KR20120094401A - Method of service for settling by credit card improving security - Google Patents

Method of service for settling by credit card improving security Download PDF

Info

Publication number
KR20120094401A
KR20120094401A KR1020110013897A KR20110013897A KR20120094401A KR 20120094401 A KR20120094401 A KR 20120094401A KR 1020110013897 A KR1020110013897 A KR 1020110013897A KR 20110013897 A KR20110013897 A KR 20110013897A KR 20120094401 A KR20120094401 A KR 20120094401A
Authority
KR
South Korea
Prior art keywords
credit card
certificate
information
server
approval
Prior art date
Application number
KR1020110013897A
Other languages
Korean (ko)
Other versions
KR101320668B1 (en
Inventor
윤승희
Original Assignee
주식회사 코밴
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 코밴 filed Critical 주식회사 코밴
Priority to KR1020110013897A priority Critical patent/KR101320668B1/en
Publication of KR20120094401A publication Critical patent/KR20120094401A/en
Application granted granted Critical
Publication of KR101320668B1 publication Critical patent/KR101320668B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/22Payment schemes or models
    • G06Q20/24Credit schemes, i.e. "pay after"
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • G06Q20/3567Software being in the reader
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

PURPOSE: A credit card payment service providing method having enhanced security is provided to prevent credit card information from remaining in a credit card terminal and also prevent a leakage of the credit card information. CONSTITUTION: Software operating a credit card terminal is authenticated. If a credit card terminal system communicates with a server for the first time, the credit card terminal system is authenticated and a certificate is issued. The certificate is transmitted to a terminal. A credit transaction approval is requested with payment information and the certificate. The approval is performed only if there is hardware information matched with the certificate.

Description

보안성이 향상된 신용카드 결제 서비스 제공방법{METHOD OF SERVICE FOR SETTLING BY CREDIT CARD IMPROVING SECURITY}How to provide a secure credit card payment service {METHOD OF SERVICE FOR SETTLING BY CREDIT CARD IMPROVING SECURITY}

본 발명은 신용카드 결제 서비스 제공방법에 관한 것으로, 더욱 상세하게는, 신용카드 단말기에서 신용카드에 기록된 정보를 부정한 방법으로 유출할 수 없도록 함으로써 보안성이 향상된 신용카드 결제 서비스 제공방법에 관련된다.
The present invention relates to a method for providing a credit card payment service, and more particularly, to a method for providing a secured credit card payment service by preventing a credit card terminal from leaking information recorded on a credit card in an illegal manner. .

일반적으로 신용카드는 마그네틱 또는 스마트 칩을 구비하여 신용카드의 소유자 및 결제와 관련된 정보를 저장한다. 상기 신용카드를 이용하여 신용거래가 이루어지는 과정은 POS 등의 신용카드 단말기를 통하여 신용카드에 수록된 정보를 읽어들인 후, 결제금액과 함께 신용정보를 포함하는 승인요청신호를 각종 통신망을 통하여 신용카드 결제은행 또는 신용카드 중계사의 서버로 전송하며, 상기 신용카드 결제은행 또는 신용카드 중계사의 서버에서는 수신된 승인요청신호에서 신용정보 및 사용한도 등을 자체 데이터베이스에 저장되어 있는 정보와 비교하여 승인하는 방식으로 이루어진다.Generally, a credit card has a magnetic or smart chip to store information related to the owner and payment of the credit card. In the process of credit transaction using the credit card, after reading the information contained in the credit card through a credit card terminal such as POS, the credit card settlement bank through the various communication network to receive an authorization request signal including credit information together with the payment amount Or the credit card broker's server, and the credit card settlement bank or the credit card broker's server compares the credit information and the usage with the information stored in its database in the received authorization request signal. .

한편, 종래에는 상기 신용카드 단말기에서 신용카드에 기록된 정보를 리드하는 과정에서 카드번호와 정보가 잔존할 수 있었기 때문에, 신용카드정보가 제 3자에게 유출되어 부정사용될 수 있다는 문제점이 있었다.On the other hand, conventionally, since the card number and the information may remain in the process of reading the information recorded on the credit card in the credit card terminal, there is a problem that the credit card information may be leaked to a third party and used illegally.

