KR20150054405A - Device-based secure payment method and system, and apparatus for payment thereof - Google Patents

Abstract

A device-based secure payment method and system, and apparatus for payment thereof are provided to let an authentication number be safely sent to only the terminal device where payment is requested, to increase the reliability of user authentication using an authentication number, and to prevent device-based payment for a malicious purpose, by sending a callback URL when an authentication number is requested for user authentication for payment, extracting the source address information of access request through the callback URL, checking if the terminal device that requested access to the callback URL and the terminal device where payment is requested are the same on the basis of the source address information extracted and the device identification information of the terminal device where payment is requested, and letting an authentication number be sent only when they are the same.

Description

[0001] The present invention relates to a terminal-based secure payment method and system, and a device-based secure payment method and system,

The present invention relates to a terminal-based secure payment method and system, and more particularly, to a terminal-based secure payment method and system. More particularly, the present invention relates to a terminal- Based secure payment method and system capable of securely transmitting an authentication number by confirming whether a terminal device requesting payment is matched with a terminal device requesting settlement, and a settlement apparatus therefor.

2. Description of the Related Art In recent years, mobile communication terminals such as mobile phones have become a necessity of modern people. In addition to the original function of voice communication, various functions are widely used as additional functions.

Among these additional functions, a mobile payment service for providing a financial service using a mobile communication terminal has been provided in various ways.

One method of the mobile payment service is to register card information for one or more credit cards as well as a variety of point cards in the mobile communication terminal and to transmit the card information stored in the mobile communication terminal through short distance wireless communication such as NFC Transfer, credit card, membership, coupon, point accumulation, and so on.

In addition, the mobile payment service is provided with a simple settlement service in which the payment amount is added to the mobile communication fee, rather than the credit payment, in a different manner, which is postpaid.

With the recent spread of smartphones, the number of paid applications and paid contents are increasing, and the usage rate of the simple settlement service which can easily settle without using a credit card when purchasing a specific product on the mobile or online is gradually increasing.

In the case of such a simple settlement service, the authentication number is used as a method for authenticating the user himself. Specifically, when a simple settlement is requested to a specific mobile communication terminal, a one-time authentication number valid for a predetermined time is transmitted to a mobile communication terminal to be paid through a message service such as SMS (short message service) It is determined that the user is the user himself / herself and the payment is performed.

[0003] However, a smart phone capable of installing and operating an application developed by a third-party application developer other than a mobile communication provider or a manufacturer has appeared, and a malicious application created for an illegal purpose is transmitted to a mobile communication terminal A security problem occurs in which a user hooks an authentication number transmitted to a mobile communication terminal for user authentication through the malicious application and uses the authentication number for payment, thereby inducing unintended payment.

Korean Patent Laid-Open No. 10-2008-0029119, April 03, 2008 (name: electronic payment approval method using a swap push message)

SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above-mentioned problems of the prior art, and it is an object of the present invention to provide a method and system for transmitting a callback URL when requesting an authentication number for secure settlement, extracting a source address of a connection request through the callback URL, Based secure payment method and system capable of securely transmitting an authentication number by checking whether a terminal device and a terminal device requesting settlement match with each other, and a settlement device therefor.

As a means for solving the above-mentioned problems, the present invention provides a settlement apparatus for terminal-based secure settlement including a service communication unit and a service control unit.

The service communication unit transmits and receives data to and from one or more terminal devices via a communication network. The service control unit interlocks with the service communication unit, transmits the authentication number to the terminal device requesting settlement, and performs settlement according to receiving the authentication number from the terminal device do.

In this case, the service control module may include a message sending module for transmitting a predetermined callback URL to the terminal device through the message service when the authentication number request is generated; When a connection request for a callback URL occurs, the terminal extracts the source address information included in the connection request, and based on the extracted source address information and the terminal identification information included in the payment information, And transmits the authentication number to the terminal device when the terminal device is the same; And a payment module for performing settlement in response to receiving the authentication number from the terminal device.

In addition, in the payment apparatus according to the present invention, the payment module may include a function for inputting and transmitting payment information including terminal identification information in response to a payment request from a merchant application of the terminal, and requesting the authentication number To the terminal device.

In the payment apparatus according to the present invention, the authentication module transmits the extracted source address information to the terminal management apparatus managing the terminal apparatus, acquires the terminal identification information corresponding to the extracted source address information, and corresponds to the extracted source address information And the terminal identification information included in the payment information match, it can be determined that the terminal device that requested the connection with respect to the callback URL is the same as the terminal device that requested the payment.

In the settlement apparatus according to the present invention, the message sending module may operate in conjunction with a message service apparatus that performs at least one message service among SMS (Short Message Service), LMS (Long Message Service), and MMS You can send a callback URL.

Here, the terminal identification information may be an MDN (Mobile Directory Number).

