KR20120108599A - Credit card payment service using online credit card payment device - Google Patents

Credit card payment service using online credit card payment device Download PDF

Info

Publication number
KR20120108599A
KR20120108599A KR1020110026682A KR20110026682A KR20120108599A KR 20120108599 A KR20120108599 A KR 20120108599A KR 1020110026682 A KR1020110026682 A KR 1020110026682A KR 20110026682 A KR20110026682 A KR 20110026682A KR 20120108599 A KR20120108599 A KR 20120108599A
Authority
KR
South Korea
Prior art keywords
terminal
credit card
user
server
message
Prior art date
Application number
KR1020110026682A
Other languages
Korean (ko)
Inventor
서정훈
Original Assignee
주식회사 스마트솔루션
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 주식회사 스마트솔루션 filed Critical 주식회사 스마트솔루션
Priority to KR1020110026682A priority Critical patent/KR20120108599A/en
Publication of KR20120108599A publication Critical patent/KR20120108599A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/356Aspects of software for card payments
    • G06Q20/3567Software being in the reader
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The present invention relates to a credit card payment service using an online credit card payment terminal. Specifically, in order to make a credit card payment, you must have a registered terminal and a credit card and know the terminal password and the credit card password. The terminal and the authentication server mutually authenticate using the public key and the private key generated at the time of issuing the terminal.When mutual authentication is completed, the terminal and the authentication server share a session key for cryptographic communication. Encrypt the necessary information (credit card number, credit card password, username, etc.). This allows credit card transactions to be safely carried out without any information being leaked by malicious code or malicious hackers on PCs or networks.

Figure pat00001

Description

Credit card payment service using online credit card payment device}

The present invention relates to a credit card payment service using an online credit card payment terminal in the technical field belonging to the user authentication.

As with Internet banking, online payments using credit cards are made as frequently as trillions of won every year. In the past, payment using a credit card online requires only a credit card number, a credit card payment password, and a credit card verification number. The above information required for online credit card payment is easily exposed by malicious programs such as keylogging programs installed on the user's PC. Actual credit card payment related financial accidents are becoming serious problems as many as thousands of cases every year. It is true that there is no obvious solution. Installing various security programs such as firewalls, vaccines, and keyboard hacking prevention programs on the PC to detect malicious programs is effective in preventing known hacking programs, but it is impossible to cope with unknown malicious programs in real time.

In order to solve the above-mentioned problems, the present invention issues a credit card payment terminal, and when a user makes an online credit card transaction, accesses an authentication server through the credit card payment terminal and authenticates himself and the credit card payment terminal and the authentication server. The purpose of the present invention is to form a cryptographic channel therebetween and to transmit and receive payment information through the cryptographic channel to enable secure online credit card payment.

In order to achieve the above object, the present invention generates and stores a device authentication public key (PK) and private key (PrK) in the authentication center HSM server, and delivers the generated public key (PK) to the manufacturer terminal issuing system. The manufacturer terminal issuing system generates a unique terminal serial number (SN) and injects (stores) the generated terminal serial number (SN) and the received public key (PK) to the terminal and issues the terminal. The process of registering a serial number (SN) with a DB server of an authentication center. When a user applies for a terminal issuing service to a credit card company server while entering a user name, a user's mobile number or an e-mail address online through a user PC, the credit card company Request the terminal to the manufacturer, the manufacturer delivers the terminal to the credit card company and the terminal device serial number (SN) to the credit card company server process, the credit card company server used If the user name, user's mobile number or email address and terminal serial number entered in the application for self service are sent to the authentication server, the authentication server stores the user name, user's mobile number or email address and terminal serial number in the DB server, Card company terminal distribution step including the process of delivering the terminal to the user; When the user installs the terminal on the user's PC, the terminal is connected to the user's PC and the terminal registration window is executed on the user's PC. The user registers the terminal password, user name, mobile phone number or e-mail address through the terminal registration window. When the user PC transmits the terminal password, the user name, the user's mobile number or the e-mail address to the terminal, the terminal stores the terminal password, the user's name, the user's mobile number or the e-mail address, and the terminal includes the terminal serial number, the user name, The process of generating a hash code 1 using the input value of the user's mobile phone number or e-mail address and transmitting the terminal serial number, the user's name, the user's mobile phone number or the e-mail address, and the hash code 1 to the authentication server. , Username, user's mobile number or email address Generates the hash code 1 'with the output value and compares it with the received hash code 1 and verifies the integrity of the terminal serial number, the user name, the user's mobile phone number or the e-mail address, and corresponds to the terminal serial number (SN). Generate and store the authentication code (AC) in the DB server, and transmits the authentication code (AC) to the mobile phone number or email address, the user is connected to the user PC to the authentication code (AC) received by the mobile phone or email Input to the terminal, the terminal generates and stores a random number 1 (RND1), encrypts the terminal serial number (SN), the authentication code (AC), authentication code (AC) with a device authentication public key (PK) message Generating 1 (m1) and transmitting the terminal serial number (SN) and message 1 (m1) to the authentication server, the authentication server sends the received message 1 (m1) to the HSM server and the HSM server stores the stored private key The mesh as (PrK) 1 (m1) is decrypted and transmitted to the authentication server, and the authentication server extracts the terminal serial number (SN), random number 1 (RND1) and the authentication code from the received decryption message, and the extracted terminal serial number (SN) is the DB. Whether or not registered in the server, if the terminal serial number (SN) is registered, whether the authentication code (AC) corresponding to the registered terminal serial number is registered, if the authentication code (AC) is registered, the authentication code extracted from the message 1 ( AC) and verifying whether the authentication code (AC) registered in the DB server is matched, if the terminal serial number (SN) and the authentication code (AC) is verified, the authentication server generates a random number 2 (RND2) And a session key (SK) is generated from the random number 2 (RND2) and the random number 1 (RND1) extracted by decoding the message 1 (m1) and the terminal serial number (SN). Number (SN), random number 1 (RND1) is encrypted to generate message 2 (m2), random number 2 (RND2) Is transmitted to the terminal connected to the user PC through the Internet network, the terminal generates a session key (SK) from the received random number 2 (RND2) and the random number 1 (RND1) and the terminal serial number (SN) stored in the terminal Decrypt the received message 2 (m2) with the session key (SK) to extract the random number 1 (RND1) and the terminal serial number (SN), and from the random number 1 (RND1) and message 2 (m2) stored in the terminal Compare and compare the random number 1 (RND1) extracted by decryption to form a cryptographic channel between the terminal and the authentication server, and if it matches, encrypt the encryption channel formation completion message with the session key (SK) and transmit it to the authentication server. When the process of receiving the encryption channel formation completion message, the authentication server registers the customer name and the terminal serial number in the DB server, encrypts the terminal registration success message with the session key, and transmits the message to the terminal. Terminal registration step comprises a step of transmitting a registration success message to the user PC; When the user installs the terminal on the user's PC, the user's PC and the terminal are connected, and the credit card registration window is executed on the user's PC. In the process of reading the card number and user name, the terminal generates a hash code 2 using the credit card number and the user name as input values, and encrypts the hash code 2, the credit card number, and the user name with the session key (SK). Creating message 3 (m3) and sending message 3 (m3) to the authentication server, the authentication server decrypts the message 3 (m3) with the session key (SK) to extract the hash code 2, credit card number, user name And generating a hash code 2 'using the extracted credit card number and the user name as an input value, and comparing the extracted hash code 2 with the hash code 2' to verify the integrity of the message 3 (m3). When the server sends the credit card number and the user name to the credit card company server, the credit card company server verifies whether the credit card is a valid card and passes the result to the authentication server. The authentication server verifies that the credit card is a valid card. Registering a user name and hash code 2 in the DB server when receiving the value, and transmitting a result indicating that the credit card is normally registered to the user PC; When a user connects to an online shopping mall server and selects a product and makes a payment request, a process of selecting a payment method appears on the user's PC, and a credit card payment service using an online credit card payment terminal in the payment method selection window (hereinafter, smart Payment), the user PC requests the smart payment from the PG company server and the smart payment window is executed, the user connects the terminal to the user PC and the terminal password in the smart payment window when the user uses the terminal for the first time in the user PC. If a window appears asking for input and the user enters the terminal password, the password entered by the user is compared with the password stored in the terminal. If the terminal is connected to the user's PC, the user inserts a credit card with the IC chip into the terminal. The terminal automatically recognizes the credit card and the credit card number. The process of reading the user name and generating the hash code 2 using the credit card number and the user name as input values. When the credit card password input window appears in the smart payment window, the user inputs the credit card password and the terminal enters the credit card password entered by the user. Verifying whether the credit card password registered in the credit card is matched, and if the credit card password is verified, the terminal transmits the hash code 2 generated by inputting the credit card number and the user name to the authentication server, and authenticates. The server compares whether the received hash code 2 is registered with the DB server or if the value is identical. If the values match, the server checks the credit card registration and transmits a credit card registration confirmation message to the terminal. Upon receipt of the registration confirmation message, a random number 3 (RND3) is generated, a random number 3 (RND3) and a terminal serial number (SN). Encrypting with a public key (PK) to generate a message 3 (m3), and transmitting the message 3 (m3) and the terminal serial number (SN) to the authentication server, the authentication server sends the received message 3 (m3) Delivered to the HSM server, the HSM server decrypts the message 3 (m3) with a private key (PrK) to pass to the authentication server, the authentication server decrypts the message serial number (SN) extracted by decrypting the message 3 (m3) The process of verifying whether the terminal serial number (SN) registered in the DB server is matched, and if the terminal serial number (SN) is verified, the authentication server generates a random number 4 (RND4), random number 3 (RND3), random number 4 (RND4) generates a session key 2 (SK2) from the terminal serial number (SN), and encrypts the terminal serial number (SN) and random number 4 (RND4) with the session key 2 (SK2) message 4 (m4) Generating and transmitting the message 4 (m4) and the random number 4 (RND4) to the terminal, the terminal receives the received random number 4 (RND4) and the terminal sequence The session key 2 (SK2) is generated using the call SN and the random number 3 (RND3), and the extracted random number 1 (RND1) is generated at the terminal by decoding the message 4 (m4) with the session key 2 (SK2). A process of forming a cryptographic channel 2 between the terminal and the authentication server if the value of the random number 1 (RND1) is identical, and if the cryptographic channel 2 is formed, the terminal generates a transaction message and transmits the transaction message to the authentication server; The authentication server transmits the received transaction text to the credit card company server, and the credit card company server makes a payment with reference to the transaction text and transmits the payment processing result to the online shopping mall server. The online shopping mall receives the payment processing result from the credit card company server. Receiving a payment processing result to the user PC, credit card payment step comprising the process of displaying the payment processing result in the smart payment window of the user PC; online credit car comprising a Providing credit card billing services utilizing the payment terminal.

According to the present invention, a user using a credit card payment service using an online credit card payment terminal can safely perform online credit card payment. More specifically, in order to make a credit card payment, the user must have a registered terminal and a credit card and know the terminal password and the credit card password. The terminal and the authentication server mutually authenticate using the public key and the private key generated at the time of issuing the terminal.When mutual authentication is completed, the terminal and the authentication server share a session key for cryptographic communication. Encrypt the necessary information (credit card number, credit card password, username, etc.). As a result, it is possible to securely perform credit card transactions without information being leaked by malicious code or malicious hackers on PC or network.

1 is a diagram illustrating a terminal issuance and distribution step.
2 and 3 are diagrams illustrating a terminal registration step.
4 is a diagram illustrating a credit card registration process.
5 and 6 illustrate a credit card payment process.
7 illustrates a preferred embodiment of a terminal.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Prior to describing a credit card payment service using an online credit card payment terminal, a preferred embodiment of the terminal implementation will be described.

7 illustrates a preferred embodiment of a terminal. The terminal

The terminal is composed of an interface unit, a control unit, a smart card reader unit, and a security chip (random number generator, key generation unit, storage unit, encryption / decryption unit).

The interface unit connects the terminal and the user PC to send and receive data, and it is possible to use various connection methods such as USB, serial port, parallel port, and Bluetooth, and it is preferable to use USB.

The security chip includes a random number generator, a key generator, a storage unit, and an encryption / decryption unit. The random number generator generates a random number, and the storage unit stores the random number, the private key, the session key, the terminal serial number and the data, and the encryption and decryption unit encrypts / decrypts the data. It is desirable to implement a security chip with a smart card. The controller and the security chip are preferably connected to the ISO7816 interface. Data stored in the security chip can not be leaked to the outside.

The smart card reader inserts a credit card in the form of an IC chip and connects the credit card and the control unit to transmit and receive data with each other.

The controller connects the interface unit, the smart card reader unit, and the security chip to transmit and receive data with each other.

1 to 6, a credit card payment service using an online credit card payment terminal according to a preferred embodiment of the present invention will be described in detail.

1 is a diagram illustrating a terminal issuance and distribution step.

The distribution step will be described in detail with reference to FIG.

The authentication center HSM server generates and stores a public key (PK) and a private key (PrK) for device authentication (S101), and passes the generated public key (PK) to the manufacturer's terminal issuing system (S102). The system generates a unique terminal serial number (SN) and injects (stores) the generated terminal serial number (SN) and the received public key (PK) to the terminal and issues a terminal (S103). (SN) registers with the DB server of the authentication center. (S104)

When a user applies for a terminal issuance service to a credit card company server by inputting a user name, a user's mobile number or an e-mail address online through the user's PC (S105), the credit card company requests the terminal from the manufacturer (S106) and the manufacturer uses the terminal. Delivers to the credit card company and the terminal device serial number (SN) to the credit card company server (S107).

When the credit card company server transmits the user information (user name, user's mobile number or email address) and terminal serial number entered by the user when applying for service to the authentication server, the authentication server sends the user name, user's mobile number or email address and terminal serial number. The number is stored in the DB server (S108), and the credit card company delivers the terminal to the user (S109).

2 and 3 are diagrams illustrating a terminal registration step.

