[go: up one dir, main page]

WO2018167575A1 - Procédé et appareil de paiement sécurisé - Google Patents

Procédé et appareil de paiement sécurisé Download PDF

Info

Publication number
WO2018167575A1
WO2018167575A1 PCT/IB2018/000466 IB2018000466W WO2018167575A1 WO 2018167575 A1 WO2018167575 A1 WO 2018167575A1 IB 2018000466 W IB2018000466 W IB 2018000466W WO 2018167575 A1 WO2018167575 A1 WO 2018167575A1
Authority
WO
WIPO (PCT)
Prior art keywords
credit card
payment
information
home gateway
network device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2018/000466
Other languages
English (en)
Inventor
Fengshen GU
Haihua BIAN
Jianlin Wang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Alcatel Lucent SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent SAS filed Critical Alcatel Lucent SAS
Publication of WO2018167575A1 publication Critical patent/WO2018167575A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • G06Q20/027Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP] involving a payment switch or gateway
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/227Payment schemes or models characterised in that multiple accounts are available, e.g. to the payer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Definitions

  • the non- limiting and example embodiments of the present disclosure generally relate to a technical field of communication network, and specifically to methods, apparatuses and computer programs for secure payment via a communication network.
  • POS Point of Sales
  • PC personal computer
  • a customer may use a credit card to pay on a third-party payment device.
  • the customer need to buy a third-party payment device, have a smart cell phone with a specific application (APP) installed and be registered as a third-party payment user. Therefore, it is not very convenient for the customer to pay.
  • APP application
  • some people may have a credit card but may not have an account for the third-party payment. These people may not want to pay online using a cell phone or a PC for security concern or other reasons.
  • a method for providing a secure payment service at a first network device for example a payment system.
  • the method comprises receiving a payment request indicating an identity and payment information of a user; in response to the payment request being authenticated as valid, sending to a home gateway a payment token indicating the identity and the payment information of the user, the home gateway being bound with a first credit card of the user; receiving information on a second credit card from the home gateway; and authorizing payment at least based on an equivalence of the first and the second credit cards.
  • a method for providing a secure payment service at a home gateway bound with a first credit card of a user comprises receiving a payment token from a first network device, the payment token includes an identity and payment information of the user; in response to the receiving of the payment token, obtaining information on a second credit card via, for example, one of contact communication or near field communication, NFC; and sending the information on the second credit card to the first network device.
  • a method for providing a secure payment service at a second network device for example a shopping web server.
  • the method comprises causing a shopping webpage to be displayed to a user, the shopping webpage including an option for the user to pay directly using a credit card bound with a home gateway; and sending a payment request to a further network device for payment, the payment request including an identity and payment information of the user.
  • a method for providing a secure payment service at a third network device for example a payment gateway.
  • the method comprises: in response to receiving in a transaction a payment token from a first network device, sending the payment token to a home gateway bound with a first credit card of a user, the payment token including an identity and payment information of the user; receiving information on a second credit card from the home gateway; and transmitting the information on the second credit card to the first network device, wherein the transaction is authorized only on the condition that the first and second credit cards are equivalent.
  • a first network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the first network device to perform a method according the first aspect of the present disclosure.
  • a customer-premises equipment such as a home gateway.
  • the CPE or the home gateway includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the CPE or the home gateway to perform a method according the second aspect of the present disclosure.
  • a second network device such as a shopping web server.
  • the second network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the second network device to perform a method according the third aspect of the present disclosure.
  • a third network device such as a payment gateway.
  • the third network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the third network device to perform a method according the fourth aspect of the present disclosure.
  • a computer program comprising instructions which, when executed on one or more processors, cause the one or more processors to carry out a method according to the first, second, third, or fourth aspect of the present disclosure.
  • an apparatus in a network device comprises processing means adapted to perform a method according the first, second, third, or fourth aspect of the present disclosure.
  • payment may be performed in a convenient and secure manner.
  • FIG. 1 illustrates an example communication network in which embodiments of the present disclosure may be implemented
  • FIGs. 2A-2B illustrates signaling diagrams for secure payment according to an embodiment of the present disclosure
  • FIGs. 3A-3B illustrates flowcharts of example methods in a first network device according to embodiments of the present disclosure
  • FIG. 4 illustrates a flowchart of a method in a home gateway according to an 10 embodiment of the present disclosure
  • FIG. 5 illustrates a flowchart of a method in a second network device according to an embodiment of the present disclosure
  • FIGs. 6A-6B illustrate flowcharts of methods in a third network device according to an embodiment of the present disclosure
  • FIG. 7 illustrates a schematic block diagram of an apparatus implemented as/in a first network device according to an embodiment of the present disclosure
  • FIG. 8 illustrates a schematic block diagram of an apparatus implemented as/in a home gateway according to an embodiment of the present disclosure
  • FIG. 9 illustrates a schematic block diagram of an apparatus implemented as/in 0 a second network device according to an embodiment of the present disclosure
  • FIG. 10 illustrates a schematic block diagram of an apparatus implemented as/in a third network device according to an embodiment of the present disclosure
  • FIG. 11 illustrates a simplified block diagram of an apparatus that may be embodied as/in a network device. 5 DETAILED DESCRIPTION
  • first and second etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term “and/or” includes any and all combinations of one or more of the associated listed terms.
  • the term "communication network” refers to a network following any suitable communication standards currently known, such as LTE- Advanced (LTE-A), LTE, Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), Wireless Local Area Network (WLAN), Internet Protocol (IP) and so on, and/or any other protocols e to be developed in the future.
  • LTE-A LTE- Advanced
  • WCDMA Wideband Code Division Multiple Access
  • HSPA High-Speed Packet Access
  • WLAN Wireless Local Area Network
  • IP Internet Protocol
  • the term "network device” refers to a device in a communication network via which a terminal device accesses the network and/or receives services therefrom.
  • the network device may include, but not limited to, a router, a server, a controlling entity, a gateway, etc.
  • terminal device refers to any end device that can access a communication network and receive services therefrom.
  • a terminal device may be referred to as user equipment (UE), a Subscriber Station (SS), a Portable Subscriber Station, a Mobile Station (MS), or an Access Terminal (AT).
  • the terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, a tablet, a wearable device, a personal digital assistant (PDA), a personal computer (PC), a portable computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, wearable terminal devices, vehicle-mounted wireless terminal devices and the like.
  • PDA personal digital assistant
  • PC personal computer
  • image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, wearable terminal devices, vehicle-mounted wireless terminal devices and the like.
  • the terms “terminal device”, “terminal”, “user equipment” and “UE” may be used interchangeably.
  • FIG. 1 illustrates an example communication network 100 in which embodiments of the disclosure may be implemented.
  • the communication network 100 includes an application server, e.g., a shopping web server 110, a payment system 120, a payment gateway 130, an auto-configuration server (ACS) 140, a home gateway 150 and one or more terminal devices 160, for example a cell phone 160-1 and a PC 160-2.
  • the terminal device 160 may access the communication network 100 via wired or wireless communication mechanisms such as any suitable radio access technology (RAT).
  • RAT radio access technology
  • the network devices 110-150 may communicate according to any suitable communication protocol, and embodiments are not limited to any specific way for communicating between network devices.
  • the communication network 100 is presented just for illustration purpose, and in another example, the communication network may include more or less or different network devices.
  • the ACS server 140 may be omitted in some embodiments.
  • the application server 110 may be a shopping web server providing a shopping website to a user.
  • the user visits the shopping website, he/she may login first and collect goods which he/she wants to buy, and then the user may select a desired payment method to pay for the selected goods.
  • the home gateway may be used as a payment instrument collaborating with a shopping website, a telecommunication vendor and a payment system to provide a secure payment method.
  • the home gateway is bound with a specific credit card of a user to provide a secure payment solution. That is, the specific credit card and the home gateway has to be used together to complete the payment. Only the specific credit card input via the home gateway is considered as valid for payment. Or in other words, if a credit card not equivalent to the specific credit card is input via the home gateway, the payment will be considered as invalid. Further, if the specific credit card is input via another device different from the home gateway, it is also considered as invalid.
  • the shopping web server 110 may provide user information and shopping information for the payment.
  • the payment system 120 is responsible for authentication and authorization, and may generate and distribute a payment token to another network device involved in the payment, e.g., a payment gateway.
  • the payment gateway 130 sends the payment token to a Customer Premises Equipment (CPE, for example a home gateway) directly or via an ACS server 140 (if available).
  • CPE Customer Premises Equipment
  • the ACS Server 140 may send the payment token to the CPE, for example, using TR-069 protocol.
  • the Home gateway (HGW) 150 obtains information of a credit card to be used for the payment, for example via Near Field Communication (NFC) or contact communication with the credit card.
  • NFC Near Field Communication
  • FIG. 2A shows a signaling diagram according to an embodiment of the present disclosure.
  • user 201 accesses 210 a shopping website, for example, via a mobile phone or a computer, logs in and collects goods which he/she wants to buy.
  • the shopping website is hosted by the shopping web server 110.
  • the user may choose to pay for the selected goods by directly paying using a credit card at home via a HGW.
  • the shopping web server 110 obtains payment information and personal information of the user such as the user's identity and/or account.
  • the shopping web server 110 sends 220 to a payment system 120 a payment request with the user information and the payment information.
  • the payment system 120 authenticates the payment request. If the message is valid, the payment system 120 sends 230 to a payment gateway 130 according to a location of the user and an internet access provider for the user, a payment token including the user information and the payment information. Information on the location of the user and the internet access provider may be obtained for example from a network operator.
  • the payment gateway 130 directly sends 240 the payment token to the HGW 150, for example, via a signaling.
