CN101192295A

CN101192295A - Chip credit card network transaction system and method

Info

Publication number: CN101192295A
Application number: CNA2006101629711A
Authority: CN
Inventors: 何嘉峻; 张仕达
Original assignee: Infothink Technology Co ltd
Current assignee: Infothink Technology Co ltd
Priority date: 2006-11-30
Filing date: 2006-11-30
Publication date: 2008-06-04

Abstract

The invention provides a chip credit card network transaction system and a method thereof, when a chip credit card is inserted into a card reader, the card reader transmits a control signal to a computer. After the transaction control and management module executed on the computer detects the control signal transmitted by the card reader, the card reader reads the identification data on the chip credit card to identify the type of the chip credit card, the card number, the card valid date and the data required by network transaction are acquired from the chip credit card after the comparison of the identification data with the database, and the transaction control and management module can be automatically filled in the credit card data field on the transaction webpage in an encryption mode to complete the transaction operation of the credit card. The user does not need to key in card number and other private data on the transaction webpage, thereby avoiding the Trojan horse program from recording keyboard records, image records and other recording modes and preventing the credit card data from leaking.

Description

Chip credit card network transaction system and method

技术领域 technical field

本发明提供一种芯片信用卡网络交易系统与方法，尤指一种可自芯片信用卡上取得卡号、卡片有效日期等网络信用卡交易所需数据，并以加密方式自动填入交易网页，避免木马程序进行键盘记录、图像记录等记录方式盗取信用卡数据的系统与方法。The invention provides a chip credit card network transaction system and method, in particular to a chip credit card that can obtain the data required for network credit card transactions such as the card number and card expiration date, and automatically fill in the transaction webpage in an encrypted manner to avoid Trojan horse programs. A system and method for stealing credit card data by recording methods such as keylogging and image recording.

背景技术 Background technique

传统上所使用的磁条金融卡或信用卡，虽然成本低、技术也较成熟，但是为了防范在使用时被记录，避免被非法复制，所以目前磁条金融卡或信用卡已逐渐由芯片卡式的金融卡或信用卡所取代。Although the traditionally used magnetic stripe financial cards or credit cards are low in cost and relatively mature in technology, in order to prevent them from being recorded and illegally copied during use, the current magnetic stripe financial cards or credit cards have been gradually replaced by chip card types. Debit or credit card replaced.

芯片卡的第一大特点，是密码离线验证。芯片卡将密码储存在芯片当中，使用者输入密码后，可以直接离线在终端进行验证。不同于过去，使用者输入的密码是要传回银行主机端才能验证。因此，密码加上芯片卡，可望成为网络交易的安全屏障。The first major feature of the chip card is the password offline verification. The chip card stores the password in the chip. After the user enters the password, it can be directly verified offline at the terminal. Unlike in the past, the password entered by the user must be sent back to the bank host for verification. Therefore, passwords plus chip cards are expected to become a security barrier for online transactions.

然而，虽然芯片信用卡有着难以复制的安全性，但是目前已知的信用卡网络交易服务，仍然需要持卡人于交易网页上自行键入卡号、卡片有效日期等网络交易所需数据，才能进行信用卡交易操作。However, although chip credit cards have a security that is difficult to replicate, the currently known online credit card transaction services still require the cardholder to key in the data required for online transactions such as the card number and card expiry date on the transaction webpage before the credit card transaction can be performed. .

因此，若持卡人所使用的计算机中存在有木马程序时，就有可能被记录上述卡号、卡片有效日期等网络交易所需数据，使得信用卡数据还是很容易被盗取与伪造，造成个人、网络商家以及金融机构的损失。Therefore, if there is a Trojan horse program in the computer used by the cardholder, the data required for network transactions such as the above-mentioned card number and the valid date of the card may be recorded, so that the credit card data is still easy to be stolen and forged, causing personal, Losses to online merchants and financial institutions.

因此，鉴于已知技术的缺失，本发明提出芯片信用卡网络交易系统与方法。Therefore, in view of the lack of known technologies, the present invention proposes a chip credit card network transaction system and method.

发明内容 Contents of the invention

本发明目的为提供一种芯片信用卡网络交易系统与方法，可自芯片信用卡上取得卡号、卡片有效日期等网络交易所需数据，并以加密方式自动填入交易网页，避免木马程序进行键盘记录、图像记录等记录方式盗取信用卡数据的系统与方法。The object of the present invention is to provide a chip credit card network transaction system and method, which can obtain the required data for network transactions such as card number and card expiration date from the chip credit card, and automatically fill in the transaction webpage in an encrypted manner, so as to avoid keyboard recording, A system and method for stealing credit card data by image recording and other recording methods.

本发明内容为当芯片信用卡插入读卡机时，读卡机传送控制信号给计算机。于计算机上执行的交易控管模块检测到读卡机所传送的控制信号后，会通过读卡机读取芯片信用卡上的识别数据以辨别芯片信用卡的种类，经比对数据库后再自芯片信用卡上取得卡号、卡片有效日期以及网络付款所需数据，交易控管模块可以加密方式自动填入付款网页上信用卡数据栏位，以完成交易操作。使用者不需要于付款网页上键入卡号等私密数据，可避免木马程序进行键盘记录、图像记录等记录方式，有效防止信用卡数据外泄。The content of the invention is that when the chip credit card is inserted into the card reader, the card reader transmits a control signal to the computer. After the transaction control module executed on the computer detects the control signal transmitted by the card reader, it will read the identification data on the chip credit card through the card reader to identify the type of the chip credit card, and then compare the database and then from the chip credit card The card number, card validity date and data required for online payment can be obtained from the Internet, and the transaction control module can automatically fill in the credit card data column on the payment web page in an encrypted manner to complete the transaction operation. Users do not need to key in private data such as card numbers on the payment webpage, which can prevent Trojan horse programs from recording keystrokes, image recordings, etc., and effectively prevent credit card data from leaking.

为了达到以上目的，本发明提供一种芯片信用卡网络交易系统，包含：In order to achieve the above object, the present invention provides a chip credit card network transaction system, comprising:

一芯片信用卡，包含识别数据及信用卡数据；A chip credit card, containing identification data and credit card data;

一读卡机，通过信号线连接计算机，当芯片信用卡插入读卡机时，读卡机即传送控制信号给计算机；以及A card reader, connected to the computer through a signal line, when the chip credit card is inserted into the card reader, the card reader sends a control signal to the computer; and

一芯片信用卡交易控管模块，为一种于计算机上执行的软件程序，当检测到读卡机所传送的控制信号后，会通过读卡机读取芯片信用卡上的识别数据以辨别芯片信用卡的种类，经比对数据库后再自芯片信用卡上取得卡号、卡片有效日期以及网络交易所需数据，交易控管模块可以加密方式自动填入付款网页上信用卡数据栏位，以完成交易操作。A chip credit card transaction control module is a software program executed on a computer. After detecting the control signal sent by the card reader, it will read the identification data on the chip credit card through the card reader to identify the chip credit card. After comparing the database, the card number, card validity date and data required for online transactions are obtained from the chip credit card. The transaction control module can automatically fill in the credit card data column on the payment webpage in encrypted form to complete the transaction operation.

本案由以下附图与详细说明，可进一步深入了解。This case can be further understood by the following drawings and detailed descriptions.

附图说明 Description of drawings

图1为本发明芯片信用卡网络交易系统的系统架构图；Fig. 1 is a system architecture diagram of the chip credit card network transaction system of the present invention;

图2为本发明中交易控管模块的示意图；Fig. 2 is a schematic diagram of the transaction control module in the present invention;

图3为本发明中交易控管模块的流程图。Fig. 3 is a flow chart of the transaction control module in the present invention.

图中，In the figure,

10芯片信用卡 20读卡机10 chip credit card 20 card reader

30信号线 40计算机30 signal line 40 computer

50种类判定单元 52格式判定单元50 types of judgment units 52 format judgment units

54传送单元 100～165执行步骤54 transmission unit 100～165 execution steps

具体实施方式 Detailed ways

参阅图1，为本发明的系统架构图，本发明提供一种芯片信用卡网络交易系统与方法，可提供芯片信用卡10的持卡人一种安全简便的方法，以操作芯片信用卡10的网络交易。其中芯片信用卡10可使用包含符合ISO-7816国际规范的芯片卡，而读卡机20可使用包含符合PC/SC(PersonalComputer/Smart Card)规格的读卡机，并通过信号线30把进行网络交易时所需的数据先传到计算机40，并通过计算机40把上述数据实际传递到网络交易的网站上。Referring to FIG. 1 , it is a system architecture diagram of the present invention. The present invention provides a chip credit card network transaction system and method, which can provide cardholders of chip credit cards 10 with a safe and convenient method to operate chip credit card 10 network transactions. Among them, the chip credit card 10 can use a chip card that complies with the ISO-7816 international standard, and the card reader 20 can use a card reader that complies with the PC/SC (Personal Computer/Smart Card) specification, and conduct network transactions through the signal line 30 The required data is first transmitted to the computer 40, and the above-mentioned data is actually transmitted to the website of the network transaction by the computer 40.

参阅图2，为本发明交易控管模块的示意图。如图2所示，本发明交易控管模块主要由种类判定单元50、格式判定单元52、传送单元54所组成。Referring to FIG. 2 , it is a schematic diagram of the transaction control module of the present invention. As shown in FIG. 2 , the transaction control module of the present invention is mainly composed of a type determination unit 50 , a format determination unit 52 , and a transmission unit 54 .

简单来讲，本发明主要利用种类判定单元50在检测到读卡机20所传送的控制信号后，通过读卡机20读取芯片信用卡10上的识别数据，然后由格式判定单元52从数据库(未描绘)找出属于芯片信用卡10的种类的文件格式，以便传送单元54在判断目前浏览器连接网址为信用卡刷卡网页时，依据文件格式读出该组信用卡数据，并将其加密后传送至并填入信用卡刷卡网页中对应栏位，取代人工输入该组信用卡数据，以避免在输入该组信用卡数据的过程中被拦截。In simple terms, the present invention mainly utilizes the type judging unit 50 to read the identification data on the chip credit card 10 through the card reader 20 after detecting the control signal transmitted by the card reader 20, and then the format judging unit 52 reads the identification data from the database ( Not depicted) Find out the file format belonging to the type of chip credit card 10, so that when the transmission unit 54 judges that the current browser connection URL is a credit card swiping webpage, read out the group of credit card data according to the file format, and encrypt it and transmit it to the Fill in the corresponding fields in the credit card swiping web page instead of manually entering the set of credit card data to avoid being intercepted during the process of entering the set of credit card data.

具体来说，本系统主要构件包含(1)芯片信用卡10，其包含至少一组识别数据，储存于芯片信用卡内的基本数据栏(EF，Elementary File)或信息栏(ATR，Answer To Reset)；(2)读卡机20，其通过信号线30连接计算机40，当芯片信用卡10插入读卡机20时，读卡机20即通过信号线30传送控制信号给计算机40；以及(3)交易控管模块，为计算机40上执行的一软件程序，当检测到读卡机20所传送的控制信号后，会通过读卡机20读取芯片信用卡10上的识别数据以辨别芯片信用卡10的种类，经比对数据库后取得该芯片信用卡10数据储存格式，交易控管模块可以依此数据格式自芯片信用卡10上取得卡号、卡片有效日期以及网络交易所需数据，并以加密方式自动填入付款网页上信用卡数据栏位，以完成交易操作。其中交易控管模块检测读卡机20传送的控制信号的方法包含定时执行操作系统所提供的芯片信用卡存取接口标准程序，以检测芯片信用卡10是否插入读卡机20。Specifically, the main components of the system include (1) chip credit card 10, which includes at least one set of identification data stored in the basic data column (EF, Elementary File) or information column (ATR, Answer To Reset) in the chip credit card; (2) card reader 20, which is connected to computer 40 by signal line 30, when chip credit card 10 is inserted into card reader 20, card reader 20 promptly sends control signal to computer 40 by signal line 30; And (3) transaction control The pipe module is a software program executed on the computer 40. After detecting the control signal transmitted by the card reader 20, it will read the identification data on the chip credit card 10 through the card reader 20 to identify the type of the chip credit card 10. After comparing with the database, the data storage format of the chip credit card 10 is obtained, and the transaction control module can obtain the card number, card expiry date and data required for network transactions from the chip credit card 10 according to this data format, and automatically fill in the payment webpage in an encrypted manner Enter the credit card data fields to complete the transaction. The method for the transaction control module to detect the control signal sent by the card reader 20 includes regularly executing the chip credit card access interface standard program provided by the operating system to detect whether the chip credit card 10 is inserted into the card reader 20 .

值得一提的是，上述计算机40亦可使用可执行本发明的交易控管模块的电子装置来替换，如个人数字助理PDA、移动电话等。且信号线30亦可使用无线通讯技术来取代，如蓝芽、无线局域网WLAN等。It is worth mentioning that the above-mentioned computer 40 can also be replaced by an electronic device capable of executing the transaction control module of the present invention, such as a personal digital assistant PDA, a mobile phone, and the like. And the signal line 30 can also be replaced by wireless communication technology, such as bluetooth, wireless local area network WLAN and so on.

再参阅图3并同时参考图1，依据本发明的最佳实施例的流程图，其步骤包含：Referring to Fig. 3 again and referring to Fig. 1 simultaneously, according to the flowchart of the preferred embodiment of the present invention, its steps include:

(1)执行交易控管模块(步骤100)，于计算机40中的操作系统执行交易控管模块，并常驻于操作系统中。(1) Executing the transaction control module (step 100 ), the transaction control module is executed by the operating system in the computer 40 and resides in the operating system.

(2)检测芯片信用卡是否置入(步骤110)，交易控管模块定时通过操作系统所提供的芯片信用卡存取接口标准程序，以检测芯片信用卡10是否插入该读卡机20，当芯片信用卡10插入读卡机20时，读卡机20即通过信号线30传送控制信号给计算机40而被交易控管模块所检测。若芯片信用卡10尚未插入读卡机20，则重复此步骤持续检测。(2) Detect whether the chip credit card is inserted (step 110), the transaction control module regularly passes through the chip credit card access interface standard program provided by the operating system to detect whether the chip credit card 10 is inserted into the card reader 20, when the chip credit card 10 When the card reader 20 is inserted, the card reader 20 transmits a control signal to the computer 40 through the signal line 30 and is detected by the transaction control module. If the chip credit card 10 has not been inserted into the card reader 20, then repeat this step for continuous detection.

(3)检测浏览器(Web Browser)网址是否位于信用卡刷卡网页(步骤120)，若目前网址位于信用卡刷卡网页时则询问使用者是否欲进行网络信用卡交易，若是则继续下一步骤；若否则回到上一步骤(步骤110)。若目前网址不为信用卡刷卡网页，则回到上一步骤(步骤110)。(3) Detect whether the web address of the browser (Web Browser) is located at the credit card swiping web page (step 120), if the current web address is located at the credit card swiping web page, then inquire whether the user wishes to carry out network credit card transactions, if so, continue to the next step; otherwise return Go to the previous step (step 110). If the current URL is not a credit card swiping webpage, then return to the previous step (step 110).

(4)辨别芯片信用卡(步骤130)，当芯片信用卡10插入读卡机20后，读卡机20会重置(Reset)芯片信用卡10以获得芯片信用卡10传送的信息栏(ATR，Answer to reset)电子信号或者直接读取基本数据栏(EF，ElementaryFile)的数据，此即芯片信用卡10的识别数据，以供交易控管模块辨别此芯片信用卡10的种类。(4) Identify the chip credit card (step 130). After the chip credit card 10 is inserted into the card reader 20, the card reader 20 will reset (Reset) the chip credit card 10 to obtain the information column (ATR, Answer to reset) sent by the chip credit card 10. ) electronic signal or directly read the data in the elementary data column (EF, ElementaryFile), which is the identification data of the chip credit card 10, for the transaction control module to distinguish the type of the chip credit card 10.

(5)读取芯片信用卡内容(步骤140)，交易控管模块依据识别数据比对数据库后取得该芯片信用卡10的数据格式，并依此格式读取芯片信用卡10卡号及有效日期，并使用密码算法加密保护。(5) Read the content of the chip credit card (step 140), the transaction control module obtains the data format of the chip credit card 10 after comparing the database with the identification data, and reads the card number and the expiration date of the chip credit card 10 according to this format, and uses the password Algorithm encryption protection.

(6)填入芯片信用卡数据(步骤150)，交易控管模块在信用卡刷卡网页中自动填入加密后的信用卡卡号及有效日期，在网页上以星号(*)显示以保持隐密性。(6) Fill in the chip credit card data (step 150), the transaction control module automatically fills in the encrypted credit card number and the valid date in the credit card swiping webpage, and displays it with an asterisk (*) on the webpage to keep confidentiality.

(7)使用者自行输入信用卡认证码并且送出交易信息(步骤160)，使用者自行输入芯片信用卡10背面认证码后三码，并确认送出交易信息。(7) The user enters the credit card verification code and sends the transaction information (step 160). The user enters the last three digits of the verification code on the back of the chip credit card 10 and confirms sending the transaction information.

(8)加密数据送至后端服务器(步骤170)，浏览器软件将加密后的交易信息送至后端服务器，后端服务器解密后取得卡号及有效日期等刷卡数据以完成交易。(8) The encrypted data is sent to the back-end server (step 170), the browser software sends the encrypted transaction information to the back-end server, and the back-end server decrypts and obtains the card swiping data such as card number and valid date to complete the transaction.

通过本发明，持卡人于网络交易时不需手动输入芯片信用卡10的卡号及有效日期，提高网络交易便利性并可防止木马程序进行键盘记录；而交易控管模块以加密方式将卡号及有效日期填入网页栏位并以隐密字符显示之，可防止木马程序进行画面图像记录。Through the present invention, the cardholder does not need to manually input the card number and valid date of the chip credit card 10 during network transactions, which improves the convenience of network transactions and prevents Trojan horse programs from performing keylogging; and the transaction control module encrypts the card number and valid date. The date is filled in the web page column and displayed in hidden characters, which can prevent the Trojan horse program from recording the screen image.

本发明的精神与范围决定于本发明的专利保护范围，不受限于上述实施例。The spirit and scope of the present invention are determined by the patent protection scope of the present invention, and are not limited to the above-mentioned embodiments.

Claims

1. a chip credit card network transaction system is characterized in that, comprises:

One chip credit card comprises one group of recognition data and one group of credit card information, and this group recognition data is represented the kind of this chip credit card, and this group credit card information comprises card number, date of expiration at least;

One card reader can be electrically connected to a computing machine by a signal wire, and when this chip credit card inserts this card reader, transmits a control signal by this signal wire and give this computing machine; And

One transaction control module comprises:

One kind identifying unit in order to after detecting this control signal that this card reader transmits, reads recognition data on this chip credit card by this card reader;

One form identifying unit is in order to find out a file layout of the kind that belongs to this chip credit card from a database; And

One delivery unit, when judging that present browser connection network address is a POS webpage, read this group credit card information according to this document form, and will be sent to and insert corresponding field in this POS webpage after its encryption, replace this group credit card information of artificial input, in the process of this group credit card information of input, be blocked avoiding.

