[go: up one dir, main page]

CN1932866B - Network software payment method and system thereof - Google Patents

Network software payment method and system thereof Download PDF

Info

Publication number
CN1932866B
CN1932866B CN200610113556.7A CN200610113556A CN1932866B CN 1932866 B CN1932866 B CN 1932866B CN 200610113556 A CN200610113556 A CN 200610113556A CN 1932866 B CN1932866 B CN 1932866B
Authority
CN
China
Prior art keywords
key device
smart key
user
payment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200610113556.7A
Other languages
Chinese (zh)
Other versions
CN1932866A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN200610113556.7A priority Critical patent/CN1932866B/en
Publication of CN1932866A publication Critical patent/CN1932866A/en
Application granted granted Critical
Publication of CN1932866B publication Critical patent/CN1932866B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明公开了一种网络软件的付费方法及其系统,属于网络金融交易技术领域。本发明是将用户信息保存在智能密钥装置中,将智能密钥装置与计算机连接,网络软件代理商对智能密钥装置中的用户信息进行验证,验证通过后将用户引导到支付平台进行付费。由于本发明采用了智能密钥装置,而智能密钥装置是一种能够防止篡改和盗取内部信息的安全载体,其安全性能极高。智能密钥装置能实现只在设备内部使用密钥,这样密钥就不能被复制。另外,由于网络软件代理商可以将付信息发送到智能密钥装置,利用智能密钥装置完成后续充值工作,最终用户不再需要多次输入用户名、密码、充值信息,付费过程更简单,减少了用户信息被窃取的机率,所以更加安全。

The invention discloses a network software payment method and a system thereof, belonging to the technical field of network financial transactions. The invention saves the user information in the smart key device, connects the smart key device to the computer, and the network software agent verifies the user information in the smart key device, and guides the user to the payment platform to pay after the verification is passed. . Since the present invention adopts an intelligent key device, and the intelligent key device is a security carrier capable of preventing tampering and stealing of internal information, its security performance is extremely high. The smart key device can only use the key inside the device, so that the key cannot be copied. In addition, because the network software agent can send the payment information to the smart key device, and use the smart key device to complete the subsequent recharge work, the end user no longer needs to enter the user name, password, and recharge information multiple times, and the payment process is simpler and reduces The probability of user information being stolen is reduced, so it is more secure.

Description

一种网络软件的付费方法及其系统Payment method and system for network software

技术领域 technical field

本发明涉及网络金融交易技术领域,具体地说是一种网络软件的付费方法及其系统。The invention relates to the technical field of network financial transactions, in particular to a payment method and system for network software.

背景技术 Background technique

网络的飞速发展带来了支付手段上的变革——网上支付。为了保证用户信息的安全,现有的网上支付手段需要电子签名,密码等多项认证程序。以现有的网络游戏充值付费为例,如果用户使用网上银行进行付费,要经过以下步骤:The rapid development of the network has brought about a change in the means of payment - online payment. In order to ensure the safety of user information, the existing online payment methods require multiple authentication procedures such as electronic signatures and passwords. Taking the existing online game recharge payment as an example, if the user uses online banking to pay, the following steps must be followed:

1)进入代理商网页,输入用户在代理商处注册的用户名和相应密码,验证通过后,输入或者选择要进行付费的服务和金额,并确定;1) Enter the agent's webpage, enter the user name and corresponding password registered by the user at the agent, after the verification is passed, enter or select the service and amount to be paid, and confirm;

2)代理商网页自动转到支付平台网页,在支付平台的网页上用户需要输入银行的用户名和密码进行网上付费,付费成功的信息会返回给代理商,代理商获得付费成功的信息后通过邮件、手机等方式把付费信息发给用户;2) The agent's webpage automatically transfers to the payment platform webpage. On the payment platform webpage, the user needs to enter the bank's user name and password to pay online. The successful payment information will be returned to the agent. , mobile phone and other means to send the payment information to the user;

3)进入游戏运营商网页,输入用户在网络游戏中注册的用户名和相应密码,验证通过后,再输入上一步中接收到的付费信息,完成整个交费流程。3) Enter the game operator's webpage, enter the user name and corresponding password registered by the user in the online game, and after the verification is passed, enter the payment information received in the previous step to complete the entire payment process.

上述步骤需要多次输入用户名和密码,认证步骤较多,认证方式繁琐,用户输入认证信息时容易出错,信息被截获的隐患也很大。所以交易步骤的简化和支付的安全性就尤为重要。The above steps require multiple input of user names and passwords. There are many authentication steps and cumbersome authentication methods. It is easy for users to make mistakes when entering authentication information, and there is a great risk of information being intercepted. Therefore, the simplification of transaction steps and the security of payment are particularly important.

智能密钥装置是一种带有处理器和存储器的小型硬件装置,它可通过计算机的数据通讯接口与计算机连接。其内部可以保存私钥,可预置加密算法,同时也可后期自行定制部分算法。智能密钥装置内置的私钥对外不可见,与密钥相关的运算完全在装置内部运行,且智能密钥装置具有抗攻击的特性,安全性极高。The smart key device is a small hardware device with a processor and a memory, which can be connected to a computer through the computer's data communication interface. The private key can be saved inside it, the encryption algorithm can be preset, and some algorithms can also be customized later. The built-in private key of the smart key device is invisible to the outside world, and the calculations related to the key are completely run inside the device, and the smart key device has the characteristics of anti-attack and extremely high security.

HMAC(keyed-Hashing Message Authentication Code)-Hash键入散列算法是一种常用的冲击响应的认证方式。智能密钥装置利用HMAC-Hash进行网上认证。首先,客户端先向服务器端发出登录请求,服务器端通过用户名便可从数据库中提取相应的用户密钥;之后,当服务器端收到客户端登录请求后,便通过客户端向智能密钥装置发送一个随机字符串,客户端上的智能密钥装置通过内置的硬件加密引擎对接收的随机字符串和智能密钥装置内的密钥进行HMAC-Hash计算后,结果返回服务器端。服务器端收到计算结果后根据相应的密钥和发送的随机字符串进行同样的计算,最后服务器端将两个结果比对,相同则验证通过。HMAC将密钥结合Hash运算,并且每次运算都有随机数据参与,以保证每次认证过程产生的结果数据不同,这样即使有恶意分子截获了某一次认证数据,也无法通过下一次的认证。HMAC (keyed-Hashing Message Authentication Code)-Hash keyed hash algorithm is a commonly used authentication method of impact response. The smart key device uses HMAC-Hash for online authentication. First, the client sends a login request to the server, and the server can extract the corresponding user key from the database through the user name; after that, when the server receives the login request from the client, it sends the smart key to the server through the client. The device sends a random character string, and the smart key device on the client performs HMAC-Hash calculation on the received random character string and the key in the smart key device through the built-in hardware encryption engine, and returns the result to the server. After receiving the calculation result, the server performs the same calculation according to the corresponding key and the random string sent, and finally the server compares the two results, and if they are the same, the verification is passed. HMAC combines the key with the Hash operation, and each operation involves random data to ensure that the result data generated by each authentication process is different, so that even if a malicious person intercepts a certain authentication data, it cannot pass the next authentication.

非对称密钥机制是目前应用广泛的一种身份验证机制,在这一机制中,加密密钥与解密密钥不同,用公钥加密的数据只能用与之对应的私钥解密。公钥体制的数字签名既保证了信息的机密性,又保证了信息具有不可抵赖性,首先,客户端先向服务器端发出登录请求,服务器端通过客户端向智能密钥装置发送一个随机字符串,智能密钥装置对随机字符串用私钥签名,返回服务器端,服务器端用智能密钥装置对应公钥验证。The asymmetric key mechanism is a widely used authentication mechanism at present. In this mechanism, the encryption key is different from the decryption key, and the data encrypted with the public key can only be decrypted with the corresponding private key. The digital signature of the public key system not only ensures the confidentiality of the information, but also ensures the non-repudiation of the information. First, the client sends a login request to the server, and the server sends a random string to the smart key device through the client. , the smart key device signs the random character string with the private key, returns it to the server, and the server verifies it with the corresponding public key of the smart key device.

网络软件的运营商指提供一切有关网络软件运行、维护等服务的一方,代理商指负责售卖网络软件相关产品的一方。现有网络软件的运营方式是由运营商提供有关网络软件运行和维护的服务并授予代理商销售权,由销售商负责售卖软件或软件相关的产品。The operator of network software refers to the party that provides all services related to the operation and maintenance of network software, and the agent refers to the party responsible for selling network software related products. The operating mode of existing network software is that operators provide services related to network software operation and maintenance and grant sales rights to agents, and sellers are responsible for selling software or software-related products.

发明内容 Contents of the invention

为了解决现有技术中网络软件的付费方法操作繁琐、安全性低的问题,本发明提供一种操作简单、安全性高的网络软件的付费方法,以及实现该方法的系统。In order to solve the problems of cumbersome operation and low security of the network software payment method in the prior art, the present invention provides a network software payment method with simple operation and high security, and a system for realizing the method.

本发明的网络软件的付费方法包括付费过程和充值过程:The payment method of the network software of the present invention includes a payment process and a recharge process:

付费过程依次包括如下步骤:The payment process includes the following steps in turn:

(1)智能密钥装置与计算机建立连接;(1) The smart key device establishes a connection with the computer;

(2)代理商服务器端被选择,所述代理商服务器端通过智能密钥装置验证用户信息;(2) The agent server end is selected, and the agent server end verifies the user information through the smart key device;

(3)所述代理商服务器端将用户界面链接到支付平台;(3) The agent server side links the user interface to the payment platform;

(4)通过所述支付平台付费成功后,所述代理商服务器端将所述付费信息发送给所述智能密钥装置并将所述付费信息保存在所述智能密钥装置中;(4) After successful payment through the payment platform, the agent server sends the payment information to the smart key device and saves the payment information in the smart key device;

充值过程依次包括如下步骤:The recharge process includes the following steps in turn:

(1)客户端读取所述智能密钥装置中的付费信息;(1) The client reads the payment information in the smart key device;

(2)所述客户端将所述付费信息发送到运营商服务器端;(2) The client sends the payment information to the operator server;

(3)完成充值;或,(3) Complete the top-up; or,

(1)’用户运行客户端程序;(1)'The user runs the client program;

(2)’用户在客户端程序提示后输入智能密钥装置的PIN码;(2)' the user enters the PIN code of the smart key device after the client program prompts;

(3)’智能密钥装置判断用户输入的PIN码是否正确,如果正确,验证通过,执行步骤(4)’;如果不正确,验证不能通过,则重新要求用户输入PIN码;(3) 'The smart key device judges whether the PIN code entered by the user is correct, if correct, the verification is passed, and step (4)' is performed; if it is not correct, the verification fails, and the user is required to input the PIN code again;

(4)’网络游戏服务器端通过客户端程序验证智能密钥装置中存储的用户信息;(4)'The online game server verifies the user information stored in the smart key device through the client program;

(5)’网络游戏服务器端判断验证结果是否正确,如果正确,验证通过,客户端程序读取智能密钥装置内的付费信息;如果不正确,验证未通过,退出充值程序,并向用户发出警告;(5) 'The online game server judges whether the verification result is correct, if it is correct, the verification is passed, and the client program reads the payment information in the smart key device; if it is not correct, the verification fails, exit the recharge program, and send a warn;

(6)’客户端程序将付费信息发送至服务器端;(6)'The client program sends the payment information to the server;

在所述将智能密钥装置连接到计算机后,还包括智能密钥装置合法持有者验证的步骤;After the smart key device is connected to the computer, it also includes the step of verifying the legal holder of the smart key device;

所述智能密钥装置合法持有者验证的方法是PIN码验证或生物特征验证;The method for verifying the legal holder of the smart key device is PIN code verification or biometric verification;

所述验证用户信息的步骤采用冲击响应方式或非对称密钥方式。The step of verifying user information adopts an impact response method or an asymmetric key method.

所述充值过程是客户端程序运行,所述客户端程序读取付费信息后发送到所述运营商服务器端,完成充值操作;The recharging process is the operation of the client program, and the client program reads the payment information and sends it to the operator server to complete the recharging operation;

所述付费信息以密文形式传输。The payment information is transmitted in encrypted form.

本发明还提供一种网络软件的付费系统,包括智能密钥装置、客户端和代理商/运营商服务器端,The present invention also provides a payment system for network software, including a smart key device, a client and an agent/operator server,

所述智能密钥装置包括:The smart key device includes:

存储模块,用于存储用户信息和付费信息;A storage module for storing user information and payment information;

通信模块,用于在所述智能密钥装置与计算机之间建立通信联系,传输数据;A communication module, used to establish a communication link between the smart key device and the computer, and transmit data;

合法持有者验证模块,与通信模块相连,在使用过程中用于验证当前用户是否是所述智能密钥装置的合法持有者;合法持有者验证的方法是PIN码验证或生物特征验证;The legal holder verification module is connected with the communication module, and is used to verify whether the current user is the legal holder of the smart key device during use; the legal holder verification method is PIN code verification or biometric verification ;

所述客户端包括:The clients include:

收发模块,用于通过互联网将所述智能密钥装置的数据发往所述代理商/运营商服务器端,或接收由网络传输过来的所述代理商/运营商服务器端数据并发送给所述智能密钥装置;The transceiver module is used to send the data of the smart key device to the agent/operator server through the Internet, or receive the agent/operator server data transmitted from the network and send it to the agent/operator server. smart key device;

所述代理商/运营商服务器端包括:The agent/operator server includes:

通信模块,用于接收所述收发模块发送过来的数据或将所述代理商/运营商服务器端的数据发给所述收发模块;A communication module, configured to receive data sent by the transceiver module or send data from the agent/operator server to the transceiver module;

用户身份验证模块,与通信模块相连,用于验证所述智能密钥装置内的用户信息;验证用户信息的步骤采用冲击响应方式或非对称密钥方式。The user identity verification module is connected with the communication module, and is used to verify the user information in the smart key device; the step of verifying the user information adopts an impact response method or an asymmetric key method.

所述智能密钥装置还包括加密模块,连接在所述智能密钥装置的存储模块与通信模块之间,用于对传输数据进行加密。The smart key device also includes an encryption module connected between the storage module and the communication module of the smart key device for encrypting the transmission data.

本发明产生的有益效果是:由于本发明采用了智能密钥装置,而智能密钥装置是一种能够防止篡改和盗取内部信息的安全载体,智能密钥装置能实现只在设备内部使用密钥,这样密钥就不能被复制,其安全性很高,本发明采用智能密钥装置很大程度提高了网络软件付费的安全性。另外,由于代理商可以将付费信息发送到智能密钥装置,利用智能密钥装置完成后续充值工作,最终用户不再需要多次输入用户名、密码、充值信息,付费过程更简单,减少了用户信息被窃取的机率,所以更加安全。The beneficial effect produced by the present invention is: because the present invention adopts the intelligent key device, and the intelligent key device is a security carrier capable of preventing tampering and stealing of internal information, the intelligent key device can only use the key inside the equipment. key, the key cannot be copied like this, and its security is very high, and the present invention adopts the intelligent key device to greatly improve the security of network software payment. In addition, because the agent can send the payment information to the smart key device, and use the smart key device to complete the subsequent recharge work, the end user no longer needs to enter the user name, password, and recharge information multiple times, and the payment process is simpler and reduces the number of users. The probability of information being stolen, so it is more secure.

附图说明 Description of drawings

图1为用户使用智能密钥装置通过网络付费的一种实施例的流程图。Fig. 1 is a flowchart of an embodiment in which a user uses a smart key device to pay via the network.

图2为用户使用智能密钥装置对网络游戏充值的一种实施例的流程图。Fig. 2 is a flow chart of an embodiment in which a user uses a smart key device to recharge an online game.

图3为用户使用智能密钥装置对网络游戏充值的另一种实施例的流程图。Fig. 3 is a flow chart of another embodiment in which a user uses a smart key device to recharge an online game.

图4为网络软件的付费系统的结构原理图。Fig. 4 is a structural principle diagram of the payment system of the network software.

具体实施方式 Detailed ways

下面结合附图和具体实施方式对本发明的方法作进一步的描述,但不作为对本发明的限定。The method of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, but it is not intended to limit the present invention.

如图1所示,用户使用智能密钥装置通过网络付费的整个过程是:As shown in Figure 1, the whole process of the user using the smart key device to pay through the network is:

步骤101:将用户信息存储在智能密钥装置中,该信息可以包括用户名、用户密码和密钥等;Step 101: storing user information in the smart key device, the information may include user name, user password and key, etc.;

步骤102:用户需要付费时,将智能密钥装置连接到计算机上;Step 102: When the user needs to pay, connect the smart key device to the computer;

步骤103:为了保护智能密钥装置不被他人盗用,由用户输入智能密钥装置的PIN码;Step 103: In order to protect the smart key device from being stolen by others, the user inputs the PIN code of the smart key device;

步骤104:智能密钥装置判断用户输入的PIN码是否正确,如果正确,验证通过,执行步骤105;如果不正确,验证不能通过,返回步骤103,重新要求用户输入PIN码;Step 104: the smart key device judges whether the PIN code input by the user is correct, if it is correct, the verification is passed, and step 105 is executed; if it is not correct, the verification fails, and the step is returned to step 103, and the user is required to input the PIN code again;

步骤105:由用户选择代理商,例如网上商店的卖家,或游戏代理商等;Step 105: the user selects an agent, such as a seller in an online store, or a game agent;

步骤106:代理商验证智能密钥装置中存储的用户信息;Step 106: The agent verifies the user information stored in the smart key device;

步骤107:判断验证结果是否正确,如果正确,验证通过,执行步骤108;如果不正确,验证未通过,执行步骤111,退出付费程序,并向用户发出警告;Step 107: Determine whether the verification result is correct, if it is correct, the verification is passed, and execute step 108; if it is not correct, the verification is not passed, execute step 111, exit the payment program, and issue a warning to the user;

步骤108:由代理商将用户引入支付平台,例如某银行的支付网页,用户输入电子银行的账号和密码进行付费,付费完毕。Step 108: The agent introduces the user to the payment platform, such as a bank's payment web page, the user enters the account number and password of the electronic bank to pay, and the payment is completed.

步骤109:支付平台向代理商发送付费信息;Step 109: the payment platform sends payment information to the agent;

步骤110:代理商将付费信息发送至智能密钥装置中。Step 110: The agent sends the payment information to the smart key device.

上述流程中,PIN码验证的步骤可以用生物特征验证进行替换,同样可以达到验证用户是否是智能密钥装置的合法持有者的目的。In the above process, the step of PIN code verification can be replaced by biometric verification, which can also achieve the purpose of verifying whether the user is the legal holder of the smart key device.

上述流程中,代理商验证智能密钥装置中存储的用户信息可以采用冲击响应和非对称密钥两种方式。In the above process, the agent can verify the user information stored in the smart key device in two ways: impulse response and asymmetric key.

下面以网络游戏为例说明用户使用智能密钥装置为网络软件充值的过程。The following takes an online game as an example to illustrate the process of the user using the smart key device to recharge the network software.

如图2所示,用户使用智能密钥装置对网络游戏充值的过程是:As shown in Figure 2, the process for the user to recharge online games using the smart key device is:

步骤201:用户通过上述付费过程后直接由代理商网页链接到运营商网页;Step 201: The user directly links to the operator's webpage from the agency's webpage after passing the above payment process;

步骤202:运营商验证智能密钥装置中存储的用户信息;Step 202: The operator verifies the user information stored in the smart key device;

步骤203:判断验证结果是否正确,如果正确,验证通过,执行步骤204;如果不正确,验证未通过,执行步骤207,退出充值程序,并向用户发出警告;Step 203: Determine whether the verification result is correct, if it is correct, the verification is passed, and execute step 204; if not, the verification is not passed, execute step 207, exit the recharge program, and issue a warning to the user;

步骤204:运营商通过其网页读取智能密钥装置内的付费信息;Step 204: The operator reads the payment information in the smart key device through its web page;

步骤205:运营商网页将付费信息发送到运营商服务器端;Step 205: The operator's webpage sends the payment information to the operator's server;

步骤206:充值完成。Step 206: The top-up is completed.

如图3所示,用户使用智能密钥装置对网络游戏充值的另一种方式的过程是:As shown in Figure 3, the process of another way for the user to use the smart key device to recharge the online game is:

步骤301:用户运行客户端程序;Step 301: the user runs the client program;

步骤302:用户在客户端程序提示后输入智能密钥装置的PIN码;Step 302: The user inputs the PIN code of the smart key device after being prompted by the client program;

步骤303:智能密钥装置判断用户输入的PIN码是否正确,如果正确,验证通过,执行步骤304;如果不正确,验证不能通过,返回步骤302,重新要求用户输入PIN码;Step 303: the smart key device judges whether the PIN code input by the user is correct, if it is correct, the verification is passed, and step 304 is executed; if it is not correct, the verification fails, and the step is returned to step 302, and the user is required to input the PIN code again;

步骤304:网络游戏服务器端通过客户端程序验证智能密钥装置中存储的用户信息;Step 304: The online game server verifies the user information stored in the smart key device through the client program;

步骤305:判断验证结果是否正确,如果正确,验证通过,执行步骤306;如果不正确,验证未通过,执行步骤309,退出充值程序,并向用户发出警告;Step 305: Determine whether the verification result is correct. If it is correct, the verification is passed, and then execute step 306;

步骤306:客户端程序读取智能密钥装置内的付费信息;Step 306: the client program reads the payment information in the smart key device;

步骤307:客户端程序将付费信息发送至服务器端;Step 307: the client program sends the payment information to the server;

步骤308:充值完成。Step 308: The top-up is completed.

上述流程中的PIN码验证同样也可以用生物特征验证进行替换。The PIN code verification in the above process can also be replaced by biometric verification.

上述两种充值的过程中验证智能密钥装置中存储的用户信息与付费过程中一样,也可以有冲击响应和非对称密钥两种验证方式。The verification of the user information stored in the smart key device in the above two recharging processes is the same as the payment process, and there are also two verification methods: impulse response and asymmetric key.

在上述付费和充值的整个过程中,付费信息是以密文形式传输的。During the entire process of payment and recharging, the payment information is transmitted in ciphertext.

如图4所示,本发明还提供了一种网络软件的付费系统,系统包括智能密钥装置、客户端和代理商/运营商服务器端,As shown in Figure 4, the present invention also provides a payment system for network software, the system includes a smart key device, a client and an agent/operator server,

智能密钥装置包括存储模块、加密模块、通信模块和PIN码验证模块,其中:The smart key device includes a storage module, an encryption module, a communication module and a PIN code verification module, wherein:

存储模块,用于存储用户信息和付费信息,用户信息包括用户名、用户密码和密钥等,付费信息包括付费金额等信息;The storage module is used to store user information and payment information, the user information includes user name, user password and key, etc., and the payment information includes payment amount and other information;

加密模块,连接在存储模块与通信模块之间,用于对传输数据进行加密;An encryption module, connected between the storage module and the communication module, is used to encrypt the transmission data;

通信模块,用于在智能密钥装置与计算机之间建立通信联系,传输数据;A communication module, used for establishing a communication link between the smart key device and the computer, and transmitting data;

合法持有者验证模块,与通信模块相连,在使用过程中用于验证当前用户是否是智能密钥装置的合法持有者,可以采用PIN码或者用户的生物特征进行验证;The legal holder verification module is connected with the communication module, and is used to verify whether the current user is the legal holder of the smart key device during use, which can be verified by PIN code or user's biometric feature;

客户端包括收发模块,用于通过互联网将智能密钥装置的数据发往代理商/运营商服务器端,或接收由网络传输过来的服务器端数据并发送给智能密钥装置;The client includes a transceiver module, which is used to send the data of the smart key device to the agent/operator server through the Internet, or receive the server-side data transmitted from the network and send it to the smart key device;

代理商/运营商服务器端包括通信模块和用户身份验证模块,其中:The agent/operator server includes a communication module and a user authentication module, where:

通信模块,用于接收所述收发模块发送过来的数据或将服务器端的数据发给所述收发模块;A communication module, configured to receive data sent by the transceiver module or send data from the server to the transceiver module;

用户身份验证模块,与通信模块相连,用于验证智能密钥装置内的用户信息。The user identity verification module is connected with the communication module and used for verifying the user information in the smart key device.

以上所述,仅为本发明较佳的具体实施方式,本发明的保护范围并不局限于此,本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的任何变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求的保护范围为准。The above is only a preferred embodiment of the present invention, and the scope of protection of the present invention is not limited thereto. Those skilled in the art can easily think of any changes or substitutions within the technical scope disclosed in the present invention. All should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (2)

1.一种网络软件的付费方法,其特征在于,1. A payment method for network software, characterized in that, 智能密钥装置与计算机建立连接,其中智能密钥装置包括用户信息;The smart key device establishes a connection with the computer, wherein the smart key device includes user information; 利用智能密钥装置验证用户身份;Use the smart key device to verify the identity of the user; 在智能密钥装置判断用户身份合法时,用户选择的代理商服务器通过智能密钥装置验证用户信息;When the smart key device judges that the user's identity is legal, the agent server selected by the user verifies the user information through the smart key device; 当验证成功时,代理商服务器将用户终端与支付平台连接;When the verification is successful, the agency server connects the user terminal with the payment platform; 付费成功后,支付平台向代理商服务器发送付费信息;After the payment is successful, the payment platform sends the payment information to the agent server; 代理商服务器将所述付费信息发送给所述智能密钥装置并将所述付费信息保存在所述智能密钥装置中;The agency server sends the payment information to the smart key device and saves the payment information in the smart key device; 运营商服务器通过智能密钥装置验证用户信息;The operator server verifies the user information through the smart key device; 当验证成功时,客户端读取所述智能密钥装置中的付费信息;When the verification is successful, the client reads the payment information in the smart key device; 所述客户端将所述付费信息发送到运营商服务器;The client sends the payment information to the operator server; 其中智能密钥装置利用PIN码或生物特征来验证用户身份;Wherein the smart key device uses a PIN code or a biometric feature to verify the identity of the user; 其中验证用户信息的步骤采用冲击响应方式或非对称密钥方式。The step of verifying user information adopts an impact response method or an asymmetric key method. 2.根据权利要求1所述的网络软件的付费方法,其特征在于,所述付费信息以密文形式传输。2. The payment method for network software according to claim 1, wherein the payment information is transmitted in ciphertext.
CN200610113556.7A 2006-09-30 2006-09-30 Network software payment method and system thereof Expired - Fee Related CN1932866B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200610113556.7A CN1932866B (en) 2006-09-30 2006-09-30 Network software payment method and system thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200610113556.7A CN1932866B (en) 2006-09-30 2006-09-30 Network software payment method and system thereof

Publications (2)

Publication Number Publication Date
CN1932866A CN1932866A (en) 2007-03-21
CN1932866B true CN1932866B (en) 2015-07-22

Family

ID=37878690

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200610113556.7A Expired - Fee Related CN1932866B (en) 2006-09-30 2006-09-30 Network software payment method and system thereof

Country Status (1)

Country Link
CN (1) CN1932866B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101645890B (en) * 2009-08-06 2012-08-08 飞天诚信科技股份有限公司 Method, system and corresponding equipment for verifying information source integrality
CN102811203B (en) * 2011-06-01 2016-04-27 北京唯致动力网络信息科技有限公司 Method for identifying ID, system and user terminal in the Internet

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1556449A (en) * 2004-01-08 2004-12-22 中国工商银行 Device and method for proceeding encryption and identification of network bank data
CN2667807Y (en) * 2004-01-08 2004-12-29 中国工商银行 Network bank with device for encrypting and idetificating utilizing USB key
CN1710852A (en) * 2005-07-26 2005-12-21 北京飞天诚信科技有限公司 Intelligent cipher key with biometric identification function and its working method
CN1811814A (en) * 2006-03-01 2006-08-02 阿里巴巴公司 Account charging method and system
CN1822541A (en) * 2006-03-31 2006-08-23 北京飞天诚信科技有限公司 Device and method for controlling computer login

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1556449A (en) * 2004-01-08 2004-12-22 中国工商银行 Device and method for proceeding encryption and identification of network bank data
CN2667807Y (en) * 2004-01-08 2004-12-29 中国工商银行 Network bank with device for encrypting and idetificating utilizing USB key
CN1710852A (en) * 2005-07-26 2005-12-21 北京飞天诚信科技有限公司 Intelligent cipher key with biometric identification function and its working method
CN1811814A (en) * 2006-03-01 2006-08-02 阿里巴巴公司 Account charging method and system
CN1822541A (en) * 2006-03-31 2006-08-23 北京飞天诚信科技有限公司 Device and method for controlling computer login

Also Published As

Publication number Publication date
CN1932866A (en) 2007-03-21

Similar Documents

Publication Publication Date Title
TWI667585B (en) Method and device for safety authentication based on biological characteristics
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
EP2859488B1 (en) Enterprise triggered 2chk association
EP2859489B1 (en) Enhanced 2chk authentication security with query transactions
JP6021923B2 (en) Secure authentication method and system for online transactions
US8640203B2 (en) Methods and systems for the authentication of a user
US20170364911A1 (en) Systems and method for enabling secure transaction
RU2560810C2 (en) Method and system for protecting information from unauthorised use (versions thereof)
US9055061B2 (en) Process of authentication for an access to a web site
CN102215221A (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
US20090199272A1 (en) Authentication using a turing test to block automated attacks
CN106027501B (en) A kind of system and method for being traded safety certification in a mobile device
US20170213220A1 (en) Securing transactions on an insecure network
US20120221862A1 (en) Multifactor Authentication System and Methodology
CN103380592A (en) Method, server and system for authentication of a person
CN101292496A (en) Device and method for performing cryptographic operations in server-client computer network system
JP2000181871A (en) Device and method for authentication
CN101482957A (en) Credible electronic transaction method and transaction system
TW201421393A (en) System for interactive 2-D barcode transaction data transmission and validation of mobile device and method thereof
CN1921395B (en) Method for improving security of network software
TW201305935A (en) One time password generation and application method and system using the same
CN105635103A (en) Network authentication method using card device
CN109587683B (en) Method and system, application program and terminal information database for SMS anti-monitoring
CN101425901A (en) Control method and device for customer identity verification in processing terminals
CN107491967B (en) Method and system for inputting password through network payment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150722