KR100572504B1 - Credit settlement method using prior signature and its credit card - Google Patents

Abstract

Credit card holder authentication method of this embodiment is

The cardholder inputting the amount of use, the period of use, the number of times of use, and the password into the smart card (correctly a smart chip) through a smart card interface device such as a PC or a mobile phone before the transaction (S110); Confirming, by the smart card, a password stored therein and a password input by the user (S120); When the password is confirmed, the process of before the card using the step of storing the information of the amount of use, the period of use, the number of times of use received by the smart card in its internal memory (S130),

Forming a interface between the payment terminal and the smart card, receiving a transaction amount, and receiving a credit payment processing request from the affiliate store owner (S210); Checking the validity of the prior signature on the transaction details when the prior signature in the smart card exists (S220); When checking the validity, characterized in that consisting of a process performed during the use of the card consisting of the step of performing a credit settlement process and storing information about the payment history (S250).

PIN, Signature, Credit Card, Personal Authentication, Pre-Signature

Description

Credit settlement method using prior signature and its credit card {CREDIT-CARD AND CREDIT-CARD LIQUIDATION METHOD USING ADVANCE SIGNATURE}

1 is a flowchart illustrating a procedure performed during the use of a card in the credit settlement method according to the present invention.

2 is a flowchart illustrating a detailed procedure of checking the validity of the prior signature performed by the controller of the smart card in the credit settlement method according to the present invention.

3 is a block diagram showing the structure of a smart chip embedded in a credit card according to the present invention.

4 is a flowchart illustrating a procedure performed before using a card in the credit settlement method according to the present invention.

The present invention relates to a method of performing a kind of electronic signature that a card user confirms and approves a use history when using a credit card. More particularly, the present invention relates to a method of replacing a signature by inputting a PIN.

Looking at the conventional procedure of using a credit card, when the cardholder handing over his credit card to the merchant owner at the time of purchase, the merchant reads the credit card received at the payment terminal and enters the payment amount. The payment terminal sends the read credit card number and payment amount to the VAN server to check whether the credit card is available and within the limit of the payment amount. When the use authorization is dropped from the VAN server, the payment terminal records the payment details and prints the payment slip. Thereafter, to confirm the authenticity of the cardholder, the merchant receives a sign from the cardholder on the payment slip.

The conventional credit card payment procedure as described above has the following problems. First, the conventional method has been subjected to malicious credit card crimes in that payment can be processed even if only the number of the credit card is known, and for this reason, the cardholder has anxiety about handing the card to the merchant owner. Secondly, handwritten signatures to verify the authenticity of cardholders are virtually no function of preventing card crimes and are only a tool to transfer the responsibilities to cardholders. There was a problem that became a factor.

In order to solve the above problems, an implementation for receiving a password from a cardholder instead of a conventional handwritten signature has been developed. This implementation uses a smart card with a smart chip with its own data storage and computing power as a credit card, or compares an individual user's PIN stored in the management server with an input password. In the case of the implementation using the smart card, the user's password is stored in the smart chip, if the user enters the password through the keypad provided in the payment terminal, the smart chip checks the password and if the match is the authenticator for the transaction The card is sent to the payment terminal and authenticated as being used by the true cardholder as the authenticator.

The problem of the improved conventional method is that the problem persists. First, when a malicious hacker manipulates the keypad to detect a payment terminal, the cardholder's password is very easily exposed. Second, the password input itself takes a considerable amount of time, so there is no expectation in shortening the payment processing time. Third, when the card owner instructs his agent to purchase goods, he or she must inform the agent of the PIN of the card, which causes security problems and inconveniences of changing the PIN after purchase.

The present invention has been made to solve the above problems, a method of receiving a credit card holder's confirmation through the cardholder's PIN in the transaction history of the credit card holder, the PIN input is a certain amount and / or schedule before use of the card It is an object of the present invention to provide a credit card system characterized by performing the collection in advance.

Credit settlement method of the present invention for achieving the above object, the transaction history is authenticated through a password recorded in the smart chip embedded in the credit card, the authentication is a certain cost and before the transaction in the user's personal PC or mobile phone, etc. And / or is performed within a certain period of time.

Hereinafter, specific embodiments of the present invention will be described with reference to the accompanying drawings.

(Example 1)

Credit card holder authentication method of this embodiment is

The cardholder inputting the amount of use, the period of use, the number of times of use, and the password into the smart card (correctly a smart chip) through a smart card interface device such as a PC or a mobile phone before the transaction (S110);

Confirming, by the smart card, a password stored therein and a password input by the user (S120);

When the password is confirmed, the process of before the card using the step of storing the information of the amount of use, the period of use, the number of times of use received by the smart card in its internal memory (S130),

Forming a interface between the payment terminal and the smart card, receiving a transaction amount, and receiving a credit payment processing request from the affiliate store owner (S210);

Checking the validity of the prior signature for the transaction if the prior signature exists in the smart card (S220) (in this step, whether the payment processing amount is within the amount used, whether the current time is within the period of use, and the number of times of use) Examine whether or not is valid);

When checking the validity, characterized in that consisting of a process performed during the use of the card consisting of the step of performing a credit settlement process and storing information about the payment history (S250).

In this embodiment, before the credit transaction, the user pre-signs (pre-signatures) the amount that he intends to use, and stores it in his credit card (exactly a smart chip), and does not require a separate manual signature during the credit transaction. It is characterized by closing the deal immediately. The feature of this embodiment can also be easily applied when the credit card holder entrusts the credit card to the agent and requests the credit purchase within a certain amount.

The pre-signature is performed via a credit card owner's PC or mobile phone that can interface with the smart card (usually equipped with a contact IC card interface device). The user connects the smart card to the device and operates the smart card driving program to record the amount of use, the period of use, and the number of times of use of the smart card through the program (S110 to S130). In the recording, the smart card causes the recorder to input a password to confirm the identity of the recorder, and confirms the identity by comparing the PIN with the PIN (or password) recorded therein (S120).

The amount of use may be implemented as a maximum amount of one use and / or total amount of use, and the period of use indicates the period in which the prior signature is valid, and the number of times of use may indicate the prior signature in advance for the expected number of credit settlements. If the number is shown.

For more accurate and secure payment processing, the amount of the prior signature can be limited, or it can be implemented so that the advance signature can be made online. In the online status pre-signature, the limit value inquiry to the management server is performed in advance with respect to the amount of the pre-signature, so that the pre-signation is performed only when the limit is within the limit amount. To this end, when passing the limit inquiry, the management server sends down the authenticator encrypted with the security key shared with the smart chip, and the smart card (chip) must confirm the authenticator so that the pre-signature is made.

However, for convenience of the user, it is preferable to implement the pre-signature in the offline state within a certain amount of money, and to exceed the amount, to enable the pre-signature in the online state only.

The above procedure completes the recording procedure of the pre-signature in the smart card. Now describe the procedure by which the holder (or purchasing agent) of the smart card pays the amount after purchasing the goods / services.

After the cardholder purchases the goods / services, the smart card-type credit card with the payment intention is interfaced to the credit settlement terminal. Since the smart chip must be driven, the interface is not sufficient to read the conventional magnetic stripe and must be inserted into a contact IC slot or access the card to the RF antenna range. The merchant enters a purchase amount and requests the credit settlement terminal for the corresponding amount (S210).

The credit settlement terminal receiving the credit request transmits the necessary information and request signal for credit settlement such as card number, expiration date and payment amount to the management server (VAN server), and the management server receives the credit failure / loss card. It checks whether the credit settlement is approved by checking the expiration date and limit.

If the credit settlement approval from the management server, the terminal must go through a procedure of receiving a PIN from the holder as a means of authenticity authentication of the card holder, in the present invention replaces the procedure as a pre-signature verification procedure.

Whether or not it is a pre-signed card is indicated by a response value from the smart card or a recorded value in an open storage area. If the card does not have a pre-signature, the terminal receives a PIN from the holder and delivers it to the smart card, but if the card has a pre-signature, the terminal undergoes a pre-signature authentication process (S220). The pre-signature authentication process may be implemented to be performed by the terminal by reading the pre-signed details (number of times, maximum amount of use, expiration date, etc.) from the smart card, but for security purposes, the terminal requests credit settlement to the smart card. Only the amount is delivered, and the smart card sends a payment confirmation signal to the terminal only if it is confirmed by checking whether the requested amount is within the maximum signed amount and within the period of use.

As shown in Figure 2, the step S220 is a step of confirming whether the pre-signature is recorded in the internal memory of the smart card (S222), the step of confirming the validity of the recorded pre-signature records (S230), and the remaining maximum Updating the maximum amount by subtracting the amount of payment from the amount of money and subtracting the number of times of use (S242), and creating a confirmation value of a valid signature of a valid signature and transmitting it to the credit settlement terminal (S244). .

If the remaining number of uses as a result of the subtraction in step S242 is zero, the prior signature record is deleted. The pre-signature confirmation value is preferably encrypted with a security key shared only by the smart card and the card company in order to prevent forgery of the merchant having the credit settlement terminal. The prior signature confirmation value is recorded instead of the signature on the slip of the affiliated store, and the card company decrypts the prior signature confirmation value with its security key to determine whether it is a legitimate prior signature.

The step S230 consists of checking whether the payment amount is within the maximum remaining amount, checking whether the credit settlement use time is within the use period, and checking whether the recorded number of times of use is one or more times. In some implementations, the validity of the prior signature may be verified by checking only a part of whether it is within the maximum amount of the pre-signed or within the period of use or within the number of times of use. In order to confirm to the cardholder, it is preferable to record the indication of the pre-signature and the pre-signature time in the payment confirmation signal. If it is not possible to approve the result of the pre-signature confirmation of the smart card, the smart card sends a PIN input request to the terminal together with the pre-signature approval disapproval notification, and the terminal receives the PIN from the holder and delivers it to the smart card. In other words, the authenticity of the cardholder is verified by the PIN, just as there is no prior signature. Since the process of verifying the PIN received from the smart card is the same as the conventional implementation, description thereof is omitted.

When the payment by the pre-signature is completed, the terminal stores the information on the payment details in the internal memory (S250). At this time, a paper slip may be output as needed.

Although the credit settlement terminal in the above description has been described as performing the credit settlement according to the pre-signature method of the present invention, it is obvious that an implementation including a selection process among the payment processing procedure and the general credit settlement processing procedure of the present invention is also possible. .

In the case of a chip card type credit card, it may be implemented to store a plating amount in an in-chip memory for offline credit settlement. This implementation divides the credit settlement at the terminal into online payment and offline payment, and enables offline payment within a certain time and / or number of times from the latest online transaction. At this time, when checking offline credit card or lost credit card, the search is skipped or replaced with a BL (black list) search stored in the terminal, and the limit inquiry is skipped or compared with the remaining limit value recorded in the smart card. That is, the remaining limit value is synchronized with the limit value stored in the management server during the online transaction, and it is determined whether the limit is within the limit amount as the record of the remaining limit value of the card during the offline transaction.

In the case of the credit card of the above configuration, even if offline in the pre-signature process, even if the present invention implements the pre-signature freely within the limit amount of the card, there is little security problem.

The maximum amount information is a value of a pre-signed amount of money, the term of use information is for the purpose of ensuring that the pre-signed details are valid only when a credit settlement is made within a certain time period, and the number of times of use of the information is fixed for user convenience. The recovery value if the recovery prior signature is allowed.

Pre-signature execution scenarios are as follows.

In the case of the most secure implementation, the user records the maximum amount and the period of use on the smart card at the time of the pre-signature, and the cardholder pays the credit card without any post-signature or PIN input within the maximum amount only once at the time of the period of use. Can be performed. That is, the dictionary signature recorded on the card for one use is reset.

In the case of a safe implementation, the user records the maximum amount, the period of use, and the number of times of use at the time of prior signing, the maximum amount of time being the default value, and the period of use is the default value from the time of prior signing. The number of times of use is the default value. In other words, in this implementation, the credit card is settled without post signature or PIN input as many times as the total number within the maximum amount within the designated time.

An implementation that considers the user's convenience greatly permits credit settlement without a post-signature (PIN) if only one or two of the maximum amount, duration of use, and frequency of use are satisfied. However, for security purposes this implementation is not desirable.

The credit card of the present invention is a smart card equipped with a one-chip microcontroller (smart chip) inside a plastic card. The smart chip is a one chip, which has a control unit (CPU) 20, a RAM 50, a ROM 40, an Epyrom 10, and an input / output interface 30, and the control unit 20 is a general CPU. It is also divided into a security module (SAM) that performs only security functions.

The controller 20 is responsible for the overall operation control and execution of the recorded program, and the RAM 50 is a space for storing temporary data during the operation. The ROM 40 generally stores program codes and data that are important for card operation such as a card operating system (COS) and a credit card basic operation program and are not changed. The EEPROM 10 records data which is not recorded at the time of initial card creation as data necessary for operation, and particularly, data recorded after issuance is stored. Such data includes card information, user information including PINs, and sub-authentication key information, and in particular, pre-signatures that form a feature of the present invention. The input / output interface unit 30 is for interfacing data transmission and reception with a card reader in a contact and / or contactless (RF manner), and the final interface means is a contact IC terminal and / or an RF antenna.

The credit settlement terminal for performing the credit settlement method includes a contact and / or contactless card interface unit, a controller for controlling the overall operation of the terminal, a memory for storing data necessary during the operation of the terminal, and input signals and data from an operator. It consists of a keypad unit for receiving, and further includes a printer unit for outputting a paper sales slip, if necessary.

The overall configuration of the credit settlement terminal is similar to a credit settlement terminal for a conventional chip card type credit card. However, the control unit performs the credit settlement method by the prior signature, and the payment history stored in the memory is also stored with the pre-signed payment history, the pre-signature payment history and the prior signature time, etc. This is additionally recorded.

(Example 2)

The present invention may be implemented for the convenience of the cardholder, not for the credit card surrogate. The cardholder feels cumbersome after signing the credit or entering his / her PIN after every payment activity (e.g. food expenses). Therefore, the card user pre-signs the expected time and the expected amount in advance in accordance with the present invention. In this case, the pre-signature is not invalidated after a predetermined number of times (or the amount or time). It is set to valid again.

For example, the owner of a credit card uses a credit card to pay for lunch daily, and it is not cumbersome to write an essay signature or PIN each time, which is why he is reluctant to use the credit card in the micropayment field. In the present embodiment, the credit card holder records the usage period, the maximum amount, and the automatic dictionary signature (hereinafter referred to as automatic flag) on the smart card which is the credit card in advance in his PC. The number of times of use may be recorded as in the first embodiment, but may be omitted due to a relatively short time of use.

In this embodiment, the automatic dictionary signature is also determined as a valid dictionary signature when checking whether the dictionary signature is recorded in step S222. In step S242, the automatic signature is checked and the automatic dictionary signature is not the automatic dictionary signature. The same procedure (S242) is performed.

By implementing a pre-signed credit card system according to the present invention, a credit card holder can use a credit card conveniently for proxy purchases by entrusting a pre-signed credit card to an agent.

In addition, it is possible to prevent the hacking method to find out the password of the credit card holder by operating the terminal keypad by the prior signature, and the separate password input or handwritten signature can be omitted when paying with a pre-signed credit card. It also has the effect of reducing the payment time.

Claims (4)

delete In the credit card payment method that is executed in the smart card and payment terminal, Receiving, by the smart card, prior signature details and passwords including the amount of use, the period of use, and the number of times of use from the smart card interface device; Confirming, by the smart card, whether an input password matches an internally stored password; Storing the input dictionary signature history information in an internal memory when the smart card matches the password; The payment terminal forming a communication interface with the smart card and receiving a credit payment processing request including a credit payment request amount; Checking, by the payment terminal, whether a pre-signature in the smart card exists; Transmitting, by the payment terminal, a pre-signature validity confirmation request message including a credit payment request amount and a current time when the pre-signature is found in the smart card; When the smart card inputs a pre-signature valid confirmation request message including the credit payment request amount and the current time, whether the credit payment request amount is within the remaining maximum amount recorded in the pre-signature detail information, and the current time is the pre-signature detail information. Checking whether it is within the usage period recorded in the document, and whether the remaining usage number recorded in the prior signature detail information is one or more times; If the smart card confirms that the pre-signature is valid, updating the maximum amount by subtracting the payment amount from the remaining maximum amount, subtracting the number of times of use, creating a pre-signature confirmation value, and transmitting it to the payment terminal; Performing a requested credit settlement process and storing information on payment details when a pre-signature confirmation value is input by the payment terminal; Credit settlement method comprising a. delete In the smart card type credit card capable of data communication with the payment terminal, An input / output interface unit for interfacing data transmission / reception with the payment terminal; A ROM storing a chip card operating system, authentication program data, and credit settlement program data; An EEPROM that stores dictionary signature history information including card information, user information, authentication key information, PIN and maximum amount information, usage period information, and usage count information; When the pre-signature validity confirmation request message including the credit settlement request amount and the current time is input from the payment terminal through the input / output interface unit, whether the credit settlement request amount is within the maximum remaining amount recorded in the pre-signature details information, Check whether it is within the period of use recorded in the prior signature details and at least one remaining number of times recorded in the prior signature details.If the result is valid, the maximum amount is renewed by subtracting the payment amount from the remaining maximum amount. A control unit configured to subtract the number of times of use and write a confirmation value of a pre-signature and transmit it to the payment terminal; Credit card comprising a.

Images