특히, 신용카드 단말기 기능과 함께 매장의 매출 등을 관리하는 POS 시스템의 경우 POS 시스템 개발 업체가 난립하고 있는 실정이며, POS 시스템 개발 업체에 따라 결제 프로토콜이나 데이터 처리 방식 등이 서로 달랐기 때문에 종래의 기술로써는 모든 POS 시스템에 적용될 수 있는 범용적인 보안 방법을 구현하기가 어려웠다.In particular, POS system development companies are struggling in the case of POS systems that manage the sales of stores along with the function of credit card terminals, and since the payment protocols and data processing methods are different according to POS system developers, the conventional technology As a result, it was difficult to implement universal security methods that could be applied to all POS systems.

상기와 같은 문제점으로 인하여 신용카드 불법 도용 사례는 지속적으로 증가하고 있는 상황이며, 이를 근절할 수 있는 대책 마련이 시급한 실정이다.
Due to the problems described above, the case of illegal credit card theft is continuously increasing, and it is urgent to prepare a countermeasure for eradicating it.

상기와 같은 문제점들을 해결하기 위하여 창안된 본 발명은, POS 시스템을 포함하는 신용카드 단말기에서 시스템 외부로 신용카드정보가 유출될 수 있는 가능성을 원천적으로 봉쇄하는 것을 목적으로 한다.The present invention, which was devised to solve the above problems, aims at fundamentally blocking the possibility that credit card information can be leaked out of the system from a credit card terminal including a POS system.

또한, POS 시스템의 주기억장치 또는 보조기억장치에 저장되는 신용카드정보 관련 데이터가 부정한 방법으로 사용될 수 없도록 하는 것을 목적으로 한다.
It is also an object of the credit card information related data stored in the main memory device or the auxiliary memory device of the POS system to be used in an illegal manner.

상기와 같은 목적을 달성하기 위하여 창안된 본 발명의 일실시예에 따른 보안성이 향상된 신용카드 결제 서비스 제공방법은, 신용카드 단말기 및 VAN 서버를 포함하여 신용거래를 승인하는 방법에 있어서, (a) 신용카드 단말기를 구동하는 소프트웨어를 인증하는 프로그램인증단계; (b) 신용카드 단말기 시스템과 서버가 최초로 통신할 때, 시스템을 인증하여 인증서를 발급하는 사용인증단계; (c) 결제정보와 인증서를 포함하여 신용거래승인을 요청하는 승인요청단계; (d) 상기 인증서와 매칭되는 하드웨어정보가 있을 경우에만 승인요청에 대하여 승인하는 승인단계; 를 포함하여 구성된다.According to an aspect of the present invention, there is provided a method of providing a secured credit card payment service, comprising: a credit card terminal and a VAN server, in which a credit transaction is approved, (a A program authentication step of authenticating software for driving a credit card terminal; (b) a use authentication step of authenticating the system and issuing a certificate when the credit card terminal system and the server first communicate; (c) an approval request step for requesting approval of a credit transaction including payment information and a certificate; (d) an approval step of approving the approval request only when there is hardware information matching the certificate; .

이때, 상기 (b) 단계는, (b-1) 프로그램 인증키, 가맹점정보, 식별번호 및 하드웨어정보를 입력받는 단계; (b-2) 상기 단계에서 입력된 프로그램 인증키, 가맹점정보 및 식별번호가 서버에 저장된 데이터와 일치하는가의 여부를 판단하는 단계; (b-3) 상기 (b-1)단계에서 입력된 하드웨어정보가 서버에 저장된 데이터와 불일치하는가의 여부를 판단하는 단계; 상기 (b-2)단계에서 일치하고, (b-3)단계에서 불일치할 경우에만 인증서를 발급하여 서버에 저장하고, 단말기에 인증서를 전송하는 단계; 를 포함할 수 있다.
At this time, the step (b), (b-1) receiving a program authentication key, merchant information, identification number and hardware information; (b-2) determining whether the program authentication key, the affiliated store information, and the identification number input in the step correspond to data stored in the server; (b-3) determining whether the hardware information input in the step (b-1) is inconsistent with the data stored in the server; Issuing a certificate and storing it in a server only when it matches in step (b-2) and does not match in step (b-3), and transmits the certificate to the terminal; . ≪ / RTI >

상기와 같이 구성된 본 발명은, 신용카드 단말기에 신용카드 정보가 잔존하지 않도록 함과 동시에, 신용카드 단말기에서 신용카드 정보를 외부로 유출되지 않도록 하므로, 신용카드정보의 불법유출로 인한 사고를 방지할 수 있다는 유용한 효과를 제공한다.According to the present invention configured as described above, the credit card information does not remain in the credit card terminal and at the same time, the credit card information is not leaked to the outside, thereby preventing accidents caused by illegal leakage of credit card information. Can provide a useful effect.

