KR20150025140A - On-line payment system and method of payment - Google Patents

On-line payment system and method of payment Download PDF

Info

Publication number
KR20150025140A
KR20150025140A KR20130102386A KR20130102386A KR20150025140A KR 20150025140 A KR20150025140 A KR 20150025140A KR 20130102386 A KR20130102386 A KR 20130102386A KR 20130102386 A KR20130102386 A KR 20130102386A KR 20150025140 A KR20150025140 A KR 20150025140A
Authority
KR
South Korea
Prior art keywords
authentication
image
information
payment
medium
Prior art date
Application number
KR20130102386A
Other languages
Korean (ko)
Inventor
진승만
Original Assignee
주식회사 전북은행
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 전북은행 filed Critical 주식회사 전북은행
Priority to KR20130102386A priority Critical patent/KR20150025140A/en
Publication of KR20150025140A publication Critical patent/KR20150025140A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention is an online payment system including a server for providing product information to a purchaser and performing a payment for a product selected by a purchaser, the server including: a first authentication image for transfer to a payment request medium; An image generating unit for generating an original image for generating a second authentication image for transmission to an authentication request medium, which is a model different from the settlement requesting medium, and inserting authentication information into each of the images; A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser; An image encryption unit encrypting information for authentication to be embedded in the image together with the image; A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And an operation unit for determining whether the information stored in the transaction information database and the information transmitted from the authentication request medium to the server coincide with each other.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an online payment system and a payment method,

The present invention relates to a secure online payment system and a payment method using a heterogeneous medium.

Recently, as the electronic commerce and the electronic financial technology have greatly developed, the related technology is rapidly developing. However, while technological advances in terms of convenience are rapid, technological advances in terms of safety do not support them. In fact, as transactions increase, security incidents such as leakage of financial information are also increasing.

Recently, as a result of several hacking cases and various security threats to the online payment system, financial authorities and financial institutions have been strengthening their financial information protection activities by using enhanced security policies and security solutions. Techniques are also becoming more diverse and advanced.

It is an object of the present invention to provide an online secure settlement system and a secure settlement method in connection with heterogeneous media in order to minimize various security threats.

According to another aspect of the present invention, there is provided an online payment system including a server for providing product information to a buyer and performing a payment for a selected product by a buyer, Generates an original image for generating a second authentication image for transmission to an authentication request medium, which is a model different from the settlement request medium, and a second authentication image, An image generation unit for inserting information for the image data; A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser; An image encryption unit encrypting information for authentication to be embedded in the image together with the image; A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And an operation unit for determining whether the information stored in the transaction information database and the information transmitted from the authentication request medium to the server coincide with each other.

According to another aspect of the present invention, there is provided an online payment method including: receiving a payment request through a payment request medium; Transmitting payment information for the purchased product to the authentication server according to the payment request; Generating a second authentication image in which the original image for authentication, the first authentication image in which the capsa image information is inserted in the original image, and the ciphertext in random numbers are hidden in the authentication server, ; Transmitting the first authentication image and the second authentication image to an authentication request medium, which is a dissimilar medium different from the settlement request medium and the settlement request medium, respectively; Displaying the first authentication image on the payment request medium; And displaying the second authentication image, an input window for inputting the captured image, and an input window for inputting security information of the payment means on the authentication request medium.

According to the online settlement system and the settlement method according to the embodiment of the present invention, the following effects can be obtained.

First, since the authentication server sends the original image and the copy image with the same random number to the user's computer and the smartphone respectively, only one normal server can send the two images without change, Thus, stable server authentication can be performed.

Second, since the user must visually check the image transmitted from the computer and the smartphone at the same time and check the identity, the hacker can not hack unless the user hack the computer and the smartphone at the same time.

Third, a captcha string is transmitted to the copy image transmitted to the user's computer for the security authentication, and a window for requesting the input of the captcha string is displayed on the original image transmitted to the smart phone, Even if the owner hacked the user's computer, authentication is not possible without having a smartphone.