According to another aspect of the present invention, there is provided a terminal apparatus that transmits an authentication number to a terminal apparatus that has requested payment, performs settlement in response to receiving an authentication number from the terminal apparatus, And transmits the callback URL previously set to the terminal device through the message service. When a connection request for the callback URL is generated, the source address information included in the connection request is extracted, and the extracted source address information and the terminal information A settlement device for comparing the identification information and transmitting the authentication number to the terminal device if they match; And transmits the payment information including the terminal identification information, accesses the callback URL received after requesting the authentication number, and receives the authentication number from the payment apparatus, Based secure payment system including a terminal device for transmitting a secure payment.

According to another aspect of the present invention, there is provided a settlement apparatus comprising: a settlement apparatus receiving settlement information including terminal identification information of a terminal apparatus that has requested settlement; Transmitting a callback URL preset in the terminal device through the message service according to the authentication number request; Receiving a connection request for a callback URL from a terminal device; Extracting source address information included in the received connection request; Determining whether the terminal device requesting the connection and the terminal device requesting the settlement of the callback URL are identical based on the extracted source address information and the received terminal identification information; Transmitting the authentication number to the terminal apparatus if the terminal apparatus is the same terminal apparatus; And performing payment according to whether or not the received authentication number matches the transmitted authentication number when the authentication number is received from the terminal device.

The step of receiving the settlement information may include transmitting the settlement page to the terminal device in response to the settlement request from the merchant application of the terminal device, And receiving the payment information including the identification information.

Also, in the secure settlement method based on a terminal according to the present invention, the step of determining may comprise the step of transmitting the extracted source address information to the terminal management apparatus managing the terminal apparatus and acquiring the terminal identification information corresponding to the extracted source address information Comparing the terminal identification information corresponding to the extracted source address information with the terminal identification information included in the payment information; comparing the terminal identification information with the terminal identification information included in the payment information, And judging that the terminal equipments are the same.

In addition, in the secure payment method based on the terminal according to the present invention, the step of transmitting the callback URL may receive the authentication number request through the payment page.

In the terminal-based secure settlement method according to the present invention, the step of performing settlement may transmit the settlement result to the merchant application.

In addition, the present invention further provides a computer-readable recording medium on which a program for performing the above-mentioned secure settlement method based on a terminal is recorded.

According to the present invention, before transmitting an authentication number for user authentication in a simple settlement service through a terminal device such as a mobile communication terminal, a designated callback URL is transmitted, and when a connection through the callback URL is requested, The source address of the request is extracted and it is confirmed whether the terminal device requesting the authentication number matches with the terminal device requesting settlement through the extracted source address so that the authentication number can be securely transmitted and the reliability of the user authentication can be transmitted Can be improved.

In addition, according to the present invention, every time the user makes a payment, the terminal compares the terminal number of the terminal device that receives the authentication number with the terminal device that receives the authentication number using the callback URL, and transmits the authentication number, Thus, the authentication number is hooked so that the user can intentionally block the unintended settlement.

1 is a block diagram illustrating a configuration of a terminal-based secure settlement system according to the present invention.
FIG. 2 is a block diagram illustrating a configuration of a terminal device applied to a terminal-based secure settlement system according to the present invention.
3 is a block diagram illustrating a configuration of a settlement apparatus for secure settlement according to the present invention.
4 is a message flow diagram for explaining a terminal-based secure settlement method according to the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the detailed description of known functions and configurations incorporated herein will be omitted when it may unnecessarily obscure the subject matter of the present invention. This is to omit the unnecessary description so as to convey the key of the present invention more clearly without fading. While the invention is susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. However, it should be understood that the invention is not limited to the specific embodiments thereof, It is to be understood that the invention is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

In addition, when referring to an element as being "connected" or "connected" to another element, it means that it can be connected or connected logically or physically. In other words, it is to be understood that although an element may be directly connected or connected to another element, there may be other elements in between, or indirectly connected or connected.

Also, the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. It is also to be understood that the terms such as " comprising "or" having ", as used herein, are intended to specify the presence of stated features, integers, It should be understood that the foregoing does not preclude the presence or addition of other features, numbers, steps, operations, elements, parts, or combinations thereof.

Now, a terminal-based secure settlement method and system according to an embodiment of the present invention and a settlement apparatus therefor will be described in detail with reference to the drawings. Here, the same reference numerals are used for similar functions and functions throughout the drawings, and a duplicate description thereof will be omitted.

In addition, the terminal-based secure payment service to which the present invention is applied is not limited to a credit payment using a credit card issued to a user, but to a communication fee of a terminal device having a communication function possessed by the user such as a mobile phone, a smart phone, It means a payment service called a micropayment service, a simple payment service or the like as a payment service for billing by adding a payment fee.

According to the present invention, in such a terminal-based payment service, a predetermined callback URL (Uniform Resource Location) is transmitted to a message service before transmission of an authentication number, and when a connection request for the callback URL occurs, It is determined whether the terminal device requesting the authentication number based on the extracted source address is the same as the terminal device requesting settlement and the authentication number is provided only in the same case to improve the reliability of the user authentication using the authentication number That is.

First, the entire system configuration in which the terminal-based secure settlement service according to the present invention is performed will be described with reference to FIG.

1 is a block diagram illustrating a configuration of a terminal-based secure settlement system according to the present invention.

1, a terminal-based secure settlement system according to an embodiment of the present invention may include a terminal device 100 connected through a communication network 10 and a settlement device 200, (300). Although only one terminal device 100 is shown in FIG. 1 for convenience of explanation, the payment device 200 may perform terminal-based secure payment for one or more terminal devices.

First, the terminal apparatus 100 refers to a user apparatus capable of transmitting and receiving data through the communication network 10 according to a user's operation. Particularly, in the present invention, the terminal device 100 may include a user device which is subscribed to a predetermined wired / wireless communication service (for example, a mobile communication service) and transmits and receives data through a communication network . For example, a terminal device 100, a PC, a tablet PC, a smart phone, a mobile phone, a smart TV, and the like.

Here, the communication network 10 is a communication network that supports connection and data transmission / reception of the terminal device 100 subscribed to the wired / wireless communication service, and includes, for example, a WLAN (Wireless LAN), a Wi- (Fiber to the Curb), Fiber To The (FTTH), Fiber To The Cellular (FTTH), Fiber To The Cellular (FTTH), Fiber To The Cellular (FTTH), Wibro, WiMAX, HSDPA, Ethernet, xDSL Home), or the like, or a combination thereof.

In particular, in the present invention, the communication network 10 may include a communication system consisting of one or more communication facilities for supporting the connection and communication of one or more terminal devices 100 subscribed to a wired / wireless communication service.

In one embodiment of the present invention, the communication network 10 may preferably include a mobile communication system that provides a mobile communication service to a mobile communication terminal such as a mobile phone or a smart phone. The mobile communication system can perform charging for using the communication service while supporting connection and data transmission / reception of the terminal device 100 subscribed to the mobile communication service.

The terminal-based simple settlement service according to the present invention can process a request for a communication fee in the above-described mobile communication system by adding a simple settlement charge.

Accordingly, the terminal device 100 according to the present invention accesses the settlement apparatus 200 through the communication network 10 to transmit and receive data for secure settlement based on the terminal. Specifically, the terminal device 100 may access the settlement apparatus 200 to request a settlement page. The settlement apparatus 200 may transmit settlement information including terminal identification information to the settlement apparatus 200 through the settlement page provided from the settlement apparatus 200 ), And can request the settlement apparatus 200 for an authentication number for user authentication.

The terminal device 100 may receive an arbitrary callback URL from the payment device 200 in response to the authentication number request. At this time, the callback URL may be received through at least one message service among SMS (Short Message Service), LMS (Long Message Service), and MMS (Multimedia Message Service). When the user selects connection to the callback URL, the terminal 100 transmits a connection request (for example, an HTTP GET message) to the callback URL to the communication network 10 ).

The connection request to the callback URL is transmitted to the settlement apparatus 200 through the communication network 10. The settlement apparatus 200 then transmits an authentication number to the terminal apparatus 100 according to the authentication process based on the connection request to the callback URL, Lt; / RTI >

Accordingly, when the terminal device 100 receives the authentication number from the payment device 200 after requesting the connection to the callback URL, the terminal device 100 provides the received authentication number to the user, and transmits the received authentication number The user can request settlement while transmitting to the settlement apparatus 200 through the settlement page. Here, the authentication number can be received through one or more message services such as SMS, LMS, and MMS, as well as the callback URL described above.

After transmitting the authentication number, the terminal device 100 may receive the processing result of the payment request from the payment apparatus 200. [

In order to perform this function, the terminal device 100 may be configured as shown in FIG. Therefore, a more detailed description of the terminal device 100 supporting the terminal-based simple settlement service according to the present invention will be described with reference to FIG.

Meanwhile, the settlement apparatus 200 provides the terminal-based secure settlement service according to the present invention to the terminal apparatus 100. [

Specifically, the settlement apparatus 200 receives the settlement information including the terminal identification information of the terminal apparatus 100 requesting settlement, and transmits the settlement information to the terminal apparatus 100 through the message service, And transmits the preset callback URL.

Thereafter, the settlement apparatus 200 waits for the connection request for the callback URL to be received from the terminal device 200. When the connection request for the callback URL is received, the settlement apparatus 200 transmits the source address Based on the extracted source address information and the terminal identification information included in the payment information, determines whether the terminal device requesting the connection for the callback URL is identical to the terminal device requesting the payment.

The settlement apparatus 200 transmits the requested authentication number to the terminal device 100 when the terminal device requesting the connection and the terminal device requesting payment are identical to the callback URL, 100, it performs settlement according to whether or not the received authentication number matches the transmitted authentication number.

According to the above description, before transferring the authentication number for user authentication in the terminal-based settlement, the callback URL is transmitted and the address of the call requesting side for the callback URL, i.e., the source address information, It is possible to prevent the authentication number from being hacked for malicious purposes by determining whether the terminal device requesting the connection and the terminal device requesting the settlement for the callback URL are the same.

In the terminal-based payment system according to the present invention, the terminal management apparatus 300 manages information related to the terminal apparatus 100 used for settlement. Particularly, the terminal management apparatus 300 includes a communication network 10 to manage network address information, specifically IP (Internet Protocol) address information, of the terminal device 100 using data communication. Specifically, the terminal identification information of the terminal device 100 and the assigned IP address information can be matched and managed. Here, the terminal identification information may be an MDN (Mobile Directory Number) assigned to the mobile communication service, for example, as information for identifying the terminal device 100. [

The terminal management apparatus 300 may be a device included in a mobile communication system that provides a mobile communication service to the terminal apparatus 100.

In the present invention, the terminal management apparatus 300 can interoperate with the settlement apparatus 200 to confirm whether the source address information extracted through the callback URL matches the terminal identification information of the terminal apparatus that has requested settlement.

For example, when the source address information extracted from the callback URL access request is transmitted from the settlement apparatus 200, the terminal management apparatus 300 transmits the terminal identification information of the terminal device having the same IP address as the source address information To the settlement apparatus 200.

Accordingly, the settlement apparatus 200 confirms whether the terminal identification information acquired from the terminal management apparatus 300 matches the terminal identification information included in the payment information, and thereby, It can be determined whether the requested terminal device is the same.

In order to perform this function, the settlement apparatus 200 may be configured as shown in FIG. Accordingly, a more detailed description of the settlement apparatus 200 supporting the terminal-based simple settlement service according to the present invention will be described with reference to FIG.

Next, FIG. 2 is a block diagram illustrating a configuration of a terminal device 100 applied to a terminal-based secure settlement system according to the present invention.

The terminal device 100 may include a communication unit 110, an input unit 120, an output unit 130, a storage unit 140, and a control unit 150.

Here, the communication unit 110 is configured to transmit and receive data through the communication network 10. [ The communication unit 110 accesses the communication network 10 to perform a registration procedure. After the resources are allocated, the communication unit 110 performs data transmission / reception through the communication network 10 based on the allocated resources. At this time, the communication unit 110 receives a predetermined IP address when allocating resources, and then transmits / receives data through the communication network 10 based on the allocated IP address. At this time, the assignment of the IP address to the terminal device 100 may be performed through a communication system to which the terminal device 100 is subscribed. Management of the IP address allocated to each terminal device can be performed through the terminal management apparatus 300. [

In addition, when the communication unit 110 accesses the settlement apparatus 200 through the communication network 10 to request and receive a settlement page, the communication unit 110 also transmits settlement information including the terminal identification information of the terminal apparatus, And transmits the information and authentication number request to the settlement apparatus 200.

Also, the communication unit 110 may receive a message including a callback URL, an authentication number, a settlement processing result, and the like from the settlement apparatus 200.

The input unit 120 is configured to receive a user input signal for operating the terminal device 100 and may be configured as various types of input means capable of generating a predetermined user input signal in response to a user's operation. Specifically, the input unit 120 may include at least one of a key input unit such as a keyboard and a keypad, a touch input unit such as a touch sensor or a touch pad, a voice input unit, a gyro sensor, a geomagnetism sensor, And gesture input means including a gesture input means.

The output unit 130 is a means for outputting a user interface screen related to the operation of the terminal device 100. The output unit 130 may output a payment page, a message including a callback URL, a message including an authentication number, a settlement processing result, and the like during execution of the terminal-based simple settlement service. The output unit 130 may be implemented in the form of a touch panel (or a touch screen) together with the input unit 120. The output unit 130 may be a liquid crystal display (LCD), a thin film transistor (TFT) LCD, an organic light emitting diode (OLED), a light emitting diode (LED), an active matrix organic LED (AMOLED) A flexible display and a three-dimensional display. Some of these displays may also be configured to be transparent or light transmissive so that they can be seen through. This can be configured as a transparent display form including TOLED (Transparent OLED).

The storage unit 140 is a means for storing programs and data necessary for the operation of the terminal apparatus 100 and data generated during operation of the terminal apparatus 100. [

Specifically, the storage unit 140 may store OS programs of the terminal device 100 and applications programmed to perform various functions. In particular, the storage unit 140 stores an application (hereinafter referred to as an affiliate shop APP) 141 of a merchant using the terminal-based secure settlement service according to the present invention. The merchant's point of sale (APP) 141 is an application for supporting the sale of articles, electronic items, services and the like in cooperation with an electronic commerce service apparatus (not shown), for example, an application linked to an application store, . The merchant's point of sale (APP) 141 is programmed to connect to the settlement apparatus 200 according to the present invention and perform settlement according to the present invention.

The storage unit 140 may be a flash memory, a hard disk, a memory of a multimedia card micro type (e.g., SD or XD memory), a RAM, a ROM ROM), and the like.

Finally, the control unit 150 performs overall control of the terminal device 100 and includes at least one processor including a CPU (Central Processing Unit) / MPU (Micro Processing Unit) and at least one memory (For example, a register and / or a RAM (Random Access Memory) in which loading data is loaded) and a bus (BUS) for inputting / outputting at least one or more data to / from the processor and the memory. Also, a predetermined program routine (Routine) or program (program) loaded into the execution memory from a predetermined recording medium to perform a function (for example, a payment process) defined in the terminal device 100 by software, Data may be included. In other words, among the functional configurations provided in the terminal device 100 for processing the terminal-based secure payment service according to the embodiment of the present invention, the components that can be processed by software can be determined as the functions of the controller 12 .

The controller 150 is functionally connected to at least one component provided to support the terminal-based secure settlement service according to the embodiment of the present invention. That is, the control unit 150 is functionally connected to the communication unit 110, the input unit 120, the output unit 130, and the storage unit 140 and operates to supply power to the respective components, Thereby controlling the flow.

In particular, the control unit 150 may include a message processing module 151 and a browser module 152 for a terminal-based secure payment service according to an embodiment of the present invention. Here, the message processing module 151 supports message services such as SMS, MMS, and LMS, and stores and manages messages transmitted and received and messages transmitted and received.

In the present invention, the message processing module 151 receives and outputs a message including the callback URL transmitted from the settlement device 200, receives the authentication number transmitted from the payment device 200, do.

The browser module 152 is a means for outputting in cooperation with a web document (for example, an HTML document or a file) transmitted and received via the communication network 10. Specifically, the browser module 152 communicates with a predetermined server (specifically, a web server) connected to the communication network 10 via HTTP to fetch a web page, analyze the fetched web page, .

In particular, in the present invention, the browser module 152 fetches a payment page from the payment device 200, and outputs the payment information and the authentication information request including the terminal identification information input through the payment page, To the device (200).

The message processing module 151 and the browser module 152 may be implemented in software and may operate according to the loading and execution of the controller 150.

The terminal device 100 configured as described above fetches the payment page of the payment device 200 via the browser module 152 and outputs the payment page when the payment function is selected while the merchant AP 141 is loaded and executed. Then, the payment information including the terminal identification information is received through the payment page, the payment information is transmitted to the settlement apparatus 200, and the settlement apparatus 200 requests the authentication number.

After requesting the authentication number, the terminal device 100 according to the present invention receives a message including the callback URL transmitted from the settlement apparatus 200 through the message processing module 151 and outputs the message to the output unit 130 If the user selects a callback URL through the input unit 120, the connection request for the callback URL is transmitted. At this time, the connection request for the callback URL includes the IP address assigned to the terminal device 100 as the source address information.

The terminal device 100 may receive the authentication number transmitted from the payment device 200 through the message processing module 151 and provide the authentication number to the user after requesting the connection to the callback URL.

In addition, the terminal device 100 can transmit the authentication number received by the payment device 200 through the merchant's point device 141 according to the user's operation, and request the user authentication.

Then, the terminal device 100 can receive the settlement processing result according to the user authentication result and provide it to the user.

Next, FIG. 3 is a block diagram illustrating a configuration of a settlement apparatus 200 for terminal-based secure settlement according to the present invention.

3, the settlement apparatus 200 according to the present invention may include a service communication unit 210, a service control unit 220, and a service storage unit 230.

The service communication unit 210 is configured to transmit and receive data to and from one or more terminal devices 100 through the communication network 10. Specifically, the service communication unit 210 transmits a payment page in response to a request from the terminal device 100, receives payment information and an authentication number including terminal identification information from the terminal device 100, A message including a callback URL and a message including an authentication number can be transmitted to the terminal device 100. [

The service control unit 220 is functionally connected to the service communication unit 210 and controls the terminal-based secure payment processing for the terminal device 100. [ Specifically, the service control unit 200 can provide a payment page according to the terminal-based secure settlement processing, perform primary authentication using the callback URL, secondary authentication using the authentication number, and settlement processing.

In particular, the service control unit 220 may include a message sending module 221, an authentication module 222, and a payment module 223 in order to support the terminal-based secure settlement service according to the present invention.

When the authentication number request is generated through the payment page, the message sending module 221 transmits a message including an arbitrary callback URL to the terminal device 100 requesting payment through a message service such as SMS, LMS, or MMS . For this purpose, the message sending module 221 may be interworked with a message service device provided on the communication network 10 and processing a message service such as SMS, LMS, MMS, and the like. Here, the callback URL is an arbitrarily designated URL, and can be set to be distinguished by settlement request or terminal device. Accordingly, when a connection request for the callback URL is received at a later time, it is possible to identify a connection request corresponding to a settlement request of a terminal device.

The authentication module 222 is for performing user authentication in the terminal-based secure settlement service. When a connection request for a callback URL transmitted through the message sending module 221 occurs, Address information, that is, address information of a source from which the connection request is transmitted.

Then, based on the extracted source address information and the terminal identification information included in the payment information (i.e., the terminal identification information of the terminal device requested for payment), the authentication module 222 transmits a settlement request to the terminal device that requested the connection for the callback URL And determines whether the requested terminal device is the same. For this, the authentication module 222 transmits the extracted source address information to the terminal management apparatus 300 managing the terminal device 100, and the terminal identification information (for example, For example, MDB), and compares the acquired terminal identification information with the terminal identification information included in the payment information. If the result of the comparison is a match, it can be determined that the terminal device requesting the connection with respect to the callback URL is identical to the terminal device requesting the settlement. The authentication module 220 transmits an authentication number for user authentication to the terminal device 100 when the terminal device requesting the connection and the terminal device requesting settlement are identical to the callback URL.

Here, if the information of the terminal device 100 is hacked and payment is requested through the terminal device 100 elsewhere, the source address information of the place where the connection request to the callback URL is transmitted The IP address assigned to the requested terminal device 100 is different. Accordingly, if it is determined that the terminal device requesting the connection and the terminal device requesting settlement are not the same as the callback URL, the authentication module 222 does not transmit the authentication number but provides the authentication number or terminal-based settlement The terminal device 100 may transmit a message to the terminal device 100 to inform the terminal device 100 of the failure.

The authentication module 222 compares the transmitted authentication number with the authentication number received from the terminal device 100 requested to be charged and performs user authentication. If the two authentication numbers match, To request payment processing.

The payment module 223 then performs the terminal-based settlement requested by the terminal device 100 and transmits the processing result to the terminal device 100. [

Prior to this, the payment module 223 inputs payment information including terminal identification information according to a payment page request of the affiliate store APP 141 executed from the terminal device 100, specifically, the terminal device 100 And transmits a payment page including a function for requesting the authentication number to the terminal device 100. Using the payment page, terminal identification information of the terminal device 100 that has requested payment (for example, And MDB), and may transmit the authentication number request transmitted through the payment page to the message sending module 221 and the authentication module 222. [

The service storage unit 230 is used to store various information generated according to programs and operations performed by the service control unit 22, as described above. For example, the service storage unit 230 may store information on a callback URL sent for each settlement request or payment-requested terminal device 100, and may include a source of a connection request for callback ULR extracted from the authentication module 222 Address information can also be stored temporarily.

The terminal-based secure settlement method through the settlement apparatus 200 configured as described above will be described with reference to the message flow chart of FIG.

4 is a message flow diagram for explaining a terminal-based secure settlement method according to the present invention.

Referring to FIG. 4, the terminal device 100 may request a settlement page to the settlement apparatus 200 according to the settlement selection of the user during execution of the merchant's point of interest (APP) 141 (S105). The above step S105 may be performed by the user selecting the payment function (menu or button) provided on the execution screen of the merchant APP 131 through the input unit 120. If necessary, the browser module 152 ). ≪ / RTI >

The settlement apparatus 200 receiving the request provides a settlement page to the terminal device 100. The settlement page is received by the browser module 152 of the terminal device 100 and processed through parsing and rendering And output to the output unit 130 (S110).

Accordingly, the user can confirm payment related information through the output unit 130 and input payment information including payment information necessary for payment, i.e., payment information including terminal identification information.

Then, the terminal device 100 transmits an authentication number request including the inputted payment information to the payment apparatus 200 (S120). In step S120, the payment information including the terminal identification information is input through the payment page, and the user selects a button for requesting the authentication number.

In step S125, the payment device 200 receives the authentication number request and transmits a predetermined callback URL to the terminal device 100 requesting payment through a message service such as SMS, MMS, or LMS. To this end, the settlement apparatus 200 may operate in conjunction with another message service apparatus (not shown) performing a message service.

The callback URL is transmitted in a text message and may be received by the message processing module 151 of the terminal device 100 and output to the output unit 130.

Then, the user selects the callback URL received and output by the message processing module 151, so that the terminal device 100 transmits a connection request for the callback URL to the communication network 10, (S130).

In this manner, the payment device 200 receiving the connection request for the previously transmitted callback URL extracts the source address information included in the received connection request (S135). This is a process necessary for confirming the address information of the source from which the connection request for the callback URL is transmitted.

Based on the extracted source address information, the settlement apparatus 200 determines whether the terminal apparatus requesting connection with the callback URL is identical to the terminal apparatus requesting settlement. To this end, the settlement apparatus 200 transmits the extracted source address information to the terminal management apparatus 300, To request terminal authentication (S140). At this time, based on the terminal identification information included in the payment information received through the payment page in step S120, the payment apparatus 200 confirms the communication service to which the terminal requested to be charged is subscribed, And send the source address information to the terminal management apparatus 200 to request authentication.

Then, the terminal management apparatus 300 confirms the terminal identification information (MDN) of the terminal device to which the received source address information is allocated, and provides the terminal identification information (MDN) to the payment apparatus 200 (S145). Here, when a connection request for a callback URL occurs in a place other than the terminal device requesting settlement by hacking or the like, if the terminal identification information of the terminal device to which the source address information is allocated is not stored in the terminal management device 300 . In this case, the terminal management apparatus 300 can transmit a message to the payment apparatus 200 indicating that there is no terminal apparatus corresponding to the corresponding source address information.

The settlement apparatus 200 determines whether the terminal identification information received from the terminal management apparatus 300 matches the terminal identification information included in the payment information, that is, the terminal identification information of the terminal apparatus 100 requested to be paid And authentication is performed (S150).

If the authentication result is that the same terminal device, the payment device 200 transmits the authentication number necessary for user authentication to the terminal device 100 (S155). The authentication number can be transmitted through the message service as well as the callback URL, and thus can be received and output by the message processing module 151.

After confirming the authentication number received by the message processing module 151, the user can input the confirmed authentication number through the payment page, and then request payment.

Accordingly, the browser module 152 of the terminal device 100 transmits a payment request including the authentication number to the payment apparatus 200 (S160). At this time, in addition to the authentication number, information related to settlement, information on a settlement object, amount of money, and the like may be transmitted together.

Accordingly, the settlement apparatus 200 compares the received authentication number with the authentication number transmitted in step S155, and performs the settlement processing according to the comparison result.

That is, if the authentication numbers are the same, the terminal-based settlement is requested and then the settlement processing result is transmitted to the terminal device 100 (S165). Here, the payment processing result is transmitted to the merchant APP 141 for which payment for the first time is requested, and is processed through the merchant point APP 141.

On the other hand, if the authentication numbers are not the same, the settlement apparatus 200 can transmit a message to the terminal apparatus 100 to notify that settlement is impossible. The message is likewise transmitted to the merchant APP 141, and the merchant APP 141 can perform the following steps.

A processor mounted on the terminal device 100 or the payment device 200 according to the present invention operating as described above can process program instructions for executing the method according to the present invention. In one implementation, the processor may be a single-threaded processor, and in other embodiments, the processor may be a multithreaded processor. Further, the processor is capable of processing instructions stored on a memory or storage device.

In addition, the terminal device 100 or the payment device 200 according to the present invention can be driven by an instruction to cause one or more processors to perform the functions and processes described above. Such instructions may include, for example, interpreted instructions such as script commands, such as JavaScript or ECMAScript commands, or other instructions stored in executable code or computer readable media. Further, the apparatus according to the present invention may be implemented in a distributed manner across a network, such as a server farm, or may be implemented in a single computer device.

Although the present specification and drawings describe exemplary device configurations, the functional operations and subject matter implementations described herein may be embodied in other types of digital electronic circuitry, or alternatively, of the structures disclosed herein and their structural equivalents May be embodied in computer software, firmware, or hardware, including, or in combination with, one or more of the foregoing. Implementations of the subject matter described herein may be embodied in one or more computer program products, i. E. One for computer program instructions encoded on a program storage medium of the type for < RTI ID = 0.0 & And can be implemented as a module as described above. The computer-readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter that affects the machine readable propagation type signal, or a combination of one or more of the foregoing.

Further, a computer program (also known as a program, software, software application, script or code) that is embedded in the apparatus according to the present invention and which implements the method according to the present invention includes a compiled or interpreted language, a priori or procedural language , And may be deployed in any form including standalone programs or modules, components, subroutines, or other units suitable for use in a computer environment. A computer program does not necessarily correspond to a file in the file system. The program may be stored in a single file provided to the requested program, or in multiple interactive files (e.g., a file storing one or more modules, subprograms, or portions of code) (E.g., one or more scripts stored in a markup language document). A computer program may be deployed to run on multiple computers or on one computer, located on a single site or distributed across multiple sites and interconnected by a communications network.

Computer-readable media suitable for storing computer program instructions and data include semiconductor memory devices such as, for example, EPROM, EEPROM, and flash memory devices, such as magnetic disks such as internal hard disks or external disks, And DVD-ROM disks, including non-volatile memory, media and memory devices. The processor and memory may be supplemented by, or incorporated in, special purpose logic circuits.

Implementations of the subject matter described herein may include, for example, a back-end component such as a data server, or may include a middleware component, such as an application server, or may be a web browser or a graphical user, for example a user, who may interact with an implementation of the subject- Front-end components such as client computers with interfaces, or any combination of one or more of such back-end, middleware, or front-end components. The components of the system may be interconnected by any form or medium of digital data communication, such as, for example, a communications network.

While the specification contains a number of specific implementation details, it should be understood that they are not to be construed as limitations on the scope of any invention or claim, but rather on the description of features that may be specific to a particular embodiment of a particular invention Should be understood. Certain features described herein in the context of separate embodiments may be implemented in combination in a single embodiment. Conversely, various features described in the context of a single embodiment may also be implemented in multiple embodiments, either individually or in any suitable subcombination. Further, although the features may operate in a particular combination and may be initially described as so claimed, one or more features from the claimed combination may in some cases be excluded from the combination, Or a variant of a subcombination.

Likewise, although the operations are depicted in the drawings in a particular order, it should be understood that such operations must be performed in that particular order or sequential order shown to achieve the desired result, or that all illustrated operations should be performed. In certain cases, multitasking and parallel processing may be advantageous. Also, the separation of the various system components of the above-described embodiments should not be understood as requiring such separation in all embodiments, and the described program components and systems will generally be integrated together into a single software product or packaged into multiple software products It should be understood.

It should be noted that the embodiments of the present invention disclosed in the present specification and drawings are only illustrative of specific examples for the purpose of understanding and are not intended to limit the scope of the present invention. It will be apparent to those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.

According to the present invention, before transmitting an authentication number for user authentication in a simple settlement service through a terminal device such as a mobile communication terminal, a designated callback URL is transmitted, and when a connection through the callback URL is requested, The source address of the request is extracted and it is confirmed whether the terminal device requesting the authentication number matches with the terminal device requesting settlement through the extracted source address so that the authentication number can be securely transmitted and the reliability of the user authentication can be transmitted Can be improved.

In addition, according to the present invention, every time the user makes a payment, the terminal compares the terminal number of the terminal device that receives the authentication number with the terminal device that receives the authentication number using the callback URL, and transmits the authentication number, Thus, the authentication number is hooked so that the user can intentionally block the unintended settlement.

10: communication network 100: terminal device
110: communication unit 120: input unit
130: output unit 140: storage unit
150: control unit 200: payment device
210: service communication unit 220:
221: message sending module 222: authentication module
223: Payment module 230: Service storage

Claims (12)

A service communication unit for transmitting and receiving data to and from one or more terminal devices through a communication network; And
And a service control unit operable to transmit an authentication number to a terminal apparatus that has requested settlement in cooperation with the service communication unit and to perform settlement in response to receiving an authentication number from the terminal apparatus,
The service control unit
A message sending module for transmitting a predetermined callback URL to the terminal device through a message service when the authentication number request is generated;
Extracts the source address information included in the connection request when the connection request for the callback URL is generated, and accesses the callback URL based on the extracted source address information and the terminal identification information included in the payment information An authentication module for determining whether the requested terminal device and the terminal device requesting settlement are the same and transmitting the authentication number to the terminal device if they are identical;
And a settlement module for performing settlement in response to receipt of an authentication number from the terminal device. The system of claim 1, wherein the payment module
Characterized in that a settlement page including a function for inputting and transmitting payment information including the terminal identification information and requesting the authentication number is transmitted to the terminal device in response to a payment request from the merchant application of the terminal device Based payment system for secure settlement. 2. The system of claim 1, wherein the authentication module
The extracted source address information is transmitted to the terminal management apparatus managing the terminal apparatus to acquire the terminal identification information corresponding to the extracted source address information and included in the terminal identification information corresponding to the extracted source address information and in the payment information The terminal device requesting the connection is determined to be the same as the terminal device requesting the connection with respect to the callback URL. The method of claim 1, wherein the message sending module
Wherein the mobile terminal transmits the callback URL in cooperation with a message service device that performs at least one message service of SMS (Short Message Service), LMS (Long Message Service), and MMS (Multimedia Message Service) For payment. The method according to claim 1,
Wherein the terminal identification information is an MDN (Mobile Directory Number). The terminal transmits the authentication number to the terminal device that requested the settlement, and performs settlement according to the receipt of the authentication number from the terminal device. When an authentication number request is issued from the terminal device, Extracts source address information included in the connection request when the connection request for the callback URL is generated, compares the extracted source address information with the terminal identification information included in the payment information, A settlement device for transmitting an authentication number to the terminal device; And
When the authentication number is received from the payment device by requesting access to the callback URL received after requesting the authentication number, accessing the payment device according to the payment request of the user, transmitting the payment information including the terminal identification information, And transmits the authentication number to the settlement apparatus. The settlement device,
Receiving payment information including terminal identification information of a terminal device that requested payment;
Transmitting a callback URL set in advance to the terminal device through a message service according to an authentication number request;
Receiving a connection request for the callback URL from the terminal device;
Extracting source address information included in the received connection request;
Determining whether a terminal device requesting connection with the callback URL and a terminal device requesting payment are identical based on the extracted source address information and the received terminal identification information;
Transmitting the authentication number to the terminal apparatus if the terminal apparatus is the same terminal apparatus;
And if the authentication number is received from the terminal device, performing payment according to whether or not the received authentication number matches the transmitted authentication number. 8. The method of claim 7, wherein receiving the payment information comprises:
Transmitting a payment page to the terminal device in response to a payment request from the merchant application of the terminal device;
And receiving payment information including the terminal identification information through the payment page. 8. The method of claim 7, wherein the determining comprises:
Transmitting the extracted source address information to a terminal management apparatus managing the terminal apparatus to obtain terminal identification information corresponding to the extracted source address information,
Comparing the terminal identification information corresponding to the extracted source address information and the terminal identification information included in the payment information,
And determining that the terminal device requesting the connection and the terminal device requesting settlement are identical to the callback URL if the terminal identification information is identical. 9. The method of claim 8, wherein transmitting the callback URL comprises:
And receiving the authentication number request through the payment page. 9. The method of claim 8, wherein performing the payment comprises:
And transmits the settlement result to the merchant application. A computer-readable recording medium recording a program for performing the secure settlement method based on a terminal according to any one of claims 7 to 11.

Images