KR101702748B1 - Method, system and recording medium for user authentication using double encryption - Google Patents

Abstract

A user authentication method, a system, and a recording medium using double encryption are disclosed. A user authentication method for an online payment service implemented by a computer includes the steps of: requesting registration of a payment means to be used in the online payment service; encrypting card information associated with the payment means using a private key; Encrypting the card information and the additional information using the private key, transmitting the re-encrypted data to the payment agency server, transmitting the encrypted card information using the first symmetric key (K4) Receiving the card identification information related to the registration requesting payment means, and completing the registration of the payment means by matching and storing the received card identification information and the encrypted card information.

Description

METHOD, SYSTEM AND RECORDING MEDIUM FOR USER AUTHENTICATION USING DOUBLE ENCRYPTION,

Embodiments of the present invention relate to a technique for authenticating a user using encryption in card payment.

Although the initial mobile communication terminal has merely a function of a portable phone, the mobile communication terminal now has various multimedia functions such as MP3 and wireless internet beyond merely a function of a telephone conversation.

Also, many additional services (for example, mobile games, wireless internet, etc.) that can use the multimedia functions of the mobile communication terminal are provided.

Most mobile communication terminals are capable of performing wireless Internet services using a wireless Internet browser (e.g., WAP browser, ME browser, etc.), and also capable of executing a wireless Internet platform (for example, GVM, BREW, You can now shop and make payments anywhere, anytime.

According to the above trend, a method of performing settlement using a credit card in a portable terminal equipped with a wireless Internet platform is disclosed in Patent Document 10-2010-0004676.

The present invention provides a user authentication method, a system, and a recording medium that prevent falsification and tampering due to the leakage of personal information or card information by providing a card settlement in a user terminal using encryption, and provide a secure transaction.

In addition, since the card settlement is provided by using the double encryption, the user can be authenticated without requesting the main information such as the resident registration number of the user, and the user authentication method for authenticating the user without additional authentication means such as mobile phone authentication System and a recording medium.

A user authentication method for an online payment service implemented by a computer includes the steps of: requesting registration of a payment means to be used in the online payment service; encrypting card information or account information associated with the payment means using a private key; Re-encrypting the encrypted card information or account information and the additional information using the private key, transmitting the re-encrypted data to the payment agency server, and transmitting the first symmetric key K4 to the payment agent server Receiving encrypted card information or account information and card identification information or account identification information associated with the requested payment means; And completing the registration of the payment means by matching and storing the received card identification information or the account identification information and the encrypted card information or account information.

According to an aspect of the present invention, the payment agent server generates a public key having a pair with the private key and the private key according to a request for registration of the payment means, So that the received data can be authenticated.

According to another aspect of the present invention, the payment agent server adds the personal information of the user requesting registration of the payment means to the supplementary information as the received data is authenticated, and adds the added data to the second symmetric key (K2), and transmit the data encrypted by the second symmetric key (K2) to the card company server or the bank server.

According to another aspect of the present invention, the card company server or the bank server shares the second symmetric key K2 with the settlement agency server, and uses the second symmetric key K2 to exchange data received from the settlement agency server And decides the card information or the account information corresponding to the acquired personal information in the card company database and encrypts the determined card information or account information using the third symmetric key K3, And transmits the card information or the account information encrypted with the third symmetric key K3 to the payment agency server.

According to another aspect, the card company server or the bank server calculates a hash value of each of a plurality of determined card information or account information when there is a plurality of card information or account information that matches the acquired personal information, Determines a hash value that matches the hash value of the card information or the account information received from the payment agent server among the plurality of hash values, and transmits the card information or the account information corresponding to the determined hash value to the third symmetric key (K3) You can encrypt it.

According to another aspect of the present invention, the step of receiving the card information or the account information and the card identification information or the account information related to the requested payment means may be performed by the card company server or the bank server using the third symmetric key (K3) Encrypted card information or account information using the first symmetric key (K4) at the payment agent server for the received card information or account information.

According to another aspect of the present invention, there is provided a method for receiving payment information, the method comprising: receiving a selection of information related to the registered payment means and payment information; and encrypting identification information of the payment information and the user terminal with the private key and transmitting the encrypted identification information to the payment agent server .

According to another aspect of the present invention, the payment agent server can authenticate the payment information and the user by decrypting the payment information encrypted with the private key and the identification information of the user terminal using the public key.