Fourth, since the capsaic character string is transmitted to the image in order to input the capsaicinformation for the security authentication, there is an advantage that the hacking using the computer program becomes useless.

Fifth, since the capsa information and the payment means information are inputted through the smartphone rather than the user's computer, the information inputted through the smartphone is encrypted together with the number information of the smartphone and is retransmitted to the server. Therefore, authentication is performed only when the smartphone number used for transmitting the image information from the server and the smartphone number information included in the information transmitted from the smartphone are the same, have.

Sixth, since the device information and the user information of the smartphone terminal are registered from the mobile communication company when the smartphone settlement service is initially registered, and the smart phone number is changed, the verification procedure is performed to verify whether the change is made by a legitimate user. Even if the user's smartphone number is changed to the hacker's number by hacking the user's computer, the image information transmitted from the server is almost impossible to be transmitted to the smartphone of the hacker.

1 illustrates an online payment system according to an embodiment of the present invention.
FIG. 2 is a system block diagram showing the configuration of a server of an Internet shopping site, that is, an authentication server according to an embodiment of the present invention; FIG.
3 is a product purchase screen displayed on a payment application medium when a goods purchaser logs in to an Internet shopping mall site and selects a product.
4 is a screen for inputting a delivery address for inputting a delivery address of a product selected by the buyer.
5 is a screen for selecting a payment means for selecting a payment means and an authentication method for purchasing goods.
6 is an authentication screen displayed on a screen of a payment request medium when an authentication method according to an embodiment of the present invention is performed.
FIG. 7 illustrates an authentication request medium having an authentication application for executing a payment system according to an exemplary embodiment of the present invention; FIG.
8 is a view showing an authentication request medium on which a second authentication image is displayed;
9 is a flowchart illustrating a process of performing an online payment system according to an embodiment of the present invention in a time-series manner.

Hereinafter, an online settlement system and a settlement method according to an embodiment of the present invention will be described in detail with reference to the drawings.

1 is a view showing an online settlement system according to an embodiment of the present invention.

Referring to FIG. 1, an online settlement system according to an embodiment of the present invention is generally applied to a system for purchasing goods or services online, such as an Internet shopping mall, and paying for the goods or services.

In detail, an online payment system according to an embodiment of the present invention includes an authentication server 10 including a web server of an Internet shopping mall, a payment request medium including a computer of a purchaser who wants to purchase goods or services through the web server, (20), and an authentication request medium (30) including mobile communication means such as a smart phone owned by the purchaser.

In detail, the authentication server 10 may be defined as a payment server and is responsible for approving normal transactions as a component for generating authentication data (image) for online settlement.

The payment request medium 20 includes a desktop computer, a notebook computer, and the like. The payment request medium 20 is a medium for a merchandise purchaser to determine a merchandise through online shopping and apply for payment to the authentication server 10, Selects a payment means, and transmits information on the selected goods and the payment means to the authentication server 10. [

The authentication request medium 30 includes a portable communication means having a display screen on which an image such as a smart phone or an image is output, which is a medium required for payment of a product for which payment has been requested by the purchaser , The purchaser transmits an answer to the question necessary for authentication, payment means information, etc. to the server 10 through the authentication request medium 30.

The authentication server 10 and the payment request medium 20 transmit and receive information to each other via the Internet and the authentication server 10 and the authentication request medium 30 transmit information through the Internet or a 3G communication network Send and receive. The Internet network and the 3G communication network are collectively referred to as a communication network 40.

Meanwhile, the Internet shopping mall server, that is, the authentication server 10 transmits and receives information to the seller server 50 that sells products through the communication network 41 and the credit card company server 60 for charging. Here, the credit card company server 60 should be broadly interpreted as including all financial institution servers including banks. However, in order to explain the settlement system according to the embodiment of the present invention, the use of a credit card out of the payment methods is described as an example. Therefore, the system is limited to the credit card company server 60, All financial institution servers can be included.

The authentication server 10 includes a server of an Internet web site for selling a product. The authentication server 10 includes a server for providing a product related service showing goods information and price information to be purchased by a buyer, and a service for authentication and settlement .