  • the HGW 150 obtains 250 information of a credit card of the user via, for example near field communication (NFC) or contact communication. That is, when the user swipes a credit card through a POS machine or puts a credit card close to a NFC device connected to or included in the HGW 150, the HGW 150 obtains information of the credit card.
  • the HGW 150 then sends 260 the information of the credit card to the payment gateway 130 which in turn forwards 270 the information of the credit card to the payment system 120.
  • NFC near field communication
  • the payment system 120 checks whether the credit card is valid based on the received information on the credit card and information on binding of a HGW with a credit card. For example, if the credit card is one of the credit cards bound with the HGW 150, then the credit card is determined valid.
  • the payment system 120 completes the payment using the credit card and sends 280 a notification to the shopping website.
  • the shopping web server 110 may send 290 a notification to the user to indicate the completion of payment.
  • the payment system 120 terminates the payment without performing payment using the credit card and signals 280' the termination of the payment to the shopping website, and an error may be informed 290' to the user.
  • some network devices may be omitted in another example embodiment depending on a network architecture being used.
  • one or more additional network devices may be involved in the payment process in some embodiments, and an example of which is shown in FIG. 2B.
  • the payment gateway 130 may send the payment token to the HGW 150 via the ACS server 140, that is, the payment gateway 130 may send 231 the payment token to the ACS server 140 after receiving the payment token from the payment system 110, and the ACS server 140 in turn sends 241 the payment token to the HGW 150.
  • the HGW 150 may send the information on the credit card to the payment gateway 130 via the ACS server 140, that is, the HGW 150 may send 261 the information on the credit card to the ACS server 140 and the ACS server 140 in turn sends 271 the information on the credit card to the payment gateway 130.
  • Other operations and signaling shown in FIG. 2B may be same as that in FIG. 2A.
  • the payment system 120 validates a credit card based on information on the binding, it is to be understood that in another embodiment such validating may be performed at a different network device (e.g., the HGW 150, or the payment gateway 130).
  • embodiments are not limited to any specific way for obtaining the information on the binding. Some examples for obtaining the information on the binding are provided below just for illustration rather than limitation.
  • the home gateway 150 represented by, for example, a global unique ID of the HGW 150
  • the user 201 may register a secure payment service at a payment system 120 (or a payment gateway 130), and the information on the binding may be obtained by the payment system 120 (or the payment gateway 130) based on the registration.
  • the information of the binding may be used by the payment system 120 (or the payment gateway 130) for validating a credit card, or, the payment system 120 (or the payment gateway 130) may send the information of the binding to a further network device (e.g., a HGW 150) to enable such validating at the further network device. Only payment using the credit card bound with the HGW 150 is considered as valid.
  • a plurality of credit cards may be bound with the HGW 150, and the user can use any one of bound credit cards to complete a payment.
  • the HGW 150 represented by a global unique ID and a credit card of the user 201 (and optionally a network account of the user) during payment process.
  • the user 201 may register a secure payment service at a payment system 120 (or a payment gateway 130). Only a part of the binding information, such as the ID of the HWG device 150 and optionally a network account of the user, may be obtained by the payment system 120 (or a payment gateway 130) during the registration.
  • the user 201 may further input credit card information on the shopping website, and the shopping web server 110 may send the credit card information to the payment system 120 (or the payment gateway 130) for binding with the HGW 150.
  • the user can only use the specified credit card to complete payment via the HGW 150.
  • FIG. 3A illustrates a flowchart of a method 300 in a first network device for secure payment according to an embodiment of the present disclosure
  • the first network device may be the payment system 120 , a network entity for payment control, or any other network device with similar functionalities.
  • the method 300 will be described below with reference to the payment system 120 and the environment as described with reference to FIG. 1.
  • the payment system 120 receives a payment request.
  • a user may trigger and send the payment request via, for example but not limited to, a shopping website (e.g., the shopping web server 110 in FIG. 1 or FIGs. 2A-2B). That is, the payment system 120 may receive the payment request via a shopping website (e.g., the shopping web server 110 in FIG. 1 or FIGs. 2A-2B).
  • the payment request includes user information (e.g., an identity of the user) and payment information of the user.
  • the payment system 120 sends a payment token to a HGW (e.g., the HGW 150 in FIG. 1 or FIGs. 2A-2B) bound with a first credit card of the user.
  • the payment token includes the user information and the payment information of the user.
  • the payment system 120 may send the payment token to the HGW 150 via at least a payment gateway (e.g., the payment gateway 130 shown in FIG. 1 or FIGs. 2A-2B), as described with reference to FIGs. 2A-2B.
  • the payment system 120 receives information on a second credit card from the HGW 150.
  • the second credit card may be the same credit card as the first credit card, or may be a different credit card.
  • the transaction may only be authenticated if the first and second credit cards are a same credit card, or if the first and second credit cards refer to a same account.
  • two credit cards that refer to a same account are defined as "equivalent credit cards" even if some identifiable differences are present.
  • the second credit card is considered as valid for the payment only if it is equivalent to the first credit card. As shown in the examples of FIGs.
  • the payment system 120 may receive the information on the second credit card from the home gateway via a payment gateway 130, or a payment gateway 130 and an ACS server 140; however, embodiments are not limited thereto.
  • the payment system 120 may receive the information on the second credit card from the home gateway in any suitable way depending on the network architecture.
  • the payment system 120 authorizes payment according to the payment request at least based on an equivalence of the first and the second credit cards.
  • the equivalence may be determined, for example, based on at least the received information on the second credit card.
  • the payment system 120 may be various ways for the payment system 120 to authorize the payment, and embodiments are not limited to any specific way. For illustration rather than limitation, an example embodiment of block 350 is shown in FIG. 3B.
  • the payment system 120 may validate the second credit card at least based on the information on the second credit card.
  • the payment system 120 may validate the second credit card based on the information on the second credit card and information on the binding of the home gateway with the first credit card. For example, if the second credit card is a credit card bound with the HGW according to the information on the binding, the second credit card is valid; otherwise, the second credit card is invalid.
  • the payment system 120 authorizes payment using the second credit card according to the payment request. Otherwise, if it is determined at block 351 that the second credit card is invalid, at block 353, the payment system 120 provides an error message to the user without authorizing payment using the second credit card.
  • the second credit card may be validated by a network device separate from the payment system 120.
  • the payment system 120 may send, at block 315, the information on the binding of the HGW 150 with the first credit card to the HGW 150 as shown in FIG. 3 A, to enable validating of the second credit card at the HGW 150.
  • the payment system 120 may validate the second credit card (i.e., determine if the first credit card and the second credit card are a same credit card or that the first and second credit cards refer to a same account) based on an indication of equivalence included in the information on the second credit card received at block 340 of FIG. 3A from the HGW 150.
  • the indication of equivalence of the second credit card may be generated and included in the information on the second credit card by the HGW 150 based on the information on the binding received from the payment system 120.
  • Embodiments are not limited to any specific way for obtaining the information on the binding of the HGW 150 with the first credit card.
  • the payment system 120 may obtain information on the binding at block 310 based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from a further network device (e.g., the payment gateway 130).
  • a further network device e.g., the payment gateway 130
  • the payment system 120 may obtain the information on the binding based on a registration of the user for secure payment service, and/or based on a user input after the registration, for example, an input from the user during shopping.
  • the payment system 120 may obtain information on the binding of the HGW 150 with both the first credit card and a network account of the user. Alternatively, or in addition, in another embodiment, at block 310, the payment system 120 may obtain information on the binding of the HGW 150 with a plurality of credit cards including the first credit card.
  • FIG. 4 illustrates a flowchart of a method 400 in a CPE for secure payment according to an embodiment of the present disclosure.
  • the CPE may be a HGW 150 shown in FIG. 1 or FIGs. 2A-2B.
  • the method 400 will be described below with reference to the HGW 150 and the environment as described with reference to FIG. 1.
  • the HGW 150 receives a payment token from a first network device, for example, the payment system 120 or the payment gateway 130 in FIG. 1.
  • the payment token includes user information (e.g., an identity of the user) and payment information of a user determined from a transaction.
  • the HGW 150 is bound with a first credit card of the user.
  • the HGW 150 may receive the payment token from the first network device directly, while in another embodiment, the HGW 150 may receive the payment token from the first network device via a further intermediate network device, e.g., an ACS server 140 shown in FIG. 1. Embodiments are not limited to any specific way for the receiving.
  • the HGW 150 obtains information on a second credit card via, for example but not limited to, contact communication or NFC. That is, the HGW 150 may obtain information on the second credit card when a user swipes the second credit card through a POS machine connected to or included in the HGW 150 or when the user puts the second credit card close to a NFC device connected to or included in the HGW 150.
  • the HGW 150 sends the information on the second credit card to the first network device, for example the payment system 120 or the payment gateway 130 in FIG. 1, directly or via one or more further network devices.
  • the first network device for example the payment system 120 or the payment gateway 130 in FIG. 1, directly or via one or more further network devices.
  • operations 260, 270, or 261, 271 and 270 shown in FIGs. 2A-2B may be used for sending the information on the second credit card.
  • the HGW 150 may further perform operations in blocks 411, 421 and 431 as shown in FIG. 4.
  • the HGW 150 may receive, from the first network device, for example the payment system 120 or the payment gateway 130 in FIG. 1, information on binding of the HGW 150 with the first credit card of the user.
  • the HGW 150 may receive the information on the binding from the first network device directly or via one or more further network devices, for example the ACS server 140 in FIG. 1. Descriptions provided with reference to method 300 related to the information on the binding also apply here.
  • the HGW 150 validates of the second credit card based on the information on the binding.
  • the HGW 150 may send an indication of equivalence of the second credit card to the first network device, directly or via one or more further network devices.
  • the indication of equivalence of the second credit card may be sent as part of information on the second credit card at block 430. That is, in some embodiments, block 431 may be a sub-operation of the block 430.
  • FIG. 5 illustrates a flowchart of a method 500 in a second network device for providing a secure payment service according to an embodiment of the present disclosure.
  • the second network device may be a shopping web server (the shopping web server 110 shown in FIG. 1 or FIGs. 2A-2B).
  • the method 500 will be described below with reference to the shopping web server 110 and the environment as described with reference to FIG. 1.
  • the shopping web server 110 causes a shopping webpage to be displayed to a user, and the shopping webpage includes an option for the user to pay directly using a credit card bound with a home gateway.
  • the shopping webpage includes an option for the user to pay directly using a credit card bound with a home gateway.
  • the shopping web server 110 sends a payment request to a further network device for payment.
  • the further network device may be, for example a payment system 120 shown in FIG. 1, a network entity for payment control, or any suitable network device with similar functionalities.
  • the payment request includes user information (e.g., an identity of the user) and payment information of the user.
  • a payment gateway 130 may be involved in the payment process.
  • the payment gateway 130 may forward information related to payment (for example, a payment token from the payment system 120 or information on a credit card from the HGW 150 in FIGs. 2A-2B) to another network device (e.g., the HGW 150 or the payment system 120 in FIGs. 2A-2B).
  • the payment gateway may perform some additional operations.
  • FIG. 6A A flowchart of an example method 600 in a payment gateway for providing a secure payment service according to an embodiment of the present disclosure is illustrated in FIG. 6A.
  • the method 600 will be described below with reference to the payment gateway 130 and the environment as described with reference to FIG. 1.
  • the payment gateway 130 in response to receiving in a transaction a payment token from a first network device, for example the payment system 120 shown in FIG. 1, the payment gateway 130 sends the payment token to a HGW 150 bound with a first credit card of a user, and the payment token includes an identity and payment information of the user. It should be appreciated that the payment gateway 130 may send the payment token to the HGW 150 directly or via one or more further network devices.
  • the payment gateway 130 receives information on a second credit card from the HGW 150, directly or via one or more further intermediate network devices, for example an ACS server 140.
  • the payment gateway 130 transmits the information on the second credit card to the first network device (e.g., the payment system 120 shown in FIG. 1), wherein the transaction is authorized only on the condition that the first and second credit cards are equivalent.
  • the first network device e.g., the payment system 120 shown in FIG. 1
  • FIG. 6B shows another method 600' in the payment gateway 130 for providing a secure payment service according to another embodiment of the present disclosure.
  • the payment gateway 130 may further obtain information on the binding of the HGW 150 with the first credit card at block 640, for example, based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from the first network device. Descriptions provided with reference to block 310 of FIG. 3 A on obtaining the information on binding also apply here.
  • the payment gateway 130 may obtain information on binding of the HGW 150 with both the first credit card and a network account of the user.
  • the payment gateway 130 may obtain information on binding of the HGW 150 with a plurality of credit cards including the first credit card.
  • the payment gateway 130 may further send the information on the binding to HGW 150 at block 650, for example to enable validating of the second credit card at the HGW 150.
  • the payment gateway 130 may receive an indication of equivalence of the second credit card from the HGW 150.
  • the indication of equivalence of the second credit card may be generated by the HGW 150 based on the information on the binding received from the payment gateway 130.
  • the payment gateway 130 may further transmit the indication of equivalence of the second credit card to the first network device, for example the payment system 120 shown in FIG. 1, at block 670.
  • the validating may be performed at the payment gateway 130, and in this case, the payment gateway 130 may transmit an indication of equivalence of the second credit card generated by itself to the first network device, for example the payment system 120 shown in FIG. 1, at block 670.
  • the payment gateway 130 may send the information on the binding to first network device, for example the payment system 120 shown in FIG. 1, at block 680, for example to enable validating of the second credit card at the payment system 120.
  • a user is able to complete online shopping using his/her credit card directly without requiring a cell phone or a third-party payment account. It is more convenient and secure compared with other payment methods.
  • the payment is safe because a home gateway of the user and a credit card of the user (and optionally, a network account, for example an internet access account of the user) are bound together. That is, only a specified credit card on a specified home gateway can be used to complete the payment process. For example, if a credit card of a user is lost, the lost credit card cannot be used for payment since it is bound to a specified home gateway of the user.
  • a password is not necessarily required.
  • FIG. 7 illustrates a schematic block diagram of an apparatus 700 in a communication network (e.g., the communication network 100 shown in FIG. 1).
  • the apparatus may be implemented as/in a payment system (e.g., the payment system 120 shown in FIG. 1) or a network device for payment control, or any suitable network device with similar functions.
  • the apparatus 700 is operable to carry out the example method 300 described with reference to FIGs. 3A-3B and possibly any other processes or methods. It is also to be understood that the method 300 is not necessarily carried out by the apparatus 700. At least some operations of the method 300 can be performed by one or more other entities.
  • the apparatus 700 includes a first receiving unit 720, a first transmitting unit 730, a second receiving unit 740, and a payment authorizing unit 750.
  • the first receiving unit 720 is configured to receive a payment request indicating an identity and payment information of a user.
  • the first transmitting unit 730 is configured to send to a home gateway a payment token indicating the identity and the payment information of the user in response to the payment request being authenticated as valid, and wherein the home gateway is bound with a first credit card of the user.
  • the second receiving unit 740 is configured to receive information on a first credit card from the home gateway, and the payment authorizing unit 750 is configured to authorize payment according to the payment request and at least based on equivalence of the first and the second credit cards.
  • the first receiving unit 720, the first transmitting unit 730 and the second receiving unit 740 may be configured to receive information from or send information to a network device directly or via one or more intermediate network devices.
  • the first receiving unit 720 may be configured to receive the payment request from a user via a shopping web server.
  • the first transmitting unit 730 may be configured to send the payment token to the home gateway at least via a payment gateway.
  • the second receiving unit 740 may be configured to receive the information on the second credit card from the home gateway via at least a payment gateway.
  • the payment authorizing unit 750 may be configured to perform operations described with reference to block 350 of FIG. 3, and therefore descriptions related to block 350 also apply here and details will not be repeated.
  • the apparatus 700 may further include an obtaining unit 710, configured to obtain information on the binding of the home gateway with the first credit card, for example based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from a further network device.
  • the obtaining unit 710 may be configured to obtain information on binding of the home gateway with both the first credit card and a network account of the user.
  • the obtaining unit 710 may be configured to obtain information on binding of the home gateway with a plurality of credit cards including the first credit card.
  • the apparatus 700 may further include a second transmitting unit 760 configured to send the information on the binding of the home gateway with the first credit card to the home gateway, directly or via one or more additional network devices.
  • the information on the second credit card received by the second receiving unit 740 from the home gateway may include an indication of equivalence of the second credit card.
  • FIG. 8 illustrates a block diagram an apparatus 800 in a communication network (e.g., the communication network 100 shown in FIG. 1).
  • the apparatus may be implemented as/in a home gateway (e.g., the home gateway 150 shown in FIG. 1) or any suitable network device with similar functions.
  • the apparatus 800 is operable to carry out the example method 400 described with reference to FIG. 4 and possibly any other processes or methods. It is also to be understood that the method 400 is not necessarily carried out by the apparatus 800. At least some operations of the method 400 can be performed by one or more other entities.
  • the apparatus 800 includes a first receiving unit 810, an obtaining unit 820, and a first transmitting unit 830.
  • the first receiving unit 810 is configured to receive a payment token from a first network device, and the payment token includes an identity and payment information of a user.
  • the obtaining unit 820 is configured to obtain information on a first credit card via, for example but not limited to, contact communication or NFC in response to the receiving of the payment token, and the first transmitting unit 830 is configured to send the information on the first credit card to the first network device.
  • the apparatus 800 may further optionally include a second receiving unit 811, a validating unit 821 and a second transmitting unit 831.
  • the second receiving unit 811 may be configured to receive, from the first network device, information on binding of the home gateway with a second credit card of the user.
  • the information on the binding may indicate binding of the home gateway with both the second credit card and a network account of the user.
  • the information on the binding may indicate binding of the home gateway with a plurality of credit cards including the second credit card.
  • the validating unit 821 may be configured to validate the first credit card based on the information on the binding
  • the second transmitting unit 831 may be configured to send an indication of equivalence of the first credit card to the first network device.
  • FIG. 9 illustrates a block diagram an apparatus 900 in a communication network (e.g., the communication network 100 shown in FIG. 1).
  • the apparatus may be implemented as/in a network device (e.g., the shopping web server 110 shown in FIG. 1) or any suitable network device with similar functions.
  • the apparatus 900 is operable to carry out the example method 500 described with reference to FIG. 5 and possibly any other processes or methods. It is also to be understood that the method 500 is not necessarily carried out by the apparatus 900. At least some operations of the method 500 can be performed by one or more other entities.
  • the apparatus 900 includes a controlling unit 910 and a transmitting unit 920.
  • the controlling unit 910 is configured to cause a shopping webpage to be displayed to a user and the shopping webpage includes an option for the user to pay directly using a credit card bound with a home gateway.
  • the payment option allows the user to pay by following the signaling diagram shown in FIG. 2A or 2B.
  • the transmitting unit 920 is configured to send a payment request to a further network device for payment and the payment request includes user information and payment information of the user.
  • FIG. 10 illustrates a block diagram an apparatus 1000 in a communication network (e.g., the communication network 100 shown in FIG. 1).
  • the apparatus may be implemented as/in a network device (e.g., the payment gateway 130 shown in FIG. 1) or any suitable network device with similar functions.
  • the apparatus 1000 is operable to carry out the example method 600 or 600' described with reference to FIGs. 6A-6B and possibly any other processes or methods. It is also to be understood that the method 600 or 600' is not necessarily carried out by the apparatus 1000. At least some operations of the method 600 or 600' can be performed by one or more other entities.
  • the apparatus 1000 includes a first transmitting unit 1001, a first receiving unit 1002 and a second transmitting unit 1003.
  • the first transmitting unit 1001 is configured to send the payment token to a home gateway bound with a first credit card of a user in response to receiving a payment token from a first network device (e.g., the payment system 120 in FIG. 1).
  • the payment token includes an identity and payment information of the user.
  • the first receiving unit 1002 is configured to receive information on a second credit card from the home gateway, and the second transmitting unit 1003 is configured to transmit the information on the second credit card to the first network device.
  • the apparatus 1000 may optionally further include an obtaining unit 1004, configured to obtain information on the binding of the home gateway with the first credit card, for example based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from the first network device.
  • the obtaining unit 1004 may be configured to obtain information on binding of the home gateway with both the first credit card and a network account of the user.
  • the obtaining unit 1004 may be configured to obtain information on binding of the home gateway with a plurality of credit cards including the first credit card.
  • the apparatus 1000 may optionally include a third transmitting unit 1005, configured to send the information on the binding to the home gateway, and a second receiving unit 1006 configured to receive an indication of equivalence of the second credit card from the home gateway.
  • the apparatus 1000 may further include a fourth transmitting unit 1007 configured to transmit the indication of equivalence of the second credit card to the first network device.
  • the apparatus 1000 may optionally include a fifth transmitting unit 1008 configured to send the information on the binding to the first network device.
  • FIG. 11 illustrates a block diagram of an apparatus 1100 that may be embodied in/as a network device, e.g., the application server 110 (e.g., a shopping web server), a payment system (e.g., a payment controller) 120, a payment gateway 130, an ACS server 140, or a HGW (e.g., the HGW 150) shown in FIG. 1.
  • a network device e.g., the application server 110 (e.g., a shopping web server), a payment system (e.g., a payment controller) 120, a payment gateway 130, an ACS server 140, or a HGW (e.g., the HGW 150) shown in FIG. 1.
  • the application server 110 e.g., a shopping web server
  • a payment system e.g., a payment controller
  • a payment gateway 130 e.g., an ACS server 140
  • HGW e.g., the HGW 150
  • the apparatus 1100 may include one or more processors 1101, such as a data processor (DP) and one or more memories (MEM) 1102 coupled to the processor 1101.
  • the apparatus 1 100 may further include a transmitter TX and receiver RX 1103 coupled to the processor 1101.
  • the MEM 1102 may be non-transitory machine readable storage medium and it may store a program (PROG) 1104.
  • the PROG 1104 may include instructions that, when executed on the associated processor 1101, enable the apparatus 1100 to operate in accordance with the embodiments of the present disclosure, for example to perform one or more of the methods 300-600.
  • a combination of the one or more processors 1101 and the one or more MEMs 1102 may form processing means adapted to implement various embodiments of the present disclosure.
  • Various embodiments of the present disclosure may be implemented by computer program executable by one or more of the processors 1101, software, firmware, hardware or in a combination thereof.
  • the MEM 1102 may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory terminal devices, magnetic memory terminal devices and systems, optical memory terminal devices and systems, fixed memory and removable memory, as non-limiting examples.
  • the processor 1101 may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors DSPs and processors based on multicore processor architecture, as non-limiting examples.
  • the present disclosure may also provide a memory containing the computer program as mentioned above, which includes machine -readable media and machine-readable transmission media.
  • the machine-readable media may also be called computer-readable media, and may include machine-readable storage media, for example, magnetic disks, magnetic tape, optical disks, phase change memory, or an electronic memory terminal device like a random access memory (RAM), read only memory (ROM), flash memory devices, CD-ROM, DVD, Blue-ray disc and the like.
  • the machine-readable transmission media may also be called a carrier, and may include, for example, electrical, optical, radio, acoustical or other form of propagated signals - such as carrier waves, infrared signals, and the like.
  • an apparatus implementing one or more functions of a corresponding apparatus described with an embodiment includes not only prior art means, but also means for implementing the one or more functions of the corresponding apparatus described with the embodiment and it may include separate means for each separate function, or means that may be configured to perform two or more functions.
  • these techniques may be implemented in hardware (one or more apparatuses), firmware (one or more apparatuses), software (one or more modules), or combinations thereof.
  • firmware or software implementation may be made through modules (e.g., procedures, functions, and so on) that perform the functions described herein.
  • Example embodiments herein have been described above with reference to block diagrams and flowchart illustrations of methods and apparatuses. It will be understood that each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by various means including hardware, software, firmware, and a combination thereof. For example, in one embodiment, each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations can be implemented by computer program instructions.
  • These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Des modes de réalisation de la présente invention ont trait à des procédés, des appareils et un programme d'ordinateur pour fournir un service de paiement sécurisé. Un procédé dans un premier dispositif de réseau comprend la réception d'une demande de paiement indiquant des informations d'identité et de paiement d'un utilisateur ; en réponse à la demande de paiement authentifiée comme étant valide, l'envoi à une passerelle résidentielle d'un jeton de paiement indiquant les informations d'identité et de paiement de l'utilisateur, la passerelle résidentielle étant liée à une première carte de crédit de l'utilisateur ; la réception d'informations sur une seconde carte de crédit depuis la passerelle résidentielle ; et l'autorisation du paiement au moins sur la base d'une équivalence des première et seconde cartes de crédit. Des modes de réalisation de la présente invention peuvent fournir une manière sûre et pratique de payer directement avec une carte de crédit.
PCT/IB2018/000466 2017-03-13 2018-03-05 Procédé et appareil de paiement sécurisé Ceased WO2018167575A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710146540.4A CN108573373A (zh) 2017-03-13 2017-03-13 用于安全支付的方法和装置
CN201710146540.4 2017-03-13

Publications (1)

Publication Number Publication Date
WO2018167575A1 true WO2018167575A1 (fr) 2018-09-20

Family

ID=62152587

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/000466 Ceased WO2018167575A1 (fr) 2017-03-13 2018-03-05 Procédé et appareil de paiement sécurisé

Country Status (2)

Country Link
CN (1) CN108573373A (fr)
WO (1) WO2018167575A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111210210A (zh) * 2020-01-07 2020-05-29 贵阳货车帮科技有限公司 支付数据处理方法、装置及电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090070229A1 (en) * 2007-09-10 2009-03-12 Amir Ansari Device and a method for ordering product at a premises via an integrated multimedia service system
WO2011127177A2 (fr) * 2010-04-09 2011-10-13 Visa International Service Association Système et procédé pour valider des transactions de manière sécurisée
US20120173431A1 (en) * 2010-12-30 2012-07-05 First Data Corporation Systems and methods for using a token as a payment in a transaction
US20140058938A1 (en) * 2012-08-27 2014-02-27 Guy LaMonte McClung, III eWallet choice

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7566002B2 (en) * 2005-01-06 2009-07-28 Early Warning Services, Llc Identity verification systems and methods
US20140156531A1 (en) * 2010-12-14 2014-06-05 Salt Technology Inc. System and Method for Authenticating Transactions Through a Mobile Device
CA2724297C (fr) * 2010-12-14 2013-11-12 Xtreme Mobility Inc. Methode et systeme d'autentification de transactions au moyen d'un appareil portatif
CA2886182C (fr) * 2012-11-20 2018-01-16 Ebay Inc. Environnement et procedes pour permettre des transactions electroniques
CN104683286B (zh) * 2013-11-27 2018-01-02 中国银联股份有限公司 安全性信息交互系统及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090070229A1 (en) * 2007-09-10 2009-03-12 Amir Ansari Device and a method for ordering product at a premises via an integrated multimedia service system
WO2011127177A2 (fr) * 2010-04-09 2011-10-13 Visa International Service Association Système et procédé pour valider des transactions de manière sécurisée
US20120173431A1 (en) * 2010-12-30 2012-07-05 First Data Corporation Systems and methods for using a token as a payment in a transaction
US20140058938A1 (en) * 2012-08-27 2014-02-27 Guy LaMonte McClung, III eWallet choice

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111210210A (zh) * 2020-01-07 2020-05-29 贵阳货车帮科技有限公司 支付数据处理方法、装置及电子设备

Also Published As

Publication number Publication date
CN108573373A (zh) 2018-09-25

Similar Documents

Publication Publication Date Title
US10769264B2 (en) Systems and methods for authentication via bluetooth device
US10311222B2 (en) Systems and methods for authenticating a user based on a computing device
US11323815B2 (en) Graphical user interface indicator for broadcaster presence
US9154555B2 (en) Device specific remote disabling of applications
US9900774B2 (en) Shared network connection credentials on check-in at a user's home location
US10152706B2 (en) Secure NFC data authentication
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
CN103975615B (zh) 用自动生成的登录信息经由近场通信登录
CN105190661B (zh) 使用媒体绑定的安全移动支付
KR101797887B1 (ko) 서비스 데이터를 처리하기 위한 방법, 사용자 단말기 및 서비스 단말기
US20150339659A1 (en) System And Method For Payment Credential-Based Mobile Commerce
US9544020B2 (en) NFC negotiated pairing
CN108369620A (zh) 用于基于地理位置的电子安全管理的方法和装置
WO2011128499A1 (fr) Procédé et appareil pour fournir un paiement automatisé
US20140279115A1 (en) Mobile payment using cloud computing
US20160098693A1 (en) Online purchase with mobile payment device and method
KR20180005653A (ko) 모바일 근거리 결제 방식의 데이터 전송을 위한 방법 및 사용자 장치
WO2018167575A1 (fr) Procédé et appareil de paiement sécurisé
US20240386417A1 (en) Using blockchain wallet for two-factor authentication
KR101294804B1 (ko) 2-채널 앱인증을 위한 인증앱 등록 방법 및 시스템
CN113626777B (zh) 身份认证方法、存储介质和电子设备
KR20120139859A (ko) 원격 호출 결제 방법 및 시스템과 이를 위한 원격호출장치와 가맹점장치
WO2020122948A1 (fr) Étalonnage de dispositif récepteur audio pour communications audio entre un dispositif diffuseur et un dispositif récepteur
KR20140089250A (ko) 스마트폰 기반의 증권 매매 시스템 및 증권 매매 방법
KR20150066664A (ko) 오티피토큰을 이용한 다중 채널 인증 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18724312

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18724312

Country of ref document: EP

Kind code of ref document: A1