또한, 본 발명에 포함된 시스템 감지 모듈을 활용하여 POS 단말기가 컴퓨터 바이러스에 노출되지 않도록 할 수 있다.In addition, it is possible to prevent the POS terminal from being exposed to computer viruses by utilizing the system detection module included in the present invention.

또한, POS 시스템의 인증제도를 도입함으로써 가맹점 관리의 체계화가 가능하며, 가맹점별로 제각각인 POS 구동 프로그램의 규격화가 가능하므로 전반적인 시스템 구축비용을 절감할 수 있다.
In addition, by introducing the POS system certification system, it is possible to systematically manage affiliate stores, and it is possible to standardize respective POS driving programs for each affiliate store, thereby reducing the overall system construction cost.

도 1은 본 발명의 일실시예에 따른 구성을 보인 순서도이다.
도 2는 본 발명의 다른 실시예에 따른 구성을 보인 순서도이다.1 is a flow chart showing the configuration according to an embodiment of the present invention.
2 is a flow chart showing the configuration according to another embodiment of the present invention.

이하에서는, 첨부된 도면을 참조하여 본 발명의 구성 및 동작을 구체적으로 설명하도록 한다.
Hereinafter, with reference to the accompanying drawings to be described in detail the configuration and operation of the present invention.

도 1은 본 발명의 일실시예에 따른 구성을 보인 순서도이다.1 is a flow chart showing the configuration according to an embodiment of the present invention.

도 1을 참조하면, 본 발명의 일실시예에 따른 보안성이 향상된 신용카드 결제 서비스 제공방법은 (a) 신용카드 단말기를 구동하는 소프트웨어를 인증하는 프로그램인증단계; (b) 신용카드 단말기 시스템과 서버가 최초로 통신할 때, 시스템을 인증하여 인증서를 발급하는 사용인증단계; (c) 결제정보와 인증서를 포함하여 신용거래승인을 요청하는 승인요청단계; (d) 상기 인증서와 매칭되는 하드웨어정보가 있을 경우에만 승인요청에 대하여 승인하는 승인단계;를 포함하여 구성된다.Referring to Figure 1, a method of providing improved security credit card payment service according to an embodiment of the present invention (a) a program authentication step for authenticating the software for driving the credit card terminal; (b) a use authentication step of authenticating the system and issuing a certificate when the credit card terminal system and the server first communicate; (c) an approval request step for requesting approval of a credit transaction including payment information and a certificate; (d) an approval step of approving the approval request only when there is hardware information matching the certificate.

먼저 상기 (a)단계는 POS 등의 신용카드 단말기에 설치되어 신용카드정보, 결제금액 및 할부 여부 등의 결제정보를 서버로 송신하며, 경우에 따라서는 일별, 월별 매출 통계 등을 계산하여 출력할 수 있는 통상의 POS 소프트웨어에 대한 인증과정으로써, 해당 소프트웨어를 구동하여 경우 신용카드정보가 신용카드 단말기의 주기억장치 또는 보조기억장치에 저장되는지의 여부를 확인하여, 잔존하는 데이터가 없는 경우에만 인증서를 발급하게 된다.
First, the step (a) is installed in a credit card terminal such as POS to transmit payment information such as credit card information, payment amount and installment to the server, and in some cases, calculate and output daily and monthly sales statistics. As a certification process for ordinary POS software, when the software is run, it checks whether the credit card information is stored in the main storage device or the secondary storage device of the credit card terminal, and the certificate is obtained only when there is no remaining data. Will be issued.

상기 (b) 단계는 신용카드 단말기가 서버를 통하여 통상적인 결제과정을 수행하기에 앞서서 해당 신용카드 단말기가 보안기준을 충족하는가의 여부를 판단하는 단계이다.Step (b) is a step of determining whether the credit card terminal satisfies the security standard before the credit card terminal performs the normal payment process through the server.

도 2는 본 발명의 다른 실시예에 따른 구성을 보인 순서도로써, 신용카드 단말기 시스템을 최초로 사용인증하는 과정을 예시하고 있다.2 is a flowchart illustrating a configuration according to another embodiment of the present invention, illustrating a process of first authenticating a credit card terminal system.

도 2를 참조하면, 상기 (b) 단계는, (b-1) 프로그램 인증키, 가맹점정보, 식별번호 및 하드웨어정보를 입력받는 단계; (b-2) 상기 단계에서 입력된 프로그램 인증키, 가맹점정보 및 식별번호가 서버에 저장된 데이터와 일치하는가의 여부를 판단하는 단계; (b-3) 상기 (b-1)단계에서 입력된 하드웨어정보가 서버에 저장된 데이터와 불일치하는가의 여부를 판단하는 단계; 상기 (b-2)단계에서 일치하고, (b-3)단계에서 불일치할 경우에만 인증서를 발급하여 서버에 저장하고, 단말기에 인증서를 전송하는 단계; 를 포함할 수 있다.
Referring to FIG. 2, the step (b) includes (b-1) receiving a program authentication key, affiliate store information, an identification number, and hardware information; (b-2) determining whether the program authentication key, the affiliated store information, and the identification number input in the step correspond to data stored in the server; (b-3) determining whether the hardware information input in the step (b-1) is inconsistent with the data stored in the server; Issuing a certificate and storing it in a server only when it matches in step (b-2) and does not match in step (b-3), and transmits the certificate to the terminal; . ≪ / RTI >

상기 (b-1)단계는, 상기 (a)단계에서 발급된 프로그램 인증키와 함께, 가맹점의 사업자 등록번호 등의 정보와 식별번호를 입력하는 단계이다.In the step (b-1), together with the program authentication key issued in the step (a), it is a step of entering information and identification number, such as a business registration number of the affiliated store.

또한, 본 단계에서는 신용카드 단말기의 하드웨어정보가 함께 입력되는데, 상기 하드웨어정보의 일 예로써 각각의 랜카드마다 별도로 부여되는 맥어드레스(Mac address)가 될 수 있다.
In addition, in this step, the hardware information of the credit card terminal is input together, and as an example of the hardware information, it may be a Mac address which is separately given to each LAN card.

상기 (b-2)단계는, 프로그램 인증키, 가맹점정보, 식별번호를 서버에 저장된 데이터와 비교하여 일치여부를 판단하는 단계로써, 만약, 본 단계에서 불일치로 판정될 경우 모든 과정은 종료된다.
In the step (b-2), the program authentication key, the affiliated store information, and the identification number are compared with the data stored in the server to determine whether they match. If it is determined inconsistency in this step, all processes are finished.

상기 (b-3)단계는, 상기 하드웨어정보가 서버에 저장된 정보와 일치하는지의 여부를 판단하는 과정으로, 하드웨어정보가 이미 서버에 저장되어 있는 경우라면, 해당 하드웨어에는 이미 인증서가 발급되어 있어야만 하는 것이므로 다음 단계로 진행하지 않고 그대로 종료하게 된다.
The step (b-3) is a process of determining whether the hardware information matches the information stored in the server. If the hardware information is already stored in the server, a certificate must be already issued to the hardware. It will exit without going to the next step.

상기와 같은 과정을 거쳐 인증서가 발급되어 신용카드 단말기 및 서버에 저장되는 것이다.
The certificate is issued through the above process and stored in the credit card terminal and server.

상기 과정을 통하여 인증서가 발급된 이후에는 신용카드 단말기 또는 소프트웨어가 교체되지 않는 한 추가적으로 인증서 발급과정을 진행할 필요가 없다.
After the certificate is issued through the above process, there is no need to proceed with the certificate issuing process unless the credit card terminal or software is replaced.

신용카드 단말기에서 신용거래를 하고자 할 경우 (c) 결제정보와 인증서를 포함하여 신용거래승인을 요청하는 승인요청단계; 및 (d) 상기 인증서와 매칭되는 하드웨어정보가 있을 경우에만 승인요청에 대하여 승인하는 승인단계;를 진행할 수 있다.(C) an authorization request step for requesting credit approval, including payment information and a certificate, when a credit transaction is to be performed in a credit card terminal; And (d) an approval step of approving the approval request only when there is hardware information matching the certificate.

만약 인증서가 없는 경우에는 승인요청이 거부되며, 인증서가 있는 경우에만 (d)단계가 진행된다.If there is no certificate, the request for approval is denied, and step (d) is performed only if there is a certificate.

승인요청에는 결제정보와 인증서가 포함되는데, 상기 결제정보에는 신용카드정보, 결제금액, 할부 개월 수 및 하드웨어정보가 포함되어 있다.The authorization request includes payment information and a certificate. The payment information includes credit card information, payment amount, installment months, and hardware information.

상기 승인요청에 포함된 인증서와 하드웨어정보를 서버에 저장된 인증서 및 하드웨어정보와 비교하여 일치할 경우 승인이 이루어지게 되는 것이다.
If the certificate and hardware information included in the approval request is compared with the certificate and hardware information stored in the server, the approval is made.

이상에서 설명한 본 발명의 바람직한 실시예에 대하여 상세하게 설명하였지만, 당해 기술분야에서 통상의 지식을 가진 자라면 이로부터 다양한 변형 및 균등한 타 실시예가 가능하다는 점을 이해할 수 있을 것이다.Although the preferred embodiments of the present invention described above have been described in detail, those skilled in the art will understand that various modifications and equivalent other embodiments are possible therefrom.

따라서, 본 발명의 권리 범위는 개시된 실시예에 한정되는 것은 아니고 다음의 청구범위에서 정의하고 있는 본 발명의 기본 개념을 이용한 당업자의 여러 변경 및 개량 형태 또한 본 발명의 권리 범위에 속하는 것으로 보아야 할 것이다.
Accordingly, the scope of the present invention is not limited to the disclosed embodiments, but various modifications and improvements of those skilled in the art using the basic concepts of the present invention defined in the following claims should also be considered as belonging to the scope of the present invention. .

Claims (2)

신용카드 단말기 및 VAN 서버를 포함하여 신용거래를 승인하는 방법에 있어서,
(a) 신용카드 단말기를 구동하는 소프트웨어를 인증하는 프로그램인증단계;
(b) 신용카드 단말기 시스템과 서버가 최초로 통신할 때, 시스템을 인증하여 인증서를 발급하는 사용인증단계;
(c) 결제정보와 인증서를 포함하여 신용거래승인을 요청하는 승인요청단계;
(d) 상기 인증서와 매칭되는 하드웨어정보가 있을 경우에만 승인요청에 대하여 승인하는 승인단계;
를 포함하는
보안성이 향상된 신용카드 결제 서비스 제공방법.
In the method for authorizing credit transactions, including credit card terminal and VAN server,
(a) a program authentication step of authenticating software for driving a credit card terminal;
(b) a use authentication step of authenticating the system and issuing a certificate when the credit card terminal system and the server first communicate;
(c) an approval request step for requesting approval of a credit transaction including payment information and a certificate;
(d) an approval step of approving the approval request only when there is hardware information matching the certificate;
Containing
How to provide a secure credit card payment service.
제 1 항에 있어서,
상기 (b) 단계는,
(b-1) 프로그램 인증키, 가맹점정보, 식별번호 및 하드웨어정보를 입력받는 단계;
(b-2) 상기 단계에서 입력된 프로그램 인증키, 가맹점정보 및 식별번호가 서버에 저장된 데이터와 일치하는가의 여부를 판단하는 단계;
(b-3) 상기 (b-1)단계에서 입력된 하드웨어정보가 서버에 저장된 데이터와 불일치하는가의 여부를 판단하는 단계;
상기 (b-2)단계에서 일치하고, (b-3)단계에서 불일치할 경우에만 인증서를 발급하여 서버에 저장하고, 단말기에 인증서를 전송하는 단계;
를 포함하는
보안성이 향상된 신용카드 결제 서비스 제공방법.
The method of claim 1,
The step (b)
(b-1) receiving a program authentication key, merchant information, identification number, and hardware information;
(b-2) determining whether the program authentication key, the affiliated store information, and the identification number input in the step correspond to data stored in the server;
(b-3) determining whether the hardware information input in the step (b-1) is inconsistent with the data stored in the server;
Issuing a certificate and storing it in a server only when it matches in step (b-2) and does not match in step (b-3), and transmits the certificate to the terminal;
Containing
How to provide a secure credit card payment service.
KR1020110013897A 2011-02-16 2011-02-16 Method of service for settling by credit card improving security KR101320668B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110013897A KR101320668B1 (en) 2011-02-16 2011-02-16 Method of service for settling by credit card improving security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110013897A KR101320668B1 (en) 2011-02-16 2011-02-16 Method of service for settling by credit card improving security

Publications (2)

Publication Number Publication Date
KR20120094401A true KR20120094401A (en) 2012-08-24
KR101320668B1 KR101320668B1 (en) 2013-10-18

Family

ID=46885320

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110013897A KR101320668B1 (en) 2011-02-16 2011-02-16 Method of service for settling by credit card improving security

Country Status (1)

Country Link
KR (1) KR101320668B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101713956B1 (en) 2016-02-03 2017-03-22 정종구 Financial card
KR20190015362A (en) * 2016-06-01 2019-02-13 알리바바 그룹 홀딩 리미티드 Mobile payment methods, devices and systems

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007507786A (en) 2003-10-06 2007-03-29 コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ Method and circuit for identifying and / or verifying hardware and / or software of electrical equipment and data carriers cooperating with electrical equipment
KR20090022493A (en) * 2007-08-30 2009-03-04 박동국 Device authenticating apparatus, method and computer readable record-medium on which program for executing method thereof
KR20090114944A (en) * 2008-04-30 2009-11-04 노틸러스효성 주식회사 Atm authentication system and method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101713956B1 (en) 2016-02-03 2017-03-22 정종구 Financial card
KR20190015362A (en) * 2016-06-01 2019-02-13 알리바바 그룹 홀딩 리미티드 Mobile payment methods, devices and systems
US11100473B2 (en) 2016-06-01 2021-08-24 Advanced New Technologies Co., Ltd. Mobile payment processing
US11100474B2 (en) 2016-06-01 2021-08-24 Advanced New Technologies Co., Ltd. Mobile payment processing

Also Published As

Publication number Publication date
KR101320668B1 (en) 2013-10-18

Similar Documents

Publication Publication Date Title
RU2537795C2 (en) Trusted remote attestation agent (traa)
US20150324764A1 (en) Enabling a User to Transact Using Cryptocurrency
KR20010025234A (en) A certification method of credit of a financing card based on fingerprint and a certification system thereof
US20050171904A1 (en) System and method for flexible micropayment of low value electronic assets
US20210192520A1 (en) Distributed credit ecosystem
CN104484804A (en) Secure fingerprint transaction paying method and system
WO2015154536A1 (en) Payment method and system having multiple security composition mechanisms based on visible code
CN101739624A (en) Trusted payment network system
KR102655287B1 (en) Token state synchronization
Murdoch et al. Security protocols and evidence: Where many payment systems fail
CN109716373A (en) Cipher authentication and tokenized transaction
JP5905945B2 (en) Apparatus and method for detecting fraudulent transactions
US6662151B1 (en) System for secured reading and processing of data on intelligent data carriers
US20200111081A1 (en) Child tokens for digital wallets
CN102004977A (en) Safe network payment method and system
KR101320668B1 (en) Method of service for settling by credit card improving security
RU2412484C2 (en) Secure mobile terminal for electronic transactions and secure electronic transaction system
CN112970234A (en) Account assertions
EP2577578A2 (en) Electronic payment unit, electronic payment origin authentication system and method
US20170011366A1 (en) Method and settlement processing system for reinforcing security of settlement
KR101309835B1 (en) A system for total financial transaction
KR100845605B1 (en) Personal identity and settlement system for service using RFID and method for operating the same
KR20150092864A (en) Method and system for reinforce a settlement security
KR20140094338A (en) System and black box and method for sales management
KR101408968B1 (en) Authentication system with increased access security of certificate and authentication method thereof

Legal Events

Date Code Title Description
A201 Request for examination
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20181015

Year of fee payment: 6

FPAY Annual fee payment

Payment date: 20191014

Year of fee payment: 7