Briefly describing the billing system having such a structure, the purchaser logs in to a specific shopping mall other commodity selling site through the payment application medium 30, selects a commodity to be purchased, and applies for purchase. Then, the purchase request is transmitted to the web server of the shopping mall, that is, to the authentication server 10, and the authentication server 10 encrypts the message related to authentication and settlement, (30). Then, the purchaser confirms the message through the payment application medium (buyer's computer), and inputs information necessary for authentication and payment through the authentication request medium (smartphone of the buyer). The information input through the authentication requesting medium is encrypted and transmitted to the authentication server 10. The authentication server 10 compares the contents of the message including the password included in the message transmitted from the authentication server with the contents of the information transmitted from the authentication requesting medium 30 to the authentication server 10, It is judged whether the purchase application is made by the purchaser or if the hacking occurs in the middle and the deterioration of the information occurs. If it is determined that the purchase application and the authentication application have been made by the true purchaser, the authentication server 10 communicates with the financial institution server including the seller server 50 and the credit card company server 60, And payment is made.

Hereinafter, an authentication and settlement process between the authentication server 10, the settlement requesting medium 20 and the authentication requesting medium 30 will be described in detail with reference to the drawings.

FIG. 2 is a system block diagram showing the configuration of a server of an Internet shopping site, that is, an authentication server according to an embodiment of the present invention.

2, an authentication server 10 according to an exemplary embodiment of the present invention includes an operation unit 110 for collecting, processing, and analyzing various information, a transaction information encryption unit 110 for encrypting transaction information related to a product selected by the purchaser, An image generation unit 130 for generating an image to be transmitted to the payment request medium 20 and the authentication request medium 30 for authentication and settlement, A data transmission / reception unit 140 for receiving data from the data transmission / reception unit 30 and transmitting various data and information to the data transmission / reception unit 30, a transaction information DB 150 for storing information related to a product selected by the purchaser and a delivery destination, A goods information DB 70 for storing information on goods to be sold by the shopping mall, and an order management DB 80 for order content management.

Here, the DBs 150 to 180 are DBs for storing various kinds of information necessary for the buyer to search for and select a commodity, enter a destination, and finally input a purchase button, and the transaction information encryption unit 120 And the image generating unit 130 are necessary for the purchaser authentication and settlement process, and the data transmitting and receiving unit 140 is a configuration necessary for transmitting and receiving the purchase-related data and the authentication-related data.

In addition, the arithmetic operation unit 110 is a structure necessary for comparing whether or not the data necessary for the decryption operation and the authentication for decrypting various kinds of encrypted information in the authentication process are compared or whether the data is altered.

3 is a product purchase screen displayed on a payment application medium when a goods purchaser logs in to an Internet shopping mall site and selects a product.

3, the merchandise purchase screen 210 displayed on the payment request medium 20 includes a merchandise selection window 211 for selecting a merchandise size and color, and a merchandise quantity selection window (212) is displayed. When these windows are clicked, the product type and quantity are listed up. In the list-up state, the buyer selects a specific product and selects a purchase quantity.

When the goods and the quantity are specified, the total amount of purchase for the goods selected by the purchaser is displayed in the goods amount confirmation window 213. [ At the bottom of the screen, a purchase request button 214 for transferring a purchase intention signal to the authentication server 10 is displayed. The buyer clicks the purchase request button 214, Lt; / RTI >

FIG. 4 shows a delivery destination input screen for inputting a delivery destination of a product selected by the buyer.

Referring to FIG. 4, when an item purchase request is made by the buyer, a screen of the payment request medium 20 displays a shipping destination input information screen as shown in FIG. In this state, the purchaser can enter the destination address, payee name, payee contact information, and request for delivery time.

5 shows a payment means selection screen for selecting a payment means and an authentication method for purchasing goods.

 Referring to FIG. 5, a payment means selection window 231 for allowing the purchaser to select a payment means for purchasing goods is displayed on the payment means selection screen 230. When a credit card is selected from the listed payment means A window will pop up to select the card type. When the card type is selected, the authentication means selection unit 232 is displayed, and the purchaser selects any one of the listed authentication means. Here, the authentication means according to the embodiment of the present invention, so-called two-channel authentication, can be selected. When the payment request button 233 provided on the side of the screen is clicked, the authentication process is performed according to the authentication means algorithm selected by the purchaser, and the payment is finally completed when the authentication is safely completed.

Hereinafter, an online authentication method, that is, a two-channel authentication method according to an embodiment of the present invention will be described in detail with reference to the drawings.

6 is an authentication screen displayed on a screen of a payment request medium when an authentication method according to an embodiment of the present invention is performed.

Referring to FIG. 6, when a two-channel authentication algorithm according to an embodiment of the present invention is started by a purchaser, a first authentication image 240 is displayed on a payment application medium, that is, a computer monitor of a buyer.

In detail, the authentication server 10 generates a basic image in which product information is embedded in an arbitrary background image in order to authenticate a normal transaction. Then, a first authentication image in which a captcha image is inserted into the basic image is generated. Meanwhile, the authentication server 10, specifically, the transaction information encryption unit 120 generates a random number value, and generates a cipher text using the random number value and the encryption key. Then, the authentication server 10 generates a second authentication image 320 (see FIG. 8) in which the ciphertext is hid in the basic image using a steganograph technique. The first authentication image 240 and the second authentication image 320 are simultaneously transmitted to the payment request medium 20 and the authentication request medium 30, respectively.

When the first authentication image 240 is displayed on the screen of the payment request medium 20, the purchaser can confirm the payment information and the capcha information in which the payment amount, the payment means, the product name and the product number are recorded. For reference, the Capcha information is a method used to distinguish a user from a real human or a computer program. A human being can distinguish, but a computer recognizing only a machine language is intentionally twisted, It is a way to ask what is written in the picture. The use of the above-mentioned capsa information allows the user to know whether the user is an actual user or hacking, and thus can be a method for confirming whether or not a hacking has occurred.

FIG. 7 is a diagram showing an authentication request medium having an authentication application for executing a payment system according to an embodiment of the present invention, and FIG. 8 is a diagram illustrating an authentication request medium on which a second authentication image is displayed.

Referring to FIG. 7, in order to implement an authentication method using two-channel authentication such as two-channel authentication, a computer and a smart phone according to an embodiment of the present invention, A separate authentication application 310 must be installed to execute the method. The application 310 may be downloaded from an application store and installed.

In detail, when the authentication application 310 is executed, a second authentication image 320 transmitted from the authentication server 10 is displayed on the screen of the authentication request medium 30, as shown in FIG. The second authentication image 320 includes a payment information display window 321 and a capcha information input window 322.

More specifically, the same information as the payment information displayed in the first authentication image 240 is displayed in the payment information display window 321. The user can confirm the capcha information from the first authentication image 240 and input the capcha information to the capcha information input window 322 provided below the payment information display window 321.

Here, the two-channel authentication method using the currently used sms is compared with the two-channel authentication method according to the embodiment of the present invention.

In detail, in the existing two-channel authentication method using sms, the authentication number is transmitted to the mobile phone of the buyer, and the purchaser adopts a method of confirming the authentication number and then inputting the authentication number using the keyboard of the shopping computer . In this case, since the authentication number is a digital code composed of numbers, if the hacker hacks the smartphone of the purchaser, the authentication number can be easily extracted, so that hacking can be easily performed even if the hacker does not have the smartphone of the purchaser . That is, there is no way for the authentication server to confirm whether the input of the authentication number was made by a true purchaser or by a hacker.

On the other hand, in the case of the present invention, the capcha information must be input using the smartphone of the purchaser, and the input capsa information is encrypted together with the number information of the smartphone and transmitted to the server. It is possible to confirm whether the information is transmitted through another medium by the information-aware hacker, so authentication can be prevented from being performed by the hacker.

