KR102468789B1 - Payment service providing apparatus and method using authentication based on web, system and computer readable medium having computer program recorded thereon - Google Patents

Abstract

The present invention relates to an apparatus and method for providing a payment service using web-based authentication, and to a recording medium on which a system and a computer program are recorded, and more particularly, to a web-based simple payment configured to enable non-face-to-face payment and settlement in a web standard environment. Apparatus and method for providing payment service using web-based authentication that minimizes user manipulation by automatically selecting and processing payment methods through authentication based on PIN (personal identification number), and recording media on which systems and computer programs are recorded It is about.

Description

Payment service providing apparatus and method using web-based authentication, and recording medium on which system and computer program are recorded

The present invention relates to an apparatus and method for providing a payment service using web-based authentication, and to a recording medium on which a system and a computer program are recorded, and more particularly, to a web-based simple payment configured to enable non-face-to-face payment and settlement in a web standard environment. Apparatus and method for providing payment service using web-based authentication that minimizes user manipulation by automatically selecting and processing payment methods through authentication based on PIN (personal identification number), and recording media on which systems and computer programs are recorded It is about.

With the development of mobile communication technology, the use of wireless devices such as mobile phones and personal digital assistants (PDAs) has increased rapidly, and services performed in wired Internet are gradually moving to wireless Internet-based services.

With the activation of wireless networks, various services using many wired and wireless networks are being provided in commercial and service fields. For example, mobile electronic commerce (M-commerce) is an example of a wireless network-based commerce service.

In order to conduct non-face-to-face commercial transactions, a procedure for payment through authentication and payment procedures is required. The online payment method through the existing authentication and payment process is a method of making payment through individual authentication methods such as credit card number and phone bill. In the existing payment method, the payment server cannot store payment information such as credit card or account transfer, so you can use the safe click, ISP credit card payment, or, in the case of simple payment, payment based on a virtual card in consultation with the credit card/account transfer company. was the way to proceed. Simple payment methods are also mainly provided based on apps. A common standard method for online commerce is not provided.

On the other hand, in general, conventional payment methods require users to select one of a plurality of payment methods in the payment process and enter a PIN (personal identification number) corresponding to the payment method when the user has various payment methods, which makes the payment operation cumbersome. There is a problem.

Korean Patent Publication No. 10-2004-0074370 [Title of Invention: Integrated Payment Method and System]

An object of the present invention is to determine forgery in payment based on a plurality of divided information blocks in providing a web-based authentication payment method for non-face-to-face payment and settlement in a web standard environment. Its purpose is to provide a simple payment system that minimizes user input by encrypting each payment method with a PIN designated by the user and allowing the user to select a payment method at once only by inputting the PIN during payment.

In addition, another object of the present invention is to provide security against various types of infringements that occur during payment in a user device.

An apparatus for providing a payment service using web-based authentication according to an embodiment of the present invention generates a card ID for each of one or more payment methods, encrypts and stores the card number corresponding to the payment method, and encrypts the card authentication value to block information. 1 and information block 2, but information block 1 is used for decoding information block 2, information block 1 and card ID are mutually matched, transmitted to the user authentication device, and information block 1 is deleted. and receiving payment PIN (personal identification number) information corresponding to each payment method from the user device, and responding to each payment method by encrypting information block 1 of each payment method based on the payment PIN information corresponding to information block 1. Stores the encrypted information block 1, and requests payment PIN information for generating information block 1 to the user device when receiving payment information for payment details from the web-based commerce device where the user's commerce transaction occurred, and one or more encrypted information block 1 Among the information block 1, the information block 1 decrypted based on the payment PIN information received from the user device and the card ID matched thereto are transmitted to the card approval request device so that the payment method corresponding to the information block 1 and the card ID is automatically selected, , It may include a user authentication device that allows payment processing to be performed according to payment information through the selected payment means.

As an example related to the present invention, the card approval request device decrypts any one of information block 2 corresponding to each payment method based on information block 1 received from the user authentication device, and based on information block 1 and information block 2 Decrypts the encrypted card authentication value corresponding to any one payment method, decrypts the encrypted card number corresponding to the card ID received from the user authentication device, selects a payment method, and authenticates the card corresponding to the selected payment method Based on the value and the card number, an authorization message to be transmitted to a credit card company corresponding to a selected payment method may be generated, and the authorization message may be transmitted to the credit card company.

As an example related to the present invention, encryption of the card number is performed based on a hardware security module (HSM) and hash, encryption of the card authentication value is performed based on the HSM, and information block 1 is performed in the user authentication device. It may be characterized in that it is encrypted through advanced encryption standard (AES) based on the payment PIN information.

As an example related to the present invention, the card approval request device may receive a card number and a card authentication value corresponding to each payment method from the user device through a member registration procedure.

As an example related to the present invention, the user authentication device mutually compares the payment PIN information received from the user device in correspondence with each payment method so that the payment PIN information corresponding to each payment method is set differently, and determines whether the payment PIN information is matched with the user device. It can be characterized by notifying.

As an example related to the present invention, the user authentication device encrypts and stores the card ID received from the card approval request device in correspondence with the payment method and information block 1 matched thereto as payment PIN information, and receives it from the user device when a commercial transaction occurs It may be characterized in that the encrypted card ID and information block 1 are decrypted with the payment PIN information.

A payment service providing method using web-based authentication according to an embodiment of the present invention generates a card ID for each of one or more payment methods, encrypts and stores the card number corresponding to the payment method, and encrypts the card authentication value to block information. 1 and information block 2, and then matching the card IDs of information block 1 to the user authentication device and deleting information block 1, information block 1 being used for decoding information block 2, and user authentication device Receives payment PIN (personal identification number) information corresponding to each payment method from the user device, and responds to each payment method by encrypting information block 1 of each payment method based on the payment PIN information corresponding to information block 1 storing the encrypted information block 1, and requesting payment PIN information for generating information block 1 to the user device when the user authentication device receives payment information on the payment details from the web-based commerce device where the user's commerce transaction occurred and the user authentication device transmits an information block 1 decrypted based on the payment PIN information received from the user device and a card ID matched thereto among one or more encrypted information blocks 1 to the card approval requesting device to obtain the information block 1 and the card A step of automatically selecting a payment method corresponding to the ID and allowing payment processing according to payment information to be performed through the selected payment method may be included.

As an example related to the present invention, in a payment service providing method using web-based authentication, a card approval request device decrypts any one of information block 2 corresponding to each payment method based on information block 1 received from the user authentication device, Based on information block 1 and information block 2, the encrypted card authentication value corresponding to any one payment method is decrypted, and the encrypted card number corresponding to the card ID received from the user authentication device is decrypted to decrypt the decrypted card authentication value. and selecting a payment method corresponding to the card number, and the card approval request device generates an approval message to be transmitted to the credit card company corresponding to the selected payment method based on the card authentication value and card number corresponding to the selected payment method, and approves the payment method. It may be characterized by further comprising the step of transmitting the full text to a credit card company.

