CN102368325A - Network commercial transactions - Google Patents

Abstract

Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, where the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet).; Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases. In yet another embodiment, electronic billing information is used for authorization, auditing, payment federation, and other purposes.

Description

Network commercial transactions

The application is that the PCT international application no is that PCT/US2006/014801, international filing date are that April 19, China national application number in 2006 are 200680011140.2, are entitled as the dividing an application of application of " network commercial transactions ".

Technical field

The present invention relates to be used to carry out the networked transaction system and the method for online transaction.

Background technology

The how new possibility of management functions of relevant company and individual has been opened in the surge of networked computer system.For example; Be connected to the terminal user of network (for example internet); Via can carrying out financial transaction in the enterprising industry transaction of doing business of network so that buy service and/or commodity such as computing machine, PDA, portable phone or the like networked devices, or management functions or on network, carry out individual and conclude the business.The intrinsic problem relevant with online transaction is security, particularly when comprising money transfer, fund and/or finance, individual or other confidential information in the transaction.

The online transaction of many routines according to two kinds of differences but one of relevant model carry out.Two kinds of model transmits browser with the information that acts between the each side related in the processing transaction interfaces.In first model, businessman is via browser vending articles or service online.Term " businessman " provides the commodity of confession purchase and/or any entity of service in this general reference.Term businessman is not used for describing any specific commercial state or describes the special permission seller, only if specify.On the contrary, this term is usually described to provide and is supplied to buy or the commodity of sale and/or any seller or the entity of service.Term service supplier can exchange ground with term businessman in this article and use, and unless otherwise indicated, has identical implication.

In the online transaction of routine, businessman can have description, shows or otherwise provide the commodity of confession sale and/or the website of service.Usually through selecting product via browser interface, the hope of one or more commodity or service is bought in indication to the terminal user.Then, browser display allows the terminal user to select one or more type of payment and input to accomplish the transaction page or leaf of the information that this exchange needs.For example, can allow the terminal user to select type of payment, such as credit card (for example VISA, MasterCard, American Express or the like) and import Transaction Information, such as expiration of credit number, card or the like by the transaction page or leaf of browser display.The transaction page or leaf also can be to the end user query personal information, such as name, billing address, Shipping Address or the like.Then, the terminal user submits this information to and businessman handles the information submitted to.

In this first model, businessman is " having " website usually.That is, businessman's maintaining web is responsible for content, and receives and handle the Transaction Information that is provided by the terminal user.Businessman can open an account with the terminal user before the first time transaction carrying out, then when each terminal user carries out the transaction with businessman, and login and password access this account of setting up via the user.That is, the terminal user selects to be used for the login name and the password of subsequent session or transaction usually.After the terminal user had submitted to by transaction page or leaf institute information inquiring, businessman handles this information was enough to accomplish this transaction to guarantee this information.For example, businessman can guarantee the sufficient funds that credit number is effective and have the price that is enough to payment for merchandise and/or service.

Second model generally includes the third party transaction supplier of the part payment of handling transaction.Third party and terminal user and businessman form relation.Especially, the user can open with the third party can be through the above-mentioned login and the account of password access.For opening this account, the terminal user can provide individual and payment information (be terminal user the personal information of discerning the user can be provided and such as payment informations such as one or more credit numbers, expiration) to the third party.The terminal user also can open the electronic funds account through to the third party transaction supplier money being provided, and its remaining sum can be used for buying online commodity and/or service.Third party the file account information that provides by the terminal user and/or maintenance terminal user's remaining sum.

The third party also with businessman's opening relationships, wherein the third party handles the payment processes of transaction.Especially, when the terminal user with account asked transfer funds to be bought, the third party agreed to pay businessman.The availability of just on the website of vending articles and service, using third-party option can be informed through signal by businessman, and this option is provided.For example, when the website of user capture businessman also determines to buy, an option that uses the third party transaction supplier to pay this purchase is provided to the user.

When option that the terminal user selects to use the third party transaction supplier to pay purchase, terminal user's browser is redirected to the website that belongs to the third party transaction supplier.Then, the terminal user signs in to his/her account and selects to be used in the type of payment (for example credit card) in the transaction via login/password combination, or request transfers into fund the account of businessman from user's capital account.Suitably transfer accounts through the transaction supplier in case businessman confirms payment, businessman just can continue to transport the product bought or the service of being bought is provided to the terminal user.In second model, the third party is responsible for maintenance terminal user's individual and Financial Information and handles transaction.

Description of drawings

In the accompanying drawings, each the identical or parts much at one shown in each figure are by identical numeral.For clarity sake, each figure in and unmarked each parts.In the accompanying drawings:

Fig. 1 illustrates the block diagram that is used to carry out the networked computer system of online transaction according to an embodiment of the invention;

Fig. 2 illustrates the diagrammatic sketch that is used for starting and carrying out in online transaction the system and method for authentication according to an embodiment of the invention;

Fig. 3 illustrates the diagrammatic sketch of the system and method that is used to carry out payment negotiation, checking and/or proves according to an embodiment of the invention.

Fig. 4 illustrates the networked computer system that is used to carry out online transaction according to an embodiment of the invention, and wherein transaction is handled through the transaction software that is installed on the computing machine that is connected to network at least in part;

Fig. 5 illustrates the networked computer system that is used to carry out online transaction according to another embodiment of the present invention, and wherein transaction is handled through the transaction software that is installed on the computing machine that is connected to network at least in part;

Fig. 6 illustrates according to an embodiment of the invention being used to and carries out the networked computer system to the permission that is installed in the application program on terminal user's computing machine, and wherein licence obtains through online transaction;

Fig. 7 A illustrate according to exemplary embodiment be used for be used to set up and its system of secure communication to the network authentication mobile module;

Fig. 7 B illustrates and is used for when setting up secure communication channel using the system of mobile module to the network authentication user according to exemplary embodiment;

Fig. 7 C illustrate according to exemplary embodiment be configured to use mobile module to come systems of each different services of single-stage or multistage checking;

Fig. 8 illustrates according to the payment information of exemplary embodiment and the tripartite secure exchange of payment associating;

Fig. 9 illustrates all usages according to the business transaction subsystem of exemplary embodiment and bill demonstration;

The use that Figure 10 illustrates according to exemplary embodiment is used for confirming that which kind of payment provider should be used for the payment options and the rule of business transaction; And

Figure 11 illustrates Subscriber Identity Module (SIM) equipment that disposes the fire wall that when being used for business transaction, meets the radio network communication agreement of being set up according to exemplary embodiment.

Summary of the invention

Conventional online transaction is for example bought commodity on network and/or service is subject to the attack of security breaches, thereby causes losing individual, finance and/or other confidential information.In addition, in the network of trusted (for example internet) not, businessman and buyer all are in a side who gets into the risk of bad movable person's transaction so that do not support to negotiate a price.Traditional online transaction model also can require the file purchaser's of businessman confidential information, and can require them to handle the payment aspect of transaction.In addition, conventional online transaction model is difficult to use concerning the purchaser and produces generally not trading experiencing intuitively.For example, via the browser that uses chaotic and unmanageable login/password example, carry out conventional online transaction.

The applicant is familiar with and recognizes: can be convenient to simpler and safer online business transaction framework with entrusting to lower-level system (and away from browser and terminal user) by at least a portion of the transaction responsibility of businessman and browser handles in the conventional model.For example, can handle one or more transaction tasks by the operating system at one or two place of terminal user and businessman, wherein information can obtain safer protection.Through with in one or more task Embedded Operating Systems, can alleviate some burdens that the user transmits Transaction Information, thereby make experience more directly perceived and strengthen security.In addition, can alleviate businessman safeguards buyer's information, handles payment information and/or handles transaction.

The applicant further recognizes: can be more safer and technological easily than login/password model through exploitation, alleviate the problem that is associated with the identity of confirming the buyer.In one embodiment, the Subscriber Identity Module (SIM) of terminal user's that in a planned way issue through stored energy, relevant identity information provides relevant buyer's identity information, thereby produces still less chaotic and more direct buying experience.In addition, the embodiment among this paper otherwise not trusted or unsafe network (for example internet) go up and use SIM equipment, be provided as single-stage or multi-stage authentication and configured protocols, method, computing system and other mechanism.

The applicant further recognizes: use common uninterested third party to provide each transaction element of online business transaction to alleviate the risk that buyer and businessman are absorbed in.The business transaction system is provided in one aspect of the invention; Wherein first network entity provides the checking to buyer's identity; And the various network entity provides the checking of the user being paid the ability of purchase, so that be that stranger's businessman and buyer can conclude the business each other comparatively safely.

Other embodiment allows the tripartite security business transaction between businessman, consumer and the payment with responsive escrow account information businessman or the opaque mode of third party to be provided.In this embodiment, transmit payment token via the consumer between businessman and the payment provider.Do not control or obtain the mode of any sensitive account information of consumer, these payment token of encrypting or sign with businessman and other people.However, businessman still can verify the payment token of the ability of expression service that consumer payment provided and/or commodity assuredly.

In another embodiment, the electronics charging information is used for payment authorization, audit and other purposes.In this embodiment; Entities of various kinds (for example consumer, businessman, payment provider or the like) is provided with the machine readable electronic bill, and this machine readable bill is used for automatically asking and confirms to pay, creates transactions history, provides the more accurate description of the payment of service/goods and other purposes that are used for online business transaction.This charging information also can be used for the payment associating to each professional copartner's of this businessman single payment from the consumer.For example, this businessman can have and in business transaction, provide each professional copartner's of service and/or commodity contractual relation.The electronics charging information can comprise those part payments of between each copartner, distributing, do not need customer interaction or audit and payments mechanism separately so that the payment associating can automatically occur.

Among this paper the rule formulated by any amount network entity that comprises consumer, businessman, payment provider or the like of the use that provides or the constraint mechanism of coming to judge automatically business transaction.For example, the payment options of accepting by businessman can with the consumer can with payment options make comparisons.Based on these relatively, can only those options that are complementary be provided to the consumer.In addition, based on this comparison and/or based on other rule or constraint, can automatically select payment options.For example, the consumer can be based on the type of the trust restriction payment of setting up with businessman.The rule and/or the constraint of many other types of definite exercises that can in business transaction, occur also can be arranged certainly.

Embodiment

The conventional model that is used for networked business transaction concentrates on the browser as the interface that is used to ask and submit to individual and Financial Information between purchased person and businessman or the service supplier, regardless of being directly through businessman or via the third party transaction supplier.In first instance, businessman bears the pressure of creating and safeguarding the foundation structure that can inquire about, obtain, handle and handle individual and Financial Information that has certain minimum security level usually.In addition, businessman can be responsible for safeguarding account and the account information (generally including the individual and the Financial Information of secret) to each of its consumer.

The buyer must abandon personal information (for example name, address, telephone number or the like) and Financial Information (for example debit card and credit number and expiration, account No. or the like) is accomplished transaction.In certain rank, the buyer must believe businessman be honest middle man and only with information as being authorized, will be with good sincere the operation.Likewise, businessman must believe that the buyer is that he represents, and the payment information that is provided is associated with the terminal user who buys really.Possibly not exist businessman to confirm the reliable method of validity of buyer's identity and/or payment information.In the distributed networked environment, the buyer possibly trust the prestige of businessman, and this can limit the source that the buyer has a mind to conclude the business.Businessman maybe even be that good sincerity, sincere buyer low be sure of operation through the buyer.In the network of trusted not, this model possibly present excessive risk a side or both sides.

Even when between buyer and businessman, forming the trust of confirming and being worth, the database of storing the consumer information of being safeguarded by businessman also possibly be easy to receive assault, information stealing even otherwise can be the bad movable person in honest and the believable enterprise.The third party transaction supplier is easy to also receive that electronics is stolen, security breaches or the like influence.More complicated " spy " program makes the hacker can record keystroke and obtain the screenshot capture of the computing machine of evil in damaged condition, thereby makes the transaction based on browser be easy to especially stolen by electronics.Therefore, the buyer who carries out online business transaction according to traditional method and model possibly be easy to suffer propagation and unauthorized of its secret individual and Financial Information to use.

Each businessman that conventional business transaction model requires buyer and him to want to carry out business transaction with it usually sets up the account.Usually, the account is protected via login name and password and visits, thereby requires the buyer to manage a plurality of logins and password and safeguard which login/password combination is corresponding to which account.Some consumers possibly resort to its login/password combination is stored on their computing machine locally, or identical login/password combination is used for all accounts.Two kinds of trials managing a plurality of accounts all are easy to be stolen, assault and/or other security breaches.

For example, will obtain single login/password combination if steal through electronics, then the consumer is in the risk that his/her all account is damaged.Except the inherently safe risk relevant with the login/password example of routine, the buyer possibly find that account's login process is the trading experiencing of difficult usefulness.Especially, when the buyer needs, must sign in to the account and make transaction inconvenient, because the buyer must produce this information with one or another kind of mode before accomplishing transaction.In addition, through the third party transaction supplier, the buyer is redirected to third party transaction supplier's website from the website of businessman.This step is not directly perceived, and is trouble and confusion to the buyer at least.

The applicant is familiar with and recognizes: will in conventional model, entrust to lower-level system (and away from browser and terminal user) by at least some transaction responsibilities of buyer and browser handles and can be convenient to simpler and safer online business transaction framework.In one embodiment, handle one or more transaction tasks by the operating system at one or two place that is in terminal user and businessman, wherein information obtains safer protection.Through with one or more task Embedded Operating Systems, can alleviate some burdens that the user transmits Transaction Information, thereby make that experience is more directly perceived and strengthen security.In addition, can make businessman avoid safeguarding buyer's information, handle payment information and/or handle transaction.

The applicant further recognizes: it is safer and technological easily to compare login/password model through exploitation, can alleviate and verify user's the relevant problem of identity.Relevant buyer's identity information is provided by Subscriber Identity Module (SIM) card that stores the identity information plan issue, relevant terminal user in one embodiment.In another embodiment, through embedding or otherwise be coupled to the smart card that the buyer carries out the network equipment of online business transaction identification information is provided.Use various recognition devices based on chip or card to allow the buyer that his or her identity and particular device such as portable phone or networked computer are linked.

Term " in a planned way " and/or " automatically " are meant and need not action manual or that the operator participates in carrying out basically.Especially, planned or be meant the action that starts and/or carry out through one or more computer programs automatically.For example, it is planned to provide login and/or password information to provide identification information not to be regarded as through request user (for example buyer), because carry out movement content by the user.Yet program is sent identification information (for example SIM number, network address hardware ID or the like) and is not asked the action of user's input information will be regarded as planned.Notice that these automatic operations can realize through software or nextport hardware component NextPort.

The applicant further recognizes: each element of transaction of online business transaction is distributed in is convenient to business transaction safer on the untrusted network on the various network equipment.In one embodiment, identity supplier and payment provider, from terminal user, businessman separately and the various network entity checking support is provided during business transaction each other.Term " network entity " in this article refers to network and exists, and can be one or the combination of terminal user/buyer, identity supplier, payment provider, businessman or the like.Network entity can be present on the network via one or more network nodes.For example, a plurality of networked devices can be operated under the protection of single network entity, such as the identity supplier who utilizes a plurality of servers to carry out at line service, or are connected to the terminal user of network via cellular phone and personal computer.Network entity can be the enterprise such as bank or retailer, or such as terminal user's individual.

In one embodiment, each element distribution of online transaction separately with network entity independently on.For example, the identity supplier can businessman can be used for verifying that the form of the identity token of buyer's identity provides identity validation.Identity token can comprise one or more identity documents of terminal user.Can be based on the identity information that provides by terminal user/buyer, such as from the user number of SIM, the network address (for example NIC (NIC) sign, worldwide name (WWN) or the like), log-on message or the like, send identity token.Similarly, the form that payment provider can payment token provides the checking to the ability of terminal user's payment.In addition, on behalf of the buyer, payment provider can handle payment transaction, buys commodity and/or service to repay from businessman.Said frame especially allows in the untrusted network environment, to carry out online business transaction with relative trust as stranger's buyer and businessman, as further said in detail in each exemplary embodiment that provides hereinafter.

In addition, an embodiment provides in online or the retail environment in the tripartite secure communication between businessman, consumer and the payment provider during the business transaction of buying service and/or commodity.As will discuss ground more in detail hereinafter, payment token passes to businessman from payment provider via the consumer.These payment token provide the proof of the ability of consumer payment service and/or commodity through allowing businessman directly to the authenticity of payment provider checking token.Although these payment token are discerned the payment authorization of service and/or commodity uniquely, the sensitive information of the relevant consumer's of being used for escrow account both had been not included in token, also can be otherwise encrypted so that invisible to businessman.Therefore, consumer's sensitive information is opaque to businessman, thereby even when allowing the consumer between them, to have insincere the relation, also can buy article relievedly from businessman.In addition; Because businessman can be to the direct validation of payment token of payment provider; Therefore businessman can be that the capable consumer who pays these services and/or commodity sends article relievedly, and need not safeguard relevant consumer's Financial Information (for example credit number, account information or the like).In addition, because payment provider can be verified the authenticity from consumer's payment token, so payment provider can be to businessman's transfer funds relievedly, thereby accomplishes tripartite security business transaction.

As previously mentioned, other embodiment that are used for the framework that this paper provides are with the safer subsystem (for example operating system) of part trade give-ups to computing equipment.This advantageously allows many performances, comprising: be used to allow the valid application program that the abstract model that online business transaction is experienced in the band is provided; The swindle of type protection in addition; The bill that is used to examine, pay associating and other payments or verify purpose is captured and is appeared; The ISP's code that is used for other security and businessman's dedicated functionality is carried out; Multi-stage authentication; And other characteristics.For example, some abstract models allow legal and other application programs provide on-line purchase and paying ability to the user, directly in application program, take place as these transaction, although the part business transaction is carried out outside band.Example comprises: catalogue buy (for example Amazon, Sears or the like), directly buy from the content of multimedia in the multimedia application, with test model downloaded software/recreation and through payment model release automatically in the band they, allow to support service, such as Short Message Service of passing through Email or the like based on subscribing.

In addition, in another embodiment, framework is captured and is presented the electronic account in above-mentioned tripartite safety (and the other) business transaction, as the mechanism that will be used for other checking, audit, payment associating and other purposes hereinafter in greater detail.In addition; Through business transaction being transferred to the safer part of subsystem; Other embodiment allow businessman on machine, to move private code (for example other user rs authentication, payment rule/mechanism, user experience or the like), and trusting these codes simultaneously will can assault or damage.Certainly, like more detailed said ground hereinafter, the applicant has further recognized other favorable characteristics through using at this abstract model that provides.

In another embodiment, the applicant also provide a kind of use mobile module safety to transmit and authenticating identity with to the paying ability of various different services total system and agreement.For example, can use Subscriber Identity Module (SIM) (or other similar mobile modules) to come in multistage verification environment to service or server authentication user and/or equipment.In this embodiment, with the irrelevant network of the network mobile foundation structure that is used for mobile module on authentication mobile module (and even maybe terminal user).Therefore, this system confirms to have mobile module through to the effective escrow account of mobile foundation structure authentication.This uses existing security protocol (for example WS-authentication, WS-safety and other similar agreements) to set up the secure communication with the computing equipment that is connected to mobile module and service (for example Web service (WS)).This secure communication also can be used for through the exchanges data authenticated between other agreements and mobile module and the mobile foundation structure-more describe ground in detail like hereinafter.In addition, other embodiment provide from moving the agreement and the state machine of the abstract computing equipment of foundation structure (being used in the communication on the separate network).Therefore, mobile module itself becomes portable terminal and computing equipment becomes peripherals, thereby meets current wireless standard, such as 3GPP (third generation partner program).

Fig. 1 illustrates the block diagram of the business transaction system 100 that is made up of a plurality of network nodes, and these network nodes comprise: terminal user (buyer) computing machine 110, merchant computer 140, identity supplier's computing machine 120 and payment provider computing machine 130.Each of above-mentioned node can comprise the one or more computing equipments via network 105 interconnection.Should recognize: terminal user's computing machine, businessman 140, identity supplier 120 and payment provider 130 can be associated with the network entity such as individual, company or enterprise.For example, terminal user's computing machine 110 is associated with the individual that this computing machine of employing visits the resource on the network usually, and merchant computer 140 can with commodity are provided and/or the company of service is provided or enterprise related.The one or more computing equipments that form each the above-mentioned parts in the business transaction system 100 can be used as entrance, computing platform and/or the carrier operation of related network entity at this network communication.

Notice that although can in the on-line purchase environment, be described in the embodiment that this provides, these embodiment also can be used in and sell directly to households in the transaction.For example, the above and following description of business transaction can be applied to the consumer and buy product at retail shop, wherein uses payment, identification, authorizes and other embodiment.Therefore, the embodiment that online experience is used for describing this paper only is used for the example purpose, and is not intended to limit or the scope of the embodiment that otherwise narrows down, only if explicit state is arranged in addition.

Notice that network 105 can be any kind network in any kind configuration of interconnection and the allowing node communication that is connected to this network.Node or equipment can connect via copper (for example type 5) cable, optics, wireless or its combination in any is connected to network.Can use such as any low level protocol of Ethernet and/or such as any information protocol of TCP/IP and transmit information.Network 105 can have the equipment of any amount that is attached thereto, and can be to trust (for example Intranet) or untrusted network (for example LAN/WAN, internet or the like) or both combinations.The computing machine that is connected to this network can be the equipment of any type, includes but not limited to or the combination in any of mobile phone, desk-top computer, tablet personal computer, server, workstation or the like.

Fig. 2 illustrates the diagrammatic sketch that is used for starting and carrying out in online transaction the system and method for authentication according to an embodiment of the invention, and Fig. 3 illustrates the diagrammatic sketch that is used for carrying out in online transaction the system and method for payment negotiation, checking and/or proof according to an embodiment of the invention.Can use these methods to carry out the online transaction between terminal user/buyer and the businessman alone or in combination.In following description,, do not do differentiation between network entity and the associated network equipment thereof only if specifically note.For example; " identity supplier " is commonly used to the identity supplier is described as entity (for example bank, government organs, agency or the like); And be described as the computing equipment that this entity is used for carrying out various types of network functions, such as the authentication that the terminal user is provided or otherwise represent physical operation.

Terminal user's computing machine 110 can place an order 242 with businessman 140.Order 242 can be any expression that the terminal user wants to buy from businessman 140 one or more commodity and/or service.In addition, order 242 can be selected commodity or service and produced by the Web browser that the terminal user resides in the page on the merchant web site via demonstration, or can be by selecting option from the application program of local runtime and produce, like more detailed said ground hereinafter.As the example of first instance, commodity and/or service that businessman 140 can provide a website to show or sell that it provides maybe can provide the line directory of commodity.Order 242 can be the expression that the terminal user wants to buy from businessman 140 any kind of one or more commodity and/or service.

As the example of second instance and as the replacement scheme of selecting one or more commodity and service from the website of businessman, order 242 can be derived from application program or other programs of terminal user's computing machine 110 this locality.For example, the terminal user can create via word-processing application, generation or Edit Document, uses demonstration applications design lantern slide and/or uses the Flame Image Process application program processes to be used for the image or the figure of placard or brochure.Application program can comprise the option under the print menu, and these imaginations allow for example, to be utilized local disabled printing feature, or otherwise adopted professional print service by third party's document printing.When selecting this option, application program can send to businessman 140 with order 242 via network.It will be appreciated that order 242 can be any expression of buying any commodity and/or service, because each side of the present invention is not limited to this point.

In response to order 242, but the 140 requesting terminal users 110 of businessman provide terminal user's identity and/or terminal user's the expression (step 205) of his checking claimed really.For example, any information in the source of relevant order 242 possibly not known by businessman 140, and possibly need relevant terminal user identity information and/or guarantee that the terminal user does not deceive his/her identity.In addition, businessman 140 can send notice or the expression that requires payment services, and requires to provide payment token.For obtaining payment token, be necessary at first to set up identity, like more detailed said ground hereinafter via identity token.In either case, terminal user 110 can respond the request of businessman 140 through the service (step 215) of supporting identity supplier 120.

For obtaining identity token, terminal user 140 provides identity information to identity supplier 120.Identity information can comprise any information that the terminal user that identity supplier 120 can be distinguished utilize terminal user's computing machine 110 and identity supplier possibly provide the various other-end users of service to it.For example, identity information can comprise and the hardware associated unique identification of terminal user's computing machine 110 symbol.In one embodiment, identity information provides through the SIM that sends the unique identifier of this user.Identity information can comprise the unique hardware number of the NIC (NIC) that terminal user's computing machine 110 is provided, worldwide name (WWN) or other network addresss of terminal user's computing machine 110; Or any other means that can identification terminal subscriber computer 110, comprise login name/password combination that (in certain embodiments) set up.

Identity supplier 120 uses identity information to locate the identity documents that is associated with the terminal user.For example, identity supplier 120 can comprise that storage is about a plurality of terminal users' the identity information and the database of voucher.Identity information can be used to index in the database to obtain correct identity documents.Identity supplier 120 can be the entity of any kind.For example, identity supplier 120 Subscriber Number that can be to use the SIM by the terminal user to provide is located the mobile telephone company of suitable identification information.In one embodiment, Subscriber Number is used to when the mobile phone of subscribing employing SIM technology or other equipment, the information that location and acquisition are provided by the terminal user.Identity supplier 120 can be bank, government bodies (such as motor vehicle register office (RMV)), or the identification information that is associated with the terminal user of maintenance or any other mechanism of voucher.

In response to the identity information that is provided by the terminal user, identity supplier 120 provides identity token (step 225) to the terminal computer 110 of authentication that relevant terminal user is provided and/or voucher.Identity information can be that another network equipment can be used for the electronic information of any kind of authentication, checking and/or definite terminal user ID.For example, identity token can comprise terminal user's identity documents.Identity documents can include but not limited to any one of name, address, birthday, address, telephone number, e-mail address or the like or make up.

Identity token can comprise the electronic signature from identity supplier 120, thereby proves that this identity documents is correct.In this way, businessman and/or payment provider can be trusted third party's (being the identity supplier) of no interest relations, rather than terminal user's representative arbitrarily.But crypto identity token before on network, transmitting, and deciphering when receiving, so that prevent eavesdropping on the network by the expectation network equipment (for example businessman, payment provider or the like, as more detailed said ground) hereinafter.In other embodiments, payment token only is the voucher of terminal user ID, and not subsidiary identity information.

Identity supplier 120 can be sent to terminal user's computing machine 110 with identity token, so that be transmitted to businessman 140 (step 235), and/or identity supplier 120 can directly be sent to businessman 140 with identity token.Then, businessman 140 can to handle identity token then be the people that he claims with identification terminal user and/or verification terminal user.Identity token can be used for authentication possibly influence some information of terminal user transaction, relevant.For example, businessman 140 can provide and require the terminal user to be in the service at a certain age.The identity documents that transmits with identity token can be used to guarantee that the terminal user is in the suitable age and satisfies this requirement.Businessman 140 can be to as the regular guest, or receives the specific end user discount offered of reward voucher, sales promotion or the like.Businessman 140 can the index end-user database comes based on the identity documents that is provided, and confirms that whether qualified the terminal user or should special disposal.

Can be randomly, businessman 140 can be through sending to request identity supplier 120, and identity token (step 245) is confirmed in request.The request that is used to confirm identity token can comprise identity information is forwarded to identity supplier 120 from businessman 140.After the request of confirmation of receipt identity token, identity supplier 120 can confirm this identity token, and whether the token that determines one's identity thus is true.Then, identity supplier 120 can be transmitted to businessman 140 (step 255) with the expression of the authenticity of identity token.Selectively, businessman 140 self can confirm identity token (step 265) (for example effectively or otherwise handling this token through the supposition identity token) simply.Can be randomly; To respond from businessman 140 and return to terminal user's computing machine 110; Wherein, whether effectively response can comprise identity token message, any feasible discount or the message of sales promotion and/or the message of any other type, because present invention is not limited in this respect (step 265).

Businessman 140 treated identity token and/or received the affirmation of identity tokens from identity supplier 120 after; But businessman 140 requesting terminal users provide the checking or the affirmation of paying ability, and/or provide the terminal user to hope the expression of payment for merchandise how or service.Request (step 305 among Fig. 3) can be made through the payment token request by businessman 140.In response to the payment token request, terminal user's computing machine 110 can obtain the service of payment provider 130.Payment provider 130 can with the finance of safeguarding relevant various terminal users and the third party of payment information, be associated such as the third party broker of financial institution or processing financial affairs and payment process.

Terminal user's computing machine 110 can be through identity token being sent to payment provider 130, from payment provider request payment token (step 315).Perhaps, the terminal user can use and the similar fashion that combines identity supplier 120 to describe (promptly through identifier is provided, such as SIM user number, NIC address and/or use login/password combination), asks payment token through signing in on the payment provider 130.Should recognize: the terminal user can use other mode request payment token, because present invention is not limited in this respect.In addition, the terminal user can send the relevant information of buying, such as price and the character bought, so that payment provider can the verification terminal user can be paid.Yet it is essential providing and buying INFORMATION IS NOT, because it possibly be unnecessary or can in the subsequent step of transaction, handle.

Payment provider 130 is handled identity token (or identifier that other provided) to locate relevant terminal user's information.For example, payment provider 130 can be based on the identity documents visit payment information database that transmits with identity token.Payment provider 130 can confirm that what paying ability and option are that the terminal user who is discerned owns.Then, but payment provider 130 verification terminal users have the ability of payment, and generate payment token and send it to terminal user's computing machine 110 (step 325) as response.Payment token can be represented terminal user's paying ability and/or the proof that payment provider 130 is ready the transaction of GC group connector user processing.Then, terminal user's computing machine 110 can be forwarded to businessman 140 (step 335) with payment token.

Businessman 140 handles payment token, so that businessman 140 be sure of that the terminal user can payment for merchandise or service (step 365).For example, businessman 140 can require payment provider 130 confirm payment token (step 345,355) but or self confirm simply its (step 365) (for example through the supposition payment token effectively or otherwise handle this token).Then, businessman 140 begins commodity and/or service are offered terminal user's process.Because payment provider 130 can be the third party of no interest relations, businessman 140 can be regarded as payment basically with payment token, and needn't wait for till handling this transaction fully.

When businessman in traditional Trading Model directly concluded the business with the terminal user, businessman possibly must guarantee that the payment information that is provided by the terminal user is correct and enough.For example, the credit number that businessman possibly provided through access operation, with inquire about this number whether effectively, this card whether effectively, whether have enough funds and/or this card whether correctly to be associated with the identity that provides by the terminal user.If some information are defective, then possibly have to cancel, stop or drop the business.In addition, the terminal user feel to conclude the business accomplish and do not visit again this network and/or do not visit again the website or the like of businessman after, transaction stops and possibly take place.

Businessman must notify the terminal user existing problems of should concluding the business then, and the terminal user will have to once more the line footpath this conclude the business correction problem (, specifying to have different cards of enough funds or the like) for example through correctly importing payment information.In some instances, possibly not notify the terminal user, and this business transaction is accomplished never.

Among the described in this article different embodiment because remove correct, the enough funds of non-end-user payment information can with and/or supplier's proof payment token will not be sent in GC group connector user payment, so businessman's continuous business immediately.Any defective in the transaction can be discerned and solve in real time, is to satisfy expection so that all each sides can relatively be sure of to accomplish about transaction.

In addition, but (for example handle credit card, account transfer or the like) because the payment provider processes financial transactions, businessman can be in order to avoid set up and safeguard and for example handle credit number or otherwise handle payment process and the required foundation structure of funds transfer.In some cases, payment token be operating as payment provider can be through remittance or through transmit the assurance of specified fund to businessman's EFT.Payment token also can be the assurance of paying through non-electronically, sends check or other negotiable instruments such as promising to undertake to businessman.

See that from the viewpoint of businessman business transaction has basically no risk,, therefore be not easy to swindled, fool and take advantage of and even the ignorant mistake when individual and Financial Information are provided because terminal user's identity and payment verification are handled by the third party.Therefore, businessman possibly more be willing to be intended to carry out online business transaction with unknown end-user on the untrusted network.See from terminal user's viewpoint, individual and Financial Information belong to safeguard this information and/or terminal user with the entity of its opening relationships.The individual and the financial terminal user profile of secret needn't offer businessman, thereby reduce the weakness that confidential information is misapplied or usurped.Therefore, the terminal user possibly more be ready to carry out business transaction with unknown businessman, and needn't worry whether businessman is credible.

In some conventional business transaction models, identity information and payment information are imported by the user, and are handled by third party or businessman.As stated, these models are that difficulty is used, deficiency and consuming time to the user.In addition, the conventional model security and the businessman that present relevant terminal user's security information is subject to swindle and/or the terminal user is prone to take place the variety of issue of payment fault.The applicant recognizes: the business transaction software that each of the computing machine that in various business transactions, utilizes is installed can reduce or eliminate the problem about safety and swindle.In addition, can be through many actions of handling by terminal user and businessman in the conventional model of business transaction software executing, thus make transaction more simply and more directly perceived to the terminal user.

Fig. 8 illustrates a tripartite secure communication that more aforesaid characteristics are used for during business transaction, setting up and an example of various confidence limits.More describe ground in detail like hereinafter, this model allows single or subscribes payment and the payment associating, so that the more payment of little company can be assembled by service or businessman, thereby allows the single bill of consumer payment.Shown in the way, distributed system 800 is configured to be convenient to the business transaction between consumer 810, businessman 830 and the payment provider 805.Payment confidence limit 815 was opened businessman 830 in 805 minutes with consumer's 810/ payment provider, so that between payment provider 805 and consumer 810 or consumer's computing equipment (any one that promptly use available mechanism described in this paper suitably discerned or self verifies the consumer to payment provider), have trusting relationship.Therefore, consumer 810 can utilize this trusting relationship to come the payment to businessman 830 of various types of payments and various authorization of service.

For example, suppose that businessman 830 requires prepayment consumer 810 to want the product of buying (for example requiring the consumer goods of prepayment, like automobile, computing machine or the like).Yet before the request payment authorization, described in this paper, the user of consumer's 810 computing equipments can require suitably to verify.As long as authentification of user, consumer's 810 computing equipments can suitably be asked payment provider 805 payments through any different mechanisms described in this paper.For example, consumer 810 can provide by consumer 810 computing system signature or other solicited messages of encrypting to payment provider.This authentication the suitably request (that is, the user has advance account, line of credit or other escrow accounts, such as the mobile subscriber who is described below) of the affirmation of paying ability of account owner's (being the consumer).If payment token is then sent in success, reserve the fund that is used to guarantee payment then.Usually by payment provider (the for example mobile network's server described in this paper) signature and/or otherwise encrypt this payment token, and be delivered to consumer's 810 client computer.Consumer 810 sends back businessman 830 with this payment token, and businessman 830 is to this token of payment provider checking, and if success then accomplish this order.

In case prepare to send article (for example having established goods for consumption), businessman 830 just can use this reservation payment token to ask payment provider 830 payments.Notice that the amount of money that is used for Payment Request can be different from the amount of money of being reserved.However, payment provider 805 is verified and is returned payment response to businessman 830 and/or consumer 810.If checked and approved, then businessman 830 can transport (perhaps providing) this order to consumer 810, and its payment is provided.On the other hand, if the refusal to pay or require further user interactions, then what action businessman 830, payment provider 805 and/or consumer 810 can select to take.For example, if do not mated with the fund of reserving by the amount of money of businessman's 830 requests, then the new amount of money can requesting consumption person 810 be authorized by payment provider 805 and/or businessman 830.In addition, payment provider 805 can require to authorize user's input of transfer funds, no matter the payment of reserving and asking has any variation.Certainly, also can conceive other actions and the process that is used to accomplish business transaction at this.

Notice that subscribe article although above-mentioned tripartite secure payment mechanism is used for buying, single payment also can be applied to other services and/or commodity.For example, single payment mechanism can be applied to prepare downloaded software program immediately.Selectively or together with ground, but the programs at different levels that the single payment release is downloaded (for example student's version, expert's version or other independent functional).In fact, will recognize that above-mentioned single payment can be used for various dissimilar purchases, a part is with slightly improved form of payment.

For example, suppose that consumer 810 wants to set up reservation to continue service (for example newspaper or subscription, film reservation, game application or other expire payable at sight commodity and/or service) with businessman 830.Therefore, businessman 830 will be to consumer's 810 inquiry payment token, and consumer's 810 client computer can be authorized the user interactions to continue with request thus, described in this paper.Similar with preceding text; Consumer 810 signs or otherwise encrypts Payment Request (for example using the electronics charging information, as mentioned below) and this request is sent to payment provider 805 (the for example third party of mobile operator, credit card company, prepayment or other types service or the like).This request of this authentication and verifying account holder (being consumer or client) have enough initial funds.If success is then sent, signed and/or encrypts payment token, and returns to consumer's 810 client computer, this client computer is returned the payment token transmission and is subscribed businessman 830.Businessman 830 verifies the affirmation of token then and accomplishes to subscribe and is provided with.

Notice that payment token is stored in businessman 830 usually, and when subscribing payment, regularly use by payment provider 805 requests.Therefore, when handling the reservation payment, businessman's 830 retrieval payment token also send it to payment provider 805, are used for payment and settlement.Payment provider 805 is verified and is returned payment response to businessman 830 and/or consumer 810.Permit response if return, then subscribe businessman 830 and will pay the runtime next payment provider 805 account and ask and receive payment.Yet if Payment Request is rejected, payment provider 8705 and/or businessman 830 can suitably respond.For example, businessman 830 (or payment provider 805) can get in touch (for example via e-mail) with user or consumer 810, informs that they do not pay off payment.Consumer 810 can carry out aforesaid single payment then, or through same or different payment provider 805 another reservation payment is set.Certainly, businessman 830, payment provider 805 and/or consumer 810 can have other rules or the requirement that is used to handle these and other payment authorization, like more detailed said ground hereinafter.

Shown in preceding, a plurality of business partners that other embodiment allow 810 of single consumers to pay to have contractual arrangement or the associating of subsidiary company.Ordinary business practice relation is complicated, and requires to divide the various services that pairing provided in the specific enterprise model and/or the payment of commodity.For example, when from travel agency's 830 purchase tourisms, can be consumer 810 package deal is provided, comprise that flight arrangement, hotel stay, passport is served or the like.Therefore, the businessman 830 that contracts out many these services and/or commodity usually must preserve the itemized account of these business transactions, so that its business partner is carried out suitable payment.For alleviating the complicacy of these record keeping and other tasks, the embodiment among this paper provides automatic payment associating based on each transaction business partner in the particular type relation.

For example, automobile leasing service (for example business partner " A " 820) can require businessman's 830 payments, as the part of bundle sale holiday.Insurance company's (for example business partner " B " 825) can be based on each transaction fee to businessman's 830 charges.Based on business partner confidence limit 835, when businessman 830 is carried out single payment, can payment automatically be formed an alliance with each business partner (for example " A " 820 and " B " 825).In other words, 805 pairs of businessmans of consumer 810 or payment provider 830 carry out single payment, yet can suitably pay all subsidiary companies that have according to the business relations of the confidence limit of business model 835.Notice that this payment will depend on electronics record keeping report usually, like more detailed said ground hereinafter.More specifically, the various piece that is used to capture, appears with the electronic bill of other purposes can should be joined to each business partner corresponding to what part of payment.In addition, can sign and/or encrypt these parts each so that the customizing messages of relevant payment to consumer 810, payment provider 805 or as by the different business partner 820 of different trust boundaries 815,825 definition, be opaque between 825.

Note,, also have other business relations that can use this embodiment although described above-mentioned payment conjunctive model with respect to travel agency's experience.For example, make up the article with a plurality of parts of buying through different suppliers company, buy be used for the material of these products and the product supplier who pays based on each article, based on the payment or the binding of the media product of each sales payment royalty or can otherwise calculate and the business model of any other type that business partner is paid also can be used said embodiment based on each article.Likewise, each embodiment that travel agency is used for describing this paper only is used for the example purpose, and is not intended to limit or narrow down said embodiment.

Fig. 4 illustrates the networked computer system that is used to handle business transaction according to an embodiment of the invention.Networked computer system 400 can be similar with computer system 100 shown in Figure 1.Yet in Fig. 4, each computing machine in the system 400 comprises the local business transaction software of installing 485.Especially, terminal user or consumer's computing machine 410, identity supplier 420, payment provider 430 and businessman 440 comprise business transaction software 485a-485d respectively.The business transaction software that is installed on each computing machine in the system can be identical locally, or can customize certain computer in view of computing machine role (being that computing machine is operating as terminal user's node, businessman's node, identity supplier's node, payment provider node or the like or some above-mentioned combinations) in transaction.In either case, with each installation be configured to other networked computers on fabricated section communicate by letter so that carry out online transaction.For example, can with each fabricated section be configured to networked computer on fabricated section communicate by letter so that execution graph 2 and/or method shown in Figure 3.

In one embodiment, the local business transaction software 485a that installs can create the identity token that utilizes terminal user's computing machine 410 identification terminal users on identity supplier 420.In addition, the business transaction software 485a on the identity supplier 420 can be transmitted to terminal user's computing machine 410, payment provider 430, businessman 440 and/or any other computing machine with this identity token, because present invention is not limited in this respect.Can respond the expression of between terminal user and businessman, carrying out online transaction at the local business transaction software 485b that installs on terminal user's computing machine 410, send identity information (so that identification terminal user).This locality is installed in the payment token that the business transaction software 485c that is installed on the payment provider 430 can receive identity token and the ability that generates verification terminal user payment (for example payment token) online transaction.This locality is installed in the checking of the ability that the business transaction software 485d that installed in the businessman 440 can the receiving terminal user so that before proceeding online transaction, pay.

In one embodiment, each computing machine in the system 400 uses the local fitting operation of identical or similar operation system 495.For example, each computing machine in the system 400 can use Microsoft

Operational System Control.Business transaction software 485 can be the subsystem of operating system.In this way, each computing machine that is used in the business transaction is communicated by letter with the known mode of making peace.Because the direct communication and handle affirmation, checking and security on network of business transaction software, so the terminal user needn't know relevant any information each other with businessman, and the more important thing is and needn't set up any trusting relationship.In addition, because some part of transaction handled by operating system,, and do not need obscuring and the usually participation of difficulty of terminal user so most of transaction can invisibly be carried out the user basically.

Through on each computing machine, having business transaction software, various encryption technologies can used information during a computing machine is sent to another.In addition, can be included in effective other security feature in the finite time cycle, such as identity token and/or payment token.For example, identity token can comprise the time component of fixed time, and it is invalid that any assembly that after this time, receives and handle token should be regarded as, and this token is regarded as the checking of identity and/or payment.The business transaction component software can in a planned way be handled any time limit relevant with token.This can prevent through from obtain token in inappropriate use of time " fishing " after a while.

Should recognize: business transaction software needs not to be the part of operating system, but can be any local program or the package of the computing machine of the business transaction participating on network, communicating with one another.For example, business transaction software can be the application program by third party's exploitation, and it can install on computers with operation on the operating system that is installed on the computing machine or operation with having no truck with.Can application deployment be become any one or combination operation with operating system, so that can use the computing machine or the equipment of extensive performance and configuration, and be not limited to any specific operating system, processor, instruction set or the like.

