KR20110090551A - The device and the way of mobile card transaction authorization without dongle - Google Patents

The device and the way of mobile card transaction authorization without dongle Download PDF

Info

Publication number
KR20110090551A
KR20110090551A KR1020100010397A KR20100010397A KR20110090551A KR 20110090551 A KR20110090551 A KR 20110090551A KR 1020100010397 A KR1020100010397 A KR 1020100010397A KR 20100010397 A KR20100010397 A KR 20100010397A KR 20110090551 A KR20110090551 A KR 20110090551A
Authority
KR
South Korea
Prior art keywords
mobile phone
card
authentication key
user authentication
company system
Prior art date
Application number
KR1020100010397A
Other languages
Korean (ko)
Inventor
조현준
Original Assignee
하나에스케이카드 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 하나에스케이카드 주식회사 filed Critical 하나에스케이카드 주식회사
Priority to KR1020100010397A priority Critical patent/KR20110090551A/en
Publication of KR20110090551A publication Critical patent/KR20110090551A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/353Payments by cards read by M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

PURPOSE: An authenticating apparatus of a mobile terminal card and method thereof are provided to make transaction of telephone charge without an additional plastic card. CONSTITUTION: Payment amount and a mobile terminal ID are inputted to a member store. A member store is transmitted to a mobile terminal which is matched with a mobile terminal ID. An agreement key is inputted to the mobile terminal transmitted the transaction ID. The mobile terminal transmits a medium authentication key to a card company system.

Description

The device and the way of mobile card transaction authorization without dongle}

The present invention relates to an apparatus and method for approving a mobile card without a dongle.

The transaction approval inquiry method of the existing plastic card can be swiped by the magnetic strife of the separate plastic card to the magnetic strife reader of the merchant inquiry machine, or the IC chip of the plastic card is contacted to the IC chip reader part of the merchant inquiry machine, or the plastic card The radio frequency coil of the merchant accessor to the radio frequency reader of the merchant checker to read the card ID of the plastic card, and the merchant inquiry to the card company system together with the payment amount to obtain the card ID read out It is a method for inquiring the approval of the transaction by transmitting.

Therefore, there is a inconvenience that the card member must have a plastic card.

In order to solve the inconvenience of the card member, the card member stores the card ID in a mobile phone that the card member carries on a daily basis, and the card member stores the mobile phone in which the card ID is stored as a 'separate wireless communication device called a dongle connected with a merchant inquiry machine'. The wireless communication device reads out the card ID stored in the mobile phone and transmits the read card ID to the card company system through the wired communication network. However, this method is not activated due to the economic burden of purchasing wireless communication equipment separate from the inquiry machine and the physical burden of separately providing a place for providing the wireless communication equipment at the payout window.

In order to solve these economic and physical burdens, there are cases where payment is made for mobile phone bills, but the mobile phone payer's ability to pay the mobile phone can be determined by the mobile phone operator. There is a problem that is difficult to use as a payment method for credit, and so far it has not been used for large transactions, and therefore cardholders still need to carry a separate plastic card.

The technical problem to be achieved by the present invention is to eliminate the separate wireless communication equipment called the dongle, the card member to enable a large transaction more than the telephone bill without having a separate plastic card. As a result, the cardholder must carry a separate plastic card for the inconvenience of carrying a separate plastic card, the economic and physical burden of the merchant to have a separate wireless communication device called a dongle, and a large transaction over the telephone bill. It is to eliminate the inconvenience at the same time.

To this end, the present invention is an embodiment comprising the steps of (a) entering the payment amount and the mobile phone ID to the merchant inquiry; (b) the affiliated store inquiry transmitting the transaction ID to the mobile phone matched with the input mobile phone ID; (c) inputting an agreement key into the mobile phone receiving the transaction ID; (d) the mobile phone transmitting the transaction ID and the media authentication key of the mobile phone to a card company system; (e) verifying the validity of the received media authentication key by the media authentication key verification unit of the card company system; (f) verifying, by the approval limit verification unit of the card company system, whether the payment amount is within the approval limit range corresponding to the card ID matching the transaction ID; (g) if the result of the approval limit verification is within the approval limit range, transmitting the full text of the approval to the affiliated inquiry system;

According to the present invention, a card member does not have to carry a separate card in addition to a mobile phone to carry in his daily life, and a merchant does not need to have a separate card other than a merchant inquiry machine. It is possible and convenient and economical.

1 is a block diagram of an approval system for a dongle mobile card according to an embodiment of the present invention.
2 is a block diagram of an approval system for a dongle-free mobile card according to another embodiment of the present invention.
3 is a block diagram of an approval system for a dongle-free mobile card according to another embodiment of the present invention.

Merchant inquiry machine: A device for inquiring whether the card transaction is approved by the card company. In order to communicate with a card company system, it is usually connected with at least one of a telephone line, an internet line, and a cellular telephone network.

Merchant lookup communication ID: An ID for communicating with the merchant lookup, for example, the phone number connected to the affiliated lookup, the number of the mobile phone embedded with the merchant lookup, the unique ID of the mobile phone, the IP address connected to the affiliated lookup and the like.