Referring to Figure 2 will be described in detail the process up to the delivery of the authentication code during the terminal registration step.

When the user mounts the terminal on the user PC, the user PC and the terminal are connected, and the terminal registration window is executed on the user PC (S201).

The user registers the terminal password and user information (user name, user's mobile number or e-mail address, etc.) through the terminal registration window (S202).

The user PC transmits the terminal password, user information (user name, user mobile number or e-mail address, etc.) to the terminal (S203).

The terminal stores the terminal password, user information (user name, user mobile number or e-mail address, etc.) (S204).

The terminal generates a hash code 1 using an input value of the terminal serial number, the user name, the user's mobile number or the e-mail address (S205).

 The terminal transmits the terminal serial number, user information (user name, user's mobile number or e-mail address, etc.) and hash code 1 to the authentication server (S206).

The authentication server generates a hash code 1 'as an input value using the received terminal serial number and user information (user name, user's mobile number or e-mail address), and compares the terminal serial number with the received hash code 1. Verify that the user information (user name, user's mobile number or e-mail address, etc.) has not been tampered with (S207).

The authentication server generates an authentication code (AC) corresponding to the terminal serial number (SN), stores it in the DB server, and transmits the authentication code (AC) to the mobile phone number or email address.

Referring to Figure 3 will be described in detail the process from the delivery of the authentication code to the terminal registration.

The user inputs the authentication code (AC) received by the mobile phone or e-mail into the terminal connected to the user PC. (S209)

The terminal generates and stores a random number 1 (RND1), encrypts the terminal serial number (SN), the authentication code (AC), and the random number 1 (RND1) with a device authentication public key (PK) to encrypt message 1 (m1). It generates and transmits the terminal serial number (SN) and message 1 (m1) to the authentication server (S210).

Since the random number 1 (RND1) is generated and stored in the security chip (smart card IC) of the terminal, the random number 1 (RND1) cannot be leaked to the outside and is safely managed in the terminal.

The authentication server transmits the received message 1 (m1) to the HSM server, and the HSM server decrypts the message 1 (m1) with the stored private key (PrK) and transmits it to the authentication server (S211).

The authentication server extracts the terminal serial number (SN), the random number 1 (RND1) and the authentication code (AC) from the decrypted message of the received message 1 (m1) whether the extracted terminal serial number (SN) is registered in the DB server. If the terminal serial number (SN) is registered, whether the authentication code (AC) corresponding to the registered terminal serial number is registered, if the authentication code (AC) is registered, the authentication code (AC) extracted from the message 1 (m1) Verifies whether or not the authentication code (AC) registered in the and the DB server match (S212).

When the terminal serial number (SN) and the authentication code (AC) is verified, the authentication server generates a random number 2 (RND2), and the random number 2 (RND2), the random number 1 (RND1) extracted by decoding the message 1 (m1) Generates a session key (SK) from the terminal serial number (SN), generates a message 2 (m2) by encrypting the terminal serial number (SN) and a random number (RND1) with the session key (SK), and Message 2 (m2) and random number 2 (RND2) is transmitted to the terminal connected to the user's PC through the Internet network (S213).

The method for generating the session key can be used in various ways. For example, the terminal serial number (SN) and the random number 2 (RND2) can be encrypted with the random number 1 (RND1) to generate a session key (SK). ), A random key 2 (RND2) can be mixed to generate a session key SK.

The terminal generates a session key (SK) from the received random number 2 (RND2), the random number 1 (RND1) and the terminal serial number (SN) stored in the terminal and the message 2 (m2) received as the session key (SK) Decode the random number 1 (RND1) and the terminal serial number (SN) to extract, and compare the random number 1 (RND1) extracted from the random number 1 (RND1) and the message 2 (m2) stored in the terminal to compare the value If a comparison is made, an encryption channel is formed between the terminal and the authentication server, and the encryption channel formation completion message is encrypted with the session key SK and transmitted to the authentication server.

Upon receipt of the encryption channel formation completion message, the authentication server registers the customer name and the terminal serial number in the DB server, encrypts the terminal registration success message with the session key (SK), and transmits the message to the terminal. The success message is transmitted (S215).

4 is a diagram illustrating a credit card registration process.

When the user mounts the terminal on the user PC, the user PC and the terminal are connected, and a credit card registration window is executed on the user PC (S301).

When the user inserts a credit card with an IC chip into the terminal, the terminal automatically recognizes the credit card and reads the credit card number and user name.

The terminal generates a hash code 2 by inputting the credit card number and the user name into the terminal, and generates the message 3 (m3) by encrypting the hash code 2, the credit card number, and the user name with the session key (SK). 3 (m3) is transmitted to the authentication server (S303).

The authentication server decrypts message 3 (m3) with a session key (SK) to extract hash code 2, a credit card number, and a user name, and generates a hash code 2 'with the extracted credit card number and user name as input values. The integrity of the message 3 (m3) is verified by comparing the extracted hash code 2 with the hash code 2 '(S304).

When the authentication server transmits the credit card number and the user name to the credit card company server, the credit card company server verifies that the credit card is a valid card and transmits the result value to the authentication server (S305).

The authentication server registers the user name and hash code 2 in the DB server when the credit card receives the verification result as a valid card and transmits the result that the credit card is normally registered to the user PC (S306).

5 and 6 illustrate a credit card payment process.

When the user accesses the online shopping mall server, selects a product, and requests a payment, a selection window appears on the user's PC. (S401)

If the user selects a credit card payment service (hereinafter referred to as smart payment) using an online credit card payment terminal in the payment method selection window, the user PC requests a smart payment from the PG company server and the smart payment window is executed (S402).

When the user connects the terminal to the user's PC and uses the terminal for the first time on the user's PC, a window for requesting the input of the terminal password appears on the smart payment window. If it matches, the terminal is connected to the user PC. (S403)

If the terminal password is wrong more than a certain number of times (such as five times), it is preferable that the terminal is automatically locked. If the terminal is locked, the user cannot use the terminal.

When a user inserts a credit card containing an IC chip into the terminal, the terminal automatically recognizes the credit card, reads the credit card number and the user name, and generates a hash code 2 using the credit card number and the user name as input values. (S404)

When the credit card password input window appears in the smart payment window, the user enters the credit card password, and the terminal verifies whether the credit card password entered by the user and the credit card password registered in the credit card match (S405).

When the credit card password is verified, the terminal transmits the hash code 2 generated by inputting the credit card number and the user name to the authentication server, and the authentication server checks whether the received hash code 2 is registered in the DB server. If the value is matched, if the value is matched, the credit card registration is confirmed and the credit card registration confirmation message is transmitted to the terminal.

When the terminal receives the credit card registration confirmation message, it generates a random number 3 (RND3), encrypts the random number 3 (RND3) and the terminal serial number (SN) with a public key (PK) to generate a message 3 (m3), Message 3 (m3) and the terminal serial number (SN) is transmitted to the authentication server (S407).

The authentication server transmits the received message 3 (m3) to the HSM server, and the HSM server decrypts the message 3 (m3) with the private key (PrK) and delivers it to the authentication server (S408).

The authentication server decrypts the message 3 (m3) and compares the extracted terminal serial number (SN) with the terminal serial number (SN) registered in the DB server and verifies whether it matches (S409).

If the terminal serial number (SN) is verified, the authentication server generates a random number 4 (RND4) and generates a session key 2 (SK2) from the random number 3 (RND3), random number (RND4), the terminal serial number (SN) The terminal serial number (SN) and the random number 4 (RND4) are encrypted with the session key 2 (SK2) to generate a message 4 (m4), and the message 4 (m4) and the random number 4 (RND4) are transmitted to the terminal. (S410)

The terminal generates a session key 2 (SK2) using the received random number 4 (RND4), the terminal serial number (SN), a random number 3 (RND3), and sends a message 4 (m4) to the session key 2 (SK2) If the random number 1 (RND1) extracted by decryption matches the random number 1 (RND1) generated by the terminal, a cryptographic channel 2 is formed between the terminal and the authentication server (S411).

When the encryption channel 2 is formed, the terminal generates a transaction message and transmits the transaction message to the authentication server (S412).

The authentication server transmits the received transaction text to the credit card company server, and the credit card company server proceeds with reference to the transaction text and transmits the payment processing result to the online shopping mall server (S413).

When the online shopping mall receives the payment processing result from the credit card company server and transmits the payment processing result to the user PC, the online shopping mall displays the payment processing result in the smart payment window of the user PC.

The present invention has been described above with reference to the accompanying drawings, but the present invention is not limited thereto, and various changes, modifications, and equivalents may be used. Therefore, the present invention can be applied by appropriately modifying the above embodiments, it will be natural that such applications also fall within the scope of the present invention based on the technical idea described in the claims.

The present invention can be used in a wide range of industries requiring a secure online credit card payment service.