2. chip credit card network transaction system as claimed in claim 1, it is characterized in that, described this transaction control module is by carrying out the chip card access interface standard program that an operating system provides, in whether inserting this card reader, to detect this control signal every this chip credit card of fixed cycle duplicate detection.

3. chip credit card network transaction system as claimed in claim 1 is characterized in that, when described this delivery unit is inserted credit card information at this POS webpage, is shown in the corresponding field with latent close character.

4. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this chip credit card is the chip credit card that various different hair fastener unit issued.

5. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this delivery unit judges and read this recognition data of process encryption by an algorithm.

6. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this recognition data transmits an ATR electronic signal by this chip card and obtains to this card reader.

7. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this recognition data obtains after reading an EF master data hurdle that is stored in this chip card.

8. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this card reader meets the PC/SC international standard.

9. chip credit card network transaction system as claimed in claim 1 is characterized in that, described this signal wire is replaced and the transmission data with wireless communication technique.

10. a chip credit card network method of commerce is characterized in that, its step comprises:

(a) whether the detection chip credit card inserts, and when a chip credit card inserts a card reader, this card reader promptly transmits a control signal by a signal wire and gives this computing machine;

(b) detect the browser network address and whether be positioned at the POS webpage, then continue the following step if present browser network address is connected to a POS webpage;

(c) distinguish chip credit card, after this chip card inserted this card reader, this card reader read a recognition data that is stored in this chip card, for the kind of distinguishing this chip credit card;

(d) read the chip credit card content, according to a data layout of finding out the kind that belongs to this chip credit card after this recognition data is from a database;

(e) read this chip credit card data according to this data layout;

(f) insert the chip credit card data, will transmit and insert corresponding field in this POS webpage after this chip credit card data encryption.

11. chip credit card network method of commerce as claimed in claim 10, it is characterized in that, it is as follows that described step (a) further comprises step (a1): every this control signal of fixed cycle duplicate detection, be detected up to this signal, just enter step (b).

12. chip credit card network method of commerce as claimed in claim 11, it is characterized in that, the method of described this control signal of detection comprises carries out the chip card access interface standard program that this operating system provides, in whether inserting this card reader every this this chip card of fixed cycle duplicate detection.

13. chip credit card network method of commerce as claimed in claim 10 is characterized in that, described this signal wire is replaced and the transmission data with wireless communication technique.

14. chip credit card network method of commerce as claimed in claim 10 is characterized in that, described this chip credit card is the chip credit card that various different hair fastener unit issued.

15. chip credit card network method of commerce as claimed in claim 10, wherein further to comprise step (b1) as follows for step (b): this browser network address is not to be connected to the POS webpage if detect at present, then gets back to step (c).

16. chip credit card network method of commerce as claimed in claim 10 is characterized in that, described this recognition data transmits an ATR electronic signal by this chip credit card and obtains to this card reader.

17. chip credit card network method of commerce as claimed in claim 10 is characterized in that, described this recognition data obtains after reading an EF master data hurdle that is stored in this chip card.

18. chip credit card network method of commerce as claimed in claim 10 is characterized in that, described these chip credit card data comprise a credit card number and credit card date of expiration.

19. chip credit card network method of commerce as claimed in claim 10 is characterized in that, transmits this chip credit card data with cipher mode.

20. chip credit card network method of commerce as claimed in claim 10 is characterized in that, is shown in the corresponding field with latent close character when this POS webpage is inserted credit card information.

21. chip credit card network method of commerce as claimed in claim 10 is characterized in that, this card reader meets and comprises the PC/SC international standard.