【国外标准】 Electronic Commerce for the Financial Services Industry: Account Based Secure Payment Objects

This standard addresses the following: A) Payment Model Description This standard describes a model of account based electronic payments. It identifies the roles played by different components of the payment process and the flow of information between those roles. The roles are the consumer, who wishes to make a payment, a merchant which provides value, and their respective Financial Institutions, the consumer financial institution and the merchant financial institution. B) Secure Object Specifications This standard specifies a collection of electronic payment objects and references digital signature techniques to secure their content. The objects are all defined in terms of how they need to be constructed, signed and verified in computing machinery that is acting on behalf of a consumer and a merchant. A concrete syntax is specified in order that the signature can be constructed or verified at any location that has access to the consumer苨 public key and associated data. A business recommendation is made that the payment routing code (or PAN) used in conjunction with secure payment objects defined by this standard is not accepted as valid in non-authenticated transactions. Several usage scenarios are given to show examples of real applications where the standard objects may be applicable. Confidentiality for the payment information may be desired and is neither required, nor precluded, by this standard. Prudent implementers may choose to conduct a risk assessment to determine the need for confidentiality. Also policy issues, including terms and conditions of the agreements between the parties, are not covered in this standard. . While some of the information described in the standard must survive interchange between cooperating financial institutions, the syntax of how it appears in any particular payment protocol is not specified.