The recording medium according to an embodiment of the present invention may store a computer program for performing the above-described payment service providing method using web-based authentication.

A payment service providing system using web-based authentication according to an embodiment of the present invention transmits a card number and a card authentication value for each of one or more payment methods through a member sign-up procedure, and a payment PIN (personal identification) corresponding to each payment method. number) Card number and card authentication value corresponding to each payment method from a user device that transmits information, a web-based commerce device that generates and transmits payment information for payment details when a commercial transaction occurs by the user device, and a user device Receive, assign a card ID for each payment method, encrypt and store the card number, encrypt the card authentication value, and divide it into information block 1 and information block 2, but information block 1 is used for decoding information block 2 , Each information block 1 is encrypted and stored based on the payment PIN information received from the user device, and when payment information is received from the web-based commerce device, the user device requests payment PIN information for generating information block 1, and one Based on the payment PIN information received from the user device, the payment method corresponding to the decrypted information block 1 and the card ID matched thereto is automatically selected from the above encrypted information block 1, based on the information block 1 corresponding to the selected payment method. A payment service providing device that decrypts the encrypted card authentication value based on the decrypted information block 2 and the decrypted information block 1, decrypts the encrypted card number corresponding to the card ID of the selected payment method, and processes the payment according to the payment information. can include

The present invention provides a web-based authentication payment method for non-face-to-face payment and settlement in a web standard environment, and at the same time provides information corresponding to each payment method based on a PIN designated for each of one or more payment methods registered by a user to use for payment. Encryption and payment can be processed by automatically selecting the payment method the user wants to use for payment only with the payment PIN received by user input.

In addition, the present invention can minimize the transmission and reception of payment information during online authentication payment by exchanging credit card related information between the payment service providing device and the card company server, and separates and manages credit card related information into a plurality of information blocks to improve security has the effect of greatly improving

1 is a configuration environment diagram of a payment service providing system using web-based authentication according to an embodiment of the present invention.
2 is a conceptual diagram illustrating the operation of a payment service providing device constituting a payment service providing system using web-based authentication according to an embodiment of the present invention.
3 is a conceptual diagram illustrating a user membership subscription procedure according to an embodiment of the present invention;
4 is a flow chart showing a user membership subscription procedure according to an embodiment of the present invention;
5 and 6 are a method for encrypting a card number and a card authentication value for each payment method in a card approval request device and a user authentication device according to an embodiment of the present invention and a method for automatically selecting a payment method according to payment PIN reception from a user device A conceptual diagram of the operation of the method.
7 is a flowchart illustrating a payment procedure according to input of a payment PIN of a payment service providing device according to an embodiment of the present invention when a web-based commercial transaction occurs by a user.
8 is a conceptual diagram illustrating a payment procedure according to input of a payment PIN according to an embodiment of the present invention.

It should be noted that technical terms used in the present invention are only used to describe specific embodiments and are not intended to limit the present invention. In addition, technical terms used in the present invention should be interpreted in terms commonly understood by those of ordinary skill in the art to which the present invention belongs, unless specifically defined otherwise in the present invention, and are excessively inclusive. It should not be interpreted in a positive sense or in an excessively reduced sense. In addition, when the technical terms used in the present invention are incorrect technical terms that do not accurately express the spirit of the present invention, they should be replaced with technical terms that those skilled in the art can correctly understand. In addition, general terms used in the present invention should be interpreted as defined in advance or according to context, and should not be interpreted in an excessively reduced sense.

Also, singular expressions used in the present invention include plural expressions unless the context clearly dictates otherwise. In the present invention, terms such as "consisting of" or "comprising" should not be construed as necessarily including all of the various elements or steps described in the invention, and some of the elements or steps are included. It should be construed that it may not be, or may further include additional components or steps.

In addition, terms including ordinal numbers such as first and second used in the present invention may be used to describe components, but components should not be limited by the terms. Terms are used only to distinguish one component from another. For example, a first element may be termed a second element, and similarly, a second element may be termed a first element, without departing from the scope of the present invention.

Hereinafter, a preferred embodiment according to the present invention will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numerals regardless of reference numerals, and redundant description thereof will be omitted.

In addition, in describing the present invention, if it is determined that a detailed description of a related known technology may obscure the gist of the present invention, the detailed description will be omitted. In addition, it should be noted that the accompanying drawings are only for easily understanding the spirit of the present invention, and should not be construed as limiting the spirit of the present invention by the accompanying drawings.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings, but the same or similar components are given the same reference numerals regardless of reference numerals, and redundant description thereof will be omitted.

In addition, in describing the present invention, if it is determined that a detailed description of a related known technology may obscure the gist of the present invention, the detailed description will be omitted. In addition, it should be noted that the accompanying drawings are only for easily understanding the spirit of the present invention, and should not be construed as limiting the spirit of the present invention by the accompanying drawings.

In the existing network-based payment method, the payment server did not store the payment information, so there was an inconvenience of having to input the payment information every time. Even in the case of the existing simple payment, when payment companies make payments based on virtual card numbers, there are inconveniences such as the need to define payment specifications through a dedicated line connection with a separate card company and pay, and issuers such as all card companies and banks It took a lot of time to link with the service, which made it difficult to spread the service.

Hereinafter, in an embodiment of the present invention, it is possible to improve customer convenience and security, to present a payment service providing device, system, and method in line with global web standards, and to improve user convenience in a web-based payment environment. A payment service providing device, system and method are disclosed.

A web standard means an international web standard technology established for compatibility between various types of operating environments without a separate plug-in installation without remaining in a specific terminal operating environment (for example, ActiveX, Java, Adobe Air).

For example, the web standard may be a next-generation open technology such as HTML5 established by the World Wide Web Consortium (W3C).

Hereinafter, the meaning of web standards disclosed in the embodiments of the present invention is not limited to HTML5 standard technology, and may include various other web driving technologies such as DOM and JavaScript to secure compatibility between various operating environments.

Hereinafter, an apparatus, system, and method for providing a payment service using web-based authentication according to an embodiment of the present invention comply with the security required by domestic electronic financial transaction regulations in order to improve customer convenience and security, while making an online authentication payment. It can improve the inconvenience and risk of having to enter and communicate sensitive personal and payment information each time.

In addition, the payment service providing apparatus, system, and method using web-based authentication according to an embodiment of the present invention is a payment service tailored to global standards, and can be used for general authentication transactions (2D authentication payment) designed according to global standards to enhance service competitiveness. It may be a user authentication transaction (3D authentication payment) with increased transaction stability by adding authentication.

In addition, the device, system, and method for providing payment services using web-based authentication according to an embodiment of the present invention are scalable and mutually compatible to provide transaction authentication and approval services regardless of the platform or OS (operating system) of a personal terminal. A common process considering can be provided.

