| 摘要 |
The present invention proposes a payment transaction system, comprising: • - a merchant server; • - a client device for connecting to the merchant server and interacting with same; • - a secure customer data server, • - a secure payment server distinct from said secure customer data server, • said secure customer data server having a memory storing payment instrument data in relation with a plurality of users, and being capable of interacting with said client device by: • receiving a payment instrument data request corresponding to a given user account, • establishing a secure session between said client device and the secure payment data server, • within that session, performing a secure, challenge-response type authentication transaction, and • upon successful authentication, receiving payment instrument data at said client device for providing to said merchant server, at least part of said data being ciphered, • said client device being adapted to decipher said ciphered part of said data and to transmit to said merchant server, or to said secure payment server, payment instrument data in a form useable by said server. This allows streamlining the payment process while having a high degree of safety. Said challenge-response authentication involves a hash function applied to a combination of a user password entered on said client device and a challenge received from said secure customer data server, in order to generate a one-time password for sending to said secure customer data server |