100: authentication server 200: HSM server
300: DB server 400: Manufacturer issued system
500: terminal 600: credit card company server
700: User PC

Claims (1)

In the credit card payment service using an online credit card payment terminal,
The authentication center HSM server generates and stores a public key (PK) and a private key (PrK) for device authentication, and transfers the generated public key (PK) to the manufacturer's terminal issuing system. Generate a number (SN) and inject (store) the generated terminal serial number (SN) and the received public key (PK) to the terminal to issue a terminal, and the terminal serial number (SN) DB server of the authentication center The process of registering for
When a user enters a user name, user's mobile number, or e-mail address online through the user's PC, and applies for a terminal issuing service to the credit card company's server, the credit card company requests the terminal from the manufacturer, and the manufacturer delivers the terminal to the credit card company. Passing the device serial number (SN) to the credit card company server;
When the credit card company server transmits the user name, user's mobile number or email address and terminal serial number entered by the user when applying for service to the authentication server, the authentication server sends the user name, user's mobile number or email address and terminal serial number to the DB server. Credit card company delivers the device to the user,
Terminal distribution step comprising;

When the user installs the terminal on the user's PC, the user PC and the terminal are connected and the terminal registration window is executed on the user PC.
The user registers the terminal password, user name, user's mobile number or email address through the terminal registration window, and the user PC transmits the terminal password, user name, user's mobile number or email address to the terminal. Storing your username, your mobile number or email address,
The terminal generates a hash code 1 by inputting the terminal serial number, user name, user's mobile number or email address, and transmits the terminal serial number, user name, user's mobile number or email address, hash code 1 to the authentication server,
The authentication server generates a hash code 1 'using the received terminal serial number, user name, user mobile phone number or e-mail address as an input value, and compares it with the received hash code 1 to match the terminal serial number, user name and user mobile phone. Verify the integrity of the number or email address, generate an authentication code (AC) corresponding to the terminal serial number (SN) and store it in the DB server, and transmit the authentication code (AC) to the mobile phone number or email address Process,
The user enters the authentication code (AC) received by the mobile phone or email to the terminal connected to the user PC, the terminal generates and stores a random number 1 (RND1), the terminal serial number (SN), the authentication code (AC), Encrypting an authentication code (AC) with a device authentication public key (PK) to generate message 1 (m1) and transmitting the terminal serial number (SN) and message 1 (m1) to an authentication server;
The authentication server transmits the received message 1 (m1) to the HSM server, and the HSM server decrypts the message 1 (m1) with the stored private key (PrK) and transmits it to the authentication server. Whether the terminal serial number (SN), the random number 1 (RND1), the extracted authentication code is extracted from the terminal serial number (SN) is registered in the DB server, and if the terminal serial number (SN) is registered, it corresponds to the registered terminal serial number. A process of verifying whether the authentication code (AC) is registered, the authentication code (AC) extracted from the message 1 and the authentication code (AC) registered in the DB server match if the authentication code (AC) is registered,
When the terminal serial number (SN) and the authentication code (AC) is verified, the authentication server generates a random number 2 (RND2), and the random number 2 (RND2), the random number 1 (RND1) extracted by decoding the message 1 (m1) Generates a session key (SK) from the terminal serial number (SN), generates a message 2 (m2) by encrypting the terminal serial number (SN) and a random number 1 (RND1) with the session key (SK), Transmitting the random number 2 (RND2) to a terminal connected to the user's PC through the Internet;
The terminal generates a session key (SK) from the received random number 2 (RND2), the random number 1 (RND1) and the terminal serial number (SN) stored in the terminal and the message 2 (m2) received as the session key (SK) Decode the random number 1 (RND1) and the terminal serial number (SN) to extract, and compares the random number 1 (RND1) extracted from the random number 1 (RND1) and the message 2 (m2) stored in the terminal to compare the value Comparing and comparing the terminal with the authentication server to form an encryption channel, encrypting the encryption channel formation complete message with the session key (SK), and transmitting it to the authentication server;
Upon receiving the encryption channel formation completion message, the authentication server registers the customer name and terminal serial number in the DB server, encrypts the terminal registration success message with the session key, and transmits the message to the terminal when the terminal decrypts the message and transmits the registration success message to the user PC. Process,
Terminal registration step comprising a;

When the user installs the terminal on the user's PC, the user PC and the terminal are connected and the credit card registration window is executed on the user's PC.
When the user inserts a credit card with an IC chip into the terminal, the terminal automatically recognizes the credit card and reads the credit card number and user name.
The terminal generates a hash code 2 using the credit card number and the user name as input values, and generates the message 3 (m3) by encrypting the hash code 2, the credit card number, and the user name with the session key (SK). Sending 3 (m3) to the authentication server,
The authentication server decrypts message 3 (m3) with a session key (SK) to extract hash code 2, a credit card number, and a user name, and generates a hash code 2 'with the extracted credit card number and user name as input values. Verifying the integrity of message 3 (m3) by comparing the extracted hash code 2 with hash code 2 ';
When the authentication server transmits the credit card number and the user name to the credit card company server, the credit card company server verifies that the credit card is a valid card and passes the result to the authentication server,
The authentication server registers the user name and hash code 2 in the DB server when the credit card receives the verification result as a valid card, and transmits the result that the credit card is normally registered to the user PC.
Credit card registration step comprising;
When a user connects to an online shopping mall server, selects a product, and makes a payment request, a process for selecting a payment method appears on the user's PC.
When the user selects the credit card payment service (hereinafter referred to as smart payment) using the online credit card payment terminal in the payment method selection window, the user PC requests the smart payment from the PG company server and the smart payment window is executed.
When the user connects the terminal to the user's PC and uses the terminal for the first time on the user's PC, a window for requesting the input of the terminal password appears on the smart payment window. If a match is made, the terminal is connected to the user's PC,
When a user inserts a credit card with an IC chip into the terminal, the terminal automatically recognizes the credit card, reads the credit card number and the user name, and generates a hash code 2 using the credit card number and the user name as input values. ,
When the credit card password input window appears in the smart payment window, the user enters the credit card password, the terminal verifies whether the credit card password entered by the user and the credit card password registered on the credit card match,
When the credit card password is verified, the terminal transmits the hash code 2 generated by inputting the credit card number and the user name to the authentication server, and the authentication server checks whether the received hash code 2 is registered in the DB server. Check the credit card registration and send the credit card registration confirmation message to the terminal if the values match.
When the terminal receives the credit card registration confirmation message, it generates a random number 3 (RND3), encrypts the random number 3 (RND3) and the terminal serial number (SN) with a public key (PK) to generate a message 3 (m3), Transmitting the message 3 (m3) and the terminal serial number (SN) to the authentication server,
The authentication server transmits the received message 3 (m3) to the HSM server, and the HSM server decrypts the message 3 (m3) with a private key (PrK) and delivers it to the authentication server,
The authentication server decrypts the message 3 (m3) and compares the extracted terminal serial number (SN) with the terminal serial number (SN) registered in the DB server and verifies whether it matches.
If the terminal serial number (SN) is verified, the authentication server generates a random number 4 (RND4) and generates a session key 2 (SK2) from the random number 3 (RND3), random number (RND4), the terminal serial number (SN) The terminal serial number (SN) and the random number 4 (RND4) are encrypted with the session key 2 (SK2) to generate a message 4 (m4), and the message 4 (m4) and the random number 4 (RND4) are transmitted to the terminal. Process,
The terminal generates session key 2 (SK2) using the received random number 4 (RND4), terminal serial number (SN), and random number 3 (RND3), and sends message 4 (m4) to the session key 2 (SK2). Forming a cryptographic channel 2 between the terminal and the authentication server if the random number 1 (RND1) extracted by decryption matches the random number 1 (RND1) generated by the terminal;
When the encryption channel 2 is formed, the terminal generates a transaction message and transmits the transaction message to the authentication server,
The authentication server transmits the received transaction text to the credit card company server, and the credit card company server performs the payment with reference to the transaction text and transmits the payment processing result to the online shopping mall server,
When the online shopping mall receives the payment processing result from the credit card company server and transmits the payment processing result to the user PC, a process of displaying the payment processing result in the smart payment window of the user PC,
Credit card payment step comprising;
Credit card payment service using an online credit card payment terminal, characterized in that it comprises a.
KR1020110026682A 2011-03-25 2011-03-25 Credit card payment service using online credit card payment device KR20120108599A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020110026682A KR20120108599A (en) 2011-03-25 2011-03-25 Credit card payment service using online credit card payment device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020110026682A KR20120108599A (en) 2011-03-25 2011-03-25 Credit card payment service using online credit card payment device

Publications (1)

Publication Number Publication Date
KR20120108599A true KR20120108599A (en) 2012-10-05

Family

ID=47280179

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020110026682A KR20120108599A (en) 2011-03-25 2011-03-25 Credit card payment service using online credit card payment device

Country Status (1)

Country Link
KR (1) KR20120108599A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014124108A1 (en) * 2013-02-06 2014-08-14 Apple Inc. Apparatus and methods for secure element transactions and management of assets
WO2014142617A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
KR20160032574A (en) 2014-09-16 2016-03-24 현대오토에버 주식회사 Method and system for providing service card transaction approval
KR20160048951A (en) * 2013-09-30 2016-05-04 애플 인크. Online payments using a secure element of an electronic device
KR101639794B1 (en) * 2015-07-14 2016-07-14 유한회사 실릭스 Authentication method and system for user confirmation and user authentication
KR101656458B1 (en) * 2016-03-07 2016-09-09 유한회사 실릭스 Authentication method and system for user confirmation and user authentication
KR20160121231A (en) * 2015-04-10 2016-10-19 (주)인스타페이 Method, system and recording medium for user authentication using double encryption
KR20160146562A (en) * 2015-06-12 2016-12-21 이엠. 마이크로일레크트로닉-마린 쏘시에떼 아노님 Method for programming banking data in an integrated circuit of a watch
US10223688B2 (en) 2012-09-24 2019-03-05 Samsung Electronics Co., Ltd. Competing mobile payment offers
WO2019083106A1 (en) * 2017-10-26 2019-05-02 ㈜네오프레임 Virtual currency wallet system
KR20200002015A (en) * 2018-06-28 2020-01-07 주식회사 페이게이트 System for controlling multi signature secure account
US10878414B2 (en) 2013-09-30 2020-12-29 Apple Inc. Multi-path communication of electronic device secure element data for online payments
US11748746B2 (en) 2013-09-30 2023-09-05 Apple Inc. Multi-path communication of electronic device secure element data for online payments

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10223688B2 (en) 2012-09-24 2019-03-05 Samsung Electronics Co., Ltd. Competing mobile payment offers
US11068883B2 (en) 2013-02-06 2021-07-20 Apple Inc. Apparatus and methods for secure element transactions and management of assets
US9619799B2 (en) 2013-02-06 2017-04-11 Apple Inc. Apparatus and methods for secure element transactions and management of assets
WO2014124108A1 (en) * 2013-02-06 2014-08-14 Apple Inc. Apparatus and methods for secure element transactions and management of assets
CN105190661A (en) * 2013-03-15 2015-12-23 三星电子株式会社 Secure mobile payment using media binding
WO2014142617A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
US10878414B2 (en) 2013-09-30 2020-12-29 Apple Inc. Multi-path communication of electronic device secure element data for online payments
KR20160048951A (en) * 2013-09-30 2016-05-04 애플 인크. Online payments using a secure element of an electronic device
US11488138B2 (en) 2013-09-30 2022-11-01 Apple Inc. Initiation of online payments using an electronic device identifier
US11941620B2 (en) 2013-09-30 2024-03-26 Apple Inc. Multi-path communication of electronic device secure element data for online payments
US11748746B2 (en) 2013-09-30 2023-09-05 Apple Inc. Multi-path communication of electronic device secure element data for online payments
KR20160032574A (en) 2014-09-16 2016-03-24 현대오토에버 주식회사 Method and system for providing service card transaction approval
KR20160121231A (en) * 2015-04-10 2016-10-19 (주)인스타페이 Method, system and recording medium for user authentication using double encryption
KR20160146562A (en) * 2015-06-12 2016-12-21 이엠. 마이크로일레크트로닉-마린 쏘시에떼 아노님 Method for programming banking data in an integrated circuit of a watch
KR101639794B1 (en) * 2015-07-14 2016-07-14 유한회사 실릭스 Authentication method and system for user confirmation and user authentication
KR101656458B1 (en) * 2016-03-07 2016-09-09 유한회사 실릭스 Authentication method and system for user confirmation and user authentication
WO2019083106A1 (en) * 2017-10-26 2019-05-02 ㈜네오프레임 Virtual currency wallet system
KR20210056968A (en) * 2018-06-28 2021-05-20 주식회사 페이게이트 System for controlling multi signature secure account
US11917075B2 (en) 2018-06-28 2024-02-27 Pay Gate Co., Ltd. Multi-signature security account control system
KR20200002015A (en) * 2018-06-28 2020-01-07 주식회사 페이게이트 System for controlling multi signature secure account

Similar Documents

Publication Publication Date Title
US9741033B2 (en) System and method for point of sale payment data credentials management using out-of-band authentication
KR20120108599A (en) Credit card payment service using online credit card payment device
CN106656488B (en) Key downloading method and device for POS terminal
RU2710897C2 (en) Methods for safe generation of cryptograms
CN101373528B (en) Electronic payment system, device and method based on position authentication
TWI497336B (en) Data security devices and computer program
US12008560B2 (en) On-boarding server for authorizing an entity to effect electronic payments
CN106716916B (en) Authentication system and method
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
CN103714639A (en) Method and system enabling safe operation of POS terminal to be achieved
KR101702748B1 (en) Method, system and recording medium for user authentication using double encryption
JP2017537421A (en) How to secure payment tokens
CN112889046A (en) System and method for password authentication of contactless cards
KR20120037314A (en) Online credit card issue system and method using user identity authentication device
CN106656955A (en) Communication method and system and user terminal
GB2499360A (en) Secure ID authentication over a cellular radio network
CN104835038A (en) Networking payment device and networking payment method
CN113595714A (en) Contactless card with multiple rotating security keys
KR20170042392A (en) Method for Providing Mobile Payment Service by Using Account Information
KR102122555B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
JP7275186B2 (en) Touchless PIN input method and touchless PIN input system
KR20200022194A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR101710950B1 (en) Method for distributing encrypt key, card reader and system for distributing encrypt key thereof
CN107636664B (en) Method, device and apparatus for provisioning access data to a mobile device
KR101691169B1 (en) Method for distributing encrypt key, card reader, authentification server and system for distributing encrypt key thereof

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination