| 摘要 |
The invention concerns an Internet server acting as secure paying agent, that is relaying all payment requests to bank card payment systems requiring card number input. The client is registered once on the server by supplying among others his bank card number and by installing a standard X509 certificate on his terminal, protected by a security code known only to him. When purchasing from his initialised PC, the payment request is relayed to the agent server which authenticates the client through his X509 certificate, causing the security code to be requested on the client terminal. The client using such a secure system, accepts not to challenge a purchase carried out by the agent. A request made from an anonymous PC (that is non-initialised), is blocked until a secure validation procedure is carried out. Three validating procedures are proposed: 1) validation from a WAP mobile telephone; 2) validation from a normal mobile telephone; 3) validation for a WAP mobile telephone with WIM module. |