Fig. 5 illustrates the business transaction of being initiated by the terminal user who selects one or more required commodity and/or service, and the transaction part of wherein buying is at least in part by the transaction software subsystem processes of a part that is distributed as each operation system of computer of participating in one or more transaction.The terminal user who is connected to network 505 through terminal user's computing machine 510 can run application 555.Application program 555 can be the browser that shows the enterprise web site that commodity or service are provided.Application program 555 can provide the application program of the option of participating in online transaction, such as the Flame Image Process edit routine that allows user's steers image.

The terminal user can select one or more commodity or service to buy via application program 555.For example, the terminal user possibly hope to make the image through editor professionally to be printed on the photographic quality paper.Application program 555 can comprise this option under print menu.Printing Qptions can generate when being selected lists all available Printing Qptionses, comprises the window or the dialog box of the service that can on network, use.For example, Printing Qptions can be listed ISP 540a, 540b, 540c, as the option that is used to provide print service.When the user selects one of ISP, can start aforesaid online business transaction.Especially, service supplier can the requesting terminal user provide identity token.As response, application program 555 (or embedding the application program in the business transaction software 585) can generate the dialog box or the interface of listing available identity supplier.For example, like more detailed said ground hereinafter, dialog box can be listed identity supplier 520a, 520b, 520c, can select to handle the possible identity supplier of authentication as the user.

Fig. 9 illustrates in the compartment system and according to the use of the commercial subsystem of the trusted of exemplary embodiment and other characteristics.As shown in, the local computing devices 920 in the distributed system 900 are configured to according to the embodiment described in this paper online or local retail transaction is provided.Notice that although trusted business transaction subsystem 965 only is shown the part of local computing device 920, similar subsystem also can reside on other network entities.Be also noted that; Although among this paper each assembly or module are described as residing on any certain entity; But these assemblies or module can be distributed in the The whole calculations system, and reside on the network entity of any amount (that is, various piece may reside on one or more network entities).Therefore, the network equipment or entity only are used for example purpose with using at this to the specific aesthstic layout of particular module, and are not intended to limit or the scope of the embodiment that narrows down at this.

No matter how are the distribution of computing system 900 and aesthstic layout, as previously mentioned, there is the trust boundaries 906 of separating the trusting relationship between each assembly.Although can divide this relation differently, in the present example, trusting relationship is present in payment provider 900 in trusting between the business transaction subsystem 965.This advantageously allows many characteristics that current business system can not provide.For example, trust boundaries 906 from the business transaction of businessman abstract application program 925.Therefore, previous version and other application program 925 can be experienced in terminal user 940 provides band, although most function appears at outside the band.For example, allowing on photographic quality paper, to print in the above-mentioned example of professional image, selection, identity validation, the payment options in the drop-down menu and being used to helps the user to carry out the part that other assemblies that this service buys are revealed as application program 925.In addition; Application program 925 can be bought calling 930 to trusting business transaction subsystem 965 when receiving the input of the service of purchase and/or commodity; Use this purchase to call out then and generate dialog box; Receive user's 940 inputs 935, perhaps otherwise automatically communicate by letter, described in this paper with businessman 905 and/or payment provider 990.

In other words, user 940 and nonessential trusted application 925 or businessman 905 in business transaction.On the contrary, trust is limited to the subsystem 965 when front baffle, and this reduces secret and carries out required degree of belief of business transaction or grade safely.Promptly; End user via subsystem 965 imports 935; Or it is detailed 950 to store the account of 945 calling parties 940 from safety 960 account informations, and this account detail comprises that the user is reluctant or the inconvenient sensitive information of openly sharing 955 (for example credit card information, personal information, user name/password or the like).Likewise, abstract application program 925, businessman 905 and other assemblies are of in this article from the finance that receives subsystem 965 control and other escrow accounts detailed 955.These are very different with aforesaid current business transaction, and wherein application program 925 or businessman 905 safeguard and control account information.Therefore, the embodiment of this described in this paper advantageously provides other safe level with other embodiment during business transaction.This is much direct trusting relationship, has the right access or contacts the assembly of highstrung finance data or the quantity of mechanism so that minimize.

As shown in Figure 9, similar with above-mentioned tripartite security business transaction, trust boundaries 906 is also represented the secure communication between payment provider and the trusted business transaction subsystem 965.Therefore, subsystem 965 is verified to payment provider 900 with said variety of way, thus permission and its secure communication.With above-mentioned similar; Local computing device (can be the handheld portable devices that is described below in the local retail transaction; Personal computer in the online transaction, or other similar devices described in this paper) want the various services and/or the commodity that provide by businessman 905.In this example, charging information 910 is provided for local computing device 920, is used for employed other purposes of authentication, audit and exemplary embodiment as described herein.This charging information can include but not limited to: the charging information of the price of commodity and/or service, the detailed description of business transaction, businessman's 905 customizing messages, payment unions information, type of transaction (for example single payment, reservation or the like) or other types.Bill information 910 also can comprise out of Memory, such as businessman constraint and payment options, like more detailed said ground hereinafter.

In one embodiment, bill information 910 is to be configured to machine-readable electronic bill, and it provides many favorable ability for current business transaction system.For example, it can be the part (or otherwise in another communication, sending payment provider 990 to) of payment token request 980 that an embodiment provides charging information 910, as previously mentioned.Likewise, this bill information can be used for payment token affirmation 940 by payment provider 990.More specifically, confirm to compare with the payment token that provides by businessman 905 985 information by the bill information 910 that consumer or local computing device 920 provide in 904 in payment token.Therefore, confirm 904 bill information 910 and bill information 910 couplings from token request 980 if be used for payment token, then payment provider 990 can further be guaranteed the authenticity of payment token 985 and the reliability of businessman.

Notice that how being relayed to payment provider 990 (and other assemblies among this paper) from the bill information 910 of businessman can change.For example, the bill information 910 that sends to payment provider 990 from businessman 905 can be the copy that sends to trusted business transaction subsystem 965 or client's 920 bill information 910.Selectively, perhaps together with ground, bill information 910 can be signature and/or the encryption version from payment provider 990 via consumer or local computing device 920 routes.In either case, payment provider can be carried out aforementioned comparison, is used for authentication payment token 985.

Further note: also can be used to provide the more detailed description of the expense relevant with bill like this bill information 910 that is used by payment provider 990, this bill will offer the user so that on user account, charge afterwards.Because this also can be a machine readable bill 910,, be used for further authorizing payment to businessman 905 so local computing device 920 can compare this bill information 910 and the bills that before received by businessman 905.In other words, if be not complementary with any bill that receives from businessman 905 from the bill information in the bill of payment provider 990 910, then this charge will be regarded as swindle.

In another embodiment, businessman 905 can be used to examine user and other checking purposes, payment associating or the like with this bill information 910.For example, the businessman's part that can sign or otherwise encrypt bill information 910.This allows a plurality of favorable characteristics among the embodiment described in this paper.For example, bill information 910 can be by the part of payment provider via the payment token 985 of local computing device 920 receptions.The authenticity of businessman's 905 ability verification bill informations 910 is used for authentication payment token 985 from client computer 920 or trusted business transaction subsystem 965.Similarly, confirm during 904 that businessman 905 can use from the bill information 910 of payment provider 990 receptions and confirm or authentication payment provider 990 and/or local computing device 920 in payment token.In other words; Because bill information 910 is routed to payment provider via subsystem 965 or consumer 920, thus with the charging information that be complementary, that receive from payment provider that sends to client computer 920 can authentication client 920 and from the payment token 985 of payment provider 990.

Attention: in another embodiment, as above brief said ground, bill information 910 also can be used for the payment associating by businessman.In this embodiment, the different piece of bill information 910 can be machine-readable, is used for confirming should distributing to foregoing business partner from which part (after successful payment verification) of the fund of payment provider 990.Notice that in this embodiment the part of bill information 910 is with encrypted or otherwise to user 940 (or consumer's client computer 920), payment provider 990 or be not opaque with other assemblies of the part of the business relations of businessman 905 usually.This also discerns the business partner in the associating of keeping accounts uniquely, and can be used for authentication purpose thus.More specifically, the various piece that is exclusively used in the bill information 910 of business partner can be used the special-purpose secret key encryption of this business partner, thereby this charging information only can be seen by businessman 905 and specific transactions partner.Yet, in other embodiments, be used to pay the bill part of distributing or uniting and only sign by businessman 905, opaque to other assemblies in the system 900 thus.

Certainly, as recognizing, other purposes of bill information 910 also can be used for various purposes.For example, charging information 910 can be used to examine purpose, the product distribution is checked, or any other well-known business and other purposes.Therefore, the above-mentioned usage that is used to authorize, discern, pay the bill information 910 of associating or any other purpose only is used for illustrative purpose, and is not intended to limit or the scope of the embodiment that narrows down, only if explicitly call in addition.

Notice that trust boundaries 906 also has other favorable characteristics among other embodiment described in this paper with subsystem 965.For example, as shown in Figure 9, the payment provider code 970 in the subsystem 965 allows to move safely the code that is exclusively used in one or more payment provider 990.This code can be used to be exclusively used in the further mandate of payment provider, biological example mensuration, radio frequency identification (RFID), user name/password or any a plurality of other verification techniques.In other words, because payment provider 990 has and the trusted of subsystem 965 relation, so payment provider can move untrusted code, is used for its dedicated service purpose.

Use this code 970 also to allow to receive to have user experience in the more comprehensive band of payment provider 990 or the control of any other assembly of trusting relationship with subsystem 970.For example, although not shown, the trusted relation may reside between some businessmans 905 and the subsystem 965, is used to allow untrusted code by subsystem 965 operations.Likewise, businessman 905, payment provider 990 or any other assembly of participating in business transaction can provide comprehensive user experience, as being revealed as operation in application program 925 (previous version or the like).Yet many incidents appear at outside the band.For example; In the above-mentioned example that image is carried out the photographic quality printing by professional service, can present to the characteristic or the function of application (for example in response to user's input) of user's dialog box, payment options or any other quantity through code 970 controls that each trusted network entity (for example payment provider 990, businessman 905 or the like) provides specially.Therefore, like the more detailed said ground of hereinafter, when estimating payment options with other constraints, also can use this code by businessman 905 and/or payment provider 990.

As stated, in one embodiment, selected ISP or businessman send any requirement and authentication request to the identity supplier.For example, the ISP can sell commodity or the service that requires minimal ages or be defined in a certain geographic position.Therefore, can identity supplier's inventory be limited to those identity supplier of the identity documents that the requirement of satisfying the ISP can be provided.For example, identity supplier's inventory can be limited to those identity supplier that age verification or current address information (such as RMV) can be provided.

Likewise, can generate the dialog box of the option of listing payment provider.For example, dialog box can be listed payment provider 530a, 530b and 530c, and they can comprise credit card company respectively, the bank of electronics debit service is provided or the private third party of financial service is provided.About identity request, selected ISP can comprise and buy any Payment Request that is associated.For example, the ISP can only accept certain type credit card.Then, in payment provider is selected dialog box, list or the available payment provider that enables in these payment requirements of reflection.After selecting payment provider, pay warrant can be proceeded and can accomplish transaction.

