KR20080051198A - Authentication system and method for approval - Google Patents

Abstract

A system and a method for authenticating payment are provided to improve security and reliability of a payment process by continuously performing first authentication by using an RFID(Radio Frequency IDentification), a card number, and a password received from a mobile terminal, and second authentication by using a unique conversion code of the mobile terminal. A mobile terminal(30) includes an RFID chip storing an RFID, and generates a conversion code changed in real-time by referring to a real-time change file received from a second authentication system comprising a second authentication server(44). A first authentication system includes a medium, a payment relay server(38), a bank or credit card company server(40), and an authentication server(42), performs authentication by using the RFID received from the mobile terminal and a part of the conversion code. The second authentication system has the same conversion code as the mobile terminal, and performs the authentication by using the entire conversion code received from the mobile terminal. The mobile terminal comprises a usual communication module, an RF communication module transmitting the RFID, and an optical communication module transmitting the conversion code.

Description

Payment certification system and method {AUTHENTICATION SYSTEM AND METHOD FOR APPROVAL}

1 is a view conceptually showing the online payment process as a general payment method,

2 is a view conceptually showing a payment process on-line as a general payment method;

3 is a view schematically showing an online payment authentication system according to a first embodiment of the present invention;

4 is a configuration diagram of a mobile terminal according to a first embodiment of the present invention;

5 is a configuration diagram of a reader according to a first embodiment of the present invention;

6 is a flow chart related to the payment authentication method on-line according to the first embodiment of the present invention;

7a to 7c is a payment process display screen according to the present invention,

8 is a flowchart of a method of confirming payment details online according to a first embodiment of the present invention;

9 is a diagram schematically showing a payment authentication system in an offline state according to a second embodiment of the present invention;

10 is a flowchart illustrating a payment authentication method in offline mode according to a second embodiment of the present invention;

11 is a flowchart illustrating a payment history confirmation method in the offline embodiment according to the second embodiment of the present invention.

Explanation of symbols on the main parts of the drawings

30, 50: mobile terminal 32: reader

34: PC 36: Web Server

38, 54: payment relay server 40, 56: bank / card company

42, 58: authentication server 44, 60: secondary authentication server

The present invention relates to a payment authentication system and method, and more particularly, a first authentication using an RFID, a card number and a password between a mobile terminal and a primary authentication system, and a conversion code between a mobile terminal and a secondary authentication system. The present invention relates to a payment authentication system and method for successively performing second authentication to enhance security and reliability of a payment process.

As a form of performing a financial settlement, it may be classified into a form of performing an online settlement or an offline settlement.

That is, the payment is generally classified into a form in which a payment is performed by connecting to a network (internet) using a normal PC with a certificate, or using a (card) payment machine installed in each store on-line. In these settlements, it is essential to verify the identity of the creditors and the trustworthiness of the creditors. Therefore, all financial settlements go through the “certification” process. The process of on-line and off-line processing of the authentication process will be described in more detail as follows.

1 is a diagram conceptually showing an online payment process as a general payment method.

Referring to FIG. 1, as a system basically required for performing payment online, a general PC 10 used by a buyer, a web server 12 operating a website for selling goods, and payment for relaying payment To the relay server 14, the bank / card company 16 that performs the payment in response to the payment request of the payment relay server 14, and the PC 10, the web server 12, and the payment relay server 14 described above. There may be an authentication server 18 for transmitting and receiving respective authentication related data. Here, the payment relay server 14 refers to a server owned by a value-added network (VAN) provider.

When a buyer wants to purchase an item, the purchaser purchases the corresponding item using the PC 10 used by the buyer and performs the payment. At this time, the payment is made through a certificate for personal security, and the representative example is an X.509 certificate having a public key infrastructure. When the authentication is made, the payment method such as lump sum payment or installment and card number are transferred from the PC 10 to the web server 12, and the web server 12 requests payment processing to the payment relay server 14. The payment relay server 14 requests a certificate inquiry to the authentication server 18. When the authentication server 18 notifies the payment relay server 14 that authentication has been normally performed, the payment relay server 14 requests the bank / card company 16 for payment. In this case, the bank / card company 16 performs the payment, and the data on which the payment is performed is transmitted to the web server 12 via the payment relay server 14.

However, in the existing online payment process, there is only a first security step through the authentication server 18, which is a situation that requires enhanced security. That is, since authentication is performed using only the card number used by the purchaser, there is a security limitation.

2 is a view conceptually showing a payment process on-line as a general payment method.

Referring to FIG. 2, a system that is basically required for performing payment offline, includes a card 20 owned by a purchaser, a card payment machine 22 for reading the card 20, and a payment relay server for relaying payment. (V) (VAN), the bank / card company 26 that performs the payment in response to the payment request of the payment relay server 24, and each of the authentication with the card payment machine 22, payment relay server 24 described above There may be an authentication server 28 for transmitting and receiving related data.

When the buyer wants to purchase the goods, the payment is performed using the card payment machine 22 provided for each store. That is, the card 20 is read by the card payment machine 22, and the payment is performed using the read card number. The payment process is similar to the online process described above. When the card payment machine 22 connects to the payment relay server 24, the payment process is performed using the credit information database server owned by the payment relay server 24. Or the above authentication process.

As described above, in the case of using the card payment machine 22 to perform an offline payment, a credit line database server owned by the payment relay server 24 is connected via a dedicated line or a telephone network to receive the inquiry or authentication result. Therefore, data processing is stable and has advantages in terms of time and cost.

However, this also has a need for enhanced security because the authentication and payment process is made using only the card number as in online. In addition, there is a problem such as card theft (copying) since the real use of the actual "card" on the offline. In addition, since the card information is stored in the magnetic tape, the card can be easily copied and the card information is lost due to magnetic components.

As such, the online and offline payment systems are in need of enhanced security due to the security limitation of performing payments using only the card number. I need it.

On the other hand, as the use of mobile terminals including mobile phones, PDAs, etc. has become popular, various additional functions have been added to the mobile terminals. As a representative example, data communication will be performed using a mobile terminal. Such as downloading or streaming data such as music, video, and games using a mobile terminal, performing various multimedia functions such as DMB, or adding a specific chip to the mobile terminal to perform a payment such as a transportation fee or a small amount. Yes.

As the function of the mobile terminal is diversified as described above, various mobile terminals having specific functions have been released. In particular, recently, by adding a card to the mobile terminal, the payment service through the mobile terminal enables the user to have the convenience of not having a card. To provide.

By the way, the mobile terminal with a built-in card can provide the user's convenience, but this also requires a security enhancement by performing the payment only through the first authentication process as in the online and offline payment. .

Accordingly, an object of the present invention is to solve the above-mentioned problems of the prior art, by embedding an RFID chip in a mobile terminal and generating a conversion code that changes in real time, and a user including a conversion code in addition to the existing primary authentication server. By separately preparing a secondary authentication server having all the information, the first authentication through the RFID, card number and password, and secondly by continuously performing the authentication for the unique conversion code only the mobile terminal has The present invention provides a payment authentication system and method for enhancing security and improving reliability of a payment process.

One aspect for achieving the object of the present invention is a mobile terminal having an identifier chip (chip) stored therein, generating a conversion code that changes in real time with reference to the real-time change file transmitted from the secondary authentication server; A primary authentication system for performing authentication using a part of an identifier and a conversion code transmitted from the mobile terminal; And a secondary authentication system having the same conversion code as the conversion code and performing authentication using all of the conversion codes transmitted from the mobile terminal.

The mobile terminal may include a general communication module (Code Division Multiple Access (CDMA), Time Division Multiple Access (TDMA), Wireless Local Area Network (W-LAN), and Wireless BROadband (WIBRO)) that perform communication; RF (Radio Frequency) communication module for transmitting the identifier; And an optical communication module for transmitting the conversion code. The optical communication module uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser.

The primary authentication system includes: an intermediary means for reading and transmitting an identifier and a conversion code from the mobile terminal; A payment relay server which relays the payment using the identifier transmitted from the intermediary means; A bank server or a card company server for performing the payment; And an authentication server that performs authentication in response to the authentication request of the medium and the payment relay server. At this time, the intermediary means, the reader for reading the identifier and the conversion code; And a normal PC connected to the reader. The reader and the PC are connected to any one interface of RS232, RS422, UTP, and USB. In addition, the intermediary means may be a payment device including a radio frequency (RF) communication module for receiving the identifier and an optical communication module for receiving the conversion code. The optical communication module uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser.

The secondary authentication system includes a secondary authentication server that performs secondary authentication by comparing the conversion code in response to the secondary authentication request of the payment relay server.

The identifier chip is a radio frequency identification (RFID) chip or a subscriber identification module (Subscriber Identification Module) card. In this case, the identifier is RFID (Radio Frequency IDentification), and the conversion code is a compression and encryption of RFID, social security number, mobile terminal valid number, telephone number, card number and real-time change file.

On the other hand, another aspect for achieving the object of the present invention, a. Performing primary authentication by using a part of the identifier transmitted from a mobile terminal including an identifier chip having an identifier stored therein and a conversion code described below; And b. And performing a second authentication through a second authentication server by using the conversion code transmitted from a mobile terminal for generating a conversion code that changes in real time with reference to a real-time change file transmitted from a second authentication server. It relates to a payment authentication method to perform.

A. The method may include: transmitting the identifier and the conversion code by accessing a mobile terminal to an intermediate means; Relaying a payment at a payment relay server using a card number which is part of the identifier and the conversion code; Performing a payment at a bank server or a card company server in response to a payment request of the payment relay server; And performing authentication at the authentication server in response to the authentication request from the intermediary means and the payment relay server. The identifier is transmitted through RF (Radio Frequency) communication, and the conversion code is transmitted through optical communication. The optical communication uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser. The step of transmitting the identifier and the conversion code is via a PC through which the medium communicates through any one interface of RS232, RS422, UTP, or USB.

B. The method may include requesting second authentication from the payment relay server relaying the payment to the second authentication server; Disassembling and converting the conversion code in response to the second authentication request; And performing a second authentication if the conversion code is the same as a result of the conversion code comparison. After the second authentication, the real-time change file is changed and stored and transferred to the mobile terminal.

A. Receiving a real-time change file transmitted from the second authentication server before the step and generating a file combined with user specific information; And when the user selects a specific card, further combining the card number with the combined file to finally generate a conversion code.

The identifier is Radio Frequency Identification (RFID). The conversion code is a compression and encryption of RFID, social security number, mobile terminal valid number, telephone number, card number and real-time change file.

Further checking the password between the payment relay server and the mobile terminal between the first authentication and the second authentication. The password input is made through a mobile communication network.

B. After the step, the step of printing the payment result accompanying authentication further proceeds.

B. After the step of confirming the payment result accompanying the authentication, the step of requesting the payment result to the secondary authentication server in the mobile terminal; Comparing the payment result of each of the other servers stored in the payment process at the second authentication server; And transmitting the comparison result to the mobile terminal.

Hereinafter, with reference to the accompanying drawings will be described in detail a preferred embodiment of the present invention.

3 is a view schematically showing an online payment authentication system according to a first embodiment of the present invention.

As shown in FIG. 3, the online payment authentication system according to the present invention includes a mobile terminal 30 and a mobile terminal 30 that generate a conversion code that changes in real time while embedding a radio frequency identification (RFID) chip. A reader 32 for reading RFID and a conversion code from a network, a general personal computer (34) for transmitting RFID and a conversion code over a network, and a web server (36) for operating a website for selling goods. , The payment relay server 38 which relays the payment and performs the second authentication request and processing, the bank / card company 40 which performs the payment in response to the payment request of the payment relay server 38, and the PC described above. (34), an authentication server 42 for transmitting and receiving respective authentication related data to the web server 36 and the payment relay server 38, and performs security on the conversion code in response to the second authentication request and enhances security. Real-time change for real time It consists of passing the file to the mobile terminal 30 and the changed real-time changes files on a secondary authentication server 44 to end databased.

On the other hand, the secondary authentication server 44, it is also desirable to provide a separate database for managing the mileage according to the use of the mobile terminal 30, including basic user management. Accordingly, the mileage may be applied to an affiliated store that can be formed in a network form and a store that can be formed locally. At this time, in order to apply the mileage in the stores organized by region, each store should form a network having the same concept as the affiliated store.

Here, the payment relay server 38 means a server provided by a value-added network (VAN) provider. In addition, the payment relay server 38 has its own credit information database server. That is, the credit information database server has information for comparing the RFID and the card number transmitted from the mobile terminal 30. Hereinafter, since the credit information database server is actually operated in conjunction with the authentication server 42, it should be interpreted in the same configuration.

In the notation of the member, the bank / card company 40 is indicated, but the bank and the card company are actually separate and separate objects, and they should be interpreted separately. However, since it performs substantially the same function, it is only referred to as "bank / card company". The bank / card company should be recognized as a bank server or a card company server. This applies to all embodiments of the present invention.

On the other hand, it is preferable to provide separate correspondence servers in the payment relay server 38 and the bank / card company 40 so that the secondary authentication server 44 can perform the second authentication smoothly. Accordingly, the corresponding server provided in the bank / card company 40 can extract and verify only the RFID and the card number using the program provided by the bank / card company 40 to perform payment and authentication. In addition, it is preferable to provide a separate corresponding server in the web server 36 so that the secondary authentication server 44 can perform the secondary authentication smoothly. Accordingly, the corresponding server provided in the web server 36 may extract only the social security number and the telephone number at the time of internet approval, and use the mobile terminal 30 as a communication fee.

4 is a configuration diagram of a mobile terminal according to the first embodiment of the present invention.

As shown in FIG. 4, the mobile terminal 30 of the present invention basically includes a general communication module 301 for performing communication, and in this embodiment, an RF communication module 303 and an infrared communication module ( 305. Of course, the RF communication module 303 may be applied to the module using various communication methods such as CDMA, GSM, TDMA, W-LAN, BLUETOOTH, and WiBro (Wireless Broadband). In addition, the infrared communication module is only one example of an optical communication module, and is an infrared communication method using light (Infrared Data Access / Association (IrDA), Inflared Financial Messaging (IrFM), ultraviolet light, The optical communication module may be replaced by any one of lasers, and since the communication module 301 is a well known technology, a detailed description thereof will be omitted.

The RF communication module 303 is basically connected to the RFID chip 307 in which the RFID is embedded. That is, T-money RFID or RFID to be used in financial sector is embedded in a mobile phone or PDA. In the present embodiment, the case where the RFID chip 307 is basically embedded in the mobile terminal 30 is described. However, in place of the RFID chip 307, a subscriber identification module card, also called a SIM, may be used. It may be. In the present embodiment, the function of the SIM will be referred to collectively as an RFID chip 307. In this case, the RFID chip 307 may operate in a contact or connectionless manner, or may be combined with CDMA, TDMA, WiBro, W-LAN, BLUETOOTH, and the like, which are mobile communication technologies. The RFID chip 307 includes the unique information of the user.

On the other hand, the infrared communication module 305 is coupled with the conversion code generation program 309 for generating a new file whenever the real-time change file changes by combining the real-time change code that changes in real time and the unique code that only the user can have Will be. Here, the conversion code generation program 309 means substantially the entire processing module of the program and the device for processing the same.

In addition, the mobile terminal 30 has an input program for using a bank and a card company is installed, and also performs a function of storing payment information. And each mileage storage and automatic application program according to the settlement is installed.

On the other hand, the mobile terminal 30 of the present invention also installs a management program including the student's attendance, etc. so that it can be used as a substitute for the student ID.

5 is a configuration diagram of a reader according to a first embodiment of the present invention.

As shown in Figure 5, the reader 32 of the present invention is configured to correspond to the communication module of the mobile terminal 30 to receive the RFID and the conversion code transmitted from the mobile terminal 30. That is, the reader 32 of this embodiment is equipped with an RF communication module 321 and an infrared communication module 323.

Of course, when the alternative communication module of the mobile terminal 30 is applied, the reader 32 also uses the CDMA, GSM, TDMA, W-LAN, BLUETOOTH, WiBro (WiBro) as the RF communication module 321 for the mutual interface. It is well known that the module can be applied to various communication methods such as Broadband). In addition, as an alternative optical communication module of the infrared communication module 323, any one of infrared communication (IrDA (Infrared Data Access / Association), IrFM (Inflared Financial Messaging), ultraviolet ray, and laser (Raser)), which is a communication method using light. It may be replaced by an optical communication module.

The reader 32 is connected to a normal PC 34 or the like, which must be connected to a network such as the Internet in a wired or wireless form.

Basically, RFID is transmitted from the mobile terminal 30 to the reader 32 by the communication between the RF communication modules 303 and 321, and the conversion code is the infrared communication module 305 from the mobile terminal 30 to the reader 32. , 323) is communicated.

In the present embodiment, a case in which the reader 32 is connected to and operated by the PC 34 is described. However, the mobile terminal 30 is directly connected to the PC 34 to connect to the Internet using an active sync. It may be desirable to proceed with the payment and certification process. In this case, the PC 34 serves only as a simple passage, and the authentication key preferably has the mobile terminal 30.

When the financial settlement is made using the settlement authentication system configured as described above, after the general general authentication process is performed between the mobile terminal 30 and the settlement relay server 38, the settlement relay server 38 and the second authentication are subsequently performed. The second authentication process is performed between the servers 44. In the case of the first authentication, when the PC 34 connects to the payment relay server 38, a query is performed using a credit information database server owned by the payment relay server 38 or through an authentication process. Authentication is made, and in the case of the second authentication, which is a feature of the present invention, authentication is performed by checking the conversion code between the payment relay server 38 and the second authentication server 44.

The payment method on-line using the payment authentication system for online configured as described above will be described in detail.

6 is a flowchart illustrating a payment authentication method on-line according to the first embodiment of the present invention.

In FIG. 6, since the PC 34 and the web server 36 provide a path for data transmission, the PC 34 and the web server 36 will be deleted from the drawings so that the features of the present invention can be clearly seen. Of course, the path will be explained in detail.

As shown in FIG. 6, when the mobile terminal 30 approaches the reader 32, the coil connected to the RFID chip is magnetized to generate energy, thereby driving the RFID chip. The RFID is transferred to the reader 32 by driving the RFID chip (S1). Subsequently, when the payment button is input among various functions displayed on the mobile terminal 30, the reader 32 requests the card number stored in the RFID chip (S3), and the user selects a specific card to use (S3). S5) The mobile terminal 30 generates a conversion code (S7). The process of selecting a card company is shown in FIG. 7A. This conversion code has the form of (RFID + social security number + mobile terminal valid number + phone number + card number + real-time change file). The generated conversion code is transmitted to the reader 32 (S9), and when the reader 32 transmits it to the PC 34, the PC 34 passes through the web server 36 to the settlement relay server 38. Transfer the RFID and the conversion code (S11).

Here, the conversion code can be divided into three types. That is, a second code group allowing the user to select any one of the first code group consisting of RFID, social security number, mobile terminal valid number, and phone number, and a plurality of card numbers used by the user, and second authentication. It consists of the 3rd code group which consists of numbers or letters which change from the server 44 in real time. In this case, each time the first code group and the third code group are changed, the first code group and the third code group are completed in one file in real time. The code family generates one final file through a specific algorithm and encrypts it.

On the other hand, when the RFID and the conversion code is delivered to the payment relay server 38, as described in Figure 1 performs the normal authentication using the authentication server 42, then the payment relay server 38, the credit information provided by itself The RFIDs stored in the credit information database server by accessing the database server are compared with the RFID transmitted from the reader 32 via the web server 36 and the RFID read from the conversion code (S13). Only when it matches, the payment is requested to the bank / card company 40 using the card number (S15). At this time, the RFID can be read from the conversion code because the payment relay server 38 has a program that can read only RFID. On the other hand, if all three RFIDs do not match, an error message is output to any one of the PC 34, the reader 32, and the mobile terminal 30. In this way, the first authentication process is performed in the payment relay server 38.

The bank / card company 40 receives the card number to perform the card payment (S17), and then the bank / card company 40 transfers the user information to the payment relay server 38 (S19). The payment relay server 38 transfers user information to the mobile terminal 30 via the web server 36, the PC 34, and the reader 32 in succession, and requests a password input at the same time (S21∼). S23). The process of entering a password is shown in FIG. 7B. The user checks the user information using the mobile terminal 30 and inputs a password (S25). The input password is transmitted to the payment relay server 38 via the reader 32, the PC 34, and the web server 36 (S27 to S29). The payment relay server 38 will pass the password to the bank / card company 40 (S31), the bank / card company 40 checks whether the user's password is matched (S33) if the password is the password is matched The response to match is transmitted to the payment relay server 38 (S35). Of course, if the password does not match, it is preferable to go through the password re-entry process, if the re-entry process more than the set number of times is repeated, the process may be stopped in the current state.

The payment relay server 38 enters the secondary authentication step (S37). That is, the payment relay server 38 transfers the conversion code to request the second authentication to the second authentication server 44 (S39). The secondary authentication server 44 receives the conversion code and reads it, and all information (RFID + social security number + mobile terminal valid number + phone number + card number +) stored in the secondary authentication server 44 itself. It is determined whether the real-time change file) matches (S41).

If all the information does not match with the information currently in the secondary authentication server 44, the message is output to any one of the PC 34, the reader 32 and the mobile terminal 30. On the other hand, if all of the information matches the information currently in the second authentication server 44, the real-time change file is changed in the following process (S43). That is, the change of the real-time change file at any time during the set time and the change of the real-time change file even when the payment is normally processed, thereby preventing the duplication of other users.

When the final secondary authentication is made in the secondary authentication server 44, the authentication server receives the confirmation message and the changed real-time change file. The relay server 38, the web server 36, the PC 34, and the reader 32 are continuously connected. It passes to the mobile terminal 30 via S45-S51. In this way, the authentication key is issued only when the conversion file RFID, social security number, mobile terminal valid number, telephone number, card number, and real-time change file all match. The security key is performed by allowing the issued authentication key to be delivered to the mobile terminal 30 in real time.

The user receives and confirms the completion message and confirms that the payment is normally completed. The payment confirmation process is illustrated in FIG. 7C. It may be desirable to output the receipt through the printer connected to the PC or the mobile terminal docking printer for the payment details. In addition, since the payment details are stored in the mobile terminal 30, the PC 34 and the like are connected to the active sync (ACTIVE SYNC), and then the details of the payment and the bank / card company 40 are confirmed through the Internet. Verification can be done.

That is, the payment details may be verified through the payment relay server 38, the bank / card company 40, and the second authentication server 44 using the mobile terminal 30. As an example, when a connection is made to the secondary authentication server 44 using the mobile terminal 30, the secondary authentication server 44 transmits information of the mobile terminal 30, that is, information (RFID + social security number +). Check the validity of the mobile terminal + phone number + card number + real-time change file) through the database provided by the payment relay server 38 and the bank / card company (40) to check the consistency of the payment history, and the result is the mobile terminal Transfer to 30.

If the user wants to check the payment details using a real-time change file that has not been updated, an error message may be transmitted to alert the user that the user is not. This should usually be done through the mobile terminal 30 having the updated real-time change file, so that the payment details can be checked through the Internet using the PC 34 to which the mobile terminal 30 is connected, or wirelessly of the mobile terminal 30. You can check the payment details by connecting to the network.

On the other hand, the relevant mileage is stored at the same time as the payment, the process of using it may be used in various ways, such as purchase of goods and use in school.

That is, for example, when the payment is performed by using the mobile terminal 30 in a specific region, in particular, when the payment is to be performed by using the mileage accumulated in the mobile terminal 30, the mileage payment is made through the mode selection of the mobile terminal 30. Ask. In this case, the data transmitted to perform mileage payment will further include mileage selection data. Accordingly, the payment can be performed with the mileage through the same process as the above payment process. On the other hand, if the mileage is not enough, the mobile terminal 30 notifies the error message. Meanwhile, the case in which the payment process using the mileage is the same as the payment process described above has been described. However, it may be preferable to directly process the second authentication server 44 via the reader 32 and the PC 34. will be. Afterwards, the mileage deduction situation should be shared by the second authentication server 44, the bank / card company 40, and the payment relay server 38.

Here, the process of confirming payment details and mileage will be described in detail.

8 is a flowchart illustrating a payment history checking method online based on the first embodiment of the present invention.

First, the payment history check process is mainly performed through the network connection of the mobile terminal 30 and the secondary authentication server 44, such as the Internet (dotted line).

As shown in FIG. 8, when the mobile terminal 30 approaches the reader 32, the coil connected to the RFID chip is magnetized to generate energy, thereby driving the RFID chip. The RFID is transmitted to the reader 32 by driving the RFID chip (T1). Subsequently, if a payment confirmation button is input among various functions displayed on the mobile terminal 30 (T3 to T7), the PC 34 requests the payment details stored in the mobile terminal 30 through the reader 32 in response thereto. As the user selects the payment details, the conversion code and the payment details generated by the mobile terminal 30 are transmitted to the PC 34 through the reader 32 (T9). At this time, the conversion code has the form of (RFID + social security number + mobile terminal valid number + phone number + real-time change file).

The PC 34 transmits the conversion code to the secondary authentication server 44 (T13), but stores the payment details in the temporary memory of the PC 34 without transmitting the secondary authentication server 44 (T11). ).

On the other hand, the secondary authentication server 44 receiving the conversion code reads the conversion code, and all information stored in itself in the secondary authentication server 44 (RFID + social security number + mobile terminal valid number + phone number + It is determined whether the real-time change file) matches (T15). At this time, the second authentication server 44 generates a conversion code to be compared in response to the confirmation of the payment details by receiving a specific code requesting the payment details when the comparison with the conversion code and compares them. In this way, it is determined whether the real-time change file constituting the conversion code is matched to check the current user.

If all the information about the conversion code does not match the information currently held by the secondary authentication server 44, the message is output to any one of the PC 34, the reader 32, and the mobile terminal 30. Let's go. On the other hand, if all of the information matches the information currently held by the secondary authentication server 44, the payment is requested to the PC 34 in the next process (T17). The PC 34 transfers the temporarily stored payment details to the second authentication server 44 (T19).

Subsequently, the secondary authentication server 44 requests the payment relay server 38 to check the payment details (T21), and the payment relay server 38 compares the corresponding payment details and, if there is no abnormality, the second authentication. An acknowledgment is performed to the server 44 (T23). In this embodiment, the case in which the answer relay server 38 responds, but the answer to the call stored in the authentication server 42 to call. In addition, the second authentication server 44 requests the bank / card company 40 to check the payment history and mileage history (T25), and the bank / card company 40 checks the corresponding payment history and mileage history for this. The acknowledgment is sent to the secondary authentication server 44 (T27).

Accordingly, the secondary authentication server 44 compares the confirmation response transmitted from the payment relay server 38 and the bank / card company 40 (T29), and issues a confirmation certificate if all the information is identical (T31). This confirmation certificate is transmitted to the mobile terminal 30 via the PC 34 (T33 to T35).

9 is a diagram schematically showing a payment authentication system in an offline manner according to a second embodiment of the present invention.

As shown in FIG. 9, the payment authentication system in the offline manner according to the present invention includes a mobile terminal 50 that embeds an RFID chip and generates a conversion code that changes in real time, and is provided for each store selling goods. In the payment requester 52 for reading the RFID and the conversion code from the 50, the payment relay server 54 for relaying the payment and performing the second authentication request and processing, and for the payment request of the payment relay server 54. A bank / card company 56 that makes a payment in correspondence, an authentication server 58 that transmits and receives respective authentication related data to the payment relay server 54, and an authentication for a conversion code in response to the second authentication request. In addition, the second authentication server 60 is configured to deliver a real-time change file that is changed in real time to the mobile terminal 50 to perform security, and finalize the changed real-time change file into a database. Here, the payment relay server 54 means a server provided by a value-added network (VAN) provider. In addition, the payment relay server 54 has its own credit information database server. As shown in FIG. 6, the credit information database server may be an authentication server 58.

The mobile terminal 50 of the present invention basically includes a general communication module for performing communication, and has an RFID chip embedded therein for performing the authentication proposed by the present invention. Since the mobile terminal 50 is the same as the first embodiment described above, duplicate description thereof will be omitted.

The payment device 52 of the present invention further includes an RF communication module and an infrared communication module for receiving and reading the RFID and the conversion code transmitted from the mobile terminal 50 to the existing payment device. Of course, as described above, when the RFID is transmitted through various communication methods, the communication method corresponding thereto may be applied to the payment device 52. A CDMA communication module and a TDMA communication module may be mounted.

This payment device 52 should be connected to the network for payment in a wired or wireless form.

Basically, RFID is transmitted from the mobile terminal 50 to the payment machine 52 by the RF communication module, and the conversion code is transmitted from the mobile terminal 50 to the payment machine 52 by the infrared communication module communication. Will be.

On the other hand, in the case of the payment machine 52 that is already in use, only the RF communication module and infrared communication module need to be added in order to carry out the present invention. The added communication module includes the existing payment device 52 and RS232, You can connect to any one of RS422, UTP and USB interfaces.

When the financial settlement is made using the settlement authentication system configured as described above, after the general general authentication process is performed between the mobile terminal 50 and the settlement relay server 54, the settlement relay server 54 and the second authentication are subsequently performed. Second authentication process is performed between the servers (60). In the case of the first authentication, when the payment device 52 connects to the payment relay server 54, a normal process of performing an inquiry or performing an authentication procedure using the credit information database server owned by the payment relay server 54 is performed. In the case of the second authentication, which is a feature of the present invention, the authentication is performed through a procedure for preparing a conversion code that changes in real time between the payment relay server 38 and the second authentication server 44.

The payment method on the offline using the payment authentication system for offline configured as described above will be described in detail.

10 is a flowchart illustrating a payment authentication method in offline mode according to a second embodiment of the present invention.

First, in contrast to the first embodiment, the difference is that when performing the payment offline, the user generally selects a card to perform the payment before approaching the payment machine for quick processing of the payment. It is assumed that the card selection is made before, and after the access to the payment machine is made, the user is moved away from the payment machine. Therefore, the transfer of the user to the mobile terminal 50 is assumed to be made through mobile communication. Of course, it is well known that the payment can be made in the same manner as in the first embodiment.

As shown in Figure 10, when the user selects the card to be paid (S65), the mobile terminal 50 is in the form of (RFID + social security number + mobile terminal valid number + phone number + card number + real-time change file) And generates a conversion code to be encrypted (S67). When the user approaches the mobile terminal 50 to the payment machine 52, the generated conversion code is transferred to the payment device 52 through the communication between the infrared communication module and at the same time the coil connected to the RFID chip is magnetized to RFID chip RFID according to the driving of the transfer to the payment machine 52 (S69). Of course, the RFID and the conversion code may be delivered through the same process as the first embodiment.

The payment device 52 transmits the RFID and the conversion code to the payment relay server 54 connected to the network (S71), and performs normal authentication using the authentication server 42 as described in FIG. The payment relay server 54 accesses a credit information database server provided by itself and compares the RFID stored in the credit information database server with the RFID transmitted through the web server at the payment device 52 with the RFID read from the conversion code. (S73) Only when all three RFIDs match, the payment request is made to the bank / card company 56 using the card number (S75).

At this time, the reason why only the RFID can be read from the conversion code is the same as the online payment process of the first embodiment.

On the other hand, if all three RFIDs do not match, an error message is output to either the payment device 52 or the mobile terminal 50.

The bank / card company 56 receives the card number to perform the card payment (S77), and then the bank / card company 56 transmits the user information to the payment relay server 54 (S79). In this regard, the payment relay server 54 transmits user information to the mobile terminal 50 and requests a password input at step S81. In this case, the password is preferably requested through the mobile communication network. Accordingly, the user checks the user information using the mobile terminal 50 and inputs a password (S83). The input password is transmitted to the payment relay server 54 through the mobile communication network (S85). The settlement relay server 54 passes the password to the bank / card company 56 (S87), the bank / card company 56 checks whether the user's password matches (S89), if the password is matched The response is transmitted to the payment relay server 54 (S91). Of course, if the password does not match, it is preferable to go through the password re-entry process, if the re-entry process more than the set number of times is repeated, the process may be stopped in the current state. The process of requesting the password to the mobile terminal 50 or inputting the password to the payment relay server 54 may be via the payment device 52 as in the first embodiment.

The payment relay server 54 enters the secondary authentication step (S93). That is, the payment relay server 54 transfers the conversion code to request the second authentication to the second authentication server 60 (S95). Accordingly, the secondary authentication server 60 receives the conversion code and reads it, and all information (RFID + social security number + mobile terminal valid number + phone number + card number +) stored in the secondary authentication server 60 itself. It is determined whether the real-time change file) matches (S97).

If all the information does not match the information currently in the secondary authentication server 60, the message is output to any one of the payment device 52 and the mobile terminal 50. On the other hand, if all of the information matches the information currently in the second authentication server 60, the real-time change file is changed in the following process (S99). That is, the change of the real-time change file at any time during the set time and the change of the real-time change file even when the payment is normally processed, thereby preventing the duplication of other users.

When the final secondary authentication is made in the secondary authentication server 60, the authentication confirmation message and the changed real-time change file are transmitted to the mobile terminal 50 via the payment relay server 54 (S101 to S105). Of course, the real-time change file and the completion message delivery may be delivered to the mobile terminal 50 via the payment machine 52. This process may be delivered to the mobile terminal 50 through the mobile communication network.

The user receives and confirms the completion message and confirms that the payment is normally completed.

When the payment is normally completed, the mobile terminal requests a cash receipt, and the payment machine requests a cash receipt operator to print out the cash receipt or print it and transfer the file to the mobile terminal.

Here, the process of confirming payment details and mileage will be described in detail.

11 is a flowchart illustrating a payment history confirmation method in the offline embodiment according to the second embodiment of the present invention.

As illustrated in FIG. 11, a call connection with the secondary authentication server 60 is performed using the communication function of the mobile terminal 50 (T41). In the present embodiment, it may be preferable that the secondary authentication server 60 corresponds to the mobile terminal 50 through the answering machine function. In this way, the payment history check process is made by the mobile terminal 50 and the secondary authentication server 60 subjectively (dotted line). In response to the corresponding service between the mobile terminal 50 and the second authentication server 60, that is, the request for confirmation of the payment history, the process proceeds, and if the payment confirmation button is input in the mobile terminal 50, the second authentication server 60 requests the payment details stored in the mobile terminal 50, and as the user selects the payment details, the conversion code and payment details generated by the mobile terminal 50 are transferred to the second authentication server 60. (T43 to T49). At this time, the conversion code is transmitted has the form of (RFID + social security number + mobile terminal valid number + phone number + real-time change file).

Upon receiving the conversion code, the secondary authentication server 60 reads the conversion code, and all information (RFID + social security number + mobile terminal valid number + phone number + real time change) stored in the secondary authentication server 60 itself. The file) is matched (T51). At this time, the second authentication server 60 checks the payment details of the conversion code to be compared because the process between the mobile terminal 50 and the second authentication server 60, which has already requested the payment details at the time of comparison with the conversion code, has been performed. It is generated in correspondence with, and compares the generated conversion code. In this way, the real-time change file is determined to match and the current user is checked.

If all the information does not match the information currently in the secondary authentication server 60, the message is output to the mobile terminal 50. On the other hand, if all the information is matched with the information currently in the secondary authentication server 60, the secondary authentication server 60 requests the payment details check to the payment relay server 54 in the next process (T53) In this case, the settlement relay server 54 compares the settlement details, and if there is no abnormality, performs the confirmation response to the secondary authentication server 60 (T55). In addition, the secondary authentication server 60 requests the bank / card company 56 to check the payment history and mileage history (T57), the bank / card company 56 checks the payment history and mileage history for this The acknowledgment is transmitted to the second authentication server 60 (T59).

Next, the secondary authentication server 60 compares the confirmation response transmitted from the payment relay server 54 and the bank / card company 56 (T61), and issues a confirmation certificate if all the information matches (T63). . This confirmation certificate is transmitted to the mobile terminal 50 (T65).

The present invention is not limited to the above-described embodiments, and it will be apparent that many modifications are possible by those skilled in the art within the technical spirit of the present invention.

As described above, the payment authentication system and method according to the present invention has the following advantages.

1. When using a mobile terminal, security can be further strengthened by creating a double authentication structure for performing payment by comparing and verifying the conversion code separately between the secondary authentication server where the authentication key is registered and the payment relay server (VAN). .

2. By embedding RFID chip (H / W) and conversion code (S / W) in mobile phone or PDA, it can prevent the risk of damage and duplication of existing magnetic card. Even if the contents of the RFID chip (H / W) and the conversion code (S / W) of the present invention are duplicated, in the present invention, by changing the conversion code itself through a real-time change file, it is possible to use other users with unintended intentions. It can prevent.

3. Existing payment server (VAN service provider) only need to install additional server with secondary authentication function through conversion code, so you can make full use of existing equipment while complying with existing regulations.

4. By connecting the mobile terminal to the PC, you can check the payment details by comparing the payment details with the bank / card company, so you can easily check the data on illegal payment.

Claims (26)

A mobile terminal having an identifier chip having an identifier stored therein and generating a conversion code that changes in real time with reference to a real-time change file transmitted from a second authentication server; A primary authentication system for performing authentication using a part of an identifier and a conversion code transmitted from the mobile terminal; And And a secondary authentication system having the same conversion code as the conversion code and performing authentication using all of the conversion codes transmitted from the mobile terminal. The method of claim 1, wherein the mobile terminal, A general communication module for performing communication; RF (Radio Frequency) communication module for transmitting the identifier; And Payment authentication system, characterized in that consisting of an optical communication module for transmitting the conversion code. The payment authentication system according to claim 2, wherein the optical communication module uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser. The method of claim 1, wherein the primary authentication system, Intermediary means for reading and transferring an identifier and a conversion code from the mobile terminal; A payment relay server which relays the payment using the identifier transmitted from the intermediary means; A bank server or a card company server for performing the payment; And Payment authentication system, characterized in that consisting of an authentication server for performing the authentication in response to the authentication request of the medium and the payment relay server. The method of claim 4, wherein the intermediate means, A reader for reading the identifier and the conversion code; And Payment authentication system, characterized in that consisting of a normal PC connected to the reader. The payment authentication system according to claim 5, wherein the reader and the PC are connected to one of RS232, RS422, UTP, and USB. 5. The payment authentication system according to claim 4, wherein the intermediary means is a payment device including a radio frequency (RF) communication module for receiving the identifier and an optical communication module for receiving the conversion code. The payment authentication system according to claim 7, wherein the optical communication module uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser. The payment method of claim 4, wherein the second authentication system comprises a second authentication server configured to perform second authentication through comparison of the conversion code in response to the second authentication request of the payment relay server. Authentication system. The payment authentication system according to claim 1, wherein the identifier chip is a radio frequency identification (RFID) chip or a subscriber identification module card. The payment authentication system according to claim 1 or 10, wherein the identifier is a radio frequency identification (RFID). 12. The payment authentication system according to claim 11, wherein the conversion code compresses and encrypts RFID, social security number, mobile terminal valid number, telephone number, card number, and real-time change file. a. Performing primary authentication using a part of the identifier transmitted from a mobile terminal including an identifier chip having an identifier stored therein and a conversion code described below; And b. And performing a second authentication through a second authentication server by using the conversion code transmitted from a mobile terminal for generating a conversion code that changes in real time with reference to a real-time change file transmitted from a second authentication server. Payment authentication method. The method of claim 13, wherein a. The steps are, Transmitting the identifier and the conversion code by accessing a mobile terminal to an intermediate means; Relaying a payment at a payment relay server using a card number which is part of the identifier and the conversion code; Performing a payment at a bank server or a card company server in response to a payment request of the payment relay server; And And performing authentication at the authentication server in response to the authentication request of the intermediate means and the payment relay server. The payment authentication method according to claim 14, wherein the identifier is transmitted through RF (Radio Frequency) communication, and the conversion code is transmitted through optical communication. The payment authentication system according to claim 15, wherein the optical communication uses any one of Infrared Data Access / Association (IrDA), Infrared Financial Messaging (IrFM), ultraviolet light, and laser. 15. The payment authentication method according to claim 14, wherein the step of transmitting the identifier and the conversion code is via a PC through which the medium communicates through any one interface of RS232, RS422, UTP, and USB. The method of claim 13, wherein b. The steps are, Requesting second authentication from a payment relay server relaying a payment to a second authentication server; Disassembling and converting the conversion code in response to the second authentication request; And When the conversion code comparison result, if the conversion code is the payment authentication method, characterized in that the step of performing a second authentication. The payment authentication method according to claim 18, wherein after the second authentication, the real-time change file is changed and stored and transmitted to the mobile terminal. The method of claim 13, wherein a. Before step Receiving a real-time change file transmitted from the second authentication server and generating a file combined with user specific information; And If the user selects a specific card, the payment authentication method, characterized in that further comprising the step of combining the card number with the combined file to finally generate a conversion code. The payment authentication method according to claim 13, wherein the identifier is a radio frequency identification (RFID). The payment authentication method according to claim 13, wherein the conversion code compresses and encrypts RFID, social security number, mobile terminal valid number, telephone number, card number, and real-time change file. The payment authentication method according to claim 13, further comprising checking a password between the payment relay server and the mobile terminal between the first authentication and the second authentication. The payment authentication method according to claim 23, wherein the password is input through a mobile communication network. The method of claim 13, wherein b. And after the step of printing the payment result accompanying the authentication further payment authentication method. The method of claim 13, wherein b. After the step, the process of verifying the payment result accompanying authentication, Requesting a payment result from a secondary authentication server in the mobile terminal; Comparing the payment result of each of the other servers stored in the payment process at the second authentication server; And And transmitting the comparison result to the mobile terminal.

Images