Merchant Inquiry Unit Hub: A device that relays data transmission and reception between the Merchant Inquiry Unit and the card company system.

Merchant mobile phone ID; Mobile phone ID of the mobile phone with built-in merchant inquiry

Merchant mobile phone ID storage unit; Device that stores merchant mobile phone ID

Merchant DB: DB that matches and stores the merchant ID communication ID and Merchant ID. The card company system derives an affiliate store inquiry communication ID from the message sent from the affiliate store inquiry and retrieves the affiliate store name matched with the affiliate store inquiry communication ID from the affiliate store DB even if the affiliate store name for the specific transaction is not received. Can be derived. Merchant name derived as described above can be used in the full text of the transaction agreement request.

Merchant ID: An ID uniquely matched to each affiliated store by the card company system, such as an affiliate store name, an affiliate store number, and an affiliated store inquiry communication ID.

Approval key of the mobile phone: A device for inputting an intention to agree to a card transaction outputted on the output device of the mobile phone, such as a menu on a mobile phone screen selected by number input or touch method.

Transaction consent request text: A text that asks the card member for consent to a specific card transaction. For example, "oo merchant, payment amount xxx, card number yyyy".

Transaction ID: An ID that uniquely matches a specific card payment transaction. It is divided into extended transaction ID and short transaction ID.

Transaction ID generation unit: a device for generating a transaction ID

Transaction ID transmitter: a device for transmitting a transaction ID.

Transaction ID Receiver: A device that receives a transaction ID.

Rejection text: The full text of a card company rejecting an authorization for a particular card transaction.

Payment amount: The amount you wish to pay by card

Payment amount input window: The input component of the affiliated inquiry machine. The card member may input a payment amount to pay with a card matched with the mobile phone ID.

Agree Key: Menus, buttons, etc. printed on the phone's output. The phrases 'confirmation', 'approval', 'yes', 'agree', etc. are examples of messages that are output by matching the agreement key.

The mobile phone owner selects the approval key by a keypad input or a screen touch as an indication that the mobile phone holder agrees to the card transaction output on the mobile phone.

Agree key input window: Mobile phone output unit where a consent key is output. For example, the screen displays the phrase “Would you like to pay 15,000 won for the 4452-1234-4321-5678 card at Hana Pizza?”, A box marked “Approve” and a box marked “Rejected”.

Media authentication key: A key for authenticating that a card transaction approval request message has been transmitted from a valid medium necessary for the transaction. In order to submit a medium authentication key, a member must possess a mobile phone that stores or generates a medium authentication key. For example, OTP generated by the one-time password generation unit embedded in the mobile phone, unique password of the mobile phone stored in the media authentication key storage unit embedded in the mobile phone.

Media authentication key verification unit: a device for verifying whether or not the received media authentication key is matched to a specific mobile phone or a specific card ID according to a specific rule.

Wireless Internet Network Transmitter: Device that transmits various data such as transaction ID, media authentication key, user authentication key, one or more of rejection text, approval text, etc.

Wireless Internet Network Receiving Unit: A device that receives various data such as transaction ID, media authentication key, user authentication key, one or more of rejection text, and approval text by connecting to wireless internet network.

Wireless local area network transmitter: A device that transmits various data such as transaction ID, media authentication key, user authentication key, one or more of rejection message, approval message, etc.

Wireless Local Area Network Receiving Unit: A device that receives and transmits various data such as transaction ID, media authentication key, user authentication key, rejection message and one or more of approval message through wireless internet network.

User Authentication Key: A key for verifying that the person who selected the authorization key of the mobile phone as the consent for the card transaction corresponding to the 'Card ID embedded in the mobile phone or matched with the mobile phone ID' is the authorized authority of the corresponding card transaction. In order to submit a user authentication key, a member must secretly store or memorize and enter the user authentication key itself, or secretly store or memorize and enter a key necessary for submitting the user authentication key. Mobile phone user keys and card keys are examples of the former, and activation of a public certificate or a private certificate is an example of the latter.

User authentication key exemption limit: If the payment amount exceeds (or exceeds) the amount, the card transaction is approved only after the member authentication key is sent to the card company system in which the member authentication key verification unit is embedded and verified. Examples include card key exemption limit, mobile phone user key exemption limit, authorized certificate exemption limit, and private certificate exemption limit.

A user authentication key exemption limit verification unit: A device for verifying whether the payment amount is within the user authentication key exemption limit range by comparing the user authentication key exemption limit stored in the user authentication key exemption limit storage unit.

User authentication key exemption limit storage unit: A device storing the membership authentication key exemption limit. Examples include card key limit limit storage, mobile phone user key limit limit storage, and authorized certificate limit limit storage.

User authentication key input request message: The meaning of the request to enter the user authentication key is output to the mobile phone output in the form of letters, symbols, pictures, etc. For example, please enter a certified certificate password. "Please enter your card password." "Please enter your mobile phone password."

