KR101624266B1 - Token authentication method and token authentication using verification value generated based on current time - Google Patents

Token authentication method and token authentication using verification value generated based on current time Download PDF

Info

Publication number
KR101624266B1
KR101624266B1 KR1020150056211A KR20150056211A KR101624266B1 KR 101624266 B1 KR101624266 B1 KR 101624266B1 KR 1020150056211 A KR1020150056211 A KR 1020150056211A KR 20150056211 A KR20150056211 A KR 20150056211A KR 101624266 B1 KR101624266 B1 KR 101624266B1
Authority
KR
South Korea
Prior art keywords
token
card number
server
virtual card
verification value
Prior art date
Application number
KR1020150056211A
Other languages
Korean (ko)
Inventor
이지호
Original Assignee
비씨카드(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 비씨카드(주) filed Critical 비씨카드(주)
Priority to PCT/KR2015/009769 priority Critical patent/WO2016159462A1/en
Application granted granted Critical
Publication of KR101624266B1 publication Critical patent/KR101624266B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/14Payment architectures specially adapted for billing systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Abstract

According to one embodiment of the present invention, a token authentication method in a token authentication system, the present invention provides a token authentication method using verification value generated based on the current time, comprising the steps of: once a user authentication is completed in a user terminal, generating a verification value by using a unique key generated based on the current time in a token generating server, and issuing the value to the user terminal by generating a token including the verification value; once the identification information corresponding to the issued token in an affiliated store′s terminal is recognized from the user terminal, receiving the authentication request including the recognized identification information in a token verification server from the affiliated store′s terminal; re-generating a verification value by using a unique key generated based on the token generating time in the token verification serer, comparing the re-generated verification value and the verification value included in the authentication request, and performing authentication for the token; once the authentication for the token is completed, transmitting a payment request to a payment server which manages he information of payment means corresponding to the identification information in the token authentication server, and completing the requested payment.

Description

TECHNICAL FIELD [0001] The present invention relates to a token authentication method and a token authentication method using a verification value generated based on a current time,

The present invention relates to a token authentication method and a token authentication system using a verification value generated based on a current time, and more particularly, to a method and apparatus for generating a verification value based on a current time, The present invention relates to a token authentication method and a token authentication system for performing settlement when a token authentication is completed.

In order to commercialize payment means in various forms such as text, bar code, QR code, NFC, etc., it is necessary to provide a one-time virtual card number Use of token is increasing.

In order to use the token, the token generating server continuously generates a new token and issues it to the user terminal, stores the token issued to verify the validity of the token in the database for a designated time, The token received from the merchant terminal and the token temporarily stored in the database are compared with each other, and the validity of the transaction is verified, so that appropriate security can be provided by a simple method.

However, since the token generation server and the token verification server exist in the same server, that is, a single system configuration is required, there is a problem that consistent service can not be provided in an unexpected situation such as a system failure.

Also, there is a problem in that tokens are always requested to be issued and verified online, and the corresponding procedures must be performed.

Accordingly, there is an increasing demand for various systems in which a system for issuing and authenticating tokens can be physically or logically separated, and a solution for solving the above problems is urgently needed.

An object of the present invention is to provide a token authentication method and a token authentication system which generate a verification value based on the current time, authenticate the token using the generated verification value, and perform settlement when the token authentication is completed .

It is another object of the present invention to provide a token authentication method and a token authentication system in which a device for issuing a virtual card number including a token and a device for authenticating the token are physically or logically separated.

The present invention also provides a token authentication method and a token authentication system for relieving the risk of transaction duplication, simplifying the transaction processing system, and using the token reliably in various media and environments, in a transaction through a mobile device .

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood from the following description.

According to an aspect of the present invention, there is provided a method of authenticating a token in a token authentication system, the method comprising: generating a verification value using a unique key generated from a current time in a token generation server; Generating a virtual card number including the generated verification value and the token, and issuing the virtual card number to the user terminal; Receiving, at a token verification server, an authentication request including identification information corresponding to the virtual card number through an affiliate terminal recognized from the user terminal; The verification value is regenerated by using the unique key generated from the generation time of the virtual card number in the token verification server, and the verification value included in the regenerated verification value and the virtual card number corresponding to the identification information is Performing authentication for the token included in the virtual card number; And transmitting the payment request including the token to the payment server when the authentication of the token is completed by the token verification server so that settlement is performed by the payment means matched with the token. A token authentication method using the generated verification value is provided.

The issuing of the virtual card number may include generating the unique key using the Julian's number based on the current time in the token generation server.

According to another aspect of the present invention, there is provided a method of authenticating a token in a token authentication system, the method comprising: receiving, from a token generation server, key generation information in a user terminal; Generating a verification value using a unique key generated from a current time, issuing a virtual card number including the generated verification value and a token to a token storage associated with the user terminal, Receiving, at a token verification server, an authentication request including identification information corresponding to the virtual card number through an affiliate terminal recognized from the user terminal; The verification value is regenerated by using the unique key generated from the generation time of the virtual card number in the token verification server, and the verification value included in the regenerated verification value and the virtual card number corresponding to the identification information is Performing authentication for the token included in the virtual card number; And transmitting the payment request including the token to the payment server when the authentication of the token is completed by the token verification server so that settlement is performed by the payment means matched with the token. A token authentication method using the generated verification value is provided.

The issuing of the virtual card number may include generating the unique key using the Julian's number based on the current time in the user terminal.

According to another embodiment of the present invention, a verification value is generated using a unique key generated from a current time, and a virtual card number including the generated verification value and a token is generated A token generation server for issuing a token to the user terminal; An agent terminal for recognizing identification information corresponding to the virtual card number from the user terminal; Receiving the authentication request including the recognized identification information through the merchant terminal and regenerating the verification value using the unique key generated from the generation time of the virtual card number, A token verification server for comparing the verification value included in the virtual card number and the corresponding virtual card number to authenticate the token included in the virtual card number; And a payment server for receiving a payment request including the token from the token verification server, when the authentication for the token is completed, and for making a payment with the payment means matched with the token is provided .

The token generation server may generate the unique key using the Julian's number based on the current time.

According to another aspect of the present invention, there is provided a method of transmitting a key generation information to a token generation server, the method comprising: receiving a key generation information from a token generation server and generating a verification value using a unique key generated from a current time, Generating a virtual card number including the generated verification value and the token, and issuing the virtual card number to the token storage; An agent terminal for recognizing identification information corresponding to the virtual card number from the user terminal; Receiving the authentication request including the recognized identification information through the merchant terminal and regenerating the verification value using the unique key generated from the generation time of the virtual card number, A token verification server for comparing the verification value included in the virtual card number and the corresponding virtual card number to authenticate the token included in the virtual card number; And a payment server for receiving a payment request including the token from the token verification server, when the authentication for the token is completed, and for making a payment with the payment means matched with the token is provided .

The user terminal can generate the unique key using the Julian's number based on the current time.

According to an embodiment of the present invention, a token authentication system in which a device for issuing a virtual card number including a token and a device for authenticating a token are physically or logically separated can be provided. Therefore, even in an unexpected situation such as a system failure It is possible to provide a consistent service.

Also, according to the embodiment of the present invention, since the verification value is generated by the user terminal itself even in the offline mode, the virtual card number including the verification value and the token can be issued, There is an effect that issuance of the virtual card number can be performed.

According to an embodiment of the present invention, it is possible to solve the risk of transaction duplication, simplify the distance processing system, secure the security of token use in various media and environments, have.

It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.

1 is a diagram illustrating a token authentication system according to an embodiment of the present invention.
FIG. 2 illustrates a process of performing settlement through token authentication according to an embodiment of the present invention. Referring to FIG.
3 is a diagram illustrating a process of performing settlement through token authentication according to another embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as "comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating a token authentication system according to an embodiment of the present invention.

1, a token authentication system according to an exemplary embodiment of the present invention includes a user terminal 100, an affiliate terminal 200, a token generation server 300, a token verification server 400, And a payment server 500.

First, the communication network can be configured without regard to its communication mode such as wired and wireless. A local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), and the like. Preferably, the communication network in the present invention may be a mobile communication network, or may be a known World Wide Web (WWW) or the like.

The user terminal 100 may be any kind of handheld based wireless communication capable of being connected to an external server through a network such as a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a PMP (Portable Multimedia Player) Device, and may also include a communication device that can be connected to an external server via a network, such as a desktop PC, a tablet PC, a laptop PC, or an IPTV including a set-top box.

The user terminal 100 can perform user authentication using pre-registered personal authentication means such as SMS, a public certificate, and a billing password.

The user terminal 100 can generate the identification information corresponding to the virtual card number using the virtual card number issued by the token generating server 300 and can identify the corresponding identification information to the merchant terminal 200 have. Here, the identification information may be in various forms such as voice, text, bar code, QR code, NFC tag information, and may include information of the payment means or specific information corresponding to the payment means.

That is, the user terminal 100 can be utilized as various payment means such as voice, text, bar code, QR code, and NFC by using the identification information corresponding to the virtual card number, and the identification information is transmitted to the merchant terminal 200 ), And settlement may be requested through the previously registered payment means corresponding to the identification information.

The merchant terminal 200 may be a POS terminal that is installed in an affiliated merchant of a business entity (e.g., card company) that operates the payment server 500, and the POS value may be issued in advance to the POS terminal. Here, the POS value may be issued to a part of the plastic card (for example, the TRACK 2 area) as a service code value for the affiliate service processing in the card system.

According to an embodiment of the present invention, an area where a POS value is issued to an actual card may be composed of a card number, an expiration date, a service code (CVC), an RPU, CVC), a verification value, and the like.

The merchant terminal 200 can recognize the identification information corresponding to the virtual card number from the user terminal 100. [

For example, the merchant terminal 200 can recognize identification information such as a barcode and a QR code displayed on the user terminal 100. When the user terminal 100 is positioned within a certain distance, Tag, or the like.

The merchant terminal 200 may transmit an authentication request including the identification information recognized by the user terminal 100 to the token verification server 400. [ At this time, the merchant terminal 200 may transmit an authentication request to the token verification server 400 in order to perform settlement through the previously registered payment means corresponding to the identification information.

The token generating server 300 may generate the verification value using the unique key generated from the current time. At this time, the token generation server 300 may generate a verification value after user authentication is completed in the user terminal 100. [

According to an embodiment of the present invention, the verification value may be a hash value generated through encryption operation and hash operation at the time of generation or authentication request of a virtual card number to verify the validity of the payment, It can be used to verify that the token is normally issued.

In addition, the length of the verification value can be set so that it can be used less than a predetermined number of digits. In this case, the digits other than the predetermined digits may not be used. For example, if only the first five digits of the verification value are set to be used, if the verification value is eight digits, only the first five digits may be used, and the last three digits may not be used.

Hereinafter, a process of generating the verification value by connecting the token generation server 300 with the payment server 500 will be described. However, the present invention is not limited to this, and the token generation server 300 may be included in the payment server 500, The server 500 may perform the function of the token generating server 300. [

First, the token generation server 300 may acquire a master key from a payment server 500 that manages information on a payment means (for example, a card) issued in advance to the user. In this case, the payment server 500 can generate and manage a master key for each user registered in advance in order to use the payment means. For example, when the payment server 500 is a credit card company server, A master key can be generated and managed for each user registered as a card member.

 According to an embodiment of the present invention, the master key is a unique key matched with an identification number (for example, a card number) of the payment means issued to the user, and can be utilized in the encryption process when generating the verification value.

The token generating server 300 may generate the card key using the master key. Here, the card key can be utilized for verification or user authentication on a card-by-card basis.

The token generating server 300 may generate the session key using the card key. At this time, the token generation server 300 may generate a separate session key using the minutes and the additional data by using the Julian minutes number.

According to one embodiment of the present invention, the Julian number is an extension of the Julian date, and the Julian date means the number of days elapsed from the beginning of a particular year. For example, Julian date for January 15, 2015, The date may be "15 ".

For example, the Julian's number for January 15, 2015 is 15, 24, and 60 minutes, respectively. Quot; 21600 "calculated by multiplying a number.

The token generating server 300 can generate a session key, which is a unique key using the Julian's number, based on the current time when the user authentication is completed, and generate the verification value using the generated session key. That is, the token generating server 300 can generate the verification value using the unique key generated from the current time.

The token generating server 300 may generate a virtual card number including the generated verification value and the token, and may issue the generated virtual card number to the user terminal 100.

According to an embodiment of the present invention, the token may be a virtual card number designated to be used in the settlement service, and may be a one-time token available until the preset token validity period expires, the token validity period is YYMM format, It can be used from 0 to 4 digits depending on the length of the token. For example, the virtual card number may be a total of 21 digits, the token may be 16 digits, the verification value may be 5 digits, the virtual card number may be composed, but is not limited to, have.

The token verification server 400 can receive the authentication request from the merchant terminal 200 and regenerate the verification value using the unique key generated from the token generation time.

At the time of regenerating the verification value, the token verification server 400 generates a session key, which is a unique key using the Julian's number, based on the time at which the virtual card number is generated in the token generation server 300 The verification value can be regenerated.

The token verification server 400 may compare the regenerated verification value with the verification value included in the virtual card number, that is, the verification value generated by the token generation server 300, and perform authentication on the token. At this time, the verification value generated in the token generation server 300 and the verification value generated in the token verification server 400 are the same or correspond to each other, and the token verification server 400 compares the verification values, If the result is found to be matched or matched, the authentication to the token can be completed.

For example, if the validity period is set to 3 minutes in the virtual card number, the token generating server 300 generates the first verification value based on the current time at 10:05, and outputs the first verification value and the token It is assumed that the authentication request is received from the merchant terminal 200 at the Token verification server 400 at 10:08.

First, the token verification server 400 may generate a second verification value based on 10: 7 minutes within 10 minutes from the validity period of 10:05, and compare the first verification value with the second verification value. , The first verification value was generated based on 10:05 and the second verification value was generated based on 10:07, so that the comparison results may not match.

Thereafter, the token verification server 400 may generate a second verification value based on 10:06 minutes, which is one minute earlier than 10:07, and compare the first verification value with the second verification value. In this case, Results may be inconsistent.

Thereafter, the token verification server 400 may generate a second verification value based on 10:05, which is one minute earlier than 10:06, and compare the first verification value with the second verification value. In this case, Since both the 1 verification value and the second verification value are generated on the basis of 10:05, the comparison result is consistent, and the authentication for the token can be completed.

That is, the token verification server 400 generates a verification value based on each time by increasing the time from the time when the authentication request is received to the valid period set in the virtual card number by 1 minute, Authentication can be performed.

Accordingly, if generation of a virtual card number including a token and authentication of a token are known and only basic data and an algorithm are known, it is not necessary to generate or verify by a single entity because a verification value can be generated. The token generation server 300 and the token verification server 400 may be separated from each other, as shown in FIG. However, it should be understood that the present invention is not limited to this, and the token generation server 300 and the token verification server 400 may be implemented as a single integrated server.

Upon completion of authentication for the token, the token verification server 400 may send a payment request to the payment server 500. [ At this time, the token verification server 400 can identify the token included in the virtual card number corresponding to the identification information using the identification information included in the authentication request received from the merchant terminal 200, To the payment server (500).

The payment server 500 can receive the payment request including the token from the token verification server 400 that has completed the authentication of the token, confirms the payment means matched with the token, and performs payment with the payment means .

The payment server 500 can transmit the payment completion history to the user terminal 100 or the merchant terminal 200 when the payment is completed.

FIG. 2 illustrates a process of performing settlement through token authentication according to an embodiment of the present invention. Referring to FIG.

The token generation server 300 and the token verification server 400 perform operations in the token generation server 300 and the token verification server 400. However, And the payment server 500 includes both the token generation server 300 and the token verification server 400 so that the payment server 500 can perform all operations.

First, in step S201, the user terminal 100 can perform user authentication using an authentication means such as an SMS, a public certificate, and a payment password.

In step S202, the user terminal 100 may transmit user authentication completion information to inform the token generation server 300 that the user authentication is completed. At this time, when the user terminal 100 performs the user authentication through the payment server 500 using the payment password or the like in step S201, the token generation server 300 receives the user authentication completion information from the payment server 500 You may.

The token generating server 300 can confirm that the user authentication is completed in the user terminal 100 by using the user authentication completion information received in step S202.

In step S203, the token generation server 300 can generate a session key, which is a key unique to the time point based on the current time, and generate a verification value using the session key, user information, or payment information , A token, a verification value, and the like.

For example, the token generation server 300 may generate a 21-digit virtual card number including a 16-digit token corresponding to the actual card number issued to the user and a 5-digit verification value generated based on the current time.

When generating the virtual card number in the token generation server 300, a Cryptogram version value, a transaction classification value, a PAN, a PAN validity period, an MD key, or the like may be used or generated.

According to one embodiment of the present invention, the Cryptogram version value is a value for specifying the type and length of encryption and the data to be used for generating and authenticating a verification value for a payment service, and the most effective encryption It can be formatted and version-separated.

According to an embodiment of the present invention, the transaction classification value is a code value for classifying the transaction type of the settlement service, and may be a code value separately assigned to the payment means.

According to an embodiment of the present invention, the PAN is an actual card number matched with the token, the PAN validity period may be a YYMM format with the card validity period set in the actual card, and the MD key may be a High Speed Memory ). ≪ / RTI >

In step S204, the token generation server 300 may issue the virtual card number generated in step S203 to the user terminal 100 and transmit the same.

In step S205, the user terminal 100 may generate the identification information corresponding to the virtual card number using the virtual card number issued from the token generation server 300. [ That is, the user terminal 100 can generate identification information corresponding to the virtual card number so as to be utilized as various payment means such as voice, text, bar code, QR code, and NFC.

In step S206, the user terminal 100 may transmit identification information to the merchant terminal 200, and the merchant terminal 200 may recognize the identification information.

Specifically, when the user terminal 100 directly transmits the identification information such as the NFC tag to the affiliate shop terminal 200 by using the near field wireless communication or the like, the affiliate shop terminal 200 can recognize the corresponding identification information, When the terminal 100 displays identification information such as a bar code or a QR code on the screen, the merchant terminal 200 may recognize the identification information using a reader connected to the merchant terminal 200. [

In step S207, the merchant terminal 200 may transmit an authentication request including the identification information recognized by the user terminal 100 to the token verification server 400. [ At this time, the merchant terminal 200 can transmit the authentication request to the token verification server 400 through the VAN or direct authorization method.

In step S208, the token verification server 400 generates a unique key based on the generation time of the virtual card number generated in step S203, and then generates the verification value using the generated unique key have.

Thereafter, the token verification server 400 checks the virtual card number corresponding to the identification information included in the authentication request received in step S207, compares the verification value included in the virtual card number with the regenerated verification value, Authentication can be performed. At this time, the token verification server 400 may complete the authentication for the token if the verification values match, thereby allowing a transaction for settlement.

According to an exemplary embodiment of the present invention, the data used in the token authentication may be a token, a token validity period, a Julian's number, a verification value, a POS value, a Cryptogram version value,

In step S209, when the authentication of the token is completed, the token verification server 400 may transmit the payment request including the token to the payment server 500 in step S207.

In step S210, the payment server 500 may check the token included in the payment request according to the payment request received in step S209, and perform settlement using the payment means matched with the token.

Thereafter, the payment server 500 may transmit the payment completion history to the user terminal 100 or the merchant terminal 200.

3 is a diagram illustrating a process of performing settlement through token authentication according to another embodiment of the present invention.

FIG. 3 shows a process of generating a virtual card number in the user terminal 100, and a description overlapping with the description in FIG. 2 will be omitted.

First, in step S301, the user terminal 100 may perform user authentication as in step S201.

If the user terminal 100 is provided with a secure token storage secured for security or the user terminal 100 is connected to the token storage, the token generating server 300 may directly store the virtual card number It is possible to perform only the process of requesting token issuance without generating the token. For example, the token generation server 300 may transmit only the key generation information, which is basic data required for key generation, to the user terminal 100.

In step S302, the user terminal 100 may generate a unique key using the Julian's number based on the operation performed by the token generation server 300 in step S203, that is, the current time, , Generate a verification value, generate a virtual card number including the verification value and the token, and issue the generated virtual card number to the token storage.

When generating the virtual card number, the user terminal 100 can generate the verification value itself using the key generation information received from the token generation server 300 in advance. Therefore, the user terminal 100 can generate the verification value from the token generation server 300 It is possible to generate the virtual card number even on the off-line.

In step S303, the user terminal 100 may generate identification information corresponding to the virtual card number as in step S205.

In step S304, the user terminal 100 may transmit identification information to the merchant terminal 200 as in step S206.

In step S305, the merchant terminal 200 may transmit the authentication request including the identification information to the token verification server 400 as in step S207.

In step S306, the token verification server 400 may perform authentication on the token as in step S208.

In step S307, the token verification server 400 may transmit the payment request to the payment server 500 as in step S209.

In step S308, the payment server 500 may perform settlement according to the settlement request as in step S210.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.

100: User terminal
200: Merchant terminal
300: Token generation server
400: Token verification server
500: Payment server

Claims (8)

A method for authenticating a token in a token authentication system,
Generating a verification value for confirming whether the token is normally issued by using the unique key generated from the current time as a starting point in the token generation server and generating a virtual card number including the generated verification value and the token matched to the payment means Generating and issuing to the user terminal;
Receiving, at a token verification server, an authentication request including identification information corresponding to the virtual card number through an affiliate terminal recognized from the user terminal;
The verification value is regenerated by using the unique key generated from the generation time of the virtual card number in the token verification server, and the verification value included in the regenerated verification value and the virtual card number corresponding to the identification information is Performing authentication for the token included in the virtual card number; And
Transmitting the settlement request including the token to the settlement server and causing the settlement to be performed by the settlement means matched with the token when the authentication of the token is completed, A token authentication method using verification values generated as a basis. The method according to claim 1,
The virtual card number issuing step includes:
And generating the unique key using the Julian's number based on the current time in the token generation server. A method for authenticating a token in a token authentication system,
A user terminal generates a verification value for confirming whether a token is normally issued using the unique key generated from the current time based on the key generation information after receiving the key generation information from the token generation server, Generating a virtual card number including a verification value and a token matched to the payment means, and issuing the generated virtual card number to a token storage associated with the user terminal;
Receiving, at a token verification server, an authentication request including identification information corresponding to the virtual card number through an affiliate terminal recognized from the user terminal;
The verification value is regenerated by using the unique key generated from the generation time of the virtual card number in the token verification server, and the verification value included in the regenerated verification value and the virtual card number corresponding to the identification information is Performing authentication for the token included in the virtual card number; And
Transmitting the settlement request including the token to the settlement server and causing the settlement to be performed by the settlement means matched with the token when the authentication of the token is completed, A token authentication method using verification values generated as a basis. The method of claim 3,
The virtual card number issuing step includes:
And generating the unique key using the Julian's number based on the current time in the user terminal, using the generated verification value based on the current time. Generates a verification value for confirming whether the token is normally issued using the unique key generated from the current time, generates a virtual card number including the generated verification value and the token matched to the payment means, A token generating server for issuing a token;
An agent terminal for recognizing identification information corresponding to the virtual card number from the user terminal;
Receiving the authentication request including the recognized identification information through the merchant terminal and regenerating the verification value using the unique key generated from the generation time of the virtual card number, A token verification server for comparing the verification value included in the virtual card number and the corresponding virtual card number to authenticate the token included in the virtual card number; And
And a payment server for receiving a payment request including the token from the token verification server when the authentication for the token is completed and for making a payment with the payment means matched with the token. 6. The method of claim 5,
Wherein the token generation server generates the unique key using the Julian's number based on the current time. Generating a verification value for confirming whether the token is normally issued using the unique key generated from the current time through the key generation information after receiving the key generation information from the token generation server, A user terminal for generating a virtual card number including a token matched to the payment means and issuing a virtual card number to the token storage;
An agent terminal for recognizing identification information corresponding to the virtual card number from the user terminal;
Receiving the authentication request including the recognized identification information through the merchant terminal and regenerating the verification value using the unique key generated from the generation time of the virtual card number, A token verification server for comparing the verification value included in the virtual card number and the corresponding virtual card number to authenticate the token included in the virtual card number; And
And a payment server for receiving a payment request including the token from the token verification server when the authentication for the token is completed and for making a payment with the payment means matched with the token. 8. The method of claim 7,
Wherein the user terminal generates the unique key using a Julian's number based on the current time.
KR1020150056211A 2015-04-03 2015-04-21 Token authentication method and token authentication using verification value generated based on current time KR101624266B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/KR2015/009769 WO2016159462A1 (en) 2015-04-03 2015-09-17 Token authentication method and system using verification value generated on basis of current time

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR20150047577 2015-04-03
KR1020150047577 2015-04-03

Publications (1)

Publication Number Publication Date
KR101624266B1 true KR101624266B1 (en) 2016-05-26

Family

ID=56104819

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150056211A KR101624266B1 (en) 2015-04-03 2015-04-21 Token authentication method and token authentication using verification value generated based on current time

Country Status (2)

Country Link
KR (1) KR101624266B1 (en)
WO (1) WO2016159462A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019017525A1 (en) * 2017-07-20 2019-01-24 중부대학교 산학협력단 User authentication server and system
KR20200131021A (en) * 2019-05-13 2020-11-23 (주)한우리아이티 Method for managing card payment using member code
US11750597B2 (en) 2021-06-18 2023-09-05 Kyndryl, Inc. Unattended authentication in HTTP using time-based one-time passwords

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190087817A1 (en) * 2017-09-19 2019-03-21 Swarna Kumari Adari System and method for performing financial transactions using virtual swipe banking
CN112016918A (en) * 2019-05-30 2020-12-01 小米数字科技有限公司 Signature writing method, signature verification device and storage medium
GB2620370A (en) * 2022-06-28 2024-01-10 Mastercard International Inc Securely and efficiently using tokenised VCNs on electronic devices, and in e-commerce platforms

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101009914B1 (en) * 2010-06-03 2011-01-20 (주)지락인포메이션 Card payment mehtod using one time mobile card, payment module and payment approval server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010047335A1 (en) * 2000-04-28 2001-11-29 Martin Arndt Secure payment method and apparatus
KR20050097624A (en) * 2004-04-02 2005-10-10 최준수 A dynamic credit card informations recordable handphone and system thereof
KR100858552B1 (en) * 2006-12-29 2008-09-12 (주)엘엔아이소프트 Authentication system using synchronized authentication key
KR20140077013A (en) * 2012-12-13 2014-06-23 에스케이플래닛 주식회사 Payment system, electric payment method and apparatus for off-line commerce

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101009914B1 (en) * 2010-06-03 2011-01-20 (주)지락인포메이션 Card payment mehtod using one time mobile card, payment module and payment approval server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019017525A1 (en) * 2017-07-20 2019-01-24 중부대학교 산학협력단 User authentication server and system
KR20200131021A (en) * 2019-05-13 2020-11-23 (주)한우리아이티 Method for managing card payment using member code
KR102251543B1 (en) 2019-05-13 2021-05-13 (주)한우리아이티 Method for managing card payment using member code
US11750597B2 (en) 2021-06-18 2023-09-05 Kyndryl, Inc. Unattended authentication in HTTP using time-based one-time passwords

Also Published As

Publication number Publication date
WO2016159462A1 (en) 2016-10-06

Similar Documents

Publication Publication Date Title
US11829999B2 (en) Systems and methods for processing mobile payments by provisoning credentials to mobile devices without secure elements
KR101624266B1 (en) Token authentication method and token authentication using verification value generated based on current time
JP6889967B2 (en) Methods and systems for generating advanced storage keys on mobile devices without secure elements
CN105960776B (en) Token authentication using limited-use credentials
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
KR101236957B1 (en) System for paying credit card using mobile otp security of mobile phone and method therefor
EP3410376B1 (en) Credit payment method and device based on card emulation of mobile terminal
US20220311779A1 (en) Binding cryptogram with protocol characteristics
JP2018164281A (en) Method and system for executing secure authentication of user and mobile device without using secure element
US20160239835A1 (en) Method for End to End Encryption of Payment Terms for Secure Financial Transactions
WO2014092234A1 (en) Method for generating one-time card number
JP2008282408A (en) Internet business security system
CN103400265A (en) Quick payment method and system based on position information
KR101384846B1 (en) Simple payment method using mobile terminal
US10504116B2 (en) Verification for payment transactions
KR101550825B1 (en) Method for credit card payment using mobile
US20240078304A1 (en) Mobile user authentication system and method
KR101190745B1 (en) System for paying credit card using internet otp security of mobile phone and method therefor
US20200286072A1 (en) Information processing apparatus, information processing system, and information processing method, and program
CN104537298A (en) Authorizing method and device based on micro-processor card
KR101783802B1 (en) Method, apparatus and computer program for generating magnetic stripe information of numberless transaction cards
KR101669012B1 (en) System and method for payment using smart card and nfc communications
KR20230004041A (en) An apparatus for processing a distributed token for encrypted data of payment information to be used only by a specific franchisee and a method for operating it
CN115829577A (en) Authentication method, apparatus, system, medium, and program product
KR20150121991A (en) Payment method and payment server using hidden card

Legal Events

Date Code Title Description
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20190514

Year of fee payment: 4