In addition, an apparatus, system, and method for providing a payment service using web-based authentication according to an embodiment of the present invention provide information corresponding to a payment method based on a PIN designated for each of one or more payment methods registered by a user for use in payment. It encrypts and supports the payment method that the user wants to use for payment to be automatically selected only by inputting a PIN, minimizing user input during payment to greatly improve payment convenience.

Hereinafter, an apparatus, system, and method for providing a payment service using web-based authentication according to specific embodiments of the present invention are disclosed.

1 is a configuration environment diagram of a payment service providing system using web-based authentication according to an embodiment of the present invention, and FIG. 2 is a conceptual diagram illustrating the operation of a payment service providing device constituting the payment service providing system using web-based authentication.

As shown in FIG. 1, a payment service providing system using web-based authentication according to an embodiment of the present invention includes a user device 10, a web-based commerce device 200, and a payment service providing device 100 connected through a communication network. ) may be included.

Meanwhile, referring to FIG. 2 , referring to an operation process for a payment service using web-based authentication, the payment service providing device 100 may be implemented in a structure including a separate physically separated sub-device.

That is, the payment service providing device 100 may include a card permission request device 140 and a user authentication device 120 .

The card permission request device 140 may be a server for performing an authentication transaction with a credit card company.

The user authentication device 120 may be a server responsible for user authentication. When a user subscribes from an affiliated store, the user authentication device 120 may perform identity authentication through a mobile phone identity verification service (SMS-OTP) of a mobile communication company.

Further, the user authentication device 120 may receive card information for each of one or more payment methods from the user through a web browser, and may receive, store, and manage a personal identification number (PIN) number corresponding to each payment method. .

Specifically, the user authentication device 120 may perform the following operations.

The user authentication device 120 is a mobile carrier authentication or iPin based on the user's personal information (name, date of birth, gender, nationality, mobile phone number, mobile carrier, e-mail) received through the web browser during the user's member registration process. authentication can be performed. CI (connecting information)/DI (duplication information) personal information received as a result of identity authentication may all be encrypted and stored and managed in a database of the user authentication device 120 .

In addition, the user authentication device 120 encrypts and stores the user's transaction environment information (connection IP (internet protocol), location information, user agent), transaction details (transaction details), member information, payment information, etc. in a database. have.

In addition, the user authentication device 120 corresponds to each payment method of the user and transmits information block 1 from the card permission request device 140 (authentication required when approving a card registered to the card permission request device 140 by the user). One information block among two pieces of information obtained by obfuscating the value) can be encrypted and stored based on the payment PIN entered by the member.

In addition, the user authentication device 120 may transmit the information block 1 decrypted with the payment PIN input by the member to the card permission request device 140 when requesting transaction approval.

Specifically, the card permission request device 140 may perform the following operations.

When a user registers more than one payment method, such as a credit or debit card, in the service, information necessary for authentication of the payment method (card number, expiration date, card number, expiration date, card The first two digits of the password and date of birth) may be temporarily transmitted to the card approval request device 140 using the user device 10 .

When the card approval request device 140 confirms the validity of the payment method as a result of the approval, information (for example, a card number) required for authentication of the payment method is hardware-based through a hardware security module (HSM), like a general VAN information processing procedure. , and a card ID for each payment means corresponding thereto may be generated and stored in the card approval request device 140 .

That is, the card approval requesting device 140 may generate a unique card ID for each payment means encrypted card number, and then assign (match) the card ID to the encrypted card number corresponding to each payment method.

At this time, among the information required for authentication of the payment method, the card authentication value including the expiration date, the first two digits of the card password, and the date of birth is obfuscated and separated into two information blocks, and each of the two information blocks is a separate HSM device. can be encrypted with

During the encryption procedure for each of the two information blocks, a value generated as a result of HSM encryption of information block 1 can be used as an encryption key for information block 2. Accordingly, chain encryption may be performed so that information block 2 cannot be accessed without information block 1.

Of the two generated information blocks, information block 1 is transmitted to the user authentication device 120, and after transmission, information block 1 may be deleted from the card permission request device 140.

In addition, the card permission request device 140 may match and store the card ID and information block 2 for each payment method, and may match the card ID and information block 1 for each payment method and transmit the same to the user authentication device 120 .

Through this, the user authentication device 120 may match and store the card ID and information block 1 for each payment method.

The user device 10 for performing the authentication payment method may perform authentication and payment procedures through a web browser. The web browser running on the user device 10 is a browser that supports web standards and receives input values (eg, PIN, phone number, etc.) necessary for payment and authentication of the user, and sends the input values through a secure channel (eg, For example, it may be transmitted to the user authentication device 120 through secure socket layer (SSL).

An authentication payment application for performing an authentication payment method may be installed in the user device 10 . For example, the authentication payment application may be a JavaScript-based web app (application) that provides security for non-face-to-face payment performed in a web browser.

In the authentication payment application, authentication payment procedures may be performed based on new member registration, login, authentication screen, and payment screen, process input information from the user, and authentication and payment procedures through the payment service providing device 100 can proceed.

Authentication payment applications can provide E2E security (protection of the section between the user and the server), virtual keyboard (protection of user input values), and page obfuscation (encryption of web page data) functions.

In the configuration described above, the user authentication device 120 transmits a mutually matched card ID provided for each payment method from the card approval request device and a payment PIN to be used for payment for each payment method to the user device 10 upon receiving the information block 1. As shown, the information block 1 of each payment method may be encrypted based on advanced encryption standard (AES) using the payment PIN received from the user device as an encryption key.

At this time, payment PINs corresponding to different payment methods may be configured differently, and the user authentication device 120 determines that the payment PIN received from the user device 10 for one payment method is assigned to another payment method. When the payment PIN received from the user device is the same (matches) with respect to the user device, notification information may be transmitted to the user device 10 to modify any one payment PIN.

In addition, the user authentication device 120 generates an encrypted information block 1 by encrypting the information block 1 using the payment PIN for each payment method, and matches the card ID matched with the information block 1 with the encrypted information block 1. In addition, the encrypted information block 1 and card ID matched for each payment method can be matched with the user's member information and stored in the database.

Thereafter, the user authentication device 120 receives payment information on payment details from the web-based commerce device 200 when a commercial transaction occurs through the web-based commerce device 200 by the user device 10, and the user device 10 ) to request a payment PIN.

At this time, the user authentication device 120 may request a payment PIN from the web-based commerce device 200, and based on user input through the web-based commerce device 200, according to user input from the web-based commerce device 200 You may also receive a payment PIN.

Thereafter, the user authentication device 120 may decrypt any one of one or more encrypted information blocks 1 stored in advance based on the payment PIN received from the user device 10 or the web-based commerce device 200, and the decrypted A payment method corresponding to the information block 1 may be automatically selected, and the decrypted information block 1 and the card ID corresponding to the selected payment method may be transmitted to the card approval request device 140 .

That is, the user authentication device 120 determines the user's desired payment method only with the user's payment PIN received from the user device 10 or the web-based commerce device 200 when a commercial transaction occurs through the web-based commerce device 200 by the user. It can be automatically selected, and based on this, payment processing can be made.

To explain the subsequent process accordingly, the user authentication device 120 transmits the decrypted information block 1 and the card ID corresponding to the selected payment method automatically selected based on the payment PIN entered by the user to the card approval request device 140. It can be transmitted to and operated so that the subsequent payment processing procedure proceeds.

Meanwhile, the card approval request device 140 decrypts the information block 2 corresponding to the selected payment method based on the information block 1 received from the user authentication device 120, and based on the decrypted information block 1 and information block 2 The encrypted card authentication value corresponding to the selected payment method is decrypted, and the encrypted card number corresponding to the card ID for the selected payment method received along with the information block 1 from the user authentication device 120 is retrieved, extracted, and decrypted. can do. At this time, the card permission request device 140 may decrypt the encrypted card number based on the HSM used to encrypt the card number.

Accordingly, the card approval request device 140 may generate an approval text to be transmitted to the credit card company server based on the decrypted card authentication value and the card number corresponding to the selected payment method, and transmit the authorization text to the credit card company server, After receiving the approval result from the credit card company server, it is transmitted to the web-based commerce device 200 to complete payment processing using the selected payment method.

At this time, the card approval request device 140 receives the payment information provided by the web-based commerce device 200 from the user authentication device 120, and transmits the corresponding payment information and the card authentication value and card number corresponding to the selected payment method. Based on this, an approval full text can be created.

In this way, the present invention supports the user to automatically select the payment method desired by the user only by inputting a payment PIN when the user selects one of a plurality of payment methods registered in the payment service to make a payment, thereby providing user input necessary for payment. By minimizing it, the user's payment convenience can be greatly improved.

In addition, the present invention can minimize the transmission and reception of payment information during online authentication payment by exchanging credit card related information between the payment service providing device and the card company server, and separates and manages credit card related information into a plurality of information blocks to improve security can be greatly improved.

Meanwhile, in the above configuration, the user device 10 includes a smart phone having a communication function, a portable terminal, a mobile terminal, a personal digital assistant (PDA), and a PMP. (Portable Multimedia Player) terminal, telematics terminal, navigation terminal, personal computer, notebook computer, slate PC, tablet PC, ultrabook, wearable Devices (including wearable devices, for example, watch-type terminals (Smartwatch), glass-type terminals (Smart Glass), HMD (Head Mounted Display), etc.), Wibro terminals, IPTV (Internet Protocol Television) terminals, smart TVs , digital broadcasting terminals, AVN (Audio Video Navigation) terminals, A/V (Audio/Video) systems, flexible terminals, and the like.

In addition, as an example of the above-described communication network, wireless LAN (WLAN), DLNA (Digital Living Network Alliance), WiBro (Wireless BroaDB (400) and: Wibro), WiMAX (World Interoperability for Microwave Access: Wimax), GSM ( Global System for Mobile communication), CDMA (Code Division Multi Access), CDMA2000 (Code Division Multi Access 2000), EV-DO (Enhanced Voice-Data Optimized or Enhanced Voice-Data Only), WCDMA (Wideband CDMA), HSDPA (High Speed Downlink Packet Access), High Speed Uplink Packet Access (HSUPA), IEEE 802.16, Long Term Evolution (LTE), Long Term Evolution-Advanced (LTE-A), broadband wireless mobile communication service (Wireless Mobile BroaDB ( 400)and Service: WMBS), Bluetooth, Radio Frequency Identification (RFID), Infrared Data Association (IrDA), Ultra Wideband (UWB), ZigBee, Near Field Communication (NFC) ), ultrasound communication (Ultra Sound Communication: USC), visible light communication (Visible Light Communication: VLC), Wi-Fi, Wi-Fi Direct (Wi-Fi Direct), etc. (Power Line Communication: PLC), USB communication, Ethernet, Siri Wired communication networks such as serial communication and optical/coaxial cables may be included.

In addition, the above-described payment service providing device 100 and the web-based commerce device 200 may be implemented in the form of various servers such as a web server, a database server, and a proxy server.

In addition, one or more of a network load balancing mechanism and various software enabling service devices to operate on the Internet or other networks may be installed in the payment service providing device 100 and the web-based commerce device 200, through which It can be implemented as a computerized system.

Also, the network can be an http network, a private line, an intranet or any other network. Furthermore, the connection between each payment service providing device and the web-based commerce devices 100 and 200 and the user device 10 may be connected through a secure network to prevent data from being attacked by any hacker or other third party. In addition, the payment service providing device and the web-based commerce devices 100 and 200 may include a plurality of database servers, and these database servers communicate with each service providing device through any type of network connection including a distributed database server architecture. It may be implemented in a separately connected manner.

Meanwhile, the user device 10 may include various components such as an input unit, a display unit, a communication unit, a storage unit, a voice output unit, and a control unit.

The input unit receives a signal according to the user's button operation or selection of an arbitrary function, or receives a command or control signal generated by a manipulation such as touching/scrolling a displayed screen, or responds to information input by the user. It receives the signal to be sent to the key pad, dome switch, touch pad (static/capacitance), touch screen, jog wheel, jog switch, jog shuttle, mouse ( A variety of devices such as a mouse, a stylus pen, and a touch pen may be used.

In addition, the display unit may display various contents such as various menu screens using a user interface and/or a graphic user interface stored in the storage unit under the control of the controller. Here, the content displayed on the display unit includes various text or image data (including various information data) and a menu screen including data such as icons, list menus, and combo boxes. Also, the display unit may be a touch screen.

In this case, a touch sensor for detecting a user's touch gesture may be included. The touch sensor may be one of various types such as a capacitive type, a resistive type, a piezoelectric type, and the like. In the case of an electrostatic touch screen, touch coordinates are calculated by detecting microelectricity excited by the user's body when a part of the user's body touches the touch screen surface using a dielectric coated on the surface of the touch screen. In the case of a resistive touch screen, two electrode plates are embedded in the touch screen, and when the user touches the screen, the upper and lower electrode plates at the touched position are contacted and current flows. This flow of current is sensed and touch coordinates are calculated.

In addition, the user device 10 may support a pen input function, and in this case, a user's gesture using an input means such as a pen, which is not part of the user's body, may be detected. For example, when the input means is a stylus pen including a coil therein, the user device 10 may include a magnetic field detection sensor for detecting a magnetic field changed by the coil inside the stylus pen. In this case, not only the user's touch gesture but also the user's proximity gesture such as hovering may be detected.

In addition, the display unit includes a liquid crystal display (LCD), a thin film transistor-liquid crystal display (TFT LCD), an organic light-emitting diode (OLED), and a flexible display. , 3D display (3D display), e-ink display (e-ink display), it can be implemented in the form of at least one of LED (Light Emitting Diode), and can include a driving circuit, a backlight unit, etc. for this together .

Also, the display unit may be configured as a 3D display unit for displaying a 3D image.

A 3D display method such as a stereoscopic method (glasses method), an auto stereoscopic method (non-glasses method), a projection method (holographic method) may be applied to the 3D display unit.

The audio output unit outputs audio information included in the signal subjected to predetermined signal processing by the control unit. Here, the audio output unit may include a receiver, a speaker, a buzzer, and the like.

In addition, the audio output unit outputs the guidance audio generated by the control unit.

The communication unit communicates with any internal component or at least one external terminal through the above-described wired/wireless communication network. At this time, any external terminal may include a network service system, a server, and the like.

The control unit executes overall control functions of the user device 10 using programs and data stored in the storage unit. The control unit may include RAM, ROM, CPU, GPU, and a bus, and the RAM, ROM, CPU, and GPU may be connected to each other through a bus. The CPU may access the storage unit, perform booting using an O/S (Operating System) stored in the storage unit, and perform various operations using various programs, contents, data, etc. stored in the storage unit. .

In addition, the storage unit stores data and programs necessary for the user device 10 to operate.

That is, the storage unit may store a plurality of application programs (application programs or applications) running in the user device 10 , data for operating the user device 10 , and commands. At least some of these application programs may be downloaded from an external server through wireless communication. In addition, at least some of these application programs may exist on the user device 10 from the time of shipment for basic functions of the user device 10 (eg, incoming and outgoing calls, outgoing functions, message receiving, and outgoing functions). Meanwhile, the application program may be stored in the user device storage unit, installed in the user device 10, and driven by the user device control unit to perform an operation (or function) of the user device 10.

In addition, the storage unit is a flash memory type, a hard disk type, a multimedia card micro type, a card type memory (eg, SD or XD memory, etc.), a magnetic memory, a magnetic disk, an optical disk, RAM (RAM), SRAM, ROM ( ROM), EEPROM, and PROM may include at least one storage medium. In addition, the user device 10 may operate a web storage that performs a storage function of a user device storage unit on the Internet, or may operate in relation to the web storage.

In addition, the user device 10 may further include an interface unit (not shown) that serves as an interface with all external devices connected to the user device 10 .

For example, the interface unit includes a wired/wireless headset port, an external charger port, a wired/wireless data port, a memory card port, a port connecting a device having an identification module, audio I/O ( Input/Output) port, video I/O (Input/Output) port, earphone port, etc. Here, the identification module is a chip storing various information for authenticating the right to use the user device 10, and includes a user identity module (UIM), a subscriber identity module (SIM), and universal user authentication. module (Universal Subscriber Identity Module: USIM), etc. may be included. In addition, a device equipped with an identification module may be manufactured in the form of a smart card. Accordingly, the identification module may be connected to the user device 10 through the port. Such an interface unit receives data or power from an external device and transmits it to each component inside the user device 10 or transmits data inside the user device 10 to the external device.

In addition, when the user device 10 is connected to an external cradle, the interface unit becomes a passage through which power from the cradle is supplied to the corresponding user device 10, or various command signals input from the cradle by the user are transmitted to the corresponding user device. It can be a passage that is delivered to (10). Various command signals or corresponding power input from the cradle may operate as signals for recognizing that the user device 10 is correctly mounted on the cradle.

In addition, the user device 10 has an input unit for receiving a command or control signal generated by a user's manipulation of a button or selection of an arbitrary function, or a manipulation such as touching/scrolling a displayed screen ( not shown) may be further included.

Hereinafter, detailed embodiments of a payment service providing system using web-based authentication according to an embodiment of the present invention will be described with reference to the above configuration through the following drawings.

3 is a conceptual diagram illustrating a user membership subscription procedure according to an embodiment of the present invention.

Referring to FIG. 3 , when a user is an existing member and a web-based commerce device (or a web-based commerce server) is an ID-unlinked member device. The user can perform authentication on the web application based on the registered member ID and be redirected to an authentication data loss prevention (DLP) procedure. In the case of ID linkage between a web-based commerce device and another web-based commerce device, an authentication DLP procedure may be performed based on an interlocked ID through a member information inquiry procedure.

In the authentication DLP procedure, additional authentication (ARS (automatic response system), SMS (short message service)-OTP (one time password) and App authentication) is performed by providing a list of payment methods, entering a payment PIN, and FDS (fraud detection system). It can be.

If the user is not an existing member, he/she can proceed with the new sign-up process by agreeing to the terms and conditions, authenticating himself/herself, registering payment information, registering payment PIN, and registering signature information.

When authentication is completed through the authentication DLP procedure, an approval procedure may proceed.

4 is a flow chart illustrating a user membership subscription procedure according to an embodiment of the present invention.

The user authentication device may receive an authentication payment service subscription request and member information from the user, and perform identity authentication for the user through a mobile communication company. Also, after authentication, the user may register one or more payment methods (card number and card authentication value (CAV)) such as a credit card or a check card through a user authentication device and a card authorization request device. In addition, the validity of each payment means may be confirmed, and information for payment may be encrypted and stored in each of the user authentication device and the card approval request device.

According to an embodiment of the present invention, a member account can be registered through various authentication methods according to the attributes of the payment method corresponding to the member. All member accounts can perform identity verification by performing both the identity verification method by the non-financial company and the identity verification method by the financial company.

Referring to FIG. 4 , a user may request a payment to a web-based commerce device (eg, a server operating a website of a representative affiliated store) (step S300).

The user can select simple payment according to the payment service method using web-based authentication according to an embodiment of the present invention as a payment method through the web-based commercial transaction device and request simple payment.

The web-based commerce device may inquire the user's subscription details and confirm whether the user is a new member (step S305). The web-based commerce device may determine whether or not the user requesting the simple payment is already a member capable of proceeding with the simple payment procedure based on the member database. When the user's subscription details exist in the member database, it may be determined that the user's simple payment procedure is possible. Conversely, if the user's subscription details do not exist in the member database, it may be determined that the user cannot proceed with the simple payment procedure and that a new subscription to the user's simple payment procedure is required. Hereinafter, a case in which a new subscription for a user's simple payment procedure is required will be described.

The web-based commerce device may request the user authentication device to proceed with a new member registration procedure for a simple payment procedure (step S310). The user authentication device can first authenticate the validity of the web-based commerce device that has requested the new member registration procedure, and outputs a screen for agreeing to terms and conditions and a screen for inputting member information on separate web pages and transmits them to the user device.

The user device may enter agreement on the terms and conditions, member information, and a payment PIN for each payment method on the simple payment service page and transmit the information to the user authentication device (step S315). The user device may input member information (step S320). Member information may include e-mail, service use ID/password, and subscription information of a user device (eg, a portable terminal). Subscription information of the user device may include the number, name, date of birth, gender, nationality, etc. of the user device necessary for user authentication.

The user authentication device may transmit the identity authentication information of the user device input from the user to the mobile communication company through the mobile phone identity verification service agency (credit rating agency) (step S325).

The mobile communication company may transmit an SMS authentication number to the user device based on the identity authentication information of the user device received from the identity verification service agency (step S330).

The user device may transmit the received SMS authentication number to the user authentication device (step S335).

The user authentication device may request authentication of the user by transmitting the received SMS authentication number to the mobile communication company through the identity verification service agency (step S340).

The mobile communication company may transmit the user verification result (eg, CI/DI) based on the SMS authentication number received from the user authentication device to the user authentication device through the identity verification service agency (step S345).

The user authentication device may request the user to input information on one or more payment methods through the user device (step S350). The user authentication device may notify user environment information such as a screen keyboard and an anti-virus program notification for important information together, and request confirmation of the notification from the user.

The user device may input information about each payment method. The user device may transmit card information for each payment method to the user authentication device (step S355). Card information transmitted to the user authentication device through the user device may be encrypted with an encryption key provided from the card approval request device and transmitted.

The user authentication device may transmit encrypted and transmitted user card information to the card approval request device (step S360).

The card approval request device may decrypt each user's card information that has been encrypted and transmitted, and transmit an approval request message to the credit card company server corresponding to the card information for each card information (step S365).

The credit card company server may check the validity of the user's card information through the approval system, and may transmit the approval result to the card approval request device (step S370).

The card approval request device may encrypt the card number and card authentication value included in the card information of each payment method based on the card approval result. For example, the card number may be encrypted based on the HSM and stored in the card authorization request device. The card approval requesting device may generate and store a card ID for each payment method in order to identify a card number corresponding to each payment method.

In addition, the card authentication value (validity period, the first two digits of the card password, date of birth) corresponding to each payment means can be divided into two by the card approval request device and separated into information block 1 and information block 2. Information block 1 may be transmitted to a physically isolated user authentication device (step S375). After information block 1 is transmitted to the user authentication device, it may be deleted from the card permission request device. As described above, the card approval request device may access the information block 2 based on the information block 1 transmitted from the user authentication device.

Meanwhile, the user authentication device may receive information block 1 corresponding to each payment method from the card approval request device.

In this case, the user authentication device may receive a card ID matched to each information block 1 from the card approval request device, and match and store the information block 1 and the card ID for each payment means.

In addition, the user authentication device may request a payment PIN for each payment method from the user device in order to encrypt and store each information block 1 based on the payment PIN input by the user (step S380).

The user device may encrypt the payment PIN for each payment method input by the user and transmit the encrypted payment PIN to the user authentication device (step S385).

At this time, the user authentication device compares the payment PINs received for each payment method from the user device to determine whether the same payment PIN exists, and if the same payment PIN exists, to inform one of the plurality of mutually identical payment PINs to be changed. Notification information may be transmitted to the user device.

Through this, the user authentication device may induce a different payment PIN to be set for each payment method.

Thereafter, the user authentication device may generate a plurality of different encrypted information blocks 1 by encrypting the information block 1 based on the payment PIN corresponding to each payment method, and matching the encrypted information block 1 with the corresponding card ID. and store it in the database.

At this time, the user authentication device may delete the information block 1 before encryption after completion of encryption.

Through this, the user authentication device may match and store the encrypted information block 1 and the card ID for each payment method.

5 and 6 are a method for encrypting a card number and a card authentication value for each payment method in a card approval request device and a user authentication device according to an embodiment of the present invention and a method for automatically selecting a payment method according to payment PIN reception from a user device It is a conceptual diagram of the operation of the method.

Referring to FIGS. 5 and 6 , a primary account number (PAN) 400 of each payment method may be encrypted based on HSM and Hash. Encrypted PAN information may be matched with a card ID and stored in a card permission request device.

Also, the card permission request device transmits the card ID to the user authentication device, and the user authentication device may store the corresponding card ID.

The card authentication value (CAV) 405 of the payment method may be separated into part 1 410 and part 2 420 by the card approval requesting device. CAV information corresponding to part 1 410 may be encrypted based on HSM, generated as information block 1 430, and transmitted to the user authentication device. Part 2 (420) may be generated as information block 2 (440) obtained by encrypting information block 1 (430) based on HSM using an initial encryption value.

On the other hand, when the user authentication device receives the information block 1 (430) from the card approval request device, the user device requests a payment PIN to be used for payment, and as shown, the information block 1 (430) received from the user device is separated. It can be encrypted based on AES (450) by using the payment PIN as an encryption key.

At this time, the user authentication device may use a block encryption key (BEK) 460 to encrypt the information block 1 430 based on AES 450. The BEK 460 may be a key generated based on a payment PIN input from the user device.

In addition, the web-based commerce device may generate a BEK 460 based on a payment PIN according to user input and transmit it to the user authentication device.

In the above-described configuration, the card approval request device mutually matches the card ID generated for each payment method registered by the user with the information block 1 and transmits the mutual matching to the user authentication device, and the user authentication device transmits the payment received for each payment method from the user device. Information block 1 may be encrypted based on the PIN, and the encrypted information block 1 may be matched with a corresponding card ID and stored.

In addition, the user authentication device may generate and store encrypted payment method information by encrypting the card ID and information block 1 together with a payment PIN for each payment method.

Through this, the user authentication device may store a card ID corresponding to each payment method and an encrypted information block 1 matched with the corresponding card ID.

At this time, as shown in FIG. 6, the user authentication device receives payment information from the web-based commerce device when a commercial transaction occurs through the web-based commerce device by the user, and when the payment information is received, the user device uses it for payment according to the payment information You can request a payment PIN for

Accordingly, the user authentication device may decrypt one of the encrypted information blocks 1 corresponding to each pre-stored payment method based on the payment PIN received from the user device.

In addition, the user authentication device can automatically select a payment method by extracting the stored card ID matched with the decrypted information block 1, and transmits the extracted card ID and the decrypted information block 1 to the card approval request device. At this time, the web transaction The payment information received from the based transaction device may be transmitted to the card approval request device so that payment processing according to the payment information using the automatically selected payment method may be performed.

7 is a flowchart illustrating a payment procedure of the payment service providing device according to an embodiment of the present invention when a web-based commercial transaction occurs by a user.

Referring to FIG. 7 , when the user selects a simple payment procedure according to an embodiment of the present invention (step S500), the web-based commerce device may request payment to the user authentication device (step S505). The web-based commerce device may transfer payment information including payment details (item, merchant name, amount, date and time of transaction, etc.) to the user authentication device to request transaction authentication.

When receiving payment information, the user authentication device may request a payment PIN from the user device or web-based commerce device (step S510), and may receive a payment PIN input by the user from the user device or web-based commerce device (step S515 ).

At this time, the user authentication device may provide an interface-related screen for inputting the payment PIN and sign information to the user device or web-based commerce device, and on the screen, for security of the payment PIN to be entered, an on-screen keyboard and antivirus are applied. Guidance information on the use of the vaccine program may be provided.

A user may input a payment PIN through a user device or web-based commerce device, and the user device or web-based commerce device may transmit the payment PIN according to the user's input to the user authentication device.

When receiving the payment PIN, the user authentication device can decrypt any one of the encrypted information block 1 already encrypted and stored for each payment method with the payment PIN received from the user device and identify the decrypted information block 1 at the same time. Also, the user authentication device may extract a card ID matched to the identified information block 1 (step S520).

Thereafter, the user authentication device may transmit the decrypted information block 1 and the extracted card ID to the card permission request device (step S555).

At this time, the user authentication device, as described above, when information block 1 and the card ID exist as payment method information encrypted based on the payment PIN, information block 1 and information block 1 and payment method information decrypted with the payment PIN received from the user device A payment method may be selected by extracting the card ID, and the extracted information block 1 and the card ID corresponding to the selected payment method may be transmitted to the card approval request device.

Through this, the user authentication device can automatically select a payment method to be used for payment from among one or more payment methods registered by the user with only the payment PIN, and request card approval for the decrypted information block 1 and the extracted card ID corresponding to the selected selected payment method. can be sent to the device.

At this time, prior to step S555, the user authentication device may generate a transaction-linked one-time authentication value (transaction authentication value) to prevent transaction forgery by an affiliated store before transmitting information block 1 to the card approval request device (step S520). .

The user authentication device may transmit the transaction-linked one-time authentication value to the web-based commerce device (step S525).

The web-based commerce device may request payment approval by transmitting payment details and transaction-linked one-time authentication value to the card approval request device (step S530).

Here, instead of steps S520 to S530, the user authentication device can directly transmit the decrypted information block 1 corresponding to the selected payment method and the extracted card ID and payment information to the card approval request device after successful authentication, requesting payment approval. Yes (step S535).

On the other hand, the card approval request device directly generates a transaction-linked one-time authentication value through payment details and member information, and compares the directly generated transaction-linked one-time authentication value with the transaction-linked one-time authentication value received from the web-based commerce device. (Step S540). Based on this comparison procedure, it can be verified whether forgery or alteration has occurred in the payment details received from the web-based commerce device.

The card approval request device may transmit a one-time authentication value associated with a transaction to the user authentication device and request information block 1 and a card ID (step S545).

The user authentication device verifies the transaction-linked one-time authentication value (step S550), and when the transaction-linked one-time authentication value is verified, it may transmit the decrypted information block 1 and the extracted card ID to the card approval request device (step S555). .

At this time, the user authentication device and the card approval request device may transmit and receive the information block 1 and the card ID corresponding to the selected payment method without generating and verifying the one-time authentication value associated with the transaction described above.

The card permission request device may decrypt information block 2 based on information block 1 received from the user authentication device and decrypt an encrypted card authentication value based on the decrypted information block 1 and information block 2. In addition, the card permission request device may decrypt the encrypted card number corresponding to the card ID received from the user authentication device (step S560).

Accordingly, the card approval requesting device may generate credit approval request information based on the decrypted card authentication value and the card number corresponding to the selected payment means (step S560) and transmit it to the credit card company (step S565). For example, the approval request information may be an approval message generated through a hardware encryption device (HSM) based on information block 1 and information block 2 and a card number.

At this time, the card approval request device may receive payment information along with information block 1 and card ID corresponding to the selected payment method from the user authentication device, based on the card authentication value, card number, and payment information corresponding to the selected payment method. The above-described credit approval request information can be generated.

The card permission request device may transmit permission request information to the credit card company server (step S565), and the credit card company server may receive the permission request information and transmit an approval result to the card permission request device (step S570). The card approval request device may transmit the approval result to the web-based commerce device (step S575).

Based on the above configuration, the payment service providing device according to an embodiment of the present invention may complete payment processing.

In this way, the payment service providing device according to an embodiment of the present invention can automatically select a payment method the user wants to use for payment from among a plurality of payment methods registered by the user only with the payment PIN input by the user, so that the user in the payment process Since the input can be minimized, the user's payment convenience can be greatly improved.

8 is a conceptual diagram illustrating a payment procedure according to input of a payment PIN according to an embodiment of the present invention.

Referring to FIG. 8 , the web-based commerce device 600 transmits payment information including payment details (item, member store name, amount, transaction date, etc.) for a product the user wants to purchase to the user authentication device 620. You can proceed with the transaction authentication request.

When receiving payment information, the user authentication device 620 may request the user device to input information about a payment PIN set at the time of membership registration.

The user authentication device 620 can decrypt any one of the encrypted information blocks 1 stored after being encrypted for each payment method at the time of membership registration through the payment PIN received from the user device, and the card ID matching the decrypted payment PIN. You can automatically select a payment method by searching and extracting

The card approval request device 640 may transmit a transaction authentication value to the user authentication device 620 and request information block 1. The user authentication device 620 may verify the transaction authentication value and transmit the decrypted information block 1 corresponding to the selected payment method and the extracted card ID to the card approval request device 640 .

The card permission request device 640 may decrypt information block 2 based on the decrypted information block 1 received from the user authentication device 620 . The card permission request device 640 may generate a card authentication value based on the decrypted information block 1 and information block 2.

Also, the card permission request device 640 may retrieve and extract an encrypted card number based on the card ID received together with the decrypted information block 1, and decrypt the extracted encrypted card number.

Accordingly, the card approval request device 640 may extract a card authentication value and a card number corresponding to the selected payment method, and may generate approval request information based on the extracted card authentication value and transmit the same to the credit card company server.

At this time, the card approval request device 640 receives the payment information from the user authentication device 620 together with the above-described decrypted information block 1 and the extracted card ID, and the card authentication value and card number corresponding to the selected payment means and Approval request information may be generated based on payment information.

The card permission request device 640 may transmit approval request information to the credit card company server, and the credit card company server may receive the permission request information and transmit an approval result to the card permission request device 640 . The card approval request device 640 may transmit the approval result to the web-based commerce device 600 . In this case, the approval result may be the above-described payment processing result information.

The above-described user devices, payment service providing devices, web-based commerce devices, and various servers may be implemented as hardware components, software components, and/or a combination of hardware components and software components.

In addition, the components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA), and a programmable logic unit (PLU). unit, microprocessor, or any other device capable of executing and responding to instructions.

A user device, a payment service providing device, a web-based commerce device, and various servers may execute an operating system (OS) and one or more software applications executed on the operating system. In addition, user devices, payment service providing devices, web-based commerce devices, and various servers may access, store, manipulate, process, and create data in response to software execution.

For convenience of understanding, there are cases where each component is described as being used, but those skilled in the art will understand that a processing device is a plurality of processing elements and/or a plurality of types of processing. It can be seen that elements can be included.

For example, a user device, a payment service providing device, a web-based commerce device, and various servers may include a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as parallel processors.

The software may include a computer program, code, instructions, or a combination of one or more of them, and operates a user device, a payment service providing device, a web-based commerce device, and various servers as desired. may be ordered independently or collectively.

Software and/or data may be interpreted by user devices, payment service providing devices, web-based commerce devices and various servers, or to provide instructions or data to user devices, payment service providing devices, web based commerce devices and various servers, may be permanently or temporarily embodied in any tangible machine, component, physical device, virtual equipment, computer storage medium or device, or signal wave being transmitted. .

Software may be distributed on networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer readable media.

The payment service providing method using web-based authentication according to an embodiment of the present invention can be written as a computer program, and codes and code segments constituting the computer program can be easily inferred by a computer programmer in the related field. In addition, the corresponding computer program is stored in computer readable media, and is read and executed by a computer or a payment service providing device, a web-based commerce device, a user device, etc. according to an embodiment of the present invention. A payment service providing method using web-based authentication may be implemented.

Information storage media include magnetic recording media, optical recording media, and carrier wave media. A computer program implementing the payment service providing method using web-based authentication according to an embodiment of the present invention may be stored and installed in a built-in memory of a payment service providing device, a web-based commerce device, or a user device. Alternatively, an external memory such as a smart card storing and installing a computer program implementing the method of providing payment service using web-based authentication according to an embodiment of the present invention is interfaced with a payment service providing device, a web-based commerce device, and a user device It can also be mounted on the back.

The various devices and components described herein may be implemented by hardware circuitry (eg, CMOS-based logic circuitry), firmware, software, or combinations thereof. For example, it may be implemented using transistors, logic gates, and electronic circuits in the form of various electrical structures.

The foregoing may be modified and modified by those skilled in the art without departing from the essential characteristics of the present invention. Therefore, the embodiments disclosed in the present invention are not intended to limit the technical idea of the present invention, but to explain, and the scope of the technical idea of the present invention is not limited by these embodiments. The protection scope of the present invention should be construed according to the claims below, and all technical ideas within the equivalent range should be construed as being included in the scope of the present invention.

The present invention provides a web-based authentication payment method for non-face-to-face payment and settlement in a web standard environment, and at the same time provides information corresponding to each payment method based on a PIN designated for each of one or more payment methods registered by a user to use for payment. It encrypts and automatically selects the payment method the user wants to use for payment only with the payment PIN received by the user input and processes the payment. It can be widely applied to payment or non-face-to-face payment systems.

100: payment service providing device 120: user authentication device
140: card approval request device

Claims (10)

A card ID is generated for each of one or more payment means, the card number corresponding to the payment means is encrypted and stored, and the card authentication value is encrypted and divided into information block 1 and information block 2, wherein the information block 1 is the information block 1. a card permission request device implemented to decrypt block 2, match the information block 1 and the card ID, transmit the information block 1 to a user authentication device, and delete the information block 1; and
Payment PIN (personal identification number) information corresponding to each payment method is received from the user device, and the information block 1 of each payment method is encrypted based on the payment PIN information corresponding to the information block 1, so that each payment method Stores the corresponding encrypted information block 1, requests payment PIN information for generating the information block 1 to the user device when payment information on payment details is received from the web-based commerce device where the user's commerce transaction occurred, and one Among the above encrypted information blocks 1, information block 1 decrypted based on the payment PIN information received from the user device, a card ID matched thereto, and the payment information are transmitted to the card approval requesting device to obtain the information block 1 and the card ID A payment method corresponding to is automatically selected, and a user authentication device is configured to perform payment processing according to the payment information through the selected payment method,
The card approval request device decodes any one of the information blocks 2 corresponding to each payment method based on the information block 1 received from the user authentication device, and based on the information block 1 and the information block 2, any one The encrypted card authentication value corresponding to the payment method is decrypted, the encrypted card number corresponding to the card ID received from the user authentication device is decrypted, the payment method is selected, and the card authentication corresponding to the selected payment method is selected. Based on the value, the card number, and the payment information, an authorization message to be transmitted to a credit card company corresponding to the selected payment method is generated, and the authorization message is transmitted to the credit card company. Payment service provider device. delete ◈Claim 3 was abandoned when the registration fee was paid.◈ According to claim 1,
Encryption of the card number is performed based on a hardware security module (HSM) and hash,
Encryption of the card authentication value is performed based on the HSM,
The information block 1 is encrypted through an advanced encryption standard (AES) based on the payment PIN information in the user authentication device. delete ◈Claim 5 was abandoned when the registration fee was paid.◈ According to claim 1,
The user authentication device mutually compares payment PIN information corresponding to each payment method received from the user device so that the payment PIN information corresponding to each payment method is set to be different from each other, and informs the user device of whether or not they match. A payment service providing device using authentication based. ◈Claim 6 was abandoned when the registration fee was paid.◈ According to claim 1,
The user authentication device encrypts and stores the card ID corresponding to the payment method and received from the card approval request device and information block 1 matched thereto as the payment PIN information, and when the transaction occurs, the payment PIN received from the user device An apparatus for providing a payment service using web-based authentication, characterized in that for decoding a card ID and information block 1 encrypted into information. A card ID is generated for each of one or more payment means, the card number corresponding to the payment method is encrypted and stored, and the card authentication value is encrypted and divided into information block 1 and information block 2, and the information block 1 is the card ID matching and transmitting to a user authentication device and deleting the information block 1, wherein the information block 1 is used for decoding the information block 2;
The user authentication device receives payment PIN (personal identification number) information corresponding to each payment method from the user device, and encrypts the information block 1 of each payment method based on the payment PIN information corresponding to the information block 1. and storing encrypted information block 1 corresponding to each payment means;
requesting, by the user authentication device, payment PIN information for generating the information block 1 to the user device when payment information on payment details is received from a web-based commerce device where a user's commerce transaction has occurred;
The user authentication device transmits an information block 1 decrypted based on payment PIN information received from the user device, a card ID matched thereto, and the payment information among one or more encrypted information blocks 1 to the card approval requesting device. allowing a payment method corresponding to the information block 1 and the card ID to be automatically selected, and allowing payment to be processed according to the payment information through the selected payment method;
The card approval request device decodes any one of the information blocks 2 corresponding to each payment method based on the information block 1 received from the user authentication device, and selects one payment based on the information block 1 and the information block 2. Decrypt the encrypted card authentication value corresponding to the means, decrypt the encrypted card number corresponding to the card ID received from the user authentication device, and select a payment method corresponding to the decrypted card authentication value and card number doing; and
The card approval requesting device generates an approval message to be transmitted to a credit card company corresponding to the selected payment method based on the card authentication value corresponding to the selected payment method, the card number, and the payment information, and transmits the approval message to the credit card company. A method of providing a payment service using web-based authentication, comprising transmitting to a credit card company. delete delete delete

Images