KR20150025140A - On-line payment system and method of payment - Google Patents
On-line payment system and method of payment Download PDFInfo
- Publication number
- KR20150025140A KR20150025140A KR20130102386A KR20130102386A KR20150025140A KR 20150025140 A KR20150025140 A KR 20150025140A KR 20130102386 A KR20130102386 A KR 20130102386A KR 20130102386 A KR20130102386 A KR 20130102386A KR 20150025140 A KR20150025140 A KR 20150025140A
- Authority
- KR
- South Korea
- Prior art keywords
- authentication
- image
- information
- payment
- medium
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/12—Payment architectures specially adapted for electronic shopping systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention is an online payment system including a server for providing product information to a purchaser and performing a payment for a product selected by a purchaser, the server including: a first authentication image for transfer to a payment request medium; An image generating unit for generating an original image for generating a second authentication image for transmission to an authentication request medium, which is a model different from the settlement requesting medium, and inserting authentication information into each of the images; A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser; An image encryption unit encrypting information for authentication to be embedded in the image together with the image; A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And an operation unit for determining whether the information stored in the transaction information database and the information transmitted from the authentication request medium to the server coincide with each other.
Description
The present invention relates to a secure online payment system and a payment method using a heterogeneous medium.
Recently, as the electronic commerce and the electronic financial technology have greatly developed, the related technology is rapidly developing. However, while technological advances in terms of convenience are rapid, technological advances in terms of safety do not support them. In fact, as transactions increase, security incidents such as leakage of financial information are also increasing.
Recently, as a result of several hacking cases and various security threats to the online payment system, financial authorities and financial institutions have been strengthening their financial information protection activities by using enhanced security policies and security solutions. Techniques are also becoming more diverse and advanced.
It is an object of the present invention to provide an online secure settlement system and a secure settlement method in connection with heterogeneous media in order to minimize various security threats.
According to another aspect of the present invention, there is provided an online payment system including a server for providing product information to a buyer and performing a payment for a selected product by a buyer, Generates an original image for generating a second authentication image for transmission to an authentication request medium, which is a model different from the settlement request medium, and a second authentication image, An image generation unit for inserting information for the image data; A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser; An image encryption unit encrypting information for authentication to be embedded in the image together with the image; A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And an operation unit for determining whether the information stored in the transaction information database and the information transmitted from the authentication request medium to the server coincide with each other.
According to another aspect of the present invention, there is provided an online payment method including: receiving a payment request through a payment request medium; Transmitting payment information for the purchased product to the authentication server according to the payment request; Generating a second authentication image in which the original image for authentication, the first authentication image in which the capsa image information is inserted in the original image, and the ciphertext in random numbers are hidden in the authentication server, ; Transmitting the first authentication image and the second authentication image to an authentication request medium, which is a dissimilar medium different from the settlement request medium and the settlement request medium, respectively; Displaying the first authentication image on the payment request medium; And displaying the second authentication image, an input window for inputting the captured image, and an input window for inputting security information of the payment means on the authentication request medium.
According to the online settlement system and the settlement method according to the embodiment of the present invention, the following effects can be obtained.
First, since the authentication server sends the original image and the copy image with the same random number to the user's computer and the smartphone respectively, only one normal server can send the two images without change, Thus, stable server authentication can be performed.
Second, since the user must visually check the image transmitted from the computer and the smartphone at the same time and check the identity, the hacker can not hack unless the user hack the computer and the smartphone at the same time.
Third, a captcha string is transmitted to the copy image transmitted to the user's computer for the security authentication, and a window for requesting the input of the captcha string is displayed on the original image transmitted to the smart phone, Even if the owner hacked the user's computer, authentication is not possible without having a smartphone.
Fourth, since the capsaic character string is transmitted to the image in order to input the capsaicinformation for the security authentication, there is an advantage that the hacking using the computer program becomes useless.
Fifth, since the capsa information and the payment means information are inputted through the smartphone rather than the user's computer, the information inputted through the smartphone is encrypted together with the number information of the smartphone and is retransmitted to the server. Therefore, authentication is performed only when the smartphone number used for transmitting the image information from the server and the smartphone number information included in the information transmitted from the smartphone are the same, have.
Sixth, since the device information and the user information of the smartphone terminal are registered from the mobile communication company when the smartphone settlement service is initially registered, and the smart phone number is changed, the verification procedure is performed to verify whether the change is made by a legitimate user. Even if the user's smartphone number is changed to the hacker's number by hacking the user's computer, the image information transmitted from the server is almost impossible to be transmitted to the smartphone of the hacker.
1 illustrates an online payment system according to an embodiment of the present invention.
FIG. 2 is a system block diagram showing the configuration of a server of an Internet shopping site, that is, an authentication server according to an embodiment of the present invention; FIG.
3 is a product purchase screen displayed on a payment application medium when a goods purchaser logs in to an Internet shopping mall site and selects a product.
4 is a screen for inputting a delivery address for inputting a delivery address of a product selected by the buyer.
5 is a screen for selecting a payment means for selecting a payment means and an authentication method for purchasing goods.
6 is an authentication screen displayed on a screen of a payment request medium when an authentication method according to an embodiment of the present invention is performed.
FIG. 7 illustrates an authentication request medium having an authentication application for executing a payment system according to an exemplary embodiment of the present invention; FIG.
8 is a view showing an authentication request medium on which a second authentication image is displayed;
9 is a flowchart illustrating a process of performing an online payment system according to an embodiment of the present invention in a time-series manner.
Hereinafter, an online settlement system and a settlement method according to an embodiment of the present invention will be described in detail with reference to the drawings.
1 is a view showing an online settlement system according to an embodiment of the present invention.
Referring to FIG. 1, an online settlement system according to an embodiment of the present invention is generally applied to a system for purchasing goods or services online, such as an Internet shopping mall, and paying for the goods or services.
In detail, an online payment system according to an embodiment of the present invention includes an
In detail, the
The
The
The
Meanwhile, the Internet shopping mall server, that is, the
The
Briefly describing the billing system having such a structure, the purchaser logs in to a specific shopping mall other commodity selling site through the
Hereinafter, an authentication and settlement process between the
FIG. 2 is a system block diagram showing the configuration of a server of an Internet shopping site, that is, an authentication server according to an embodiment of the present invention.
2, an
Here, the
In addition, the
3 is a product purchase screen displayed on a payment application medium when a goods purchaser logs in to an Internet shopping mall site and selects a product.
3, the
When the goods and the quantity are specified, the total amount of purchase for the goods selected by the purchaser is displayed in the goods
FIG. 4 shows a delivery destination input screen for inputting a delivery destination of a product selected by the buyer.
Referring to FIG. 4, when an item purchase request is made by the buyer, a screen of the
5 shows a payment means selection screen for selecting a payment means and an authentication method for purchasing goods.
Referring to FIG. 5, a payment means
Hereinafter, an online authentication method, that is, a two-channel authentication method according to an embodiment of the present invention will be described in detail with reference to the drawings.
6 is an authentication screen displayed on a screen of a payment request medium when an authentication method according to an embodiment of the present invention is performed.
Referring to FIG. 6, when a two-channel authentication algorithm according to an embodiment of the present invention is started by a purchaser, a
In detail, the
When the
FIG. 7 is a diagram showing an authentication request medium having an authentication application for executing a payment system according to an embodiment of the present invention, and FIG. 8 is a diagram illustrating an authentication request medium on which a second authentication image is displayed.
Referring to FIG. 7, in order to implement an authentication method using two-channel authentication such as two-channel authentication, a computer and a smart phone according to an embodiment of the present invention, A
In detail, when the
More specifically, the same information as the payment information displayed in the
Here, the two-channel authentication method using the currently used sms is compared with the two-channel authentication method according to the embodiment of the present invention.
In detail, in the existing two-channel authentication method using sms, the authentication number is transmitted to the mobile phone of the buyer, and the purchaser adopts a method of confirming the authentication number and then inputting the authentication number using the keyboard of the shopping computer . In this case, since the authentication number is a digital code composed of numbers, if the hacker hacks the smartphone of the purchaser, the authentication number can be easily extracted, so that hacking can be easily performed even if the hacker does not have the smartphone of the purchaser . That is, there is no way for the authentication server to confirm whether the input of the authentication number was made by a true purchaser or by a hacker.
On the other hand, in the case of the present invention, the capcha information must be input using the smartphone of the purchaser, and the input capsa information is encrypted together with the number information of the smartphone and transmitted to the server. It is possible to confirm whether the information is transmitted through another medium by the information-aware hacker, so authentication can be prevented from being performed by the hacker.
In addition, in the case of the present invention, since the capcha information is used as the authentication method, even if the hacker hacks the computer of the purchaser, the computer of the hacker can not recognize the capcha information. .
Meanwhile, when the
Accordingly, the purchaser inputs the capcha information to the capcha
Meanwhile, when the purchaser inserts the capcha information and the settlement means security information, the
Hereinafter, the authentication process performed after the buyer selects a product and applies for a purchase will be described in detail.
FIG. 9 is a flowchart illustrating a process of performing an online payment system according to an embodiment of the present invention in a time-series manner.
Referring to FIG. 9, when the buyer clicks the purchase order button, a payment request signal is transmitted from the
Meanwhile, when the
In this state, the purchaser confirms the payment information and the capcha information through the
Subsequently, the capcha information confirmed from the
On the other hand, when the
Information used in the integrity check and authentication check performed by the
The information shown in Table 1 is stored in the
The
In the
Upon receiving the encrypted authentication and payment information from the
In detail, if it is determined that the number of the authentication request medium stored in the
The
In addition, the
Finally, the
In this way, the
Since the server transmits the first authentication image and the second authentication image from the original image to the
In addition, the
In addition, since a machine such as a computer, rather than a conventional numeral input method using sms, uses a captcha image that can not be recognized as authentication data, it is safer from the risk of hacking.
In order to prevent the forgery and falsification of payment information, the
Also, in the case of the system of the present invention, since the main financial information such as the card number and the password is inputted through the
In addition, when a malicious person forgets a payment page and sends it to the
Therefore, even if the transaction information of the purchaser is leaked, the disparate medium different from the purchaser's computer is mapped so that the third party other than the principal can not perform the authentication and settlement process normally.
Of course, in order to further improve the reliability of the online authentication and settlement system according to the embodiment of the present invention, it is preferable that the following contents be premised.
First, the device information of the smartphone terminal, the user password, and the mobile phone number are registered when the smartphone payment service is initially registered. If the smartphone terminal or the phone number of the user is changed, a procedure for verifying that the user is an existing user should be performed by receiving the previously registered smartphone terminal device information, the additional input password and the phone number .
Also, even if a malicious user unauthorizedly registers a smartphone payment service or hacks a user's computer to cut off the shopping mall ID and password, and then changes the mobile phone number of the user to the mobile phone number of the user, Means must be provided to prevent transmission to mobile numbers. As a method, there is a verification procedure of verifying whether a user is a legitimate user by requesting a phone number registered at the time of registration of a payment service with a mobile communication company, or when a mobile phone number of a user is changed through personal information change by logging in a shopping mall site, It is possible to propose a method in which a process of checking whether the owner of the mobile phone number changed from the owner of the mobile phone number is the same as the owner of the mobile phone number is essential.
Claims (18)
The server comprises:
And generating an original image for generating a second authentication image for transmission to an authentication request medium which is a different apparatus from the payment request medium, An image generation unit for inserting information;
A transaction information database in which payment information for a product requested for payment and information for authentication are stored for each purchaser;
An image encryption unit encrypting information for authentication to be embedded in the image together with the image;
A data transmission / reception unit for transmitting the encrypted image to the payment request medium and the authentication request medium, or for receiving information from the payment request medium and the authentication request medium; And
And an operation unit for determining whether information stored in the transaction information database matches information transmitted from the authentication request medium to the server.
Wherein the payment request medium comprises a computer,
Wherein the authentication request medium includes a mobile terminal having a screen on which the second authentication image is displayed, input means for inputting authentication information, and communication module capable of voice and data communication.
Wherein the authentication request medium includes a smartphone.
Wherein the information embedded in the first authentication image comprises:
Payment information for the purchased product; And
An online payment system including capsa image information for a buyer authentication.
Wherein the information stored in the transaction information database comprises:
A number of the authentication request medium owned by the purchaser;
Payment information for the purchased product;
The captcha image information inserted in the first authentication image; And
An on-line payment system comprising a cipher text consisting of random values.
Wherein the information stored in the transaction information database comprises:
Further comprising an image hash value of the original image for generating the first and second authentication images.
Wherein the information transmitted from the authentication request medium to the server comprises:
Payment information for the purchased product;
A number of the authentication request medium;
Captcha image information input by the purchaser through the authentication request medium;
A cipher text including the arbitrary random number value; And
An online payment system comprising security information of a payment means.
Wherein the information transmitted from the authentication request medium to the server comprises:
And an image hash value of the second image.
Wherein an input window for inputting payment information of the purchased product and a capcha image inserted in the first authentication image and an input window for inputting security information of the payment means are displayed on the screen of the authentication request medium, Online payment system.
Transmitting payment information for the purchased product to the authentication server according to the payment request;
Generating a second authentication image in which the original image for authentication, the first authentication image in which the capsa image information is inserted in the original image, and the ciphertext in random numbers are hidden in the authentication server, ;
Transmitting the first authentication image and the second authentication image to an authentication request medium, which is a dissimilar medium different from the settlement request medium and the settlement request medium, respectively;
Displaying the first authentication image on the payment request medium; And
An input window for inputting the second authentication image, an input window for inputting the captcha image, and an input window for inputting security information of the payment means are displayed on the authentication request medium.
The payment information includes:
An online payment method including information on a price of a purchased product, a product name, a product number, and a payment means.
Further comprising the step of inputting a capcha image and payment means security information through the authentication request medium.
Wherein the second authentication image, the capcha image information, and the payment means security information are encrypted and transmitted to the authentication server.
Wherein the transaction information database of the authentication server includes:
The image information of the original image, and the random number value of the cipher text hidden in the second image are stored in the second image, the payment information of the purchased product, the number of the authentication request medium of the purchaser, the capcha image information, How to make an online payment.
In the authentication server,
Extracts the payment information stored in the transaction information database, the number of the authentication request medium, the image of the capcha image and the random number,
And comparing the payment information transmitted from the authentication requesting medium with the number of the authentication requesting medium and comparing the value of the random number with the value of the captured image inputted through the authentication requesting medium.
In the authentication server,
Comparing the image hash value of the original image stored in the transaction information database with the image hash value of the second authentication image transmitted from the authentication requesting medium to the authentication server, How to make an online payment.
If the payment information, the number of the authentication request medium, the image of the capcha image, the random number value and the image hash value do not match, the payment process is stopped and an error or error message is sent to the payment request medium Is displayed on the screen of the mobile terminal.
Wherein the number of the authentication requesting medium includes a telephone number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130102386A KR20150025140A (en) | 2013-08-28 | 2013-08-28 | On-line payment system and method of payment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130102386A KR20150025140A (en) | 2013-08-28 | 2013-08-28 | On-line payment system and method of payment |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150025140A true KR20150025140A (en) | 2015-03-10 |
Family
ID=53021440
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR20130102386A KR20150025140A (en) | 2013-08-28 | 2013-08-28 | On-line payment system and method of payment |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150025140A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190064920A (en) | 2017-12-01 | 2019-06-11 | 충남대학교산학협력단 | Reservations for public transport seats and incoming calls |
-
2013
- 2013-08-28 KR KR20130102386A patent/KR20150025140A/en not_active Application Discontinuation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190064920A (en) | 2017-12-01 | 2019-06-11 | 충남대학교산학협력단 | Reservations for public transport seats and incoming calls |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106688004B (en) | Transaction authentication method and device, mobile terminal, POS terminal and server | |
US8601268B2 (en) | Methods for securing transactions by applying crytographic methods to assure mutual identity | |
US10586229B2 (en) | Anytime validation tokens | |
US20130226813A1 (en) | Cyberspace Identification Trust Authority (CITA) System and Method | |
US20100153273A1 (en) | Systems for performing transactions at a point-of-sale terminal using mutating identifiers | |
US20150302409A1 (en) | System and method for location-based financial transaction authentication | |
CN101978646A (en) | Systems and methods for performing file distribution and purchase | |
CN102790767B (en) | Information safety control method, information safety display equipment and electronic trading system | |
KR20080100786A (en) | Internet business security system | |
US8620824B2 (en) | Pin protection for portable payment devices | |
WO2016118087A1 (en) | System and method for secure online payment using integrated circuit card | |
KR20120108599A (en) | Credit card payment service using online credit card payment device | |
CN103714455A (en) | Personal information protection method for C2C electronic trading platform | |
JP7267278B2 (en) | Payment card authentication | |
GB2544829A (en) | System and method for enabling a secure transaction between users | |
TW201421393A (en) | System for interactive 2-D barcode transaction data transmission and validation of mobile device and method thereof | |
US11880840B2 (en) | Method for carrying out a transaction, corresponding terminal, server and computer program | |
CN112970234B (en) | Account assertion | |
US9871890B2 (en) | Network authentication method using a card device | |
TW201504964A (en) | Secure mobile device shopping system and method | |
US20120290483A1 (en) | Methods, systems and nodes for authorizing a securized exchange between a user and a provider site | |
KR20150025140A (en) | On-line payment system and method of payment | |
WO2001092982A2 (en) | System and method for secure transactions via a communications network | |
KR100733129B1 (en) | System and method for processing security payment | |
KR101770744B1 (en) | Method for Processing Mobile Payment based on Web |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal |