KR20140119450A - System for safety electronic payment and method for using the system - Google Patents
System for safety electronic payment and method for using the system Download PDFInfo
- Publication number
- KR20140119450A KR20140119450A KR1020130035103A KR20130035103A KR20140119450A KR 20140119450 A KR20140119450 A KR 20140119450A KR 1020130035103 A KR1020130035103 A KR 1020130035103A KR 20130035103 A KR20130035103 A KR 20130035103A KR 20140119450 A KR20140119450 A KR 20140119450A
- Authority
- KR
- South Korea
- Prior art keywords
- information
- order
- terminal
- server
- payment
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/14—Payment architectures specially adapted for billing systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/22—Payment schemes or models
- G06Q20/24—Credit schemes, i.e. "pay after"
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4018—Transaction verification using the card verification value [CVV] associated with the card
Abstract
The present invention relates to a secure electronic payment system and method, comprising: a step of a user's order fulfillment terminal (200) accessing an electronic commerce server (210) to select a good and request an order; Transmitting the order details to the order fulfillment terminal 200 after the e-commerce server 210 stores the order information; Transmitting linkage information including identification information of the settlement terminal 230 to the order fulfillment terminal 200 and the order information to the relay system server 220; Receiving the order information from the relay system server 220 after the payment performing terminal 230 accesses the relay system server 220 and confirming their identities according to the linkage information; Confirming the order information at the payment performing terminal 230, electronically signing the payment information and the order information, respectively, and transmitting the electronic signature to the relay system server 220; Receiving, by the relay system server 220, the electronic signature value of the payment information received from the payment execution terminal 230, to the card approval server 240 and receiving approval information; Transferring the approval information received from the card approval server 240 to the relay system server 220 and the digital signature value for the order information to the order fulfillment terminal 200; The order fulfillment terminal 200 transmits the approval information and the digital signature value of the order information to the electronic commerce server 210. [ The electronic commerce server 210 confirms the approval information, and confirms the association and validity between the order information stored by the user and the value of the digitally signed order information. Accordingly, the leakage of the public key and the private key used for the electronic settlement is prevented, and the order information can be verified through the digital signature of the payment history and order information.
Description
The present invention relates to an electronic settlement system, and more particularly, to an electronic settlement system that separates an order fulfillment terminal and a settlement execution terminal in order to perform a secure electronic settlement process in an electronic settlement process using a credit card in electronic commerce through a communication network, And a digital signature for the payment information, respectively, so as to improve the security of the electronic settlement process.
In the electronic commerce for purchasing goods using the Internet, a user who uses a PC usually connects to a service server that purchases goods such as a shopping mall on the Internet and performs purchase. In this transaction, the card is used as a payment tool. In the offline card payment structure, the information signed by the cardholder is transferred to the card issuer, and the approval information is received from the shopping mall to complete the payment. At this time, in order to prove that the card is the owner of the card in accordance with the relevant laws such as the Credit Finance Act, offline signatures are used to confirm whether the identification card is the same as the signature on the back of the card, and an electronic signature Not only identity verification but also non-repudiation of transactions. Since the certificate system can reduce the security vulnerability to face-to-face identification of the openness of the Internet environment, prevent forgery and alteration of electronic information, and provide anti-repudiation function for electronic transactions, It is settled in various areas such as payment of electronic commerce card, settlement of various documents.
However, the digital signature based on the public certificate has the following problems. The first is that most users store their certificate and private key storage locations on the hard disk. Lack of hacking as well as user's carelessness can be a problem. Fortunately, there are complementary measures such as CRYPTOKI based security tokens, but this also means that digital signatures are performed through simple password input (PIN for security token) except that the corresponding hardware must be connected to the computer, This is not very prominent. The hacker who knows the PIN can use the interoperability API (Cryptoki) to perform digital signature without knowing the user.
Second, the certificate is not used by individuals or corporations. The universal certificate has the same effect as the proof of seal, so the signature can be used as legal basis. Such a corporate certificate is used in a variety of places such as Internet banking, bidding, and purchasing, and actual users are practically practitioners. Therefore, there may be a problem when the management of the public certificate becomes a little problem or it is leaked by a hacker or the like without knowing it.
Third, it is a confirmation problem of purchase information. Some small-scale shopping malls perform e-commerce transactions while they are vulnerable to hacking. In general, hacking takes the information of another person or organization, or thinks it causes problems to the system, but it may also hack your system for your own benefit. If the price is 1,000,000 at the time of settlement at the shopping mall, there is a case where the hacking method of obtaining the difference by actually changing the bill to 10 won through the hacking of the web browser and making payment is actually applied. Such a case can occur particularly in a state of a web browser where hacking is easy and in a situation where order information and payment information are separated and the shopping mall acquires approval information only.
Therefore, in the electronic payment transaction, it is necessary to meet the intention to overcome the security weakness of the terminal used, or to limit the digital signer to a certain number of persons, to increase the security of electronic commerce, There is still a need for technology to make it possible.
In view of the above problems, the present invention has been made to solve the problems of the electronic payment technology in the electronic commerce using the old card, and to provide the clarity and safety of the transaction. And solves the problems of the existing electronic payment technology which can not be clearly confirmed with respect to the order details and improves the safety of the certificate-based electronic commerce by enabling the terminal performing the order and the terminal performing the electronic settlement to be used differently It is for that purpose.
SUMMARY OF THE INVENTION In view of the above problems, the present invention has been made to solve the problems of the conventional electronic signature-based electronic payment technology and to provide another advantage,
The secure electronic payment system provided according to an aspect of the present invention includes an
The
After receiving the linkage information and the order information from the
And a card
In one embodiment, the association information includes at least one of a mobile phone number of a user, a random value, information input by a user, SEED information for deriving a key for a network encryption, an encryption algorithm, .
In another embodiment, the order information includes at least one of information on the entire order, order number of the order information, total amount of the order, representative product name, usable card information, Hash value information for the entire order contents, merchant information, and a password key to be used when the card issuer server encrypts the approval information.
In another embodiment, the
According to another aspect of the present invention, there is provided a secure electronic settlement method,
The
According to the present invention having the above-described configuration, when an electronic settlement using a credit card is performed in an electronic commerce, order details and settlement information are respectively digitally signed and sent only to an electronic commerce server and a card approval server, It can improve the quality and secure the transaction.
Also, by separating the terminal performing the order and the terminal performing the payment through the relay system, it is possible to securely secure the hacking as well as to securely perform the electronic signature at the necessary place, thereby preventing unnecessary copying and leakage of the authorized certificate Provides a significant effect on the security of the infrastructure of using public certificate.
FIG. 1 is a schematic block diagram of information exchange between an electronic payment participation terminal and servers according to an embodiment of the present invention; FIG.
Figure 2 is a flow chart schematically illustrating the exchange of information shown in Figure 1;
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of a remote digital signature system and method using a relay system according to the present invention will be described in detail with reference to the accompanying drawings.
The present invention relates to a secure electronic payment system and method. The electronic signature for the order is transmitted to the electronic commerce server such as the shopping mall. The electronic signature for the payment is transmitted to the card acceptor server And separates the terminal performing the order and the terminal performing the digital signature from each other.
FIG. 1 is a schematic block diagram of information exchange between an electronic payment terminal and servers according to an embodiment of the present invention. As shown, the system of the present invention includes an
The
Most of the systems up to now have a user accessing a shopping mall such as a PC or a notebook, selecting an article, inputting information such as a delivery address, opening a card payment program, Choose one of the payment methods. If you choose dual card payment, the user selects the card to use, decides how to use the card, such as installment, and then performs the actual card settlement. The present invention improves the processing method for the settlement method using the card during this process. When the payment using the card is selected in the past system, the user selects the type of the card directly from the terminal performing the order, inputs the card number and the expiration date, and then uses the electronic certificate After signing, this information is sent to the card issuer for approval, and if it is normal, the payment is completed. In order to enhance the security, a client program with various security is installed to perform card selection and digital signature, but basically, the same process of performing the sequence in the terminal performing the order is the same. Basically, for security purposes, card information can not be left in the shopping mall. Order information can not be verified by comparing the details of the card with the card issuer, so hackers can use the holes in the process to change the amount and amount of payment when ordering. There is also.
Compared with the above-described conventional electronic settlement method, the settlement method according to the present invention allows the shopping mall to compare and confirm order information through separate electronic signatures on order details and settlement details, to prevent non-repudiation of the information, The card issuer can confirm approval information of the electronic signature as in the previous case and perform the approval process. Also, by separating the terminal performing the order and the terminal performing the payment, it is possible to fundamentally prevent leakage of card information such as various hacks, card numbers, valid period, and leakage of the authorized certificate information that may occur in the computer performing the ordering , And a corporation such as a large corporation has a merit that can be directly processed by a department responsible for settlement processing. The
At this time, it is convenient for the electronic settlement computer to store one or more of the card number, the expiration date of the card, and the card related password in advance in order to facilitate the transaction, and then select one of them to proceed the electronic settlement.
Meanwhile, the relay system server 120 delivers the order details through the connection between the
In addition, the linkage information may include key information for encryption that can be shared with each other for security because the linkage system server is connected over the network. In this network, the relay system can exchange data between the order fulfillment terminal, the payment performing terminal, and the card acceptance server, but the plain text value of the information can not be known. For example, the
Referring now to FIG. 2, a secure electronic payment method provided in accordance with another aspect of the present invention will be described.
The user performing the order has a transaction step of selecting the goods by accessing the
The
The
The order information may be the entire order contents, information on the credit card companies such as order number, order amount, representative product name, usable card information, availability of payment according to card information, recent order history information, Value information, and merchant information. If the encrypted approval result is received from the
Thereafter, the
The
The payment information includes at least one of a card number, an expiration date, a card password, a payment amount, merchant information, and a payment execution time, and the payment information is digitally signed.
Thereafter, the
The
As described above, the feature of the present invention is that the basis of the Internet-based electronic commerce maximizes the security of the authorized certificate, and additionally verifies the electronic signature of the order information in addition to the electronic signature of the payment information of the shopping mall, And separating the purchaser and the signer can solve the unauthorized copying and threat of leakage of the certificate.
Although the preferred embodiments of the present invention have been described so far, the secure electronic payment system and method of the present invention are not limited to the above-described embodiments, and various modifications can be made within the scope of the technical idea of the present invention. Of course.
100. E-commerce store (eg shopping mall) server
110. Card authorization server
120. Relay system server
130. An order fulfillment terminal (computer, mobile communication terminal)
140. A payment execution terminal (computer, mobile communication terminal)
200. An order fulfillment terminal (computer, mobile communication terminal)
210. E-commerce store (eg shopping mall) server
220. Relay system server
230. A payment execution terminal (computer, mobile communication terminal)
240. Card authorization server
Claims (5)
An order fulfillment terminal 130 for selecting a commodity in the electronic commerce and requesting purchase and then transmitting an electronic signature value for approval information and order information to an electronic commerce server; And a payment execution terminal (140) for performing signature on the signature and payment information;
The e-commerce server 100 provides a function of allowing the order fulfillment terminal 130 of the user client to access and select goods and perform electronic settlement, and provides order information according to a request of the order fulfilling terminal 130, ;
After receiving the linkage information and the order information from the order fulfillment terminal 130 of the user client, the order information is transmitted to the payment execution terminal 140 of the connected user client, The electronic payment digital signature is sent to the card issuer server 110 to receive the approval information, and the order history digital signature, which is another digital signature value, and approval information received from the card approval server 110, A relay system server 120 for delivering the message to the relay server 120;
A card issuer approval server 110 for performing the approval procedure according to the electronic payment electronic signature received from the relay system server 120 and returning the approval information
Wherein the electronic settlement system comprises a secure electronic settlement system.
The linkage information of the order fulfillment terminal 130 includes a user's cell phone number, a random string generated by the order fulfilling terminal 130, a string entered by the user, SEED information for deriving a key for network encryption, an encryption algorithm, And time information including the time information.
The order information to be electronic signature subject performed by the settlement performing terminal 140 includes an entire order content, an order number among order information, The total amount of your order; The name of the representative article; Information about the types of cards available for performing the payment; Card issuance information including at least one of installable availability according to card information and installable months; Recent order history information; Hash value information for the entire order contents; Merchant information, a password key that the card issuer server can use to encrypt authorization information; ≪ / RTI >
The settlement information to be electronically signed by the settlement performing terminal 140 includes at least one of a card number, a card validity period, a card password, a card installment status, a number of months of installment of a card, a purchase price, Include;
Wherein the electronic settlement system comprises:
The payment execution terminal 140 may receive and store at least one of a representative name name, a card number, an expiration date, and a card password for the electronic payment in advance, and may select one of the already stored lists, Wherein the electronic payment system is capable of substituting the input.
A step (S01, S02) in which the user's order fulfillment terminal 200 accesses the electronic commerce server 210 to select goods and request an order;
(S03, S04) of delivering order details to the order fulfillment terminal 200 after the e-commerce server 210 stores the order information; (S05) confirming or inputting the linkage information including the identification information of the payment execution terminal 230 in the order fulfillment terminal 200;
Sending the identification information and the order information from the order fulfillment terminal 200 to the relay system server 220 (S06);
Confirming the identity according to the association information after the payment execution terminal 230 accesses the relay system server 220 (S07);
Receiving the order information from the relay system server 220 (S08);
(S09, S10) of confirming the order information at the payment execution terminal 230, electronically signing the payment information and the order information, respectively, and transmitting the electronic signature to the relay system server 220;
(S11, S12, S13) receiving the approval information after the electronic signature value of the payment information received from the payment performing terminal 230 from the relay system server 220 to the card approval server 240;
(S14) the relay system server (220) transmits the approval information received from the card approval server (240) and the digital signature value for the order information to the order fulfillment terminal (200);
The order fulfillment terminal 200 transmits the approval information and the electronic signature value of the order information to the electronic commerce server 210 (S15);
The e-commerce server 210 confirms the approval information, and confirms the association and validity of the value of the order information stored in the self with the order information stored in the self (step S16)
Wherein the secure electronic payment method comprises the steps of:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130035103A KR20140119450A (en) | 2013-04-01 | 2013-04-01 | System for safety electronic payment and method for using the system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130035103A KR20140119450A (en) | 2013-04-01 | 2013-04-01 | System for safety electronic payment and method for using the system |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140119450A true KR20140119450A (en) | 2014-10-10 |
Family
ID=51991754
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130035103A KR20140119450A (en) | 2013-04-01 | 2013-04-01 | System for safety electronic payment and method for using the system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140119450A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101581663B1 (en) * | 2014-12-05 | 2016-01-04 | 유한회사 실릭스 | Authentication and non-repudiation method and system using trusted third party |
-
2013
- 2013-04-01 KR KR1020130035103A patent/KR20140119450A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101581663B1 (en) * | 2014-12-05 | 2016-01-04 | 유한회사 실릭스 | Authentication and non-repudiation method and system using trusted third party |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10885501B2 (en) | Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same | |
US20200336315A1 (en) | Validation cryptogram for transaction | |
US11706212B2 (en) | Method for securing electronic transactions | |
KR101661933B1 (en) | Ccertificate authentication system and method based on block chain | |
CN113011896B (en) | Secure remote payment transaction processing using secure elements | |
US20130226813A1 (en) | Cyberspace Identification Trust Authority (CITA) System and Method | |
US20180349894A1 (en) | System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials | |
US20060123465A1 (en) | Method and system of authentication on an open network | |
US20150302409A1 (en) | System and method for location-based financial transaction authentication | |
US20130219481A1 (en) | Cyberspace Trusted Identity (CTI) Module | |
CN115358746A (en) | Secure remote payment transaction processing including consumer authentication | |
KR20100054757A (en) | Payment transaction processing using out of band authentication | |
JP2009526321A (en) | System for executing a transaction in a point-of-sale information management terminal using a changing identifier | |
KR101385429B1 (en) | Method for authenticating individual of electronic contract using nfc, authentication server and terminal for performing the method | |
CN109716373A (en) | Cipher authentication and tokenized transaction | |
CN103116842A (en) | Multi-factor and multi-channel id authentication and transaction control and multi-option payment system and method | |
CN112889241A (en) | Verification service for account verification | |
KR101754486B1 (en) | Method for Providing Mobile Payment Service by Using Account Information | |
KR101941625B1 (en) | System for SNS finetech using authentication based selecting and method for operating the same | |
US11880840B2 (en) | Method for carrying out a transaction, corresponding terminal, server and computer program | |
CN112970234B (en) | Account assertion | |
KR101309835B1 (en) | A system for total financial transaction | |
KR20140119450A (en) | System for safety electronic payment and method for using the system | |
US11812260B2 (en) | Secure offline mobile interactions | |
EP4053720A1 (en) | Secure online authentication method using mobile id document |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E601 | Decision to refuse application |