According to another aspect of the present invention, the information related to the registered payment means indicates a PIN number set for using the online payment service, and when proceeding to payment with a card, the payment information includes a card number, A CVC number, and an expiration date. When the settlement is made by the account transfer, the payment information indicates at least one of an account number, a security card number, and a password, and the identification information of the user terminal The phone number can be indicated.

A user authentication system for an online settlement service includes a registration request unit for requesting registration of a payment means to be used in the online settlement service, a card information or account information associated with the settlement means using a private key, Encrypting the card information or the account information and the additional information using the private key, transmitting the re-encrypted data to the payment agency server, and transmitting the encrypted information to the payment agent server using the first symmetric key (K4) An information transmitting and receiving unit for receiving the card information or the account information and the card identification information or the account identification information related to the registration requesting payment means and the received card identification information or the account information and the encrypted card information or account information And a registration processor for completing the registration of the payment means in accordance with the stored box There.

By providing the card or account transfer settlement at the user terminal using encryption, it is possible to prevent forgery and tampering caused by the leakage of personal information, card information, or account information, and to provide a secure transaction.

In addition, since the card or bank account settlement is provided using the double encryption, the user can be authenticated without requesting the main information such as the user's resident registration number, and the user can be authenticated without additional authentication means such as mobile phone authentication have.

1 is a diagram illustrating a user authentication system and a user terminal 101, according to an embodiment of the present invention.
FIG. 2 is a diagram illustrating a user authentication system, a settlement agency server 310, and a card issuer server according to an exemplary embodiment of the present invention.
3 is a block diagram illustrating an internal configuration of a user authentication system according to an embodiment of the present invention.
4 is a flowchart illustrating a user authentication method according to an embodiment of the present invention.
5A and 5B are flowcharts for explaining a specific process of double-encrypting card information for user authentication in an embodiment of the present invention.
FIG. 6 is a flowchart illustrating a process of processing user authentication and settlement using a payment service according to an exemplary embodiment of the present invention. Referring to FIG.
7 is a block diagram for explaining an example of the internal configuration of a computer system in an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

The present invention relates to a technology for authenticating a user by using encryption, and more particularly, to a technology for encrypting and providing card information when a card for purchasing goods is purchased from a user terminal. For example, in the present embodiments, encryption may represent a public key based encryption algorithm.

In the present embodiments, the 'card number' may indicate a virtual card number used in an online / mobile payment service as well as a number printed on a card issued when issuing a credit card or a check card.

In the present exemplary embodiments, the card information is registered in the online / mobile payment service and the payment is made using the card as an example. However, this corresponds to the embodiment, and in addition to the card information, the account information is double- , A settlement service through the account transfer may be provided. For example, in a case where the account information is registered and the purchase of goods through the account transfer proceeds, in this embodiment, a bank server may be used instead of the card company.

1 shows a user authentication system 100 and a user terminal 101 in an embodiment of the present invention. 1, the arrow indicates that data can be transmitted and received between the user terminal 101 and the user authentication system 100 using the wireless network.

The user terminal 101 may be a personal computer, a smart phone, a tablet, a wearable computer, a smart television, or the like, Or all of the terminal devices capable of installing and executing a connection service of a mobile site or a service dedicated application (hereinafter referred to as a " payment service application "). At this time, the user terminal 101 can perform service-wide operations such as service screen configuration, data input, data transmission / reception, and data storage under the control of a web / mobile site or a dedicated application.

The user authentication system 100 serves as a service platform for providing an online or mobile settlement service to a client. For example, the user authentication system 100 serves as a service platform for providing card settlement and simple card settlement services on-line or mobile.

At this time, the user authentication system 100 may be implemented in the form of an application on the user terminal 101, but is not limited thereto and may be implemented in a service platform that provides a payment service in a client-server environment It is possible. In particular, the user authentication system 100 can authenticate a user by double-encrypting card information used in a payment service.

FIG. 2 illustrates a user authentication system 200, a payment agency server 310, and a card issuer server 202 according to an exemplary embodiment of the present invention. 2, the arrow indicates that data can be transmitted and received between the user authentication system 200, the settlement agency server 310, and the card issuer server 202 using the wireless network.

2 shows the user authentication system 200, the settlement agency server 310 and the card issuer server 202. This corresponds to the embodiment, in which the account information is registered and the purchase of the goods through the account transfer proceeds A bank server may be used instead of the card company server.

In FIG. 2, the user authentication system 200 may be implemented as an application on a user terminal to provide a payment service. The user authentication system 200 may receive information for registering membership subscription information, payment means (e.g., a credit card, a check card, etc.) for using a payment service from a user, and may transmit the information to the payment agency server 310.

The settlement agency server 310 serves to mediate a card settlement service between the user authentication system 200 and the card issuer server 202. The settlement agency server 310 serves to mediate the membership of the user based on the membership subscription information received from the user authentication system 200 Can be processed. For example, the settlement agency server 310 may store and store user identification information (e.g., ID, phone number, etc.) and membership subscription information in a database of the settlement agency server. The settlement agency server 310 may encrypt the settlement means information and transmit it to the card company server 202 and may not store the settlement means information separately in the database of the settlement agency server. As described above, since the settlement means information is not separately stored, it is possible to prevent the use of card information or personal information leakage, tampering, and credit theft.

The card issuer server 202 can encrypt the card information of the users stored and managed in the database of the card issuer server and transmit the encrypted card information to the settlement agency server 201. At this time, the settlement agency server 201 can encrypt the encrypted card information again and transmit the encrypted card information to the user authentication system 200. That is, the card information transmitted to the user authentication system 200 is double-encrypted by the card issuer server 202 and the settlement agency server 201, so that the card information is hacked or the card issuer server 201 or the card issuer server 202 The symmetric key used for encryption in the card issuer server 202 and the symmetric key used for the encryption in the payment agency server 201 are not known, so that it is possible to prevent the up / down and secure payment service.

Hereinafter, the online or mobile settlement service environment is specifically described, but the present invention is not limited thereto, and the settlement service to which the present invention is applied may be implemented as an access environment of a web / mobile site.

FIG. 3 is a block diagram illustrating an internal configuration of a user authentication system according to an exemplary embodiment of the present invention. FIG. 4 is a flowchart illustrating a user authentication method according to an exemplary embodiment of the present invention.

3, the user authentication system 300 according to the present embodiment may include a processor 310, a bus 320, a network interface 330, a memory 340, and a database 350 . The memory 340 may include an operating system 341 and a service providing routine 342. The processor 310 may include a registration request unit 311, an encryption unit 312, an information transmission / reception unit 313, a registration processing unit 314, and a payment processing unit 315. In other embodiments, the user authentication system 300 may include more components than the components of FIG. 3, or some of the components may be omitted

The memory 340 may be a computer-readable recording medium and may include a permanent mass storage device such as a random access memory (RAM), a read only memory (ROM), and a disk drive. Also, the memory 340 may store program codes for the operating system 341 and the service providing routine 342. [ These software components may be loaded from a computer readable recording medium separate from the memory 340 using a drive mechanism (not shown). Such a computer-readable recording medium may include a computer-readable recording medium (not shown) such as a floppy drive, a disk, a tape, a DVD / CD-ROM drive, or a memory card. In other embodiments, the software components may be loaded into the memory 340 via the network interface 330 rather than from a computer readable recording medium.

The bus 320 may enable communication and data transfer between the components of the user authentication system 300. The bus 320 may be configured using a high-speed serial bus, a parallel bus, a Storage Area Network (SAN), and / or other suitable communication technology.

Network interface 330 may be a computer hardware component for connecting user authentication system 300 to a computer network. The network interface 330 may connect the user authentication system 300 to a computer network via a wireless or wired connection.

The database 350 is configured by a payment service application and stores identification information (e.g., ID, phone number) of a user registered in the payment service, a password (e.g. pin information) And maintains.

The processor 310 may be configured to process instructions of a computer program by performing basic arithmetic, logic, and input / output operations of the user authentication system 300. [ The instructions may be provided by the memory 340 or the network interface 330 and to the processor 310 via the bus 320. The processor 310 may be configured to execute program codes for the registration requesting unit 311, the encrypting unit 312, the information transmitting and receiving unit 313, the registration processing unit 314, and the payment processing unit 315. Such a program code may be stored in a recording device such as the memory 340. [

The registration requesting unit 311, the encrypting unit 312, the information transmitting and receiving unit 313, the registration processing unit 314 and the settlement processing unit 315 correspond to the steps 401 to 406, 510 to 531, 610 to 617). 4 to 6, a description will be made on the assumption that authentication is performed with respect to users who have completed subscription to use an online / mobile payment service.

In step 401, the registration request unit 311 requests the payment gateway server to register the payment means (e.g., credit card, check card, etc.) to be used in the online / mobile payment service for ordering or purchasing goods .

In step 402, the encryption unit 312 may encrypt the card information using the private key (KV) received from the payment agent server as a response to the payment method registration request.

For example, when the user terminal desires to use card simple settlement, the encryption unit 312 can receive card information such as a card number, expiration date, and CVC information to be used for payment from the user. Then, the encryption unit 312 can encrypt the inputted card number, validity period, CVC information, etc. using the private key (KV). At this time, a plurality of card information may be input. For example, when three cards are to be registered, card information for each of the three cards can be input, and the encryption unit 312 can encrypt each of the three cards with the private key (KV).

In step 403, the encryption unit 312 may re-encrypt the additional information together with the encrypted card information into the private key (KV). Here, the additional information may include at least one of a partial card number of a registration-requested card, and a user terminal number. For example, the partial card number may indicate a four-digit number at the end of the entire card number, and the user terminal number may indicate a mobile phone number (for example, 010-xxxx-yyyy).

In step 404, the information transmission / reception unit 313 can transmit the encrypted card information and the additional information to the payment agency server. Here, the card information requested to be registered may be encrypted once with the private key (KV), and encrypted with the private key (KV) when the additional information is added.

 In step 405, the information transmission / reception unit 313 may receive the encrypted card information and the card identification information (e.g., the ID of the card requested for registration) from the payment agency server. Here, the encrypted card information may represent card information encrypted with a symmetric key K4 known only to the payment agent server.

In step 406, the registration processing unit 314 can complete the registration of the settlement means by matching the encrypted card information and the card identification information (e.g., the ID of the card requested for registration) in the database and storing it in the database. Upon completion of the registration of the payment means, the payment processing unit 315 may receive the PIN number for user authentication from the user and provide the payment service through the process of selecting the registered payment means.

5A and 5B are flowcharts for explaining a specific process of double-encrypting card information for user authentication in an embodiment of the present invention.

In step 510, the user authentication system 501 may request a private key from the payment agent (PG) server 502 for registration of the payment means.

In step 511, the payment agent server 502 may generate a private key and a public key corresponding to the user who requested the registration of the payment means. Here, the private key (KV) and the public key (KB) are keys forming a pair, and may represent a key used in a public key based encryption algorithm.

In step 512, the payment agent server 502 stores the generated public key (KB) in the database of the payment agent server, and transmits the private key (KV) to the user authentication system 501 without storing the private key (KV).

In step 513, when the private key (KV) is temporarily stored in the database of the settlement agency server 502 for the purpose of retransmitting the private key (KV), the settlement agency server 502 transmits the private key (KV) May be deleted from the database of the settlement agency server after being transmitted to the user authentication system 501. [

In step 514, the user authentication system 501 can hash the card information of the registration-requested card. For example, the user authentication system 501 can receive card information such as a card number, a CVC number, and an expiration date associated with the card requested for registration from the user through the user terminal. Then, the user authentication system 501 can hash the hash value of the input card information by generating it using a hash function such as SHA1.

In step 515, the user authentication system 501 can encrypt the hashed card information using the private key (KV) received from the payment agent server 502. At this time, the user authentication system 501 can encrypt the hashed card information and the partial card number (for example, four digits at the end of the card number) together with the private key (KV). For example, the user authentication system 501 can encrypt the hash value and the partial card number of the card information generated through the hashing with the private key (KV).

In step 516, the user authentication system 501 performs hashing on the entire data obtained by encrypting the card information and the partial card number using the private key, encrypts the hashed data with the private key (KV) Can be generated. Here, the partial card number may be additional information, and the additional information may further include a user terminal number in addition to the partial card number.

In step 517, the user authentication system 501 may transmit the re-encrypted data to the payment agent server 502 with the private key KV.

In step 518, the payment agency server 502 can verify the data by decrypting the re-encrypted data received from the user authentication system 501 using the public key (KB).

For example, the payment agent server 502 may decrypt the hashed data and the partial card number encrypted with the private key (KV) into a public key (KB) paired with the private key (KV). The payment agency server 502 can extract the digital signature value for the hashed data through the decryption and can verify the data based on the digital signature value.

In step 519, the payment agent server 502 may add the user's personal information to the verified data to generate a packet.