In addition, in the case of the present invention, since the capcha information is used as the authentication method, even if the hacker hacks the computer of the purchaser, the computer of the hacker can not recognize the capcha information. .

Meanwhile, when the authentication application 310 is executed, the second authentication image 320 is displayed, and at the bottom of the second authentication image 320, a payment means security An information input window 323 is displayed.

Accordingly, the purchaser inputs the capcha information to the capcha information input window 322, and then inputs the payment means security information. At this time, if a credit card is selected as the payment means, the card number, the password or the card unique identification number is input, and then the input confirmation button 324 is touched to transmit the input information to the server 10. Here, it is noted that the payment means security information to be inputted by the purchaser is not limited to the above-mentioned information, but a window for inputting additional information such as the card validity period and the card password can be further provided.

Meanwhile, when the purchaser inserts the capcha information and the settlement means security information, the authentication application 310 transmits the captcha information together with the second authentication image, the payment means security information, and the number of the authentication request medium And then transmitted to the authentication server 10 after encrypting the information. Accordingly, when a normal authentication procedure is performed, an image hash value (to be described later) for the second authentication image 320 transmitted from the authentication server 10 and a random- To the server.

Hereinafter, the authentication process performed after the buyer selects a product and applies for a purchase will be described in detail.

FIG. 9 is a flowchart illustrating a process of performing an online payment system according to an embodiment of the present invention in a time-series manner.

Referring to FIG. 9, when the buyer clicks the purchase order button, a payment request signal is transmitted from the payment request medium 20 to the authentication server 10 (S1). The payment request signal includes payment information of a product to be purchased. Upon receiving the settlement request signal, the authentication server 10 generates the first authentication image 240 and the second authentication image 320 described above (S2) To the medium 20 and the authentication request medium 30 (S3, S4), respectively.

Meanwhile, when the second authentication image 320 is transmitted to the authentication requesting medium 30, integrity checking is performed to check whether the image data is properly transmitted from the authentication requesting medium 30 (S5). When the authentication application 310 of the authentication requesting medium 30 is executed, the authentication application 310 itself encrypts / decrypts transmission data, performs integrity check, processes a payment image (image display, Identification and authentication, and forgery prevention function can be automatically performed.

In this state, the purchaser confirms the payment information and the capcha information through the first authentication image 240 displayed on the payment request medium 20, and displays the second authentication image 320 displayed on the authentication request medium 30, Lt; / RTI >

Subsequently, the capcha information confirmed from the first authentication image 240 is input to the capcha information input window 322 of the authentication request medium 30, and the settlement means security information is input to the settlement means security information input window 323 do. The inputting payment means security information is as described above. When the payment method security information is inputted and then the transmission button is touched, the authentication and payment information in which the captcha information and payment means security information are inserted is encrypted in the second authentication image 320 and transmitted to the authentication server 10 (S6).

On the other hand, when the server 10 receives the authentication and payment information transmitted from the authentication requesting medium 30, it decrypts the authentication and payment information. The decrypted authentication and settlement information is compared with the information included in the second authentication image 320 transmitted from the server 10 to the authentication requesting medium 30 to perform an integrity check and an authentication check S7). If the integrity check and the authentication check are normally performed, the authentication completion message is transmitted to the payment request medium 20 and the payment system is completed (S8).

Information used in the integrity check and authentication check performed by the authentication server 10 is shown in Table 1 below.

Billing information Product price $ 28,900 Card type JB card product name NIKE_41732_010 + M Item number 262654184 User (buyer) information Certification request medium (smartphone) number 010-1234-5678 Security information Capcha character information 6GPZI8IH Image hash value 7172A0EAA121F123SS1123 A random number value dajq3o50relkjgvsdpfiekjrq02 Cryptographic key 1934ekr302ev0ew-1kerjf0s

The information shown in Table 1 is stored in the customer information DB 160 of the purchaser in the sector partitioned by the number of the authentication request medium 30 of the purchaser, that is, the cell phone number.

The first image 240 encrypted and transmitted by the authentication server 10 includes payment information including information on a product selected by the user and payment means, An image hash value and a cipher text composed of a cipher key and a random number value hidden by the steganography technique are inserted into the first image 240. [

In the second image 320 transmitted to the authentication requesting medium 30, the payment information, the image hash value, and the cipher text including the random number and the encryption key are inserted. The encrypted authentication and settlement information transmitted from the authentication requesting medium 30 to the authentication server 10 includes a number of the authentication requesting medium for transmitting the authentication and payment information to the information transmitted from the server, The number information is further inserted.

Upon receiving the encrypted authentication and payment information from the authentication requesting medium 30, the authentication server 10 decrypts the encrypted authentication and payment information and invokes the information stored in the customer information DB 160 to perform an integrity check. The order of the integrity check and authentication check below can be determined appropriately.

In detail, if it is determined that the number of the authentication request medium stored in the authentication server 10 does not match the number of the medium that transmitted the authentication and payment information, it is determined that the information is not transmitted by the true purchaser, and the authentication process is no longer performed It can generate an error or error message. Then, the error or error message can be displayed in the form of a pop-up window on the screen of the settlement requesting medium 20.

The authentication server 10 compares the image hash value of the original image for creating the first and second authentication images 240 and 320 with the image hash value of the image transmitted from the authentication request medium 30 And judges whether or not they match. If the two hash values do not match, the authentication process is no longer allowed.

In addition, the authentication server 10 determines whether the random number value stored in the original image matches the random number value included in the image transmitted from the authentication requesting medium 30, and if not, Do not proceed.

Finally, the authentication server 10 transmits the capsa information embedded in the first image 240 transmitted to the payment request medium 20 and the capsa information included in the information transmitted from the authentication request medium 30 And judges whether or not they coincide with each other. Then, if the two pieces of capsa information do not match, the authentication process is no longer performed.

In this way, the authentication server 10 judges mutual coincidence using four comparison variables, and completes the integrity check only if all four comparison variables are equal to perform the authentication and payment approval process. Therefore, The effect of the approval can be obtained.

Since the server transmits the first authentication image and the second authentication image from the original image to the payment request medium 20 and the authentication request medium 30, only the normal server can generate the two images without modification, So that it is possible to perform secure server authentication by confirming whether or not the true purchaser has his / her payment information.

In addition, the authentication server 10 transmits only the capsule image information to the payment request medium 20, and after the purchaser visually confirms the capsule image information from the payment request medium 20, the authentication server 10 transmits the authentication request medium 30 The authentication server 10 can confirm whether or not the purchaser who requested the payment and the purchaser who requested the authentication simultaneously own the two media, so that the authentication stability can be ensured. Therefore, compared to the two-channel authentication method using the existing sms, in which authentication and identification of the authentication number are performed through one medium, i.e., a computer, using the two different mediums, the authentication method of the present invention is more secure than the risk of hacking .

In addition, since a machine such as a computer, rather than a conventional numeral input method using sms, uses a captcha image that can not be recognized as authentication data, it is safer from the risk of hacking.

In order to prevent the forgery and falsification of payment information, the authentication server 10 hides a random number in an image using a steganography technique, and uses a symmetric key encryption algorithm to prevent leakage of an arbitrary random number, Encrypt the value. Therefore, if the hacker attempts to change the settlement image, there is an advantage that it is possible to check whether the settlement information is changed or the data sent from a malicious person through the confirmation of the random number.

Also, in the case of the system of the present invention, since the main financial information such as the card number and the password is inputted through the authentication request medium 30, even if a malicious person such as a hacker acquires payment information from the computer of the buyer infected with the malicious code There is an advantage that major financial information can not be obtained.

In addition, when a malicious person forgets a payment page and sends it to the authentication request medium 30, i.e., a smart phone, the original image that is changed every session must be created in the same manner. In this case, even if the malicious person hack the buyer's computer and the smartphone at the same time and generate the original image using all the information, the encrypted arbitrary random number value can not generate the embedded payment image. In order to generate a payment image, it is necessary to know the random number, the encryption key, and the location of the cipher text inserted in the payment image. Such information can not be obtained from a hacked smart phone or a computer, but is stored only in the authentication server 10, which is advantageous in that a malicious person can not generate a normal first authentication image and a second authentication image.

Therefore, even if the transaction information of the purchaser is leaked, the disparate medium different from the purchaser's computer is mapped so that the third party other than the principal can not perform the authentication and settlement process normally.

Of course, in order to further improve the reliability of the online authentication and settlement system according to the embodiment of the present invention, it is preferable that the following contents be premised.

First, the device information of the smartphone terminal, the user password, and the mobile phone number are registered when the smartphone payment service is initially registered. If the smartphone terminal or the phone number of the user is changed, a procedure for verifying that the user is an existing user should be performed by receiving the previously registered smartphone terminal device information, the additional input password and the phone number .

Also, even if a malicious user unauthorizedly registers a smartphone payment service or hacks a user's computer to cut off the shopping mall ID and password, and then changes the mobile phone number of the user to the mobile phone number of the user, Means must be provided to prevent transmission to mobile numbers. As a method, there is a verification procedure of verifying whether a user is a legitimate user by requesting a phone number registered at the time of registration of a payment service with a mobile communication company, or when a mobile phone number of a user is changed through personal information change by logging in a shopping mall site, It is possible to propose a method in which a process of checking whether the owner of the mobile phone number changed from the owner of the mobile phone number is the same as the owner of the mobile phone number is essential.

Claims (18)

An online settlement system including a server for providing product information to a buyer and performing settlement for a product selected by the buyer,
The server comprises:
And generating an original image for generating a second authentication image for transmission to an authentication request medium which is a different apparatus from the payment request medium, An image generation unit for inserting information;
A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser;
An image encryption unit encrypting information for authentication to be embedded in the image together with the image;
A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And
And an operation unit for determining whether information stored in the transaction information database matches information transmitted from the authentication request medium to the server. The method according to claim 1,
Wherein the payment request medium comprises a computer,
Wherein the authentication request medium includes a mobile terminal having a screen on which the second authentication image is displayed, input means for inputting authentication information, and communication module capable of voice and data communication. 3. The method according to claim 1 or 2,
Wherein the authentication request medium includes a smartphone. The method of claim 3,
Wherein the information embedded in the first authentication image comprises:
Payment information for the purchased product; And
An online payment system including capsa image information for a buyer authentication. 5. The method of claim 4,
Wherein the information stored in the transaction information database comprises:
A number of the authentication request medium owned by the purchaser;
Payment information for the purchased product;
The captcha image information inserted in the first authentication image; And
An on-line payment system comprising a cipher text consisting of random values. 6. The method of claim 5,
Wherein the information stored in the transaction information database comprises:
Further comprising an image hash value of the original image for generating the first and second authentication images. The method according to claim 6,
Wherein the information transmitted from the authentication request medium to the server comprises:
Payment information for the purchased product;
A number of the authentication request medium;
Captcha image information input by the purchaser through the authentication request medium;
A cipher text including the arbitrary random number value; And
An online payment system comprising security information of a payment means. 8. The method of claim 7,
Wherein the information transmitted from the authentication request medium to the server comprises:
And an image hash value of the second image. 9. The method of claim 8,
Wherein an input window for inputting payment information of the purchased product and a capcha image inserted in the first authentication image and an input window for inputting security information of the payment means are displayed on the screen of the authentication request medium, Online payment system. A payment request is made through a payment request medium;
Transmitting payment information for the purchased product to the authentication server according to the payment request;
Generating a second authentication image in which the original image for authentication, the first authentication image in which the capsa image information is inserted in the original image, and the ciphertext in random numbers are hidden in the authentication server, ;
Transmitting the first authentication image and the second authentication image to an authentication request medium, which is a dissimilar medium different from the settlement request medium and the settlement request medium, respectively;
Displaying the first authentication image on the payment request medium; And
An input window for inputting the second authentication image, an input window for inputting the captcha image, and an input window for inputting security information of the payment means are displayed on the authentication request medium. 11. The method of claim 10,
The payment information includes:
An online payment method including information on a price of a purchased product, a product name, a product number, and a payment means. 12. The method of claim 11,
Further comprising the step of inputting a capcha image and payment means security information through the authentication request medium. 13. The method of claim 12,
Wherein the second authentication image, the capcha image information, and the payment means security information are encrypted and transmitted to the authentication server. 14. The method of claim 13,
Wherein the transaction information database of the authentication server includes:
The image information of the original image, and the random number value of the cipher text hidden in the second image are stored in the second image, the payment information of the purchased product, the number of the authentication request medium of the purchaser, the capcha image information, How to make an online payment. 15. The method of claim 14,
In the authentication server,
Extracts the payment information stored in the transaction information database, the number of the authentication request medium, the image of the capcha image and the random number,
And comparing the payment information transmitted from the authentication requesting medium with the number of the authentication requesting medium and comparing the value of the random number with the value of the captured image inputted through the authentication requesting medium. 16. The method of claim 15,
In the authentication server,
Comparing the image hash value of the original image stored in the transaction information database with the image hash value of the second authentication image transmitted from the authentication requesting medium to the authentication server, How to make an online payment. 17. The method of claim 16,
If the payment information, the number of the authentication request medium, the image of the capcha image, the random number value and the image hash value do not match, the payment process is stopped and an error or error message is sent to the payment request medium Is displayed on the screen of the mobile terminal. 18. The method of claim 17,
Wherein the number of the authentication requesting medium includes a telephone number.
KR20130102386A 2013-08-28 2013-08-28 On-line payment system and method of payment KR20150025140A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR20130102386A KR20150025140A (en) 2013-08-28 2013-08-28 On-line payment system and method of payment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR20130102386A KR20150025140A (en) 2013-08-28 2013-08-28 On-line payment system and method of payment

Publications (1)

Publication Number Publication Date
KR20150025140A true KR20150025140A (en) 2015-03-10

Family

ID=53021440

Family Applications (1)

Application Number Title Priority Date Filing Date
KR20130102386A KR20150025140A (en) 2013-08-28 2013-08-28 On-line payment system and method of payment

Country Status (1)

Country Link
KR (1) KR20150025140A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190064920A (en) 2017-12-01 2019-06-11 충남대학교산학협력단 Reservations for public transport seats and incoming calls

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20190064920A (en) 2017-12-01 2019-06-11 충남대학교산학협력단 Reservations for public transport seats and incoming calls

Similar Documents

Publication Publication Date Title
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
US8601268B2 (en) Methods for securing transactions by applying crytographic methods to assure mutual identity
US10586229B2 (en) Anytime validation tokens
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
US20150302409A1 (en) System and method for location-based financial transaction authentication
CN101978646A (en) Systems and methods for performing file distribution and purchase
CN102790767B (en) Information safety control method, information safety display equipment and electronic trading system
KR20080100786A (en) Internet business security system
US8620824B2 (en) Pin protection for portable payment devices
WO2016118087A1 (en) System and method for secure online payment using integrated circuit card
KR20120108599A (en) Credit card payment service using online credit card payment device
CN103714455A (en) Personal information protection method for C2C electronic trading platform
JP7267278B2 (en) Payment card authentication
GB2544829A (en) System and method for enabling a secure transaction between users
TW201421393A (en) System for interactive 2-D barcode transaction data transmission and validation of mobile device and method thereof
US11880840B2 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
CN112970234B (en) Account assertion
US9871890B2 (en) Network authentication method using a card device
TW201504964A (en) Secure mobile device shopping system and method
US20120290483A1 (en) Methods, systems and nodes for authorizing a securized exchange between a user and a provider site
KR20150025140A (en) On-line payment system and method of payment
WO2001092982A2 (en) System and method for secure transactions via a communications network
KR100733129B1 (en) System and method for processing security payment
KR101770744B1 (en) Method for Processing Mobile Payment based on Web

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal