TECHNICAL FIELD

[0001] The non- limiting and example embodiments of the present disclosure generally relate to a technical field of communication network, and specifically to methods, apparatuses and computer programs for secure payment via a communication network.

BACKGROUND

[0002] This section introduces aspects that may be helpful to facilitating a better understanding of embodiments herein. Accordingly, the statements of this section are to be read in this light and are not to be understood as admissions about what is in the prior art or what is not in the prior art.

[0003] Currently, a lot of payment methods have been proposed for using in a business environment. Examples of popular payment methods include cash, credit card and online account. Depending on a payment method selected, people may use a Point of Sales (POS) machine, a cell phone or a personal computer (PC) to complete a payment process.

[0004] In addition, many third-party payment systems have been provided. For example, a customer may use a credit card to pay on a third-party payment device. To enable such a payment method, the customer need to buy a third-party payment device, have a smart cell phone with a specific application (APP) installed and be registered as a third-party payment user. Therefore, it is not very convenient for the customer to pay. Furthermore, some people may have a credit card but may not have an account for the third-party payment. These people may not want to pay online using a cell phone or a PC for security concern or other reasons.

SUMMARY

[0005] Disclosed herein are various embodiments of methods, apparatuses and computer programs applied to, e.g. secure payment. While such embodiments may be expected to provide improvements in performance and/or reduction of cost of such apparatus and methods relative to conventional implementations, no particular result is a requirement of the present invention unless explicitly recited in a particular claim.

[0006] Various features and advantages of embodiments of the present disclosure will be understood from the following description of specific embodiments when read in conjunction with the accompanying drawings, which illustrate, by way of example, the principles of embodiments of the present disclosure.

[0007] In a first aspect of the disclosure, there is provided a method for providing a secure payment service at a first network device, for example a payment system. The method comprises receiving a payment request indicating an identity and payment information of a user; in response to the payment request being authenticated as valid, sending to a home gateway a payment token indicating the identity and the payment information of the user, the home gateway being bound with a first credit card of the user; receiving information on a second credit card from the home gateway; and authorizing payment at least based on an equivalence of the first and the second credit cards.

[0008] In a second aspect of the disclosure, there is provided a method for providing a secure payment service at a home gateway bound with a first credit card of a user. The method comprises receiving a payment token from a first network device, the payment token includes an identity and payment information of the user; in response to the receiving of the payment token, obtaining information on a second credit card via, for example, one of contact communication or near field communication, NFC; and sending the information on the second credit card to the first network device.

[0009] In a third aspect of the disclosure, there is provided a method for providing a secure payment service at a second network device, for example a shopping web server. The method comprises causing a shopping webpage to be displayed to a user, the shopping webpage including an option for the user to pay directly using a credit card bound with a home gateway; and sending a payment request to a further network device for payment, the payment request including an identity and payment information of the user.

[0010] In a fourth aspect of the disclosure, there is provided a method for providing a secure payment service at a third network device, for example a payment gateway. The method comprises: in response to receiving in a transaction a payment token from a first network device, sending the payment token to a home gateway bound with a first credit card of a user, the payment token including an identity and payment information of the user; receiving information on a second credit card from the home gateway; and transmitting the information on the second credit card to the first network device, wherein the transaction is authorized only on the condition that the first and second credit cards are equivalent.

[0011] In a fifth aspect of the disclosure, there is provided a first network device. The first network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the first network device to perform a method according the first aspect of the present disclosure.

[0012] In a sixth aspect of the disclosure, there is provided a customer-premises equipment (CPE) such as a home gateway. The CPE or the home gateway includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the CPE or the home gateway to perform a method according the second aspect of the present disclosure.

[0013] In a seventh aspect of the disclosure, there is provided a second network device, such as a shopping web server. The second network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the second network device to perform a method according the third aspect of the present disclosure.

[0014] In an eighth aspect of the disclosure, there is provided a third network device, such as a payment gateway. The third network device includes a processor and a memory, said memory contains instructions executable by said processor, and said processor is configured to cause the third network device to perform a method according the fourth aspect of the present disclosure.

[0015] In a ninth aspect of the disclosure, there is provided a computer program, comprising instructions which, when executed on one or more processors, cause the one or more processors to carry out a method according to the first, second, third, or fourth aspect of the present disclosure.

[0016] In a tenth aspect of the disclosure, there is provided an apparatus in a network device, the apparatus comprises processing means adapted to perform a method according the first, second, third, or fourth aspect of the present disclosure.

[0017] According to various aspects and embodiments as mentioned above, payment may be performed in a convenient and secure manner.

BRIEF DESCRIPTION OF THE DRAWINGS

[0018] The above and other aspects, features, and benefits of various embodiments of the present disclosure will become more fully apparent from the following detailed description with reference to the accompanying drawings, in which like reference numerals or letters are used to designate like or equivalent elements. The drawings are illustrated for facilitating better understanding of the embodiments of the disclosure and not necessarily drawn to scale, in which:

[0019] FIG. 1 illustrates an example communication network in which embodiments of the present disclosure may be implemented;

^ [0020] FIGs. 2A-2B illustrates signaling diagrams for secure payment according to an embodiment of the present disclosure;

[0021] FIGs. 3A-3B illustrates flowcharts of example methods in a first network device according to embodiments of the present disclosure;

[0022] FIG. 4 illustrates a flowchart of a method in a home gateway according to an 10 embodiment of the present disclosure;

[0023] FIG. 5 illustrates a flowchart of a method in a second network device according to an embodiment of the present disclosure;

[0024] FIGs. 6A-6B illustrate flowcharts of methods in a third network device according to an embodiment of the present disclosure;

^ [0025] FIG. 7 illustrates a schematic block diagram of an apparatus implemented as/in a first network device according to an embodiment of the present disclosure;

[0026] FIG. 8 illustrates a schematic block diagram of an apparatus implemented as/in a home gateway according to an embodiment of the present disclosure;

[0027] FIG. 9 illustrates a schematic block diagram of an apparatus implemented as/in 0 a second network device according to an embodiment of the present disclosure;

[0028] FIG. 10 illustrates a schematic block diagram of an apparatus implemented as/in a third network device according to an embodiment of the present disclosure;

[0029] FIG. 11 illustrates a simplified block diagram of an apparatus that may be embodied as/in a network device. 5 DETAILED DESCRIPTION

[0030] Hereinafter, the principle and spirit of the present disclosure will be described with reference to illustrative embodiments. It should be understood, all these embodiments are given merely for one skilled in the art to better understand and further practice the present disclosure, but not for limiting the scope of the present disclosure. For 30 example, features illustrated or described as part of one embodiment may be used with another embodiment to yield still a further embodiment. In the interest of clarity, some features of an actual implementation described in this specification may be omitted. [0031] References in the specification to "one embodiment," "an embodiment," "an example embodiment," and the like indicate that the embodiment described may include a particular feature, structure, or characteristic, but it is not necessary that every embodiment includes the particular feature, structure, or characteristic. Moreover, such phrases are not necessarily referring to the same embodiment. Further, when a particular feature, structure, or characteristic is described in connection with an embodiment, it is submitted that it is within the knowledge of one skilled in the art to affect such feature, structure, or characteristic in connection with other embodiments whether or not explicitly described.

[0032] It shall be understood that although the terms "first" and "second" etc. may be used herein to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first element could be termed a second element, and similarly, a second element could be termed a first element, without departing from the scope of example embodiments. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed terms.

[0033] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be liming of example embodiments. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises", "comprising", "has", "having", "includes" and/or "including", when used herein, specify the presence of stated features, elements, and/or components etc., but do not preclude the presence or addition of one or more other features, elements, components and/ or combinations thereof.

[0034] In the following description and claims, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skills in the art to which this disclosure belongs.

[0035] As used herein, the term "communication network" refers to a network following any suitable communication standards currently known, such as LTE- Advanced (LTE-A), LTE, Wideband Code Division Multiple Access (WCDMA), High-Speed Packet Access (HSPA), Wireless Local Area Network (WLAN), Internet Protocol (IP) and so on, and/or any other protocols e to be developed in the future.

[0036] As used herein, the term "network device" refers to a device in a communication network via which a terminal device accesses the network and/or receives services therefrom. The network device may include, but not limited to, a router, a server, a controlling entity, a gateway, etc.

[0037] The term "terminal device" refers to any end device that can access a communication network and receive services therefrom. By way of example and not limitation, a terminal device may be referred to as user equipment (UE), a Subscriber Station (SS), a Portable Subscriber Station, a Mobile Station (MS), or an Access Terminal (AT). The terminal device may include, but not limited to, a mobile phone, a cellular phone, a smart phone, a tablet, a wearable device, a personal digital assistant (PDA), a personal computer (PC), a portable computer, image capture terminal devices such as digital cameras, gaming terminal devices, music storage and playback appliances, wearable terminal devices, vehicle-mounted wireless terminal devices and the like. In the following description, the terms "terminal device", "terminal", "user equipment" and "UE" may be used interchangeably.

[0038] FIG. 1 illustrates an example communication network 100 in which embodiments of the disclosure may be implemented. As shown in FIG. 1, the communication network 100 includes an application server, e.g., a shopping web server 110, a payment system 120, a payment gateway 130, an auto-configuration server (ACS) 140, a home gateway 150 and one or more terminal devices 160, for example a cell phone 160-1 and a PC 160-2. The terminal device 160 may access the communication network 100 via wired or wireless communication mechanisms such as any suitable radio access technology (RAT). The network devices 110-150 may communicate according to any suitable communication protocol, and embodiments are not limited to any specific way for communicating between network devices. It should be appreciated that the communication network 100 is presented just for illustration purpose, and in another example, the communication network may include more or less or different network devices. For example, the ACS server 140 may be omitted in some embodiments.

[0039] In an example embodiment, the application server 110 may be a shopping web server providing a shopping website to a user. When the user visits the shopping website, he/she may login first and collect goods which he/she wants to buy, and then the user may select a desired payment method to pay for the selected goods.

[0040] As mentioned above, though many payment methods are available, some of the payment methods are not convenient for use, and/or, some payment method may not be selected by a customer due to security concerns. According to embodiments of the present disclosure, a safe and convenient way for paying with a credit card through a home gateway is provided.

[0041] Internet access at home has been widely used nowadays, and people usually have a home gateway (e.g., a fiber home gateway) installed in their house for internet access. In some embodiments of the present disclosure, the home gateway may be used as a payment instrument collaborating with a shopping website, a telecommunication vendor and a payment system to provide a secure payment method.

[0042] In some embodiments, the home gateway is bound with a specific credit card of a user to provide a secure payment solution. That is, the specific credit card and the home gateway has to be used together to complete the payment. Only the specific credit card input via the home gateway is considered as valid for payment. Or in other words, if a credit card not equivalent to the specific credit card is input via the home gateway, the payment will be considered as invalid. Further, if the specific credit card is input via another device different from the home gateway, it is also considered as invalid.

[0043] Generally speaking, according to embodiments of the present disclosure, the shopping web server 110 may provide user information and shopping information for the payment. The payment system 120 is responsible for authentication and authorization, and may generate and distribute a payment token to another network device involved in the payment, e.g., a payment gateway. The payment gateway 130 sends the payment token to a Customer Premises Equipment (CPE, for example a home gateway) directly or via an ACS server 140 (if available). The ACS Server 140 may send the payment token to the CPE, for example, using TR-069 protocol. The Home gateway (HGW) 150 obtains information of a credit card to be used for the payment, for example via Near Field Communication (NFC) or contact communication with the credit card.

[0044] For illustration rather than limitation, some embodiments of the present disclosure will be described in the following with reference to FIGs. 2A-12 in the example network environment shown in FIG. 1. However, it is to be understood that embodiments of the present disclosure may be applied more widely in any network environment where similar problems exist.

[0045] Reference is now made to FIG. 2A which shows a signaling diagram according to an embodiment of the present disclosure. In this example, user 201 accesses 210 a shopping website, for example, via a mobile phone or a computer, logs in and collects goods which he/she wants to buy. The shopping website is hosted by the shopping web server 110. The user may choose to pay for the selected goods by directly paying using a credit card at home via a HGW. Based on input from the user during the shopping and/or registration, the shopping web server 110 obtains payment information and personal information of the user such as the user's identity and/or account.

[0046] The shopping web server 110 sends 220 to a payment system 120 a payment request with the user information and the payment information. The payment system 120 authenticates the payment request. If the message is valid, the payment system 120 sends 230 to a payment gateway 130 according to a location of the user and an internet access provider for the user, a payment token including the user information and the payment information. Information on the location of the user and the internet access provider may be obtained for example from a network operator.

[0047] The payment gateway 130 directly sends 240 the payment token to the HGW 150, for example, via a signaling. The HGW 150 obtains 250 information of a credit card of the user via, for example near field communication (NFC) or contact communication. That is, when the user swipes a credit card through a POS machine or puts a credit card close to a NFC device connected to or included in the HGW 150, the HGW 150 obtains information of the credit card. The HGW 150 then sends 260 the information of the credit card to the payment gateway 130 which in turn forwards 270 the information of the credit card to the payment system 120.

[0048] The payment system 120 checks whether the credit card is valid based on the received information on the credit card and information on binding of a HGW with a credit card. For example, if the credit card is one of the credit cards bound with the HGW 150, then the credit card is determined valid. The payment system 120 completes the payment using the credit card and sends 280 a notification to the shopping website. In some embodiments, the shopping web server 110 may send 290 a notification to the user to indicate the completion of payment.

[0049] On the other hand, if it is determined that the credit card is not bound with the HGW, the credit card will be considered invalid. At this point, the payment system 120 terminates the payment without performing payment using the credit card and signals 280' the termination of the payment to the shopping website, and an error may be informed 290' to the user.

[0050] It should be appreciated that some network devices (e.g., the payment gateway 130) may be omitted in another example embodiment depending on a network architecture being used. Likewise, one or more additional network devices may be involved in the payment process in some embodiments, and an example of which is shown in FIG. 2B. Compared with FIG. 2A, an additional ACS server 140 is involved, and as a result, the payment gateway 130 may send the payment token to the HGW 150 via the ACS server 140, that is, the payment gateway 130 may send 231 the payment token to the ACS server 140 after receiving the payment token from the payment system 110, and the ACS server 140 in turn sends 241 the payment token to the HGW 150. Likewise, the HGW 150 may send the information on the credit card to the payment gateway 130 via the ACS server 140, that is, the HGW 150 may send 261 the information on the credit card to the ACS server 140 and the ACS server 140 in turn sends 271 the information on the credit card to the payment gateway 130. Other operations and signaling shown in FIG. 2B may be same as that in FIG. 2A.

[0051] It can be observed from the above examples that by using the information on the binding of the HGW 150 with a credit card, the payment is made secure. Though in the examples of FIGs. 2 A and 2B, the payment system 120 validates a credit card based on information on the binding, it is to be understood that in another embodiment such validating may be performed at a different network device (e.g., the HGW 150, or the payment gateway 130).

[0052] It is also to be understood that embodiments are not limited to any specific way for obtaining the information on the binding. Some examples for obtaining the information on the binding are provided below just for illustration rather than limitation.

Example I:

[0053] During a service registration, it is possible to bind the home gateway 150 represented by, for example, a global unique ID of the HGW 150, with a credit card of the user 201 (and optionally a network account of the user). For example, the user 201 may register a secure payment service at a payment system 120 (or a payment gateway 130), and the information on the binding may be obtained by the payment system 120 (or the payment gateway 130) based on the registration. The information of the binding may be used by the payment system 120 (or the payment gateway 130) for validating a credit card, or, the payment system 120 (or the payment gateway 130) may send the information of the binding to a further network device (e.g., a HGW 150) to enable such validating at the further network device. Only payment using the credit card bound with the HGW 150 is considered as valid. In some embodiments, a plurality of credit cards may be bound with the HGW 150, and the user can use any one of bound credit cards to complete a payment.

Example II:

[0054] Alternatively, it is possible to bind the HGW 150 represented by a global unique ID and a credit card of the user 201 (and optionally a network account of the user) during payment process. For example, the user 201 may register a secure payment service at a payment system 120 (or a payment gateway 130). Only a part of the binding information, such as the ID of the HWG device 150 and optionally a network account of the user, may be obtained by the payment system 120 (or a payment gateway 130) during the registration. During a payment process, the user 201 may further input credit card information on the shopping website, and the shopping web server 110 may send the credit card information to the payment system 120 (or the payment gateway 130) for binding with the HGW 150. The user can only use the specified credit card to complete payment via the HGW 150.

[0055] Some example methods implemented in some network entities involved in the payment will now be described with reference to FIGs. 3A-6 respectively.

[0056] FIG. 3A illustrates a flowchart of a method 300 in a first network device for secure payment according to an embodiment of the present disclosure, and the first network device may be the payment system 120 , a network entity for payment control, or any other network device with similar functionalities. For ease of discussions, the method 300 will be described below with reference to the payment system 120 and the environment as described with reference to FIG. 1.

[0057] As illustrated in FIG. 3 A, at block 320, the payment system 120 receives a payment request. In one embodiment, a user may trigger and send the payment request via, for example but not limited to, a shopping website (e.g., the shopping web server 110 in FIG. 1 or FIGs. 2A-2B). That is, the payment system 120 may receive the payment request via a shopping website (e.g., the shopping web server 110 in FIG. 1 or FIGs. 2A-2B). The payment request includes user information (e.g., an identity of the user) and payment information of the user.

[0058] At block 330, in response to the payment request being authenticated as valid, the payment system 120 sends a payment token to a HGW (e.g., the HGW 150 in FIG. 1 or FIGs. 2A-2B) bound with a first credit card of the user. The payment token includes the user information and the payment information of the user. In some embodiments, the payment system 120 may send the payment token to the HGW 150 via at least a payment gateway (e.g., the payment gateway 130 shown in FIG. 1 or FIGs. 2A-2B), as described with reference to FIGs. 2A-2B.

[0059] At block 340, the payment system 120 receives information on a second credit card from the HGW 150. The second credit card may be the same credit card as the first credit card, or may be a different credit card. As described more fully below, the transaction may only be authenticated if the first and second credit cards are a same credit card, or if the first and second credit cards refer to a same account. For the purpose of this discussion and the claims, two credit cards that refer to a same account are defined as "equivalent credit cards" even if some identifiable differences are present. The second credit card is considered as valid for the payment only if it is equivalent to the first credit card. As shown in the examples of FIGs. 2A-2B, the payment system 120 may receive the information on the second credit card from the home gateway via a payment gateway 130, or a payment gateway 130 and an ACS server 140; however, embodiments are not limited thereto. The payment system 120 may receive the information on the second credit card from the home gateway in any suitable way depending on the network architecture.

[0060] At block 350, the payment system 120 authorizes payment according to the payment request at least based on an equivalence of the first and the second credit cards. The equivalence may be determined, for example, based on at least the received information on the second credit card. There may be various ways for the payment system 120 to authorize the payment, and embodiments are not limited to any specific way. For illustration rather than limitation, an example embodiment of block 350 is shown in FIG. 3B.

[0061] In an example of FIG. 3B, at block 351, the payment system 120 may validate the second credit card at least based on the information on the second credit card. As an example, the payment system 120 may validate the second credit card based on the information on the second credit card and information on the binding of the home gateway with the first credit card. For example, if the second credit card is a credit card bound with the HGW according to the information on the binding, the second credit card is valid; otherwise, the second credit card is invalid.

[0062] If it is determined at block 351 that the second credit card is valid, at block 352, the payment system 120 authorizes payment using the second credit card according to the payment request. Otherwise, if it is determined at block 351 that the second credit card is invalid, at block 353, the payment system 120 provides an error message to the user without authorizing payment using the second credit card.

[0063] Still in reference to FIG. 3A, in another embodiment, the second credit card may be validated by a network device separate from the payment system 120. In such embodiment, the payment system 120 may send, at block 315, the information on the binding of the HGW 150 with the first credit card to the HGW 150 as shown in FIG. 3 A, to enable validating of the second credit card at the HGW 150. In this example, at block 351 of FIG. 3B, the payment system 120 may validate the second credit card (i.e., determine if the first credit card and the second credit card are a same credit card or that the first and second credit cards refer to a same account) based on an indication of equivalence included in the information on the second credit card received at block 340 of FIG. 3A from the HGW 150. The indication of equivalence of the second credit card may be generated and included in the information on the second credit card by the HGW 150 based on the information on the binding received from the payment system 120.

[0064] Embodiments are not limited to any specific way for obtaining the information on the binding of the HGW 150 with the first credit card. Optionally, in an embodiment, the payment system 120 may obtain information on the binding at block 310 based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from a further network device (e.g., the payment gateway 130). For example, one of the Examples I and II described above for obtaining the binding information may apply here. That is, the payment system 120 may obtain the information on the binding based on a registration of the user for secure payment service, and/or based on a user input after the registration, for example, an input from the user during shopping.

[0065] Alternatively, or in addition, in an embodiment, at block 310, the payment system 120 may obtain information on the binding of the HGW 150 with both the first credit card and a network account of the user. Alternatively, or in addition, in another embodiment, at block 310, the payment system 120 may obtain information on the binding of the HGW 150 with a plurality of credit cards including the first credit card.

[0066] FIG. 4 illustrates a flowchart of a method 400 in a CPE for secure payment according to an embodiment of the present disclosure. The CPE may be a HGW 150 shown in FIG. 1 or FIGs. 2A-2B. For ease of discussions, the method 400 will be described below with reference to the HGW 150 and the environment as described with reference to FIG. 1. [0067] As illustrated in FIG. 4, at block 410, the HGW 150 receives a payment token from a first network device, for example, the payment system 120 or the payment gateway 130 in FIG. 1. The payment token includes user information (e.g., an identity of the user) and payment information of a user determined from a transaction. The HGW 150 is bound with a first credit card of the user. In one embodiment, the HGW 150 may receive the payment token from the first network device directly, while in another embodiment, the HGW 150 may receive the payment token from the first network device via a further intermediate network device, e.g., an ACS server 140 shown in FIG. 1. Embodiments are not limited to any specific way for the receiving.

[0068] At block 420, in response to the receiving of the payment token, the HGW 150 obtains information on a second credit card via, for example but not limited to, contact communication or NFC. That is, the HGW 150 may obtain information on the second credit card when a user swipes the second credit card through a POS machine connected to or included in the HGW 150 or when the user puts the second credit card close to a NFC device connected to or included in the HGW 150.

[0069] At block 430, the HGW 150 sends the information on the second credit card to the first network device, for example the payment system 120 or the payment gateway 130 in FIG. 1, directly or via one or more further network devices. As an example, operations 260, 270, or 261, 271 and 270 shown in FIGs. 2A-2B may be used for sending the information on the second credit card.

[0070] In some embodiments, optionally, the HGW 150 may further perform operations in blocks 411, 421 and 431 as shown in FIG. 4. In particular, at block 411, the HGW 150 may receive, from the first network device, for example the payment system 120 or the payment gateway 130 in FIG. 1, information on binding of the HGW 150 with the first credit card of the user. It should be appreciated that the HGW 150 may receive the information on the binding from the first network device directly or via one or more further network devices, for example the ACS server 140 in FIG. 1. Descriptions provided with reference to method 300 related to the information on the binding also apply here. At block 421, the HGW 150 validates of the second credit card based on the information on the binding. For example, if the second credit card is not a credit card bound with the HGW according to the information on the binding, the second credit card will be considered as invalid, otherwise, the second credit card will be considered as valid. At block 431, the HGW 150 may send an indication of equivalence of the second credit card to the first network device, directly or via one or more further network devices. In one embodiment, the indication of equivalence of the second credit card may be sent as part of information on the second credit card at block 430. That is, in some embodiments, block 431 may be a sub-operation of the block 430.

[0071] Now reference is made to FIG. 5 which illustrates a flowchart of a method 500 in a second network device for providing a secure payment service according to an embodiment of the present disclosure. The second network device may be a shopping web server (the shopping web server 110 shown in FIG. 1 or FIGs. 2A-2B). For ease of discussions, the method 500 will be described below with reference to the shopping web server 110 and the environment as described with reference to FIG. 1.

[0072] As illustrated in FIG. 5, at block 510, the shopping web server 110 causes a shopping webpage to be displayed to a user, and the shopping webpage includes an option for the user to pay directly using a credit card bound with a home gateway. Currently, there is no such known payment option available in a shopping website.

[0073] At block 520, the shopping web server 110 sends a payment request to a further network device for payment. The further network device may be, for example a payment system 120 shown in FIG. 1, a network entity for payment control, or any suitable network device with similar functionalities. The payment request includes user information (e.g., an identity of the user) and payment information of the user.

[0074] As described with reference to FIGs. 2A-2B, a payment gateway 130 may be involved in the payment process. In some embodiments, the payment gateway 130 may forward information related to payment (for example, a payment token from the payment system 120 or information on a credit card from the HGW 150 in FIGs. 2A-2B) to another network device (e.g., the HGW 150 or the payment system 120 in FIGs. 2A-2B). In another embodiment, the payment gateway may perform some additional operations.

[0075] A flowchart of an example method 600 in a payment gateway for providing a secure payment service according to an embodiment of the present disclosure is illustrated in FIG. 6A. For ease of discussions, the method 600 will be described below with reference to the payment gateway 130 and the environment as described with reference to FIG. 1.

[0076] As illustrated in FIG. 6A, at block 610, in response to receiving in a transaction a payment token from a first network device, for example the payment system 120 shown in FIG. 1, the payment gateway 130 sends the payment token to a HGW 150 bound with a first credit card of a user, and the payment token includes an identity and payment information of the user. It should be appreciated that the payment gateway 130 may send the payment token to the HGW 150 directly or via one or more further network devices.

[0077] At block 620, the payment gateway 130 receives information on a second credit card from the HGW 150, directly or via one or more further intermediate network devices, for example an ACS server 140.

[0078] At block 630, the payment gateway 130 transmits the information on the second credit card to the first network device (e.g., the payment system 120 shown in FIG. 1), wherein the transaction is authorized only on the condition that the first and second credit cards are equivalent.

[0079] FIG. 6B shows another method 600' in the payment gateway 130 for providing a secure payment service according to another embodiment of the present disclosure. As shown in FIG. 6B, besides the above operations 610-630, the payment gateway 130 may further obtain information on the binding of the HGW 150 with the first credit card at block 640, for example, based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from the first network device. Descriptions provided with reference to block 310 of FIG. 3 A on obtaining the information on binding also apply here. For example, at block 640, the payment gateway 130 may obtain information on binding of the HGW 150 with both the first credit card and a network account of the user. Alternatively or in addition, in another embodiment, the payment gateway 130 may obtain information on binding of the HGW 150 with a plurality of credit cards including the first credit card.

[0080] In a further embodiment, the payment gateway 130 may further send the information on the binding to HGW 150 at block 650, for example to enable validating of the second credit card at the HGW 150. At block 660, the payment gateway 130 may receive an indication of equivalence of the second credit card from the HGW 150. The indication of equivalence of the second credit card may be generated by the HGW 150 based on the information on the binding received from the payment gateway 130. In an embodiment, the payment gateway 130 may further transmit the indication of equivalence of the second credit card to the first network device, for example the payment system 120 shown in FIG. 1, at block 670.

[0081] Alternatively, or in addition, the validating may be performed at the payment gateway 130, and in this case, the payment gateway 130 may transmit an indication of equivalence of the second credit card generated by itself to the first network device, for example the payment system 120 shown in FIG. 1, at block 670.

[0082] In still another embodiment, alternatively or in addition, the payment gateway 130 may send the information on the binding to first network device, for example the payment system 120 shown in FIG. 1, at block 680, for example to enable validating of the second credit card at the payment system 120.

[0083] With embodiments of the present disclosure, a user is able to complete online shopping using his/her credit card directly without requiring a cell phone or a third-party payment account. It is more convenient and secure compared with other payment methods. The payment is safe because a home gateway of the user and a credit card of the user (and optionally, a network account, for example an internet access account of the user) are bound together. That is, only a specified credit card on a specified home gateway can be used to complete the payment process. For example, if a credit card of a user is lost, the lost credit card cannot be used for payment since it is bound to a specified home gateway of the user. In addition, since the payment is processed at home, a password is not necessarily required.

[0084] FIG. 7 illustrates a schematic block diagram of an apparatus 700 in a communication network (e.g., the communication network 100 shown in FIG. 1). The apparatus may be implemented as/in a payment system (e.g., the payment system 120 shown in FIG. 1) or a network device for payment control, or any suitable network device with similar functions. The apparatus 700 is operable to carry out the example method 300 described with reference to FIGs. 3A-3B and possibly any other processes or methods. It is also to be understood that the method 300 is not necessarily carried out by the apparatus 700. At least some operations of the method 300 can be performed by one or more other entities.

[0085] As illustrated in FIG. 7, the apparatus 700 includes a first receiving unit 720, a first transmitting unit 730, a second receiving unit 740, and a payment authorizing unit 750. The first receiving unit 720 is configured to receive a payment request indicating an identity and payment information of a user. The first transmitting unit 730 is configured to send to a home gateway a payment token indicating the identity and the payment information of the user in response to the payment request being authenticated as valid, and wherein the home gateway is bound with a first credit card of the user. The second receiving unit 740 is configured to receive information on a first credit card from the home gateway, and the payment authorizing unit 750 is configured to authorize payment according to the payment request and at least based on equivalence of the first and the second credit cards.

[0086] It should be appreciated that the first receiving unit 720, the first transmitting unit 730 and the second receiving unit 740 may be configured to receive information from or send information to a network device directly or via one or more intermediate network devices. For example, the first receiving unit 720 may be configured to receive the payment request from a user via a shopping web server. In another embodiment, the first transmitting unit 730 may be configured to send the payment token to the home gateway at least via a payment gateway. Likewise, the second receiving unit 740 may be configured to receive the information on the second credit card from the home gateway via at least a payment gateway.

[0087] In an embodiment, the payment authorizing unit 750 may configured to perform operations described with reference to block 350 of FIG. 3, and therefore descriptions related to block 350 also apply here and details will not be repeated.

[0088] In some embodiments, the apparatus 700 may further include an obtaining unit 710, configured to obtain information on the binding of the home gateway with the first credit card, for example based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from a further network device. In an embodiment, the obtaining unit 710 may be configured to obtain information on binding of the home gateway with both the first credit card and a network account of the user. In another embodiment, the obtaining unit 710 may be configured to obtain information on binding of the home gateway with a plurality of credit cards including the first credit card.

[0089] In a further embodiment, the apparatus 700 may further include a second transmitting unit 760 configured to send the information on the binding of the home gateway with the first credit card to the home gateway, directly or via one or more additional network devices. In this case, the information on the second credit card received by the second receiving unit 740 from the home gateway may include an indication of equivalence of the second credit card.

[0090] In an embodiment, descriptions related to block 310, 315, 320-350 of FIGs. 3A-3B also apply to the units 710, 760, 720-750 respectively. [0091] FIG. 8 illustrates a block diagram an apparatus 800 in a communication network (e.g., the communication network 100 shown in FIG. 1). The apparatus may be implemented as/in a home gateway (e.g., the home gateway 150 shown in FIG. 1) or any suitable network device with similar functions. The apparatus 800 is operable to carry out the example method 400 described with reference to FIG. 4 and possibly any other processes or methods. It is also to be understood that the method 400 is not necessarily carried out by the apparatus 800. At least some operations of the method 400 can be performed by one or more other entities.

[0092] As illustrated in FIG. 8, the apparatus 800 includes a first receiving unit 810, an obtaining unit 820, and a first transmitting unit 830. The first receiving unit 810 is configured to receive a payment token from a first network device, and the payment token includes an identity and payment information of a user. The obtaining unit 820 is configured to obtain information on a first credit card via, for example but not limited to, contact communication or NFC in response to the receiving of the payment token, and the first transmitting unit 830 is configured to send the information on the first credit card to the first network device.

[0093] In another embodiment, the apparatus 800 may further optionally include a second receiving unit 811, a validating unit 821 and a second transmitting unit 831. The second receiving unit 811 may be configured to receive, from the first network device, information on binding of the home gateway with a second credit card of the user. In an embodiment, the information on the binding may indicate binding of the home gateway with both the second credit card and a network account of the user. In another embodiment, the information on the binding may indicate binding of the home gateway with a plurality of credit cards including the second credit card. The validating unit 821 may be configured to validate the first credit card based on the information on the binding, and the second transmitting unit 831 may be configured to send an indication of equivalence of the first credit card to the first network device.

[0094] In an embodiment, descriptions related to block 410, 420, 430, 411, 421, and 431 also apply to the units 810, 820, 830, 811, 821 and 831 respectively, and therefore details will not be repeated.

[0095] FIG. 9 illustrates a block diagram an apparatus 900 in a communication network (e.g., the communication network 100 shown in FIG. 1). The apparatus may be implemented as/in a network device (e.g., the shopping web server 110 shown in FIG. 1) or any suitable network device with similar functions. The apparatus 900 is operable to carry out the example method 500 described with reference to FIG. 5 and possibly any other processes or methods. It is also to be understood that the method 500 is not necessarily carried out by the apparatus 900. At least some operations of the method 500 can be performed by one or more other entities.

[0096] As illustrated in FIG. 9, the apparatus 900 includes a controlling unit 910 and a transmitting unit 920. The controlling unit 910 is configured to cause a shopping webpage to be displayed to a user and the shopping webpage includes an option for the user to pay directly using a credit card bound with a home gateway. For example, the payment option allows the user to pay by following the signaling diagram shown in FIG. 2A or 2B. The transmitting unit 920 is configured to send a payment request to a further network device for payment and the payment request includes user information and payment information of the user.

[0097] FIG. 10 illustrates a block diagram an apparatus 1000 in a communication network (e.g., the communication network 100 shown in FIG. 1). The apparatus may be implemented as/in a network device (e.g., the payment gateway 130 shown in FIG. 1) or any suitable network device with similar functions. The apparatus 1000 is operable to carry out the example method 600 or 600' described with reference to FIGs. 6A-6B and possibly any other processes or methods. It is also to be understood that the method 600 or 600' is not necessarily carried out by the apparatus 1000. At least some operations of the method 600 or 600' can be performed by one or more other entities.

[0098] As illustrated in FIG. 10, the apparatus 1000 includes a first transmitting unit 1001, a first receiving unit 1002 and a second transmitting unit 1003. The first transmitting unit 1001 is configured to send the payment token to a home gateway bound with a first credit card of a user in response to receiving a payment token from a first network device (e.g., the payment system 120 in FIG. 1). The payment token includes an identity and payment information of the user. The first receiving unit 1002 is configured to receive information on a second credit card from the home gateway, and the second transmitting unit 1003 is configured to transmit the information on the second credit card to the first network device.

[0099] In an embodiment, the apparatus 1000 may optionally further include an obtaining unit 1004, configured to obtain information on the binding of the home gateway with the first credit card, for example based on at least one of: a registration of the user for the secure payment service, a user input after the registration, and a message from the first network device. In some embodiments, the obtaining unit 1004 may be configured to obtain information on binding of the home gateway with both the first credit card and a network account of the user. In another embodiment, the obtaining unit 1004 may be configured to obtain information on binding of the home gateway with a plurality of credit cards including the first credit card.

[00100] In a further embodiment, the apparatus 1000 may optionally include a third transmitting unit 1005, configured to send the information on the binding to the home gateway, and a second receiving unit 1006 configured to receive an indication of equivalence of the second credit card from the home gateway. In another embodiment, the apparatus 1000 may further include a fourth transmitting unit 1007 configured to transmit the indication of equivalence of the second credit card to the first network device.

[00101] Alternatively or in addition, in another embodiment, the apparatus 1000 may optionally include a fifth transmitting unit 1008 configured to send the information on the binding to the first network device.

[00102] In an embodiment, descriptions related to block 610-680 also apply to the units 1001-1008 respectively, and therefore details will not be repeated.

[00103] FIG. 11 illustrates a block diagram of an apparatus 1100 that may be embodied in/as a network device, e.g., the application server 110 (e.g., a shopping web server), a payment system (e.g., a payment controller) 120, a payment gateway 130, an ACS server 140, or a HGW (e.g., the HGW 150) shown in FIG. 1.

[00104] The apparatus 1100 may include one or more processors 1101, such as a data processor (DP) and one or more memories (MEM) 1102 coupled to the processor 1101. The apparatus 1 100 may further include a transmitter TX and receiver RX 1103 coupled to the processor 1101. The MEM 1102 may be non-transitory machine readable storage medium and it may store a program (PROG) 1104. The PROG 1104 may include instructions that, when executed on the associated processor 1101, enable the apparatus 1100 to operate in accordance with the embodiments of the present disclosure, for example to perform one or more of the methods 300-600. A combination of the one or more processors 1101 and the one or more MEMs 1102 may form processing means adapted to implement various embodiments of the present disclosure. [00105] Various embodiments of the present disclosure may be implemented by computer program executable by one or more of the processors 1101, software, firmware, hardware or in a combination thereof.

[00106] The MEM 1102 may be of any type suitable to the local technical environment and may be implemented using any suitable data storage technology, such as semiconductor based memory terminal devices, magnetic memory terminal devices and systems, optical memory terminal devices and systems, fixed memory and removable memory, as non-limiting examples.

[00107] The processor 1101 may be of any type suitable to the local technical environment, and may include one or more of general purpose computers, special purpose computers, microprocessors, digital signal processors DSPs and processors based on multicore processor architecture, as non-limiting examples.

[00108] Although some of the above description is made in the context of a communication network environment shown in FIG. 1, it should not be construed as limiting the spirit and scope of the present disclosure. The principle and concept of the present disclosure may be more generally applicable to other scenarios.

[00109] In addition, the present disclosure may also provide a memory containing the computer program as mentioned above, which includes machine -readable media and machine-readable transmission media. The machine-readable media may also be called computer-readable media, and may include machine-readable storage media, for example, magnetic disks, magnetic tape, optical disks, phase change memory, or an electronic memory terminal device like a random access memory (RAM), read only memory (ROM), flash memory devices, CD-ROM, DVD, Blue-ray disc and the like. The machine-readable transmission media may also be called a carrier, and may include, for example, electrical, optical, radio, acoustical or other form of propagated signals - such as carrier waves, infrared signals, and the like.

[00110] The techniques described herein may be implemented by various means so that an apparatus implementing one or more functions of a corresponding apparatus described with an embodiment includes not only prior art means, but also means for implementing the one or more functions of the corresponding apparatus described with the embodiment and it may include separate means for each separate function, or means that may be configured to perform two or more functions. For example, these techniques may be implemented in hardware (one or more apparatuses), firmware (one or more apparatuses), software (one or more modules), or combinations thereof. For a firmware or software, implementation may be made through modules (e.g., procedures, functions, and so on) that perform the functions described herein.

[00111] Example embodiments herein have been described above with reference to block diagrams and flowchart illustrations of methods and apparatuses. It will be understood that each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by various means including hardware, software, firmware, and a combination thereof. For example, in one embodiment, each block of the block diagrams and flowchart illustrations, and combinations of blocks in the block diagrams and flowchart illustrations can be implemented by computer program instructions. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.

[00112] Further, while operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are contained in the above discussions, these should not be construed as limitations on the scope of the subject matter described herein, but rather as descriptions of features that may be specific to particular embodiments. Certain features that are described in this specification in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable sub-combination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a sub-combination or variation of a sub-combination.

[00113] It will be obvious to a person skilled in the art that, as the technology advances, the inventive concept can be implemented in various ways. The above described embodiments are given for describing rather than limiting the disclosure, and it is to be understood that modifications and variations may be resorted to without departing from the spirit and scope of the disclosure as those skilled in the art readily understand. Such modifications and variations are considered to be within the scope of the disclosure and the appended claims. The protection scope of the disclosure is defined by the accompanying claims.