For example, the settlement agency server 502 can acquire the personal information of the user inputted at the time of member registration from the database of the payment agent server based on the user ID or the phone number of the user terminal. Here, the personal information may include the user's name, sex, date of birth, telephone number, and the like. For example, payment agency server 502 may obtain personal information matched to an ID that matches the user's ID from the database of the payment agent server. Then, the payment agent server 502 may add the acquired personal information to the hashed data and the partial card number to generate a packet. For example, the payment agency server 502 may add the personal information to the end of the packet of the hashed data and the partial card number obtained through the decryption to generate the packet.

In step 520, the payment agent server 502 may encrypt the generated packet with the symmetric key K2. The symmetric key K2 is a shared key that is promised between the settlement agency server 502 and the card issuer server 503 in advance and can represent a key known only to the settlement agency server 502 and the card issuer server 503. [ At this time, the process of encrypting the packet with the symmetric key K2 may be replaced with the interval encryption.

In step 521, the payment agent server 502 may transmit the packet encrypted with the symmetric key K2 to the card issuer server 503. [

In step 522, the card issuer server 503 can receive and decrypt the packet encrypted with the symmetric key K2. The card issuer server 503 can decrypt the encrypted packet using the symmetric key K2 shared with the payment agent server. The card issuer server 503 can obtain the hashed data, partial card number, and personal information through decryption. At this time, if there are a plurality of cards requested to be registered, the hashed data and the partial card number for each requested card can be obtained. For example, when three cards are registered, the card issuer server 503 can obtain the hashed data, the partial card number, for each of the three cards through the decryption.

In step 523, the card issuer server 503 can determine matching card information in the database of the card issuer server based on at least one of the partial card number and the personal information. For example, the personal information and the card information of the user who issued the card may be stored and maintained in the database of the card company server. Then, the card issuer server 503 can determine the card number matched with the personal information that matches the personal information obtained through the decryption. For example, it is possible to determine card information that matches the user's name, sex, telephone number, date of birth, and the like. At this time, when there are a plurality of pieces of card information whose personal information matches, the card information matching the partial card information obtained through the decryption among a plurality of pieces of card information whose personal information of the card issuer server 503 matches can be determined.

In step 524, the card issuer server 403 can hash the determined card information. For example, the card issuer server 403 can generate a hash value of the determined card information using a hash function such as SHA1.

In step 525, the hash value (i.e., hashed data) of the card information received from the payment agent server 502 is compared with the generated hash value, and when the comparison result matches, . ≪ / RTI >

In step 526, the card issuer server 403 may encrypt the card information corresponding to the comparison result among the card information stored in the database of the card issuer server, using the symmetric key K3. Here, the symmetric key K3 may be a unique key that only the card issuer server 403 knows.

In step 527, the card issuer server 503 may transmit the card information encrypted with the symmetric key K3 to the payment agent server 502. [ For example, the card issuer server 503 may transmit the card information encrypted with the symmetric key K3 to the payment agent server 502 together with information indicating that the user is successfully authenticated.

In step 528, the payment agency server 502 receives the card information encrypted with the symmetric key K3 from the card issuer server 503, and can generate corresponding card identification information (e.g., card ID). For example, as information indicating the success of user authentication is received, the payment agency server 502 can generate card identification information (e.g., card ID) corresponding to the card information encrypted with the symmetric key K3. The payment agency server 502 may store and maintain the generated card identification information in the database of the payment agency server by matching the personal identification information of the registered user at the time of membership registration. Thus, the payment agency server 502 stores only the card identification information, but does not store the card information such as the card number, the expiration date, and the CVC number, so that the risk of hacking or information leakage can be reduced.

In step 529, the payment agency server 502 may re-encrypt the card information encrypted with the symmetric key K3 using the symmetric key K4. Here, the symmetric key K4 may represent a unique key known only to the payment agent server. As described above, the card information encrypted by the symmetric key K3 in the card issuer server 503 can be double-encrypted once again from the payment agency server 502 to the symmetric key K4, and the card issuer server 503 and the payment agency server 502, the two symmetric keys (K3, K4) are not known, so that it is possible to prevent card overmodulation.

 In step 530, the payment agent server 502 may transmit the card information and the generated card identification information (e.g., card ID) to the user authentication system 501 using the symmetric key K4.

In step 531, the user authentication system 501 may complete the registration of the payment means requested to be registered by matching the double-encrypted card information received from the payment agent server 502 with the card identification information and storing the same in the database.

Hereinafter, an operation of providing an online / mobile payment service using the registered payment means will be described with reference to FIG.

FIG. 6 is a flowchart illustrating a process of processing user authentication and settlement using a payment service according to an exemplary embodiment of the present invention. Referring to FIG. In FIG. 6, as an example of the payment information, a process of selecting the card information and processing the settlement will be described as an example.

In step 610, the user authentication system 601 receives information related to the previously registered payment means from the user, and selects the registered card. For example, the user authentication system 601 can receive a PIN set by the user when registering the payment means to use the payment service. If the input PIN number matches the pre-registered pin number, the user authentication system 601 may provide at least one registered payment means to the user terminal. For example, when three credit cards are registered for the payment service, the user authentication system 601 transmits a screen for selecting one of the three credit cards and three credit cards to be used for payment of the current product to the user And display it on the terminal.

In step 611, when the card is selected, the user authentication system 601 can obtain the double-encrypted card information based on the card identification information of the selected card in the database. Then, the user authentication system 601 can digitally sign the double-encrypted card information using the private key (KV) received from the payment agent server 602. [

In step 612, the user authentication system 601 may transmit the digitally signed card information to the payment agency server 602.

In step 613, the payment agent server 602 can authenticate the card information received from the user authentication system 601. [ For example, the payment agent server 602 may decrypt the card information received from the user authentication system 601 using the public key (KB), and extract the signature value of the double-encrypted card information through decoding. Then, the payment agent server 602 can authenticate the double-encrypted card information based on the extracted signature value.

At this time, the payment agent server 602 can use the phone number of the user terminal, the card identification information (card ID), and the like when authenticating the double-encrypted card information. For example, the payment agency server 602 may receive personal identification information corresponding to the card identification information among the card identification information stored in the database of the payment agent server, so that the telephone number of the user included in the personal information corresponds to the phone number of the user terminal If the match is successful, the authentication can be determined to be successful, and if not, the authentication failure can be determined.

In step 614, when the authentication is successful, the payment agency server 602 can decrypt the double-encrypted card information using the symmetric key K4. As decrypted with the symmetric key K4, the card information may be single encrypted card information with the symmetric key K3.

In step 615, the payment agent server 602 may transmit the card information decrypted by the symmetric key K4 to the card issuer server 603. [

In step 616, the card issuer server 603 may decrypt the card information received from the payment agent server 602 again with the symmetric key K3.

In step 617, the card issuer server 603 confirms whether or not the card information decrypted by the symmetric key K3 matches the card information stored in the card issuer server 603, and if it coincides, can perform the settlement processing. For example, the card issuer server 603 can confirm whether or not the decrypted card number, the CVC number, and the validity period coincide with the card number, the CVC number, and the validity period matched with each other in the database of the card issuer server.

If they match, the card issuer server 603 can proceed with the settlement processing. For example, the card issuer server 603 may transmit a message to the payment agency server 602 indicating that the card authentication success payment is proceeding. Then, the payment agency server 602 can transmit a message indicating the payment progress to the user authentication system 601. [ The user authentication system 601 can display a message such as payment in progress, a screen showing the progress of payment, and the like on the user terminal. At this time, when the settlement processing is completed, the card company server 603 delivers the settlement complete message to the settlement agency server 602, and the settlement agency server 602 can deliver the settlement complete message to the user authentication system 601. [ Then, the user authentication system 601 can display a message such as the payment has been completed, and a payment completion screen on the user terminal.

On the other hand, when the user terminal requesting the registration of the payment means is changed, and the changed user terminal requests the payment service, the user authentication system may process the user authentication as failure and request re-registration of the payment means for use of the payment service have. For example, the steps 510 to 523 of FIGS. 5A and 5B may be performed again to request the user to re-register the authentication and payment means. As a result, it is possible to prevent payment due to illegal phone or card information leakage.

7 is a block diagram for explaining an example of the internal configuration of a computer system in an embodiment of the present invention.

7, a computer system 700 includes at least one processor 710, a memory 720, a peripheral interface 730, an I / O subsystem, A power circuit 740, a power circuit 750, and a communication circuit 760. At this time, the computer system 700 may correspond to a user terminal.

The memory 720 may include, for example, a high-speed random access memory, a magnetic disk, a SRAM, a DRAM, a ROM, a flash memory, or a non-volatile memory. have. The memory 720 may include software modules, a set of instructions, or various other data required for operation of the computer system 700. At this point, accessing memory 720 from other components, such as processor 710 or peripheral device interface 730, may be controlled by processor 710.

Peripheral device interface 730 may couple the input and / or output peripheral devices of computer system 700 to processor 710 and memory 720. The processor 710 may execute a variety of functions and process data for the computer system 700 by executing a software module or set of instructions stored in the memory 720.

The input / output subsystem 740 may couple various input / output peripheral devices to the peripheral interface 730. For example, input / output subsystem 740 may include a controller for coupling a peripheral device such as a monitor, keyboard, mouse, printer, or a touch screen or sensor, as needed, to peripheral interface 730. According to another aspect, the input / output peripheral devices may be coupled to the peripheral device interface 730 without going through the input / output subsystem 740.

The power circuitry 750 may provide power to all or a portion of the components of the terminal. For example, the power circuitry 750 may include one or more power sources, such as a power management system, a battery or alternating current (AC), a charging system, a power failure detection circuit, a power converter or inverter, And may include any other components for creation, management, distribution.

The communication circuitry 760 may enable communication with other computer systems using at least one external port. Or as described above, the communication circuitry 760 may also communicate with other computer systems by sending and receiving RF signals, also known as electromagnetic signals, including RF circuits.

7 is merely an example of a computer system 700, and the computer system 700 may have additional components that are omitted from FIG. 7, or that are not shown in FIG. 7, Lt; RTI ID = 0.0 > components. ≪ / RTI > For example, in addition to the components shown in FIG. 7, a computer system for a communication terminal in a mobile environment may further include a touch screen, a sensor, etc., and various communication methods (WiFi, 3G, LET , Bluetooth, NFC, Zigbee, etc.). The components that may be included in computer system 700 may be implemented in hardware, software, or a combination of both hardware and software, including one or more signal processing or application specific integrated circuits.

The methods according to embodiments of the present invention may be implemented in the form of a program instruction that can be executed through various computer systems and recorded in a computer-readable medium.

The program according to the present embodiment can be configured as a PC-based program or an application dedicated to a mobile terminal. The payment service application according to the present embodiment may be implemented as a program operating independently or in an in-app form of a specific application, and may be implemented to operate on the specific application.

Also, the methods according to embodiments of the present invention may be performed by a payment service application controlling a user terminal. Such an application can be installed in a user terminal through a file provided by a file distribution system. For example, the file distribution system may include a file transfer unit (not shown) for transferring the file at the request of the user terminal.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the apparatus and components described in the embodiments may be implemented within a computer system, such as, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA) A programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For ease of understanding, the processing apparatus may be described as being used singly, but those skilled in the art will recognize that the processing apparatus may have a plurality of processing elements and / As shown in FIG. For example, the processing unit may comprise a plurality of processors or one processor and one controller. Other processing configurations are also possible, such as a parallel processor.

The software may include a computer program, code, instructions, or a combination of one or more of the foregoing, and may be configured to configure the processing device to operate as desired or to process it collectively or collectively Device can be commanded. The software and / or data may be in the form of any type of machine, component, physical device, virtual equipment, computer storage media, or device , Or may be permanently or temporarily embodied in a transmitted signal wave. The software may be distributed over a networked computer system and stored or executed in a distributed manner. The software and data may be stored on one or more computer readable recording media.

The method according to an embodiment may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions to be recorded on the medium may be those specially designed and configured for the embodiments or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape; optical media such as CD-ROMs and DVDs; magnetic media such as floppy disks; Magneto-optical media, and hardware devices specifically configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include machine language code such as those produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. For example, it is to be understood that the techniques described may be performed in a different order than the described methods, and / or that components of the described systems, structures, devices, circuits, Lt; / RTI > or equivalents, even if it is replaced or replaced.

Therefore, other implementations, other embodiments, and equivalents to the claims are also within the scope of the following claims.

Claims (10)

A user authentication method for a computer-implemented online payment service,
Requesting the settlement agency server to register the payment means to be used in the online settlement service;
Encrypting card information or account information associated with the payment means using a private key;
Re-encrypting the encrypted card information or account information and the additional information using the private key;
Transmitting the re-encrypted data to the payment agency server;
Receiving the card information or the account information encrypted using the first symmetric key (K4) at the payment agent server and the card identification information or the account identification information related to the requested payment means; And
Completing the registration of the payment means by matching and storing the received card identification information or account identification information and the encrypted card information or account information
Lt; / RTI >
Wherein the step of receiving the card information or the account information and the card identification information or the account identification information related to the requested payment means,
Encrypted card information or account information using the first symmetric key (K4) in the card issuer server or the bank server for the card information or account information encrypted using the third symmetric key (K3) To receive
The user authentication method comprising: The method according to claim 1,
The payment agency server,
Generating a public key that is a pair with the private key and the private key as the registration of the payment means is requested,
Encrypting the re-encrypted data using the public key, and authenticating the received data
The user authentication method comprising: 3. The method of claim 2,
The payment agency server,
Adding the personal information of the user requesting registration of the payment means to the additional information as the received data is authenticated,
Encrypting the data to which the personal information is added by using the second symmetric key K2 and transmitting the data encrypted by the second symmetric key K2 to the card company server or the bank server
The user authentication method comprising: A user authentication method for a computer-implemented online payment service,
Requesting the settlement agency server to register the payment means to be used in the online settlement service;
Encrypting card information or account information associated with the payment means using a private key;
Re-encrypting the encrypted card information or account information and the additional information using the private key;
Transmitting the re-encrypted data to the payment agency server;
Receiving the card information or the account information encrypted using the first symmetric key (K4) at the payment agent server and the card identification information or the account identification information related to the requested payment means; And
And completing the registration of the payment means by matching and storing the received card identification information or the account identification information and the encrypted card information or account information,
The payment agency server,
The public key generating unit generates a public key that is a pair with the private key and the private key according to the request for registration of the payment unit, decrypts the re-encrypted data using the public key, and,
Adding the personal information of the user requesting the registration of the payment means to the additional information as the received data is authenticated, encrypting the data to which the personal information is added using the second symmetric key (K2) Transmits data encrypted with the symmetric key K2 to a card company server or a bank server,
The card company server or the bank server,
Sharing the second symmetric key (K2) with the payment agent server, decrypting the data received from the payment agent server using the second symmetric key (K2), acquiring the personal information,
Determining card information or account information that matches the obtained personal information in a card company or a bank database,
Encrypting the determined card information or account information by using the third symmetric key K3 and transmitting the card information or the account information encrypted by the third symmetric key K3 to the payment agency server
The user authentication method comprising: 5. The method of claim 4,
The card company server or the bank server,
Calculating a hash value of each of a plurality of determined card information or a plurality of account information when there is a plurality of card information or account information coinciding with the obtained personal information, Determines a hash value that matches the hash value of the card information or the account information, and encrypts the card information or the account information corresponding to the determined hash value with the third symmetric key (K3)
The user authentication method comprising: delete The method according to claim 1,
Receiving a selection of information related to the registered payment means and payment information; And
Encrypting the payment information and the identification information of the user terminal with the private key and transmitting the encrypted information to the payment agent server
Further comprising: 8. The method of claim 7,
The payment agency server,
The payment information and the user are authenticated by decrypting the payment information encrypted with the private key and the identification information of the user terminal using the public key
The user authentication method comprising: 8. The method of claim 7,
The information related to the registered payment means is,
A PIN number set for using the online settlement service,
When payment is to be made with a card, the payment information indicates at least one of a card number, a CVC number, and an expiration date,
When payment is to be made by wire transfer, the payment information indicates at least one of an account number, a security card number, and a password,
The identification information of the user terminal may include a phone number of the user terminal
The user authentication method comprising: A user authentication system for an online payment service,
A registration request unit for requesting a settlement agency server to register a payment means to be used in the online settlement service;
An encryption unit for encrypting card information or account information associated with the payment means by using a private key, and re-encrypting the encrypted card information or account information and the additional information using the private key;
And transmits the re-encrypted data to the settlement agency server. The card information or the account information encrypted by using the first symmetric key (K4) and the card identification information or the account identification information related to the requested payment means An information transmitting / receiving unit receiving the information; And
And a registration processing unit for completing the registration of the payment means by matching and storing the received card identification information or the account identification information and the encrypted card information or account information,
Lt; / RTI >
The information transmission /
Encrypted card information or account information using the first symmetric key (K4) in the card issuer server or the bank server for the card information or account information encrypted using the third symmetric key (K3) To receive
And a user authentication system.

Images