the party that will collect the payment, a payment gateway, which is a system responsible for handling payment information from the network, authenticating the customer and the merchant, and confirming authenticity and validity of a transaction;
the customer, the merchant, and the payment gateway being connected to each other over Internet;
after processing system of the payment gateway confirms legality of the transaction, the payment gateway sending a payment request, and, after the payment is completed, the payment gateway informing the two parties (i.e., the customer and the merchant) involved in the transaction of the payment information;
the payment gateway communicating with the customer and the merchant at one side to authenticate identity of the customer and identity of the merchant (password-based identity authentication for the customer, and certificate-based identity authentication for the merchant) and confirming the transaction and transaction value; and
the payment gateway communicating with the bank of paying account and the bank of collecting account at the other side, to transfer payment request and deduction information;
wherein said payment gateway has a customer information database, which stores the customer'"'"'s actual identity, the customer'"'"'s identity for online transaction, and the basic information of the customer'"'"'s account;
there is arranged an assistant customer identity authentication system between said payment gateway and said customer, and said assistant authentication system connects said customer to said payment gateway in a non-Internet approach;
after the payment gateway verifies the customer'"'"'s identity for online transactions has been logged in the customer information database (i.e., the customer'"'"'s identity is valid), it generates an authorization code for the received payment request, and sends the authorization code to the customer via the assistant customer identity authentication system;
after the customer receives that authorization code, the customer enter the authorization code on the correct page in the payment gateway;
after verifying the authorization code successfully, the payment gateway confirms the customer has passed the identity authentication, sends the payment information, obtains the processing result from the bank, and forwards the processing result to the customer and the merchant.
1 Assignment
0 Petitions
Accused Products
Abstract
An online payment system and a secure authentication method, including a customer, a merchant and a payment gateway connected over Internet; said payment gateway is responsible for processing payment information from the network, authenticating identities of the customer and the merchant and validating the validity of transaction; after a processing system in the payment gateway confirms the transaction is valid, said payment gateway sends a payment request and informs the two parties in the transaction of the payment information after the payment is accomplished; an assistant customer identity authentication system is arranged between the payment gateway and the customer, which connects the customer to the payment gateway in a non-Internet approach; the payment gateway generates an authorization code dynamically and transfers it to the customer via the assistant customer identity authentication system; the customer enters the authorization code on correct page in the payment gateway to pass identity authentication. The authentication method and the payment system greatly reduce the possibility that online data is stolen, by using both Internet and non-Internet authentication mode, and thereby improves security of online payment and delivers flexibility and convenience.
-
Citations
26 Claims
-
1. An online payment system, comprising:
-
a customer'"'"'s bank of account or agency bank, i.e., the party that can confirm the customer'"'"'s account information and execute deduction for payment, wherein the customer, i.e., the buyer, is the party that a certain amount of money will be deducted from his/her account to pay a merchant, the merchant'"'"'s bank of collecting account or agency bank, wherein the merchant, which is also referred to as the service provider or the merchandise provider, is the party that will collect the payment, a payment gateway, which is a system responsible for handling payment information from the network, authenticating the customer and the merchant, and confirming authenticity and validity of a transaction;
the customer, the merchant, and the payment gateway being connected to each other over Internet;
after processing system of the payment gateway confirms legality of the transaction, the payment gateway sending a payment request, and, after the payment is completed, the payment gateway informing the two parties (i.e., the customer and the merchant) involved in the transaction of the payment information;
the payment gateway communicating with the customer and the merchant at one side to authenticate identity of the customer and identity of the merchant (password-based identity authentication for the customer, and certificate-based identity authentication for the merchant) and confirming the transaction and transaction value; and
the payment gateway communicating with the bank of paying account and the bank of collecting account at the other side, to transfer payment request and deduction information;
wherein said payment gateway has a customer information database, which stores the customer'"'"'s actual identity, the customer'"'"'s identity for online transaction, and the basic information of the customer'"'"'s account;
there is arranged an assistant customer identity authentication system between said payment gateway and said customer, and said assistant authentication system connects said customer to said payment gateway in a non-Internet approach;
after the payment gateway verifies the customer'"'"'s identity for online transactions has been logged in the customer information database (i.e., the customer'"'"'s identity is valid), it generates an authorization code for the received payment request, and sends the authorization code to the customer via the assistant customer identity authentication system;
after the customer receives that authorization code, the customer enter the authorization code on the correct page in the payment gateway;
after verifying the authorization code successfully, the payment gateway confirms the customer has passed the identity authentication, sends the payment information, obtains the processing result from the bank, and forwards the processing result to the customer and the merchant. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An online payment authentication method, comprising authenticating the two parties (i.e., the customer and the merchant) involved in the online transaction (certificate-based identity authentication for the merchant, and password-based identity authentication for the customer), are confirming the transaction and transaction value;
- wherein
said method further comprises performing a dynamic assistant identity authentication for the customer; and
said dynamic assistant identity authentication for the customer comprises sending an authorization code to the customer through a non-Internet approach. - View Dependent Claims (20, 21, 22, 23, 25)
- wherein
- 24. (canceled)
Specification