User authentication key input request message transmission unit: A device for transmitting a user authentication key input request message to the mobile phone subject to the card transaction. The target mobile phone number may be derived from a transaction ID or a card mobile phone matching DB.

User authentication key input window: Mobile phone output unit that outputs a user authentication key input request message.

Authorization Fully: Full text of credit card companies approving a specific card transaction

Acknowledgment message transmission unit: A device for transmitting one or more of the approval message and rejection message

Authorization limit: The remaining authorization limit that can be paid for each card ID. An example is the residual approval limit, which is the credit limit of a credit card member deducting the outstanding approval amount of the member. Another example is the remaining approval limit obtained by deducting the withdrawal amount of the account from the payment account balance of a check card member.

Authorization limit verification unit: a device for verifying whether the payment amount received by the card company system is within the range of the permission limit that is matched with the card ID matched with the payment amount.

Authorization limit storage: A device in which the authorization limit corresponding to the card ID is matched and stored for each card ID.

Completion Full: Full text of the transaction completed for a particular card transaction

Complete transmission unit: a device for transmitting one or more of the completion and electronic receipt

Wired Network Transmitter: Sends and transmits various data such as transaction ID, media authentication key, user authentication key, rejection message, approval message, etc. to one or more of wired network such as wired telephone network, wired internet network, and wired local area network. Device

Wired Network Receiving Unit: Receives various data such as transaction ID, media authentication key, user authentication key, rejection message, approval message, etc. by connecting to one or more of wired network such as wired telephone network, wired internet network, and wired local area network. Device

Mobile phone network transmitter: A device that transmits various data such as transaction ID, media authentication key, user authentication key, one or more of rejection message, approval message, etc. by connecting to mobile phone network

Mobile telephone network receiver: A device that receives various data such as transaction ID, media authentication key, user authentication key, one or more of rejection message, approval message, etc. by connecting to mobile phone network

Own system: Card company system directly managed by card company

Electronic Receipt: A full text sent as a receipt for a particular card transaction

Third Party System: As part of the card company system, it is managed by the person providing the service to the card company.

Third Party Certificate: A type of user authentication key. The third party certificate verification unit, which verifies that the third party certificate is legitimate, exists in third party devices, except for the own system of mobile phones and card companies. For example, a public certificate, a private certificate, and a mobile phone password matched by a mobile phone provider's system.

Short transaction ID: A transaction ID that is configured as part of the extended transaction ID to save communication costs and time. In the first example of the extended transaction ID, “15043215678” combining the first three digits of the settlement amount and the last eight digits of the card number may be used as the shortened transaction ID. When the transaction ID is received by the merchant inquiry group, the merchant inquiry group searches for a list of three digits in front of the payment amount '150' and eight digits after the card number '43215678' in the transaction list which recently sent the approval inquiry. It can be recognized that the transmitted data is data corresponding to the transaction.

Card company system: A system that manages for card company's card transaction approval or purchase transaction. It consists of one or more of its own system and a third party system.

Card key: A type of user authentication key. The card key verification unit that verifies whether the card key is valid exists in the card company system. When the card key is submitted, it is assumed that the selector of the authorization key of the mobile phone is the owner of the card transaction authority corresponding to the card ID embedded in the mobile phone.

Card key exemption limit: The amount matched with each card ID. If the payment amount exceeds (or exceeds) the card key, the card key must be transmitted to the card company system to be verified.

Card key limit limit storage unit: Device that stores the card key limit limit

Card mobile phone matching DB: DB that stores the mobile phone ID to be used matching each card ID. Even if the card company system does not receive the card ID for a specific transaction, the card company system derives the mobile phone ID from the message transmitted from the mobile phone matched with the card ID and searches the card ID matched with the mobile phone ID in the card mobile phone matching DB. The card ID can be derived.

Card ID: ID uniquely matched to a specific card. For example, a card number or a mobile phone number matched with a card number.

Extended Transaction ID: It is characterized by consisting of two or more of 'one or more of the merchant ID and ID matching the merchant ID', the card payment amount and 'one or more of the card ID and the mobile phone ID matching the card ID'.

 "Hana Pizza. 15000.4452123443215678" is an example. In the example above, the first '.' Is the merchant name, the first '.' And the second '.' Are the payment amount, and the second '.' Is the card number. When the transaction ID is received by the card company system, the card company system may promise the parties to interpret it as a request for approval of the transaction corresponding to the transaction ID. When the transaction ID is transmitted to the mobile phone corresponding to the card ID, the parties can promise to the rightful holder of the mobile phone to interpret it as a request for consent to the card transaction corresponding to the transaction ID, and according to such promise A consent request message corresponding to the ID may be output. In the above example, the phrase "Would you like to pay 15,000 won with 4452-1234-4321-5678 card at Hana Pizza store?" And the approval menu and the rejection menu may be output on the mobile phone screen.

“Hana Pizza. 15000.01056781234” is another example of an extended transaction ID. The second ‘.’ Is the cell phone number, not the card number.

Extended transaction ID request message: An exceptional case of receiving a short transaction ID. The received transaction ID is a duplicate of the transaction ID recorded in the transaction ID DB within a certain period (for example, 10 minutes). If there is a match, one of the merchant inquiry machine, the mobile phone matched with the card ID, and the card company system may request one of the other parties to transmit the extended transaction ID. The request message is an extended transaction ID request message.

Mobile phone media key: A type of media authentication key. The password is stored in the media authentication key storage unit embedded in the mobile phone with a unique password for each mobile phone. The mobile phone medium key may be encrypted and stored and transmitted, in which case the mobile phone medium key verification unit of the card company system or a third party system providing services to the card company is decrypted and verified.

Mobile phone key verification unit: A device for verifying the validity of the mobile phone key. For example, a method of searching for a pair key matched with a cell phone ID in a pair key DB connected to a cell phone key verification unit and checking whether the received cell phone key matches with the found pair key or matches another rule. There is this.

Mobile phone user key: A type of user authentication key. When the mobile phone user key is submitted, the mobile phone user key is assumed to be the right card transaction authority corresponding to the card ID duly embedded in the mobile phone.

Mobile phone user key verification unit: a device for verifying that the mobile phone user key is valid

Mobile phone user key exemption limit: If the payment amount exceeds (or exceeds) the mobile phone user key, the mobile phone user key must be input to the mobile phone input device in order for all processes in the mobile phone required for the card payment approval to proceed.

Mobile phone user key limitation limit storage unit: Device that the mobile phone user key limit is stored

Mobile phone user key input request message: The meaning of the request to enter the mobile phone user key is output to the mobile phone output in the form of letters, symbols, and pictures. For example, "Please enter your mobile phone password."

Mobile Phone ID: ID uniquely matched to a specific mobile phone. For example, cell phone numbers and cell phone terminal unique numbers.

Mobile phone ID input window: The input component of the merchant inquiry system. When the card member presents the mobile phone ID matched with his or her card ID, the mobile phone ID may be inputted into the mobile phone ID input window of the affiliated inquiry system.

OTP: One-time password. Key for temporary use only for a specific transaction. A kind of media authentication key. Generated by the OTP generation unit and transmitted to the device with the built-in OTP verification unit, the OTP verification unit built in the transmission device verifies whether the OTP is valid. When the OTP generation unit is embedded in the mobile phone, when the mobile phone holder selects the agreement key for the card transaction, the OTP is generated and transmitted to the card company system, and the OTP verification unit built in the card company system matches the card ID targeted by the OTP. Verify that When the OTP generation unit is embedded in the card company system, the OTP matching the card ID is transmitted from the card company system to the mobile phone matched with the card ID, the OTP is output to the mobile phone output unit, and the mobile phone holder inputs the OTP to the card company. Upon transmission to the system, the OTP verification unit built in the card company system verifies whether the OTP is an OTP matching the card ID.

OTP Verification Unit: Device that verifies the validity of OTP

OTP generator: device to generate OTP

OTP input section: Input section of a mobile phone that inputs OTP. For example, a keypad or touch pad.

USIM: Abbreviation for Universal Subscriber Identity Module. A smart card inserted in a mobile communication (WCDMA) terminal, which implements various functions such as user authentication, global roaming, and e-commerce in one smart card. It is usually mounted on a third generation mobile communication (WCDMA) terminal.

NFC: Abbreviation for Near Field Communication.

NFCUSIM: A device including a USIM and its accessories that can transmit and receive in a near-contact manner using radio frequency.

CNFCUSIM: Card NFCUSIM. NFCUSIM with memory and CPU that can load applications required for card transactions.

Merchant NFC Phone: A Merchant Searcher that can read data from the CNFCUSIM embedded in the NFC card

Card Phone: A mobile phone with a USIM that stores the card ID.

NFC reader: A device that can read data of USIM located in close range

Signature Pad: Input section to input member's signature. Usually, a signature pad input pen is attached to a signature pad, so that when a member draws a signature on the pad with the pen, the picture image is regarded as a signature.

Example 1

1) How to register

The cardholder logs into the card company system and opens a session. Apply for a service registration that allows you to enter your social security number and mobile number to match your specific card. The card company system transmits the OTP to the mobile phone number entered in the application, and the card member inputs the OTP received in his mobile phone into the card company system. If the card company system matches the OTP sent from the mobile phone with the OTP sent by the mobile phone, and the input card number and the mobile phone number match the card number and the mobile phone number that match the input social security number, The member's VM is downloaded to the member's mobile phone. In order to match the resident number with the card number and the mobile number, the matching of the resident number and the card number is directly updated by the card company. Update the DB by transferring to the DB of the system.

2) Transaction Approval Method

The card member presents the mobile phone number he / she memorizes to the merchant employee for payment at the merchant. The merchant employee enters the payment amount and the mobile phone number into the merchant query processor embedded in the VM in the cellular phone connected to the merchant query hub and the local area network. The payment approval request specialist consisting of the inputted mobile number and payment amount and the merchant number and the merchant name stored in the VM is transmitted to the member mobile phone via the mobile phone network to the merchant inquiry group Hub intermediary.

If the member has selected a mode that requires a separate password input to operate the downloaded card company VM, the message "Card transaction approval request has arrived. Please enter your mobile phone password" is displayed. If you enter a touch-type mobile phone password, using the full text in the member mobile phone VM, "xxx Do you want to pay merchants 0000 won?" A letter and a confirmation menu rejection menu are displayed.

If the member has selected a mode that does not require a separate password input for the downloaded card company VM operation, the VM will use the full message immediately upon receipt of the payment approval request message, "xxx merchants 0000 won on the mobile phone screen? " A letter and a confirmation menu rejection menu are displayed.

When the member selects the confirmation menu by keypad or touch method, the user authentication key exemption limit verification unit built in the mobile phone VM checks whether the payment amount is within the amount stored in the user authentication key exemption limit storage unit built in the VM. If the amount is exceeded, a user authentication key input window is displayed on the screen with the message " Please enter a certified certificate password. &Quot; When the cardholder enters the official certificate password, the payment authorization request message consisting of the received merchant number, payment amount and card number embedded in the VM, generated OTP, and stored official certificate is transmitted from the member mobile phone to the card company system. The decryption unit of the card company system decrypts the full text. The authenticity of the OTP is verified by the OTP verification unit embedded in the OTP management company system (part of the card company system) in charge of the service of the card company, and the certification is performed in the system (part of the card company system) of the certificate management company in charge of the card company service. The authenticity of the certificate is verified, and the approval limit verifier built in the card company's own system verifies the approval limit. If both OTP, public certificate, and approval limit are verified, the card company receives the approval message "The payment of 0000 won by mobile phone number xxx-xxx-xxxx has been completed" to the mobile phone with the built-in merchant checker via the merchant checker hub. Is sent. Output the full text from the VM of the mobile phone. The receipt may be output from a printer mounted on the mobile phone, or the card company may create a receipt and transmit the receipt to the member mobile phone in an MMS manner. The member may log in to the card company system and download it.

Example 2

1) How to register

Similar to the first embodiment, the main information such as the card ID is stored in the USIM, not the VM.

2) Transaction Approval Method

When the merchant employee approaches the items embedded with the RFID chip with the NFC phone, the NFC reader of the NFC phone reads the price of the items and outputs the total amount on the screen of the NFC phone. At this time, when the mode of the NFC phone is set to the mode that outputs along with the price specification, the price specification is output together.

After the card member checks the amount of money displayed on the screen, when his card phone approaches the NFC phone, the NFC reader of the NFC phone reads the card ID stored in the USIM of the card phone and the OTP generated by the USIM.

The message “Sign” is displayed on the screen of the NFC phone, and a window for entering a signature is formed. After the member signs on the screen of the NFC phone using a touch fan, and the merchant employee selects a confirmation key, the sum of the payment amount, the read card ID and the OTP, the input signature, and the VM of the NFC phone The payment approval request message consisting of the merchant number and the merchant name stored in the VM is created and encrypted in the VM and transmitted to the card company system through the cellular phone network.

The decryption unit of the card company system decrypts the full text. The OTP verification unit of the card company system verifies the authenticity of the OTP, and the approval limit verification unit embedded in the card company's own system verifies the approval limit.

If both the OTP and the authorization limit are verified, the card company sends an approval message “The card number xxxx-xxxx-xxxx-xxxx's 0000 won payment has been completed” to the merchant's NFC phone. Print the full text. The receipt may be output from a printer mounted on the mobile phone, or the card company may create a receipt and transmit the receipt to the member mobile phone in an MMS manner. The member may log in to the card company system and download it.

Claims (27)

(a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID to the mobile phone matched with the input mobile phone ID;
(c) inputting an agreement key into the mobile phone receiving the transaction ID;
(d) the mobile phone transmitting the transaction ID and the media authentication key of the mobile phone to a card company system;
(e) verifying the validity of the received media authentication key by the media authentication key verification unit of the card company system;
(f) verifying, by the approval limit verification unit of the card company system, whether the payment amount is within the approval limit range corresponding to the card ID matching the transaction ID;
(g) transmitting the full text of the approval to the affiliated store inquiry if the approval limit verification result is within the approval limit range;
Authorization method of the mobile card without a dongle. The method of claim 1,
(g-1) when the approval limit verification result is within the approval limit range, transmitting one or more of a complete text message and an electronic receipt to a mobile phone matched with the mobile phone ID of step (a);
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID to the mobile phone matched with the input mobile phone ID;
(c) inputting an agreement key into the mobile phone receiving the transaction ID;
(d) verifying, by the user authentication key exemption limit verification unit, whether the payment amount is within a user authentication key exemption limit range stored in the user authentication key exemption limit storage unit;
(e) outputting, by the mobile phone, a user authentication key input request message to an output unit when the user authentication key is exempt from the limit;
(f) inputting a user authentication key to an input unit of the mobile phone;
(g) transmitting, by the transmitter of the cellular phone, the transaction ID and the user authentication key to the card company system;
(h) verifying the received user authentication key by a user authentication key verification unit of a card company system;
(i) verifying, by the approval limit verification unit of the card company system, whether the received payment amount is within an approval limit stored in the approval limit storage unit;
(j) if the user authentication key is verified to be legitimate and the payment amount is verified to be within an approval limit range, transmitting the full message of approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 3,
(j-1) When the user authentication key is verified to be legitimate and the payment amount is verified to be within the approval limit, one or more of the complete message and the electronic receipt are transmitted to the mobile phone matching the mobile phone ID of step (a). Becoming;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID to the mobile phone matched with the input mobile phone ID;
(c) inputting an agreement key into the mobile phone receiving the transaction ID;
(d) verifying, by the user authentication key exemption limit verification unit, whether the payment amount is within a user authentication key exemption limit range stored in the user authentication key exemption limit storage unit;
(e) outputting, by the mobile phone, a user authentication key input request message to an output unit when the user authentication key is exempt from the limit;
(f) inputting a user authentication key to an input unit of the mobile phone;
(g) transmitting, by the transmitter of the cellular phone, the transaction ID, the user authentication key, and the media authentication key assigned to the card company system;
(h) verifying the received user authentication key by a user authentication key verification unit of a card company system;
(i) verifying the received media authentication key by the media authentication key verification unit of the card company system;
(j) verifying, by the approval limit verification unit of the card company system, whether the payment amount read out from the transaction ID is within the approval limit stored in the approval limit storage unit;
(k) if the user authentication key and the media authentication key are verified to be legitimate and the payment amount is verified to be within an approval limit, transmitting the full text of the approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 5,
(k-1) If the user authentication key is verified to be legitimate and the payment amount is verified to be within the limit of approval, one or more of the completion message and the electronic receipt are sent to the mobile phone matching the mobile phone ID of step (a). Steps
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID to the mobile phone matched with the input mobile phone ID;
(c) inputting an agreement key into the mobile phone receiving the transaction ID;
(d) the mobile phone deriving a payment amount from the transaction ID and verifying whether the payment amount is within a range of a mobile phone user key exemption limit stored in the mobile phone user key exemption limit storage unit;
(e) outputting a mobile phone user key input request message to an output unit when the mobile phone user key surface limit is verified outside the range;
(f) inputting a mobile phone user key to an input unit of the mobile phone;
(g) verifying the received mobile phone user key by a mobile phone user key verification unit built in the mobile phone;
(h) if the mobile phone user key is verified as valid and the consent key is input, the transmitting unit of the mobile phone transmits the transaction ID and the media authentication key assigned to the card company system;
(i) verifying the received media authentication key by the media authentication key verification unit of the card company system;
(j) verifying, by the approval limit verification unit of the card company system, whether the payment amount read out from the transaction ID is within the approval limit stored in the approval limit storage unit;
(k) if the medium authentication key is verified to be legitimate and the payment amount is verified to be within an approval limit range, transmitting the full text of approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 7, wherein
(k-1) If the user authentication key is verified to be legitimate and the payment amount is verified to be within the limit of approval, one or more of the completion message and the electronic receipt are sent to the mobile phone matching the mobile phone ID of step (a). Becoming;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID and the affiliated store ID to the card company system;
(c) generating an OTP by the OTP generating unit of the card company system;
(d) the card company system preparing a full transaction agreement request;
(e) transmitting, by the card company system, the full text of the OTP and the transaction agreement to the mobile phone matched with the mobile phone ID;
(f) inputting the OTP to the mobile phone;
(g) the mobile phone transmitting the input OTP and transaction ID to a card company system;
(h) verifying the received OTP by an OTP verification unit of a card company system;
(i) verifying, by the approval limit verification unit of the card company system, whether the payment amount derived from the transaction ID is within an approval limit stored in the approval limit storage unit;
(j) if the OTP is verified to be legitimate and the payment amount is verified to be within the approval limit, sending an authorization message to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. 10. The method of claim 9,
(f-1) A method for approving a mobile card without a dongle, in which a step of inputting a consent key into a mobile phone is added. The method of claim 9 or 10,
(j-1) when the OTP is verified as legitimate and the payment amount is verified to be within the approval limit, at least one of the completion message and the electronic receipt is transmitted to the mobile phone matching the mobile phone ID of step (a) ;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID and the affiliated store ID to the card company system;
(c) generating an OTP by the OTP generating unit of the card company system;
(d) the card company system preparing a full transaction agreement request;
(e) transmitting, by the card company system, the full text of the OTP and the transaction agreement to the mobile phone matched with the mobile phone ID;
(f) inputting the OTP to the mobile phone;
(g) the mobile phone deriving a payment amount from the transaction ID and verifying that the payment amount is within a range of a mobile phone user key exemption limit stored in the mobile phone user key exemption limit storage unit;
(h) outputting a mobile phone user key input request message to an output unit when the mobile phone user key surface limit is verified outside the range;
(i) inputting a mobile phone user key to an input unit of the mobile phone;
(j) verifying the received mobile phone user key by a mobile phone user key verification unit built in the mobile phone;
(k) transmitting the transaction ID and the OTP to the card company system when the mobile phone user key is verified as valid and the OTP is input;
(l) verifying the received OTP by the OTP verification unit of a card company system;
(m) verifying, by the approval limit verification unit of the card company system, whether the payment amount derived from the transaction ID is within an approval limit stored in the approval limit storage unit;
(n) if the OTP is verified to be legitimate and the payment amount is verified to be within the approval limit, transmitting the full text of the approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 12,
(f-1) inputting the consent key to the mobile phone; further adding the dongle mobile card authorization method. The method according to claim 12 or 13,
(n-1) when the OTP is verified as being legitimate and the payment amount is verified to be within the approval limit, at least one of the completion message and the electronic receipt is transmitted to the mobile phone matching the mobile phone ID of step (a) ;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID and the affiliated store ID to the card company system;
(c) generating an OTP by the OTP generating unit of the card company system;
(d) the card company system preparing a full transaction agreement request;
(e) transmitting, by the card company system, the full text of the OTP and the transaction agreement to the mobile phone matched with the mobile phone ID;
(f) inputting the OTP to the mobile phone;
(g) the mobile phone deriving a payment amount from the transaction ID and verifying that the payment amount is within a user authentication key exemption limit range stored in a user authentication key exemption limit storage unit;
(h) outputting a user authentication key input request message to an output unit when the user authentication key is exempt from the limit range;
(i) inputting a user authentication key to an input unit of a mobile phone;
(g) transmitting a transaction ID, an OTP, and a user authentication key to a card company system by a mobile phone;
(h) verifying the received user authentication key by a user authentication key verification unit of a card company system;
(i) verifying, by the approval limit verification unit of the card company system, whether the received payment amount is within an approval limit stored in the approval limit storage unit;
(j) if the OTP and the user authentication key are verified to be legitimate and the payment amount is verified to be within the approval limit range, transmitting the full message of approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 17,
(f-1) inputting the consent key to the mobile phone; further adding the dongle mobile card authorization method. The method according to claim 15 or 16,
(n-1) When the OTP and the user authentication key are verified to be legitimate and the payment amount is verified to be within the approval limit, the mobile phone whose at least one of the completion message and the electronic receipt are matched with the mobile phone ID of step (a) Transmitted to;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount and a mobile phone ID to the affiliated store inquiry;
(b) the affiliated store inquiry transmitting the transaction ID and the affiliated store ID to the card company system;
(c) generating an OTP by the OTP generating unit of the card company system;
(d) the card company system preparing a full transaction agreement request;
(e) transmitting, by the card company system, the full text of the OTP and the transaction agreement to the mobile phone matched with the mobile phone ID;
(f) inputting the OTP to the mobile phone;
(g) the mobile phone transmitting the input OTP and transaction ID to a card company system;
(h) verifying the received OTP by an OTP verification unit of a card company system;
(i) verifying, by the approval limit verification unit of the card company system, whether the payment amount derived from the transaction ID is within an approval limit stored in the approval limit storage unit;
(j) verifying, by the card company system, whether the payment amount is within a user authentication key limit limit stored in a user authentication key limit limit storage unit;
(k) the card company system transmitting a user authentication key input request message to the mobile phone matched with the mobile phone ID when the user authentication key is exempt from the limit range;
(l) inputting a user authentication key to an input unit of a mobile phone;
(m) transmitting, by the transmitter of the cellular phone, the user authentication key to the card company system;
(n) verifying the received user authentication key by a user authentication key verification unit of a card company system;
(o) if the OTP and the user authentication key are verified to be legitimate and the payment amount is verified to be within the approval limit range, transmitting the full text of the authorization to the affiliated store inquiry. The method of claim 18,
(f-1) inputting the consent key to the mobile phone; further adding the dongle mobile card authorization method. The method of claim 18 or 19,
(o-1) When the OTP and the user authentication key are verified to be legitimate and the payment amount is verified to be within the approval limit, the mobile phone whose at least one of the completion message and the electronic receipt are matched to the mobile phone ID of step (a) Transmitted to;
Authorization method of a mobile card without a dongle further comprising. (a) inputting a payment amount to an affiliated store inquiry input unit;
(b) reading, by the NFC reader of the affiliated store inquiry, the card ID from the USIM of the card phone in the proximity of the affiliated store inquiry;
(c) sending, by the affiliated store inquiry, a payment amount, an affiliated store ID, and the read card ID to a card company system;
(d) verifying, by the approval limit verification unit of the card company system, whether the payment amount is within the approval limit range corresponding to the card ID matching the transaction ID;
(e) if it is verified that the payment amount is within the approval limit, transmitting the full text of approval to the affiliated store inquiry;
Authorization method of the mobile card without a dongle. The method of claim 21,
A member inputting a signature into a signature pad of the affiliated shop inquiry;
Authorization method of the mobile card without a dongle is further included. The method of claim 21 or 22,
Reading, by the NFC reader of the affiliated lookup device, the media authentication key from the USIM of the card phone in the proximity of the affiliated lookup device;
Transmitting the media authentication key from a merchant inquiry system to a card company system;
Verifying the validity of the received OTP by the media authentication key verification unit of the card company system;
Authorization method of the mobile card without a dongle is further included. The method of claim 21 or 22,
Inputting a user authentication key to the card phone;
Transmitting the user authentication key from the card phone to the card company system;
Verifying, by the user authentication key verification unit of the card company system, the validity of the received user authentication key;
Authorization method of the mobile card without a dongle is further included. The method of claim 21 or 22,
Verifying that the payment amount is within the range of the user authentication key exemption limit stored in the user authentication key exemption limit storage unit in the user authentication key exemption limit verification unit of the card phone;
Outputting a user authentication key input request message to the output of the card phone when the user authentication key is over the limit;
Inputting a user authentication key to the card phone;
Transmitting the user authentication key from the card phone to the card company system;
Verifying, by the user authentication key verification unit of the card company system, the validity of the received user authentication key;
Authorization method of the mobile card without a dongle is further included. The method of claim 21 or 22,
Verifying, by the user authentication key exemption limit verification unit of the card company system, whether the payment amount is within the user authentication key exemption limit range stored in the user authentication key exemption limit storage unit;
Transmitting a user authentication key input request message to a card phone when the user authentication key surface limit is exceeded, and outputting a user authentication key input request message to an output of the card phone;
Inputting a user authentication key to the card phone;
Transmitting the user authentication key from the card phone to the card company system;
Verifying, by the user authentication key verification unit of the card company system, the validity of the received user authentication key;
Authorization method of the mobile card without a dongle is further included. The method of claim 21 or 22,
When the approval limit verification result is within the approval limit range, transmitting one or more of a complete text message and an electronic receipt to a card phone;
Authorization method of a mobile card without a dongle further comprising.
KR1020100010397A 2010-02-04 2010-02-04 The device and the way of mobile card transaction authorization without dongle KR20110090551A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020100010397A KR20110090551A (en) 2010-02-04 2010-02-04 The device and the way of mobile card transaction authorization without dongle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020100010397A KR20110090551A (en) 2010-02-04 2010-02-04 The device and the way of mobile card transaction authorization without dongle

Publications (1)

Publication Number Publication Date
KR20110090551A true KR20110090551A (en) 2011-08-10

Family

ID=44928317

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020100010397A KR20110090551A (en) 2010-02-04 2010-02-04 The device and the way of mobile card transaction authorization without dongle

Country Status (1)

Country Link
KR (1) KR20110090551A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101349327B1 (en) * 2013-03-22 2014-01-13 석천정보통신(주) Payment apparatus and payment system using the same
WO2018236401A1 (en) * 2017-06-23 2018-12-27 Visa International Service Association Verification and encryption scheme in data storage

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101349327B1 (en) * 2013-03-22 2014-01-13 석천정보통신(주) Payment apparatus and payment system using the same
WO2018236401A1 (en) * 2017-06-23 2018-12-27 Visa International Service Association Verification and encryption scheme in data storage
US11997213B2 (en) 2017-06-23 2024-05-28 Visa International Service Association Verification and encryption scheme in data storage

Similar Documents

Publication Publication Date Title
KR101766599B1 (en) Method and card company server for processing payment by checking verification value, method and smart card for support payment by using verification value
KR100641824B1 (en) A payment information input method and mobile commerce system using symmetric cipher system
KR101236959B1 (en) System for paying credit card of mobile security click using smart phone and method therefor
Chen et al. NFC mobile payment with Citizen Digital Certificate
CN104145297A (en) Hub and spokes pin verification
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
CN103116842B (en) Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method
CN102096972A (en) Method and system for finishing on-line payment based on user terminal, and user terminal
US9792592B2 (en) Portable electronic device for exchanging values and method of using such a device
CN112308555A (en) Remote transaction system, method and point-of-sale terminal
KR20130008125A (en) Payment by using payment identification number dynamic mapped user's payment tool
KR20120040690A (en) Method for certificating transaction by using one time sound code
KR20010085115A (en) The payment system by using the wireless terminal
KR101489259B1 (en) System and method for providing user authentication service
US8290870B2 (en) Method and device for exchanging values between personal portable electronic entities
KR20110090551A (en) The device and the way of mobile card transaction authorization without dongle
KR101187414B1 (en) System and method for authenticating card issued on portable terminal
KR101228856B1 (en) Method for Storing and Using Personal Information in a Portable Terminal
US20170323302A1 (en) Security systems and methods
KR20180026432A (en) Payment by using Payment Identification Number Dynamic Mapped Payment Means
KR20130008124A (en) Payment by using payment identification number dynamic mapped individual financial institution
KR20040075159A (en) System and Method for Confirming Card Settlement
KR101777745B1 (en) Method for Asking Transaction by using Mobile Device
JP2014127139A (en) Authentication server providing on-line settlement, authentication system and authentication method
KR101199093B1 (en) Method and System for Paying Giro using Code Image

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination