KR20150144363A - Method for Processing Payment by using Authentication Coupled End-To-End Medium Ownership Authentication and One Time Code Authentication - Google Patents

Abstract

The present invention relates to a payment processing method with a combination of end-to-end medium possession based authentication and one-time code authentication. The payment processing method with combination of end-to-end medium possession based authentication and one-time code authentication according to the present invention is a payment processing method performed by a server communicating with a terminal of a user interfaced with a chip of a non-contact medium possessed by the user. The method comprises: a first step of receiving, at the time of confirming a payment request using a terminal of a user, encryption data (c) generated by encrypting data (c) configured in a chip of a non-contact medium interfaced with the terminal of the user used in the payment in the chip of the non-contact medium, from the terminal interfaced with the chip of the non-contact medium; a second step of confirming a dynamic code dynamically generated to be provided to the chip of the non-contact medium on the basis of a validity confirmation result of the data (c) obtained by decoding the encryption data (c); a third step of providing encryption data (s) obtained by encrypting data (s) including the dynamic code to the chip of the non-contact medium through the terminal interfaced with the chip of the non-contact medium; a fourth step of receiving a one-time authentication code corresponding to a dynamic code confirmed by decoding the encryption data (s) in the chip of the non-contact medium from the terminal interfaced with the chip of the non-contact medium; and a fifth step of performing, when validity of the authentication code is authenticated, a requested payment procedure by using a payment means of a user registered in advance.

Description

[0001] The present invention relates to a payment processing method and a payment processing method, and more particularly,

The present invention relates to a noncontact medium in which a chip of a contactless medium interfaced with a terminal used by a user and a communication channel formed between the server side and an end- The payment means of the user is automatically identified on the basis of the authentication result obtained by double-coupling the authentication and the disposable authentication code authentication, and the settlement procedure using the terminal of the user is performed.

As non-face-to-face payment methods that settle payment by using information communication network have become common due to the continuous development of information and communication technology, the frequency of non-face-to-face payment using wireless communication network is increasing rapidly as smartphones are activated recently.

As the frequency of non-face-to-face payments increases, hacking and financial accidents are also increasing. Recently, the industry is constantly trying to prevent hacking or financial accidents by adding new authentication methods to non-facing settlements to prevent such hacking or financial accidents, or by complicating existing authentication methods.

However, merely adding new authentication means or complicating the existing authentication means can not prevent hacking or financial accidents, and causes a problem of increasing the inconvenience of use. This is because the point of time when the authentication procedure using the authentication means is performed in the conventional non-face settlement is immediately before the payment and the final approval, and in reality, a hacking or financial accident occurs during the information exchange during the settlement process. In addition, most of the authentication at the initial stage of settlement focuses on user authentication, and the authentication just before the final approval focuses on integrity verification and non-repudiation prevention of the settlement itself. Thus, hacking or financial accidents It does not play a special role.

In order to prevent a hacking or financial accident occurring during the information exchange in the middle of the non-face settlement, it is necessary to omit the exchange of important information (for example, card number, etc.) It is necessary to make it impossible to exploit the information exchange even if the information exchange is exposed. However, merely adding a new identification means increases the inconvenience of use, and most of the conventionally proposed identification means , A telephone number for identifying the card number, etc.) are formed only in the form of a fixed value for identifying the individual, which is not the main information of the settlement, so that hacking or financial accidents still occur with the exposure of the identification means, If the input is in the form of a fixed value, anyone can reuse it and exploit it It is possible.

In order to solve the above problems, an object of the present invention is to provide a method and system for authenticating a settlement using a disposable authentication code when a user makes a payment using a terminal, Contact medium that is interfaced with the terminal of the user is added as an authentication factor of authentication / identification, and the non-contact medium interfaced to the terminal of the user as the necessary precedence authentication condition for performing the disposable authentication code authentication procedure End-to-end media ownership authentication procedure is performed on the server, and the disposable authentication code authentication is performed based on the result. Thus, in the payment request process using the user terminal, And to provide a payment processing method.

A settlement processing method in which the end-to-end medium-ownership authentication and the disposable authentication code authentication are combined with each other according to the present invention is a settlement processing method executed by a server that communicates with a terminal of a user interfaced with a chip of a non- (C) generated in the chip of the noncontact medium by encrypting the data (c) constituted within the chip of the noncontact medium interfaced with the terminal of the user used for the payment when the payment request using the terminal of the user is confirmed, From a terminal interfaced with a chip of the noncontact medium; and a second step of receiving the dynamic generated dynamic (c) data to provide to the chip of the noncontact medium based on the result of the validity check of the data (c) A second step of confirming the code, and a second step of identifying the noncontact medium through a terminal interfaced with the chip of the non- A step of providing encrypted data (s) obtained by encrypting data (s) including the dynamic code with a chip of the noncontact medium; (s), and receiving a disposable authentication code corresponding to the identified dynamic code; and a fourth step of, when the validity of the authentication code is authenticated, To be performed.

According to the present invention, the payment processing method may further include a step of registering the payment means of the user and registering the payment means in a designated storage medium.

According to the present invention, the payment processing method may further include registering and storing a unique code recorded on a chip of the noncontact medium of the user.

According to the present invention, the payment processing method may further include registering and storing the key value (s) corresponding to the key value (c) recorded on the chip of the noncontact medium of the user.

According to the present invention, the payment processing method may further include a step of mapping registration of the user's payment means and the noncontact medium of the user.

According to the present invention, the payment processing method may further include a step of mapping registration of the user's payment means and the terminal of the user.

According to the present invention, the payment processing method may further include a step of mapping registration of the payment means of the user and a program provided in the terminal of the user.

According to the present invention, the payment processing method may further include a step of requesting the terminal of the user to interface the noncontact medium.

According to the present invention, the data (c) may include a unique code recorded on a chip of the noncontact medium.

According to the present invention, the data (c) may include an input value input to the chip of the noncontact medium through the terminal of the user. The input value may include at least one of a time value obtained through a timer of the terminal, an eigenvalue uniquely assigned / assigned to the terminal, a received value received from the outside of the terminal, and a generated value generated in the terminal Or two or more.

According to the present invention, the data (c) may include a random number c generated in the chip of the noncontact medium.

According to the present invention, the encrypted data (c) includes an authentication module having a key value (s) corresponding to the key value (c) using the key value (c) recorded on the chip of the noncontact medium as an encryption key It can be decrypted only in the chip of the noncontact medium.

According to the present invention, the settlement processing method comprises the steps of: decrypting the received encrypted data (c) through a key value (s) corresponding to a key value (c) recorded on a chip of the noncontact medium, (C) a step (1-1) of confirming the data (c) composed of the decrypted data (c), and a step (1-2) of authenticating the validity of the decrypted data (c). Meanwhile, the step 1-2 may include a step of comparing and authenticating a unique code registered in the registration process of the contactless medium with a unique code included in the data (c).

According to the present invention, the dynamic code can be dynamically generated in the form of a random value of a designated size through a specified random number algorithm.

According to the present invention, the dynamic code can be dynamically generated by applying one or more seeds to a specified code generation algorithm. Meanwhile, the seed may include at least one value included in the data (c).

According to the present invention, the payment processing method may further include generating a session key using a random number c included in the data c, Can be decrypted only through the chip of the noncontact medium. The payment processing method further includes generating a MAC (Message Authentication Code) for verifying the validity of the dynamic code using the random number c included in the data c and the session key, The data (s) may include the dynamic code and the MAC.

According to the present invention, the encrypted data (s) can be decrypted through a session key generated using a random number value (c) included in the data (c) in the chip of the noncontact media.

According to the present invention, the disposable authentication code may include a dynamic code included in the data (s).

According to the present invention, the disposable authentication code may include some of the dynamic codes included in the data (s).

According to the present invention, the disposable authentication code may include a code generated using the dynamic code included in the data (s).

According to the present invention, the disposable authentication code can be a combination of the dynamic code (or a part of the dynamic code) included in the data (s) and the code generated on the chip of the noncontact medium.

According to the present invention, the disposable authentication code may be in the form of at least one of a disposable number of a designated digit, a disposable string of a specified size, a disposable card number of a card number system, and a disposable account number of an account number system.

According to another aspect of the present invention, there is provided a method of authenticating a payment using a disposable authentication code when a user makes a payment using a terminal and identifying a payment means of the user, Contact medium of the user is added as an authentication factor of the authentication / identification, and the non-contact medium interfaced with the terminal of the user and the end-to-end medium ownership authentication procedure on the server as the necessary precedence authentication condition for performing the one- And the authentication of the disposable authentication code is performed based on the result of the authentication, so that the user can easily tag the noncontact media owned by the user in his / Elimination of authentication procedures and hacking / financial By blocking the source has the advantage of providing a safe and convenient face-to-face non-payment.

1 is a diagram showing a configuration of a settlement processing system for processing a settlement using authentication in which an end-to-end medium-ownership authentication using a non-contact medium and an authentication using a disposable authentication code are combined according to an embodiment of the present invention.
FIG. 2 is a diagram showing a configuration of a system for processing settlement using an authentication that combines an end-to-end medium-ownership authentication using a non-contact medium and a disposable authentication code authentication according to an embodiment of the present invention.
3 is a diagram illustrating an operation of a payment processing module and a payment request process according to an embodiment of the present invention.
FIG. 4 illustrates an end-to-end media owning authentication process between a chip and a server side of a noncontact medium according to an embodiment of the present invention.
FIG. 5 is a diagram illustrating a process for providing an end-to-end medium-ownership authentication and a disposable authentication code between a chip and a server side of a noncontact medium according to an embodiment of the present invention.
FIG. 6 illustrates a process of providing a disposable authentication code authentication and settlement procedure according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention.

In other words, the following embodiments correspond to the preferred embodiment of the preferred embodiment of the present invention. In the following embodiments, a specific configuration (or step) is omitted, or a specific configuration (or step) (Or steps), or an embodiment that incorporates functions implemented in more than one configuration (or step) into any one configuration (or step), a particular configuration (or step) It will be apparent that the present invention is not limited to the embodiments described below. In the following embodiments, a specific configuration unit implemented on the server side is implemented on the terminal side and reference is made on the server side, or conversely, in the following embodiments, a specific configuration unit implemented on the terminal side is implemented on the server side, And all of the embodiments utilizing the same are also included in the scope of the present invention. Therefore, it should be clearly stated that various embodiments corresponding to subsets or combinations based on the following embodiments can be subdivided based on the filing date of the present invention.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram showing a configuration of a settlement processing system for processing a settlement using authentication in which an end-to-end medium ownership authentication using a noncontact medium 100 and a disposable authentication code authentication according to an embodiment of the present invention are used.

1 is a view illustrating a state in which a chip 220 of a noncontact medium 100 interfaced with a terminal 105 used by the user and a server side 110 are formed End medium ownership authentication between the chip 220 of the noncontact medium 100 and the server side 110 and the disposable authentication code authentication using the dynamic code generated by the server side 110 via the communication channel 1 is a block diagram illustrating a payment processing system according to an embodiment of the present invention. Referring to FIG. 1 and FIG. 2, Or variations may be used to suggest various implementations of the payment processing system (e.g., some of the components may be omitted, broken down, or combined) It is made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 1.

The settlement processing system of the present invention is capable of interfacing with the noncontact medium 100 held by the user and performing the server side procedure of the authentication combining the end-to-end medium ownership authentication using the noncontact medium 100 and the one- A terminal 105 of the user communicating with the server side 110 and a chip 110 interfacing with the user terminal 105 to perform a one-side procedure of terminal media ownership authentication and disposable authentication code authentication with the server side 110 Contact medium 100 having the terminal medium 100 and the terminal 105 of the user and performing a payment procedure requested using the terminal 105 of the user and interworking with the chip 220 of the noncontact medium 100, And a server side 110 that includes one or more servers that perform other one-side procedures of code authentication. In the present invention, the payment requested by the user's terminal 105 is not limited to the payment requested from the user's terminal 105. If the user's terminal 105 is used for the payment procedure, (105). ≪ / RTI >

The user terminal 105 is a general term of a terminal connected to the designated one or more communication networks and capable of interfacing with the noncontact medium 100 using a contactless interface, and preferably includes a mobile phone, a smart phone, a tablet PC, And a wireless terminal. However, the user terminal 105 is not limited to the wireless terminal connected to the wireless network. If the terminal 105 is interfaced with the noncontact media 100 and is connected to the communication network, any terminal (for example, a wired terminal, Or an apparatus (e.g., an OTP generator, a wristwatch, or the like may be included), and the terminal 105 is not limited by a specific terminal / device type or network connection structure.

According to an embodiment of the present invention, the terminal 105 is provided with at least one interface module for interfacing with the noncontact medium 100, and an application program (not shown) linked with the noncontact medium 100 through the interface module Respectively. The program may be provided by the manufacturer of the terminal 105 or may be provided by the service provider according to the present invention. The program may include an interworking module 250 programmed to interwork with the terminal 105 through the interface module or an interworking module 250 provided in the form of a separate application or program module within the terminal 105 ). Hereinafter, an NFC module for interfacing with a non-contact medium 100 having an NFC function is provided in the terminal 105 for convenience, and a program having a programmed interlocking module 250 is provided. The features of the present invention are not limited to the following embodiments.

The noncontact medium 100 is a general term of a medium that interfaces with a user's terminal 105 through a contactless interface and includes a chip 220 capable of implementing a noncontact communication function and an arm / An antenna for noncontact communication is mounted (or connected to an antenna outside the noncontact medium 100). The noncontact medium 100 may include an NFC medium having an NFC (near field communication) function and an arm / decryption function. In this case, the noncontact interface may include an NFC interface. For example, the noncontact medium 100 may include a financial IC card, an NFC card, an RF card, etc., having the chip 220 and an antenna. However, the present invention is not limited to the case where the noncontact medium 100 and the noncontact interface are the NFC, and the outer shape of the noncontact medium 100 is not limited to a card. A medium in which the chip 220 is mounted and connected to (or mounted with) an antenna and which is capable of wirelessly communicating with the terminal 105 at a close distance via the antenna, ) Are also included in the scope of the present invention. Hereinafter, the characteristics of the present invention will be described based on an embodiment in which the noncontact medium 100 is an NFC medium and the noncontact interface is an NFC interface, but the features of the present invention are not limited to the following embodiments.

According to an embodiment of the present invention, the chip 220 of the noncontact medium 100 includes a chip module 230 that is programmed and / or logicized to use the NFC function and the arm / decode function. The chip module 230 may be mounted on the chip 220 of the noncontact medium 100 at the time when the chip 220 of the noncontact medium 100 is manufactured or may be mounted on the chip 220 of the non- Contact medium 100 is mounted on the chip 220 of the noncontact medium 100 or at the time of secondary issuance of recording information for personalizing the chip 220 of the noncontact medium 100, Or may be mounted on the noncontact medium 100 through a post-issuance procedure for the noncontact medium 100. The chip 220 of the noncontact medium 100 may be inserted into the noncontact medium 100 during the process of mounting the chip module 230 on the chip 220 of the noncontact medium 100 or at the time of issuing or after the second issuance of the chip module 230, One or more stored values to be used for the encryption / decryption function may be stored. The storage value may be a unique code (e.g., a card serial number or a chip serial number (CSN)) that uniquely identifies the chip 220 of the noncontact medium 100 at the personalization agent of the noncontact medium 100, May include a unique code that uniquely identifies the chip 220 of the noncontact media 100 in the end-to-end media owning authentication according to the present invention. The stored value may further include at least one key value c to be used for encryption / decryption (e.g., a master key of the chip 220 or an encryption / decryption key recorded for encryption / decryption). However, the stored value is not limited to the unique code or key value c, and various information (or values) may be stored according to the intention of the person skilled in the art (or the use of the noncontact medium 100).

The server side 110 is a collective term of a server combination for performing a payment procedure requested using the terminal 105 of the user and includes a merchant server 105 for performing a merchandise purchase and payment request procedure using the user terminal 105, (For example, a credit card company server, a bank server, and the like) that performs a payment approval process requested from the merchant server 115 (for example, a shopping mall server) and the merchant server 115, At least one settlement relay server 120 (e.g., a PG server, a VAN server, etc.) may be included between the server 115 and the financial company server 130. [

According to the present invention, the server side 110 interlocks with the chip 220 of the noncontact medium 100 via a designated path via the terminal 105, so that the server side 110 of the terminal medium ownership authentication and the disposable authentication code authentication And an authentication module 270 for performing a procedure.

According to the embodiment of the present invention, the authentication module 270 can be implemented in the merchant server 115 (not shown), in the payment relay server 120, or in the financial company server 130 And may be implemented on a separate operating server 125 linked to the payment relay server 120 or the financial company server 130 according to an implementation method. That is, the server on which the authentication module 270 of the present invention is implemented is not limited to any particular server, and may be implemented in various servers (or distributed to two or more servers depending on the partnership relationship of the participants) ), And the present invention clearly encompasses all such cases in the scope of the right.

The user receives a noncontact medium 100 from a personal data center (for example, a financial institution or a service provider) of the noncontact medium 100 and transmits the data to the chip 220 of the noncontact medium 100 in the process of issuing the non- And the authentication module 270 of the server side 110 records authentication information and / or a key value (s) including the stored value.

Also, payment means (e.g., a credit card, a check card, a debit card, a financial account, a cash card, an electronic passbook, a prepaid card, etc.) is issued from the issuing institution of the user's payment means (e.g. According to an embodiment of the present invention, the user can register the payment means of the user on the storage medium 135 of the server side 110 using the terminal 105. [ The storage medium 135 in which the payment means is registered preferably includes a storage medium 135 of the financial company server 130. However, the storage medium 135 is not limited thereto, The storage medium 135 may be used. In this case, the storage medium 135 may store a payment means identification value for uniquely identifying the payment means information of the user and / or the payment means of the user, and the payment means may include, And can be registered with the identification value. For example, if the storage medium 135 in which the payment means is registered is a storage medium 135 of a financial institution, the payment means information can be stored. If the storage medium 135 in which the payment means is registered is a financial institution, If it is not the storage medium 135, a payment means identification value for uniquely identifying the payment means issued by the financial institution may be stored in the storage medium 135 in order to prevent exposure of the payment means information.

According to an embodiment of the present invention, the payment means of the user may be registered with the noncontact medium 100 issued to the user, or may be registered with at least the user's noncontact medium 100, It is preferable that the authentication module 270 is mapped and registered.

According to the first payment means mapping relationship of the present invention, the payment means of the user can be mapped and registered with the non-contact medium 100 of the user. If the storage medium 135 in which the authentication information and / or the key value s of the noncontact medium 100 is registered is the same as the storage medium 135 in which the payment means is registered, May be mapped with authentication information and / or key value (s) of the medium (100). If the storage medium 135 in which the noncontact medium 100 is registered is different from the storage medium 135 in which the payment means is registered, the noncontact medium 100 and the settlement means may have a unique mapping identifier (e.g., A user identification value or an identification value generated for non-contact medium 100 and a payment means mapping, etc.).

According to the second payment means mapping relationship of the present invention, the payment means of the user is mapped to and registered with the terminal 105 that interfaces with the non-contact medium 100 of the user terminal, and / (Or linked) with the interworking module 250 provided in the terminal 105 in order to be able to be registered. For example, a communication company to which the terminal 105 is subscribed or a provider that provides the program to the terminal 105 may collect the terminal identification value of the terminal 105 through the user's agreement, and / or An app identification value may be assigned to a program included in the terminal 105 or an app identification value assigned to the program may be collected. In this case, the payment means of the user can be registered by being mapped with the terminal identification value and / or the app identification value of the terminal 105. Preferably, the terminal identification value and / or the app identification value of the terminal 105 may be mapped and registered with the user identification value. If the storage medium 135 in which the terminal identification value and / or the app identification value of the terminal 105 is registered and the storage medium 135 in which the payment means is registered are the same, ) And / or an app identification value of the terminal. On the other hand, when the storage medium 135 in which the terminal identification value and / or the app identification value of the terminal 105 is registered differs from the storage medium 135 in which the payment means is registered, the terminal identification value of the terminal 105, / Or the app identification value and the payment means are mapped using a uniquely set mapping identification value (e.g., a user identification value or a unique generated identification value) or stored in a storage medium 135 where the storage medium 135 is registered Or by registering the terminal identification value and / or the app identification value of the terminal 105.

According to the third payment means mapping relationship of the present invention, the payment means of the user is an authentication that performs a server-side procedure of terminal medium ownership authentication and disposable authentication code authentication in cooperation with the chip 220 of the noncontact medium 100 of the user May be mapped and registered with the module 270. For example, the payment means of the user may be registered in the storage medium 135 of the server provided with the authentication module 270 or may be mapped with at least one identification value registered in the authentication module 270, And may be registered with the authentication module 270 by being registered in the storage medium 135.

According to the fourth payment means mapping relationship of the present invention, the user's payment means can be mapped and registered in a form of combining at least two of the first to third payment means mapping relationships, 135) or by the operator. That is, even if the payment means of the user is registered in any storage medium 135 in any form, if the previously registered payment means is used for settlement as a result of the end-medium-ownership authentication and / or the disposable authentication code authentication according to the present invention, The scope of the invention is to be clearly indicated.

According to the present invention, a user accesses a merchant server 115 (or drives a commerce-related app) using his or her own terminal 105 to perform a procedure for purchasing a merchandise to be sold at an affiliated store, (Hereinafter, referred to as " non-contact medium 100 ") according to the present invention as a settlement method for performing the settlement procedure, You can choose a payment procedure.

The merchant server 115 transmits the termination using the noncontact medium 100 according to the present invention to the payment relay server 120 (or the operation server 125) through the user terminal 105, Contact medium 100 according to the present invention via the user terminal 105 to the server having the authentication module 270 or to request the start of authentication using the non-contact medium 100 according to the present invention, (For example, the terminal identification value or the identification information of the terminal 105 (e.g., the terminal identification value) or the identification information of the terminal 105 ) Is a mobile phone / smart phone). The payment relay server 120 (or the operation server 125) and / or the authentication module 270, which have been requested to perform the authentication combining the end-to-end medium ownership authentication using the noncontact medium 100 according to the present invention and the disposable authentication code authentication, The server having the terminal 105 can request the authentication of the end-to-end medium-owning authentication using the non-contact medium 100 held by the user and the disposable authentication code authentication using the program of the terminal 105 to start. Messaging (e. G., Push notification, etc.) may be performed to the terminal 105. [

Based on the relationship between the chip 220 of the noncontact medium 100 held by the user and the programmed modules provided in the user terminal 105 and the server side 110, the embodiment according to the technical features of the present invention Will be described. In the embodiment of the present invention, the description of the technical features in terms of the modules is made so that the present invention is not limited by hardware devices in which the respective modules are provided.

FIG. 2 is a diagram showing a configuration of a system for processing settlement using authentication in which an end-to-end medium-ownership authentication using a non-contact medium 100 and a disposable authentication code authentication according to an embodiment of the present invention are combined.

2 shows a chip 220 of a noncontact medium 100 held by a user in the system configuration shown in FIG. 1, a programmed module provided in the user terminal 105 and the server side 110, It will be understood by those skilled in the art that various changes and modifications may be made thereto by referring to and / or modifying the drawings in accordance with various embodiments of the functional configuration of the system The present invention is not limited to the above-described embodiments, but may be embodied in many other specific forms without departing from the spirit or essential characteristics thereof.

The chip 220 of the noncontact medium 100 held by the user is provided with the termination medium ownership authentication and the disposable authentication code authentication in order to provide authentication in which the end- A chip module 230 programmed / logicized to perform a procedure on the chip 220 side of the terminal 220 and at least one server provided in the server side 110 is provided with a server The terminal 105 carried by the user is provided with an authentication module 270 interlocked with the chip module 230 and interlocked with the authentication module 270 of the server side 110, Module 250 is provided and at least one server provided on the server side 110 is provided with a settlement processing module 2 for processing settlement using authentication combining the end-to-end media- 00). The authentication module 270 and the payment processing module 200 may be implemented in the form of an integrated module on one server or in the form of modules interlinked on a separate server.

The payment processing module 200 is a module provided in a server connected to a server performing a procedure of at least some of the payment procedures requested by the user's terminal 105 or a server performing the payment procedure, (Or distributed to two or more servers) in at least one of the merchant server 115, the payment relay server 120, and the financial company server 130 according to an embodiment of the present invention. Meanwhile, the payment processing module 200 may be provided to the operation server 125 connected to at least one server of the merchant server 115, the payment relay server 120, and the financial company server 130.

Referring to FIG. 2, the payment processing module 200 of the server side 110 registers payment means information issued to a user in a financial company and stores it in a storage specified to be associated with end-to-end medium-ownership authentication and / And a payment means registration unit 202 for storing the payment means registration information in the medium 135.

The payment means registration unit 202 receives the user's payment means information and user information from the terminal 105 used by the user and issues a payment instruction to the user corresponding to the user information through the financial institution And then stores the payment means information of the authenticated user in the designated storage medium 135. [ Preferably, the payment means registration unit 202 stores the user information (or the user identification value based on the user information) and the payment means information (or the payment means identification value) of the user on the designated storage medium 135 .

According to the embodiment of the present invention, when the noncontact medium 100 issued to the user is registered in the storage medium 135 of the authentication module 270 before the user's payment means is registered or in association with the payment means registration, The payment means registration unit 202 can register the payment means of the user and the noncontact medium 100 of the user to be mapped. Meanwhile, when the noncontact medium 100 is registered after the user's payment means is registered, the payment means registration unit 202 registers the noncontact medium 100 (100) registered in the authentication module 270 in cooperation with the authentication module 270 ) And the payment means of the registered user.

If the payment means of the user is registered through the terminal 105, the payment means registration unit 202 registers the payment means of the user with the terminal 105 and registers the same with the terminal 105 (Or linked) with a corresponding interlocking module 250. [0050] Alternatively, the payment means registration unit 202 can map the payment means of the user to the authentication module 270, and thus the present invention is not limited thereto.

Referring to FIG. 2, the payment processing module 200 of the server 110 includes a payment request confirmation unit 204 for confirming a payment requested from the user terminal 105 or the merchant server 115, And an authentication request unit 206 for requesting the user's terminal 105 to perform authentication combining the end-to-end medium ownership authentication using the noncontact medium 100 of the user and the one-time authentication code authentication.

The user accesses the merchant server 115 through the terminal 105 to perform a procedure for purchasing the merchandise and transmits the merchandise to the merchant server 115 (or the payment relay server 120) End medium belonging authentication according to the present invention and the disposable authentication code authentication via the interface (or the interface provided in the program of the terminal 105), the payment request confirmation unit 204 Receives payment request information for the requested payment from the terminal 105 or the merchant server 115 of the user. The payment request information includes the payment amount and merchant information, and may further include purchase product information according to the method.

The authentication requesting unit 206 requests the user's terminal 105 to perform authentication combining the end-to-end medium-ownership authentication using the noncontact medium 100 of the user and the disposable authentication code authentication. For example, if the user's terminal 105 is a smartphone capable of receiving push notifications, the authentication requesting unit 206 can be configured to notify the user's terminal 105 of a push notification requesting the authentication have.

The user terminal 105 is provided with a program corresponding to (or linked to) the interlocking module 250 that interfaces with the noncontact medium 100 of the user. The program may be loaded by the manufacturer of the terminal 105, loaded by the communication company of the terminal 105, or downloaded from the designated application providing server and loaded.

2, the interlocking module 250 of the terminal 105 includes an interface checking unit 252 for checking whether the chip 220 of the non-contact medium 100 is interfaced with the terminal 105, And a chip interlocking procedure unit 254 for performing a procedure of providing one or more input values designated by the chip 220 of the noncontact medium 100 interfaced with the noncontact medium 100.

The terminal 105 includes an NFC module that interfaces with the chip 220 of the noncontact medium 100 according to a specified contactless interface standard and the NFC module is a chip of the noncontact medium 100 220). ≪ / RTI >

The interface confirmation unit 252 interlocks with the NFC module of the terminal 105 to check whether the NFC module discovers at least one non-contact medium 100 according to a specified NFC standard. If at least one noncontact medium 100 to be interfaced with the NFC module is identified, the interface identifying unit 252 reads information (e.g., RST (ReSeT)) exchanged with the chip 220 of the noncontact medium 100, Contact medium 100 that is interfaced through the NFC module is connected to the chip module 220 according to the present invention so that the chip 220 of the non- And the chip 220 of the noncontact medium 100 provided with the noncontact media 230.

The chip interlocking procedure unit 254 determines that the chip 220 of the noncontact medium 100 specified in the terminal 105 is interfaced with the chip 220 of the noncontact medium 100, And provides the input value to the chip 220 of the interfaced non-contact medium 100 with the chip 220 of the noncontact medium 100 interfaced.

According to an embodiment of the present invention, the input value may be a time value obtained through a timer of the terminal 105, an eigenvalue uniquely assigned / assigned to the terminal 105, , A received value received from the authentication module 270, and a generated value generated in the terminal 105. [ The time value is a generic name of a value corresponding to the internal time of the terminal 105, and may preferably include a value corresponding to the time synchronized with the standard time. The eigenvalue is a generic term for identifying the terminal 105 that is interfaced with the noncontact media 100. Preferably, the eigenvalue is a value indicating a value of the program corresponding to the interlocking module 250, A value uniquely stored in the memory unit (or USIM, etc.) of the terminal 105, a value specified in the memory unit of the terminal 105 via the authentication procedure specified after the program is loaded into the terminal 105 . The received values are collectively referred to as values received via a predetermined communication network through the communication module of the terminal 105, and preferably include values received via the communication network, values generated / stored through the authentication module 270 can do. The generated value is a generic name of a value generated through a program corresponding to the interlocking module 250 provided in the terminal 105 (or a program linked to the interlocking module 250) Lt; RTI ID = 0.0 > hash < / RTI > value.

The input value provided to the chip 220 of the noncontact medium 100 is the value of the configuration (or configuration) of the data c to be encrypted within the chip 220 of the noncontact medium 100, (Or at least one of the encryption keys) for encrypting the data c in the chip 220 of the noncontact medium 100, or may be used as the noncontact (Or at least one of the configuration values) of the data c to be encrypted and the encryption key (or at least one of the encryption keys) for encryption within the chip 220 of the medium 100 Or < / RTI >

2, the chip module 230 of the noncontact medium 100 includes an input value receiving unit 234 for receiving an input value via the interface terminal 105, data (c And an encryption module 236 for encrypting the encrypted data c to generate encrypted data c and providing the generated encrypted data c to the interface terminal 105 to be transmitted to the designated authentication module 