Notice that other embodiment also provide the comparison of businessman's constraint (for example available payment options, age limit or the like) with consumer's rule, be used for definite each action that can take.Figure 10 illustrates this embodiment, and wherein distributed system 1000 is configured in a planned way based on confirming action such as this information of businessman's constraint 1010 and/or consumer's rule 1035.For example, businessman 1020 can retrain definition its service of purchase and/or acceptable payment provider 1005 of commodity or type of payment in 1010 in businessman.Then, determination module can provide this constraint to the user, for example imports in 1040 the user interface the request user to be used to select one or more available payment options.Import 1040 based on the user, can get in touch suitable payment provider 1005 and come suitably to subsidize service and/or commodity.

In another embodiment, except or replace businessman's constraint 1010, also can use consumer's rule 1035.For example, consumer's rule 1035 can be represented only can carry out the payment of some type to the businessman 1020 of some type.More specifically, consumer rule 1035 can be represented: if unregistered or otherwise trust businessman 1020, the payment that then can return can be used for from the purchase of businessman 1020.

Certainly, as stated, when the action confirming in business transaction, to take, can use other businessmans' rules 1010 retrain 1035 by determination module 1030 with the consumer.In fact, for compatible and other purposes, can compare businessman's constraint 1010 and consumer's rule 1035.For example, when to the user selection of payment provider 1005 being provided, the payment provider 1005 that can available payment options and the consumer from businessman 1020 can be obtained or allow compares.Certainly, based on such as default setting, supplier's ratings or hobby, or the set of options value of any other quantity, the selection of also can paying automatically.In fact, based on the realization of each businessman 1010 and/or consumer's 1035 rules, can carry out any amount of action.For example, if rule (businessman 1010 or consumer 1035) failure is perhaps otherwise run counter to, then possibly solve conflict or other differences from businessman 1020 or user's 1040 (automatically based on other rule or setting value) additional input.Therefore, any specific action of being taked when realizing defined constraint and/or rule only is used for the example purpose at this, and is not intended to limit or narrow down in the scope of this embodiment that provides.

Be otherwise noted that as stated businessman's constraint 1010 can be included in the charging information or offer the consumer individually.Be also noted that simultaneously each rule of comparison all can carry out with action of taking thus under these scopes, that is, need not user knowledge and/or other system assembly.In addition, notice that native system is not limited to constraint or the rule that is only defined by consumer or businessman.For example, payment provider also can define the various restrictions that can combine or replace consumer and/or businessman's rule to consider.Therefore, businessman and consumer's constraint are used for confirming that exercises (such as the payment provider option) only are used for the example purpose in this article, and are not intended to limit or narrow down said embodiment, only if explicitly call in addition.

In the online transaction of routine, terminal user and/or ISP are difficult to all understand for certain when transaction finishes and whether successfully send commodity or service.For example, the terminal user can select the software package that is used on network, downloading, or the terminal user can buy song, film or other electronic mediums.Sometimes network connects and possibly before downloading completion, break off.In these cases, possibly attract the terminal user to select commodity once more, but also possibly hesitate, because the terminal user does not know whether he or she will buy the double expense of paying for this reason.Likewise, whether the ISP possibly not know to download yet and successfully accomplishes, and whether possibly collect double expense when selecting these commodity to remedy this destruction once more when user's trial.

The applicant has recognized some uncertainties that in business transaction software, provide record or auditing capabilities can eliminate relevant electronic download.For example, finally carrying out payment options can be depending on from the signal of downloading the audit characteristic of accomplishing.That kind is interrupted if download, and then the terminal user can confirm that selected payment options does not pass through.The writing function parts that for example, can comprise all each steps of the business transaction that record is undertaken by machine from the business transaction software 585 (or other said subsystems or network entity assembly) of Fig. 5.Recorded information can be used as the evidence of purchase or is used for memory transaction.In addition, business transaction software 585 can comprise the surveillance coverage to electronic download, and this software only sends the affirmation of successfully downloading after will finally paying.Complete successfully through apparent commodity or service transmission signal and pay surely, can solve and the problem of eliminating double record keeping basically.

Can develop software by company and handle various tasks; Comprise common word processing and document process, electrical form, picture editting even more professional task, such as video editing, computer graphical software, Web content developing application, portfolio management software or the like.Yet, have the software of each task that the processing terminal user can hope to carry out maybe be expensive surprising.Software package can spend general hundreds of, several thousand, to tens in addition up to ten thousand dollar between, to obtain single permission.In addition, the terminal user possibly need to need the service of application-specific once in a while or sporadicly, thereby the price of buying this application possibly be irrational.

The applicant has recognized the advantage that allows the terminal user in the pay as you go environment, to utilize software.Especially, can only charge to the terminal user, rather than pay the retail price (wherein, not using many functional parts and/or application program basically) of this software the time quantum that uses this application program to spend.Fig. 6 illustrates has the networked computer system that allows the terminal user to pay the business transaction framework that uses the time quantum that this application program spent.Networked computer system 600 comprises the network 605 with terminal user's node 610 and a plurality of identity supplier 620, a plurality of payment provider 630 and a plurality of ISP 640 interconnection.

Terminal user's node 610 can be the computing machine of operation on operating system 695.A plurality of software applications 655 can be installed on terminal user's computing machine.Software application can be when buying and the computing machine binding, can free download on network, and perhaps by the sellers branch of application program (free or few expense, or be used for registering) usually to supplier.Application program 655 can be the application program of any kind, and the application program of any amount can be installed on computers.ISP 640 can with the one or more application-associated that are installed on terminal user's computing machine 610.For example, ISP 640a can be the one or more computing machines that developer and sellers had by application program 655a.Similarly, ISP 640b and 640c can be associated with application program 655b and 655c respectively.

In the model of payable at sight that expires, the service that is provided by the ISP is to use the permission of installation associated application on computers.For example, when distributed for free software (for example application program 655), it is at first disabled, thereby under situation about at first not obtaining from the permission of the seller of application program, the user can not move this application.Can be somebody's turn to do permission through starting with one or more ISPs' 640 business transaction acquisition.For example, application program 655a can be that the terminal user wants to use the desktop publishing application program that designed card or pamphlet in several hours.When the terminal user opened application program 655a, the terminal user was apprised of this terminal user and need buys permission and use this application program.For example, can manifest dialog box, list the characteristic and the price of various usage license abilities.

Permission can be used for the special time amount, for example one hour or one day.In case close application program, permission just maybe be expired, and perhaps permission can be still effective, till expiration of time limit.Permission can be based on allowing the terminal user to accomplish one or more operations or adopting the operation or the task of one or more required function parts.The attachment feature that uses can be increased the price of permission.It will be appreciated that the permission that to consult to have any required time limit, because each side of the present invention is not limited to this on the one hand.

In case the terminal user has selected licensed option, just can the indicating terminal user select identity supplier and/or payment provider, perhaps can select one or another to start online transaction defaultly.Can be through handling transaction basically as at the business transaction software described in any one of above or following examples 685.When the ISP when one of payment provider 620 receives payment token, the ISP can transmit permission according to the time limit of when initiating transaction, reaching.

Can handle the permission that is received by total licensed service 690, so that can be called to the suitable accessibility of this application program.Total licensed service can be sent to application program 655 then and enable key, so that the user can and utilize its function according to permission this software of operation.Enable any information that key can comprise that application program maybe needs, so that in the time limit shown in the permission, required service is provided.Enable the password that key can comprise to be provided by the ISP, so that application program knows that this permission is effective and/or can rely on these representatives by total licensed service that can obtain effectively permission 690 simply.In case the application program operation just can be notified metering engine 694 tracking times and represent to application program when expired permission is.Perhaps, this application program able to programme is forbidden self then to inquire about the metering engine termly when permission is out of date.In addition, through inquiry metering engine, if permission comprises a time limit, then application program can provide the regular warning or the renewal of remaining time quantum in the relevant permission of being bought to the user.

When the terminal user finished, he can select professionally to print entire product, also select to start another online transaction, such as the Printing Qptions that combines the said transaction of Fig. 5.The payable at sight that expires permission can provide much more dirigibility to the user, and makes them have the right to visit the software of formerly not visiting owing to the price of buying the software package with permission life cycle.In addition, software vendor can be used to from being unwilling to pay whole retail prices but be ready to pay the user's of limited use and/or limited function profit.

Software piracy influences the profit of whole software industry.The user of annual non-approval software makes a large amount of relatively amount of money of loss of enterprises.In case bought software product, sellers are just to install software and how many computing machines are installed the almost not control of these softwares wherein.Illegally provide software download to provide more general method to distribute on the internet and obtain the unpaid software of terminal user.The applicant recognizes: the comparatively safe and simple business transaction framework with the payable at sight scheme that expires is provided, and the framework described in the routine embodiment as shown in figure 6 can alleviate or eliminate problem of piracy.Because the free branch of sellers software, so the terminal user can usurp this software, as long as they see fit.Owing to only enable this software through time of payment permission or task permission, the therefore limiting terminal user ability of misapplying this software basically.

As previously mentioned, the embodiment among this paper allows to use mobile module (for example Subscriber Identity Module (SIM)) authenticating identity and/or the payment that links to each other with the specific escrow account of mobile foundation structure or operating system.With the typical standard different (for example global system for mobile communications (GSM), third generation partner program and other similar agreements) of the mobile communication that produces via the trusted radio net, independently do not carrying out on the trusted data network (for example internet) according to the checking of embodiment among this paper.Therefore, the embodiment among this paper solves by in network service and other many other safety problems of independently using this mobile module (SIMs) to cause in the procotol environment.These safety problems comprise: confirm to be used for certificate server the trusted network end points, secure network is connected and the user of authenticating network certificate server to user, authentication SIM and the certificate server of mobile module or SIM device authentication client computer, authentication SIM equipment, setting up between mobile module and the network authentication server.

In addition, in order to meet GSM, 3GPP and other standards other requirement is set on terminal device, this terminal device will be mutual with mobile module or SIM equipment.More specifically, GSM, 3GPP and other similar standard-required SIM limiting mobile terminals comprise the visit of encryption key to the information of some type.For satisfying these requirements, the embodiment among this paper provides the abstract security configuration of the processing of some message and security and decoding being entrusted to SIM equipment itself.For example, shown in figure 11, fire wall 1090 definition is used for when on separate network 1060, communicating by letter state machine and the protocol message from main process equipment 1070 abstract SIM 1085.More specifically, fire wall 1090 uses restriction or limits quantity and/or the formal state machine of order that driver sends to the order of SIM 1085 itself that read in the main frame 1075.Therefore; (for example cellular phone, SIM interface or the like-attention " mobile module " expression is used for total term of " SIM " to SIM equipment 1080; But use interchangeably at this; Only if special declaration is arranged in addition) become portable terminal, and main process equipment 1075 becomes the peripherals of the communication protocol 1055 that meets mobile network 1050.Hereinafter is described with solving some the other safety requirements of above-outlined and some state machines and the agreement of problem in more detail.

Each safe level that embodiment among this paper can represent according to given security token, definition are used for going up the security configuration of authentication at trusted separate network not (promptly with corresponding to the foundation structure or the operator system of mobile module the irrelevant network of radio net).These include but not limited to device security level, network security level, user security level and service safe level.On each layer, have the demands of different and the process that are used to obtain security token.Therefore, like more detailed said ground hereinafter, each safe level is represented the different authentication grade in the security model and is had some requirement and/or assurance respectively.In addition, it should be noted that each safe level can or can not be independent of other grade.In addition, before realizing network or user security level, maybe needn't the apparatus for establishing safe level; Yet, being suitable assurance, this delaminating process possibly conform with expectation.

The device security level representes that physics has mobile module, for example such as the SIM equipment of portable phone.Usually after suitable authentication, issue device token (the SIM security token that promptly has the device security level) by mobile module or SIM equipment by the user locally.Usually normally be provided for the user's of authentication mobile module this requirement by mobile foundation structure or mobile operator.In addition, usually by the authentication of SIM equipment facilities and equipments, yet other embodiment can provide the use of other assemblies in verification process.For example, SIM or other equipment can require password before mobile module or other equipment will send device token.Certainly, also can expect the other forms of voucher that is used for authentication on device level at this.

In one embodiment, SIM equipment requirements client computer or host computer before the device security token sends to mobile module authentication or identification itself.In addition, use by moving the strategy that foundation structure is provided with, by the operating period of mobile module or SIM device control device token usually.In one embodiment, can dynamically dispose through independence and/or radio net by operating period or other requirements of mobile operator setting.If device token does not have operating period or other restrictions, this SIM does not require that the user is to mobile module again more than the authentication once so usually.

The network security level is illustrated in not on the trusted separate network, and mobile module or SIM are connected with encryption between mobile foundation structure or the network.Suppose and just can set up the network security level by client computer or host access release SIM equipment, and exist or user interactions without the user.Usually, the network security level is the single factors authentication, asserts the evidence that has SIM equipment to mobile foundation structure or operator.Usually, before the network security token is issued client computer or host computer device, move foundation structure and send the network security token with authenticated server with through inquire response type mechanism.Therefore, this network security level token can be used in the subsequent authentication stage and Transport Layer Security is provided, with encrypt and/or signature client computer and certificate server and/or mobile foundation structure between further not alternately.

Fig. 7 A illustrates the separate network 700 that is configured to send the network level security token, is used between client computer and certificate server, setting up Transport Layer Security and communicates by letter.Usually; Client computer or host computer device 710 (can be personal computer, mobile phone or other portable or non-moving computing equipments) move foundation structure 720 through via authentication/trust server 715 network security token request 725 being sent to; Start authentication request (yet; Notice that this request also can be started such as SIM705 itself by another equipment).Usually, this request 725 of when being received by certificate server 715, will not signing then, is signed and/or this request of encryption before being used to confirm the mobile foundation structure 720 of this request from certificate server 715 sending to.Then, trusted server 715 can should inquire that then 730 send to mobile module 705 to mobile foundation structure 720 or mobile operator queried access 730.Mobile module 705 use it with mobile foundation structure 720 between shared secret 740; Be used to generate inquire response 735, then with inquire response 735 be forwarded to client computer 710-note usually this secret will be SIM705 special-purpose and be provided with by mobile operator 720.

Client computer 710 will use inquire response 735 to generate the response of request security token, and it also can comprise SIM identity and inquiry 730, is used for authentication purpose.Usually, although client computer will ask mobile module 705 usefulness equipment 705 shared secret 740 or such as other keys of SIM device token sign and/or encrypt-this can be or can be dispensable.Can use for example shared secret 740 affirmations response of request security token and inquire response 735 wherein.Note, shown in preceding, can or can be not through being used for generating the same key signature and/or the response of enciphering request security token of inquire response 735.In either case; If move foundation structure 720 confirm inquire responses 735 (be inquire response effectively and mobile module have effective escrow account), move the acknowledgement messaging that foundation structure 720 and/or certificate server 715 can comprise the network security token 745 with encrypted session key of using shared secret 740 signatures and/or encrypting through generation.This message can be used the security token (for example X.509 certificate, kerberos credentials or the like) of certificate server 715 ' oneself or use the security token that moves foundation structure 720 ' further to sign.Therefore, client computer 710 can these signature information of authentication and the refined net session key is sent to SIM705, is used for deciphering.Use shared secret 740, then mobile module 705 can return to client computer 710 with unencrypted session key 750.

Notice that send in the network security token 745 above-mentioned, mobile module 705 need move effective escrow account in good standing on the foundation structure 720 usually.Therefore, after checking inquire response 735 and this effective escrow account information, can between the mobile foundation structure 720 of SIM 705 and generation virtual secure channel, break the wall of mistrust.Then, the software platform or the storehouse of host computer device 710 are entrusted or be delivered to session key 750 from mobile module 705, and from mobile operator 720 to certificate server 715 (if necessary).Note the physics proximity (can be wireless or wired connection be connected) of mobile module 705 and host computer device 710 and the trusting relationship between mobile foundation structure 720 and the certificate server 715 with it via USB port, bluetooth or other.Then, use these session keys, be used to set up secure communication 755 by client computer 710 and trust server 715.

Note, can have second operator scheme that is used for authentication mobile module 705, it can be used by mobile foundation structure 720.In this case, user rs host 710 can ask SIM 705 to generate and its inquiry (usually with the Nonce form) of signing.Then, when from trusted server 715 or mobile foundation structure 720 request network security tokens 725, client computer 710 can be added the information as the part of device token.If mobile operator 720 can the Authentication devices token packet contain effective inquire response 735, then can network token 745 directly be sent back to client computer 710, be used to decipher above-mentioned session key.

As ground is described hereinafter in more detail, need this network level security token 745 to allow usually to being used for from the client access of the authenticated service token of service of third party's services request and/or commodity.Notice that also in order to obtain the network token, preceding text have supposed that client computer or main frame computing equipment 710 successfully confirmed to be used for the network endpoint of certificate server 715 and/or mobile foundation structure 720.In addition, suppose that client computer 710 and user's (not shown) have carried out authentication to SIM equipment 705.As stated, network security level token 745 is used to subsequent authentication in the stage, and Transport Layer Security encrypt and sign further mutual between client computer 710 and the trusted server 715 is provided.By the operating period of certificate server 715 or mobile operator 720 Control Network tokens 745 (with other tokens).Because network token 745 is as the session-context between SIM equipment 705 and the mobile foundation structure 720, thus the byte number of several hours or several days, transmission can be limited the operating period, and/or only effective when mobile module 705 suitably is connected to client computer 710.

As previously mentioned, the user security level representes that the user is usually through being provided at the information of SIM705 or main frame computing equipment 710 external memorys, to network (trusted server 715, mobile foundation structure 720 or other services) authentication.Therefore, based on the proof that has SIM 705 and some external knowledge (for example user name/password), set up multifactor authentication in conjunction with the user security level of network safe level.Usually, trusted server 715 or mobile foundation structure 720 only are to sign and issue the user class safe component, yet third party's service in some instances also can be signed and issued this User Token.Therefore, move foundation structure 720 (or other services that are determined on a case-by-case basis) before user security level token is sent it back client computer 710, will be through inquire response mechanism checking user.Note, use the user security token to sign and/or encrypt request, be described below service token by client computer.Except that the trusted server, the recommend customers machine does not send to any service (can not verify/use it because there are other services usually) with the user security token.The same with above-mentioned network token 745, User Token can have the limited operating period that receives mobile operator 720 controls, and can receive the byte number of duration, transmission and/or the restriction that the connection between mobile module 705 and the client computer 710 exists.

Fig. 7 B illustrates and is configured to send the separate network 700 that is used for setting up 715 of client computer 710 and certificate servers the user class security token that multilevel security communicates by letter.The user network authentication phase allows the known people of mobile operator 720 (or other servers) checking whether to have known device 705.Effectively, the user network stage was one or two factor authentication stage, and made network avoid distributed denial of service attack.In addition, stolen SIM equipment 705 and protected the user through preventing to use inadequately.

Main frame computing equipment 710 can send the request of User Token 765, and this request sends to via trusted server 715 and moves foundation structure 720.Usually, signature request 765 not when receiving by authentication/trusted server 715, then send to move foundation structure 720 before authentication/trusted server 715 can sign and/or encrypt this request, be used for this request of affirmation from certificate server 715.Then, trusted server 715 can should be inquired about 770 and send to mobile module 705 to mobile foundation structure 720 or mobile operator queried access 770 then.Note, can use to be different from the algorithm that is used for to the inquiry 730 of network authentication apparatus 705 and to generate inquiry 770.Client computer 710 will be extracted inquiry 770 and it will be delivered to mobile module 705 from token message, represent that this is an authentification of user.Therefore, SIM 705 will be from client computer 710 request user vouchers 775.Then, host computer 710 imports 780 to user's 760 inquiring users, and it is returned mobile module 705.SIM 705 or client computer 710 can randomly judge the user import 780 or voucher should use the network security key (being session key) 750 of previous acquisition to encrypt.

Use the user to import 780, mobile module 705 will generate inquire response 785 and it will be returned to client computer 710, and client computer 710 will generate and send the request security token and reply, and comprise for example SIM identifier, inquiry 770 and inquire response 785.Usually, client computer 710 will ask mobile module 705 usefulness network security tokens 745, share key 740 or SIM 705 private keys are signed and/or the response of enciphering request security token.With preceding text similarly, use for example shared secret 740, or other mobile module 705 private keys, can confirm that request security token wherein replys and inquire response 785.Note, as stated, can or can be not do not sign and/or the enciphering request security token is replied through the same key that is used for generating inquire response 785.In either case; Confirm inquire responses 785 (being that the user's voucher that is provided is correct) if move foundation structure 720, then move foundation structure 720 and/or certificate server 715 and can reply through the message that generation comprises the user security token 795 with the encrypting user key that uses shared secret 740 or other equipment 705 private keys signature and/or encrypt.This message can be used the security token (for example X.509 certificate, kerberos credentials or the like) of certificate server 715 ' oneself or use the security token that moves foundation structure 720 to come further signature.Then, client computer 710 can the certifying signature message and the encrypting user key is delivered to SIM 705, is used for deciphering.Use shared secret 740 (or being determined on a case-by-case basis other keys), mobile module 705 can return to client computer 710 with unencrypted user key 790 then, thereby to network 795 authenticated.

User's service authentication stage provides the authentication of representing third party's service to Mobile Network Operator 720.Similar with the user network safe level, user's service stage is multifactor authentication phase, and during at least one stage of authentication, prevents to send service token in user's 760 non-existent situation lower network.With how to send service token relevant, there are two kinds of operator schemes of certificate server 715 usually.At first, if user 760 had before obtained User Token, then trusted server 715 can be regarded as authentication with user 760, and sends service token automatically (supposition uses User Token 790,795 suitably to sign to the request of service token).On the other hand, do not send User Token 790,795 as yet, then will require user 760, be used to ask User Token 790,795 with the mode authentication identical with above-outlined if move foundation structure 720.

Fig. 7 C illustrates when between client computer 710 and third-party server 728, setting up secure communication, and how the heterogeneous networks entity communicates by letter on separate network 700.As implied above, mobile device 705 can be to 720 authentications of mobile operator system, as previously mentioned with user 760.Therefore, after the record keeping account number of suitably confirming mobile device 705 and authenticated 760 have it, between certificate server 715 and client computer 710, there is secure communication.Then, when client computer for example 710 hopes to serve 728 when buying service and/or commodity from the third party, trusted server 715 (or mobile foundation structure 720, be determined on a case-by-case basis) can send the service token 724 that are used for different services.Therefore, client computer 710 can send to third-party server with service token 726, confirms this token 722 through certificate server 715 then.Notice that third-party server 728 can maybe can not require other authentication, and can use foregoing, as to be used to carry out this affirmation various mechanism.Also note, use service token 726 not only between client computer 710 and third-party server 728, to set up secure communication, but also can with aforementioned similar mode, expression user 760 ' pays the ability of one or more services and/or commodity.

Notice that till service token was sent to client computer 710, the security token that is sent was unworthy to any other service except that certificate server 715 usually.Reason be security layering structure can prevent any external user exactly decoding device token, network token or even User Token because they are derived with root or shared key 740 that mobile foundation structure 720 is understood by being merely SIM equipment 705.This sends after any third party's 728 network services can utilize the service token 724 of security token 724 at certificate server 715 usually.Be also noted that above-mentioned security token and message (for example inquiry, inquire response or the like) can adopt various forms and scheme.For example, token and/or message can be XML, scale-of-two or other similar coded formats, can be by maybe or not hoping that the mobile operator 720 with some key element that network SIM communicates by letter represents to the third side sends.

Above-mentionedly portable hardware device 705 is used for authentication, identification and/or payment affirmation can be used to buy online or local retail service and/or commodity (for example online newspaper, music, software application or other commodity and service), or be used to allow to visit the application program (for example

AbodePhotoshop, Print program, payable at sight software or the like expires) of operation on local PC or client computer 710.Therefore, the foregoing description is to distributed protection software on a plurality of main process equipments 710 of free release or content (for example music, video, recreation or the like) advantageous particularly.In other words, permit to become now to depend on portable mobile apparatus 705 that its can not involved with limited computing equipment collection thereby allow portable digital to discern by authentication as stated mutually.Likewise, user 706 gets into friend's room and needn't carry all his/her programs or other protection contents, and can be via portable set 705 accesses and authentication.

As should recognize ground from preceding text; There are many aspects in the present invention described in this paper; Can irrespectively use each other; Comprise relating to identity token, payment token, select among a plurality of identity suppliers one, select in a plurality of payment provider, and the various aspects of existence, service provider system, identity supplier system and the payment provider system of business transaction software on end-user system.Should also realize that: in certain embodiments, can use all above-mentioned functions parts together, or in specific implementation, can adopt the combination in any or the subclass of above-mentioned functions parts together, because each side of the present invention is not limited to this on the one hand.

The above embodiment of the present invention can be with any realization of several different methods.For example, can use hardware, software or its combination to realize these embodiment.When realizing with software, software code can be carried out on any proper process device or processor collection, provides regardless of still being distributed in a plurality of computing machines at single computing machine.It will be appreciated that any assembly of carrying out above-mentioned functions or one or more controllers that the assembly collection can be regarded as controlling above-mentioned functions usually.Can accomplished in various ways one or more controllers, such as through specialized hardware, or through using microcode or software programming to carry out the common hardware (for example one or more processor) of above-mentioned functions.

The method in this general introduction that it will be appreciated that can be encoded to the software that can on the one or more processors of any that adopt several operation systems or platform, carry out.In addition, this software can use multiple suitable programming language and/or traditional programming or wscript.exe to write, and also can be compiled as the executable machine code.At this on the one hand; Should recognize; One embodiment of the present of invention are to computer-readable medium or a plurality of computer-readable medium (for example computer memory, one or more floppy disk, compact disk, CD, tape or the like); The one or more programs of coding on it, execution realizes the method for each embodiment of the invention described above when on one or more computing machines or other processors, carrying out these programs.Computer-readable medium or media can transport, so that program stored or a plurality of program can be loaded on one or more different computing machines or other processors above that, to realize aforesaid various aspects of the present invention.

It is to be understood that representing to be used for programmed computer or other processors in use a technical term in general sense " program " realizes the computer code or the instruction set of any kind of aforesaid various aspects of the present invention.In addition; Should recognize: according to an aspect of the present invention; When being performed; One or more computer programs of carrying out method of the present invention need not reside on single computing machine or the processor, but can be distributed in a plurality of various computing machines or the processor with modular manner, so that realize various aspects of the present invention.

Can be separately, combine or use various aspects of the present invention, and the details and the configuration of the said aspect of the present invention assembly that is not limited to set forth in the preceding text or illustrate in the drawings in its application facet with the concrete various configurations of discussing in preceding text embodiment.Each side of the present invention can be other embodiment, and can implement or execution with the whole bag of tricks.Various aspects of the present invention can combine any kind network, troop or structure realizes.It is unrestricted that network is realized.Therefore, foregoing description and accompanying drawing are only as an example.

In claims, use the ordinal number term; Require key element itself not hint that any priority, precedence or a claim key element are on another such as " first ", " second ", " the 3rd " or the like modification right; Or the time sequencing of manner of execution action, and only make a distinction so that distinguish the mark of claim key element with another key element with same names (if not using the ordinal number term) as a claim key element that will have a certain title.

Simultaneously, wording of using among this paper and term are used to describe purpose, and should not be regarded as restriction.Use " comprising ", " by ... form " or " having ", " comprising ", " relating to " and this paper in variant be intended to comprise after this list and equivalents, and other item.

Claims (9)

1. in the system that comprises the computing equipment that is used for consumer, businessman and at least one payment provider; A kind of computer implemented method of carrying out by the computing equipment that is used for consumer, businessman and at least one payment provider; Said method be used for through be used for said consumer, said businessman and said at least one payment provider computing equipment between set up data three parts exchange; Be provided for on-line purchase service, commodity or the transaction of both security business, said method comprises:

Consumer's computing equipment, it sends one or more services, commodity or both the online requests that is provided by businessman of buying to businessman's computing equipment;

Said consumer receives charging information from said businessman, and it comprises and the said one or more services of purchase, commodity or price that both are relevant;

Said consumer sends at least one payment provider computing equipment with said accounting information;

Said at least one payment provider is stored said accounting information;

Said consumer asks said at least one payment provider that payment token is provided; Be used as the proof of the ability of the said one or more services of said consumer payment, commodity or both prices; Wherein said payment token comprises said accounting information, and said consumer has the book keeping operation account about said at least one payment provider;

The consumer receives said payment token from said at least one payment provider, and wherein said payment token identifies the payment authorization to said price uniquely, and the sensitive information of relevant said consumer's said escrow account needn't be provided to said businessman;

Said consumer sends said payment token to said businessman;

Finalization from said consumer to said one or more services, commodity or both requests before, said businessman sends said payment token at least one payment provider, with to said at least one payment provider validation of payment;

Accounting information in the said payment token that said at least one payment provider will receive from said businessman compares with the accounting information of being stored that receives from said consumer, to verify said payment token;

Said businessman receives the affirmation of having been verified from the payment token of said at least one payment provider;

Said businessman comes finalization to buying said one or more service, commodity or both requests through send said affirmation to said consumer; And

Said consumer receives the affirmation to the validity of said payment token, and its indication is suitably transferred to said consumer with said one or more services, commodity or both from said businessman.

2. the method for claim 1 is characterized in that, said accounting information further comprises said service, commodity or both descriptions, one or more from the available payment options of said businessman or businessman's specific information.

3. the method for claim 1 is characterized in that, said payment token can be cancelled by said consumer, said at least one payment provider or both.

4. the method for claim 1; It is characterized in that; Said payment token identifies the payment authorization to said price uniquely; And the sensitive information of relevant said consumer's said escrow account needn't be provided to said businessman because said payment token by said at least one payment provider signature, encrypt or both, and wherein confirm that to said at least one payment provider said payment token comprises the said signature of checking, encryption or both.

5. the method for claim 1 is characterized in that, said one or more services, commodity or both require to subscribe or many payments, and wherein said payment token can be used repeatedly this payment.

6. the method for claim 1; It is characterized in that; Said one or more service, commodity or both require to subscribe or repeatedly payment, and wherein said payment token is only just effective to the single payment of said reservation or many payments, and wherein the other token of needs be used for follow-up payment.

7. the method for claim 1 is characterized in that, the said accounting information that sends to said consumer from said businessman is encrypted by said businessman or signed, and said method also comprises:

Said businessman verifies that when receiving said payment token the warp in the said payment token is encrypted or the authenticity of the accounting information of signature, receives from said consumer so that said payment token is verified as.

8. the one or more computer-readable storage mediums that have the computer executable instructions of being stored; Said instruction is when being carried out by one or more processors of the system that comprises the computing equipment that is used for consumer, businessman and at least one payment provider; Carry out a kind of method; Said method through be used for said consumer, said businessman and said at least one payment provider computing equipment between set up data three parts exchange; Be provided for on-line purchase service, commodity or the transaction of both security business, said method comprises:

Consumer's computing equipment, it sends one or more services, commodity or both the online requests that is provided by businessman of buying to businessman's computing equipment;

Said consumer receives charging information from said businessman, and it comprises and the said one or more services of purchase, commodity or price that both are relevant;

Said consumer sends at least one payment provider computing equipment with said accounting information;

Said at least one payment provider is stored said accounting information;

Said consumer asks said at least one payment provider that payment token is provided; Be used as the proof of the ability of the said one or more services of said consumer payment, commodity or both prices; Wherein said payment token comprises said accounting information, and said consumer has the book keeping operation account about said at least one payment provider;

The consumer receives said payment token from said at least one payment provider, and wherein said payment token identifies the payment authorization to said price uniquely, and the sensitive information of relevant said consumer's said escrow account needn't be provided to said businessman;

Said consumer sends said payment token to said businessman;

Finalization from said consumer to said one or more services, commodity or both requests before, said businessman sends said payment token at least one payment provider, with to said at least one payment provider validation of payment;

Accounting information in the said payment token that said at least one payment provider will receive from said businessman compares with the accounting information of being stored that receives from said consumer, to verify said payment token;

Said businessman receives the affirmation of having been verified from the payment token of said at least one payment provider;

Said businessman comes finalization to buying said one or more service, commodity or both requests through send said affirmation to said consumer; And

Said consumer receives the affirmation to the validity of said payment token, and its indication is suitably transferred to said consumer with said one or more services, commodity or both from said businessman.

9. the method for claim 1; It is characterized in that; Said payment token identifies the payment authorization to said price uniquely, and the sensitive information of relevant said consumer's said escrow account needn't be provided to said businessman, because said payment token does not comprise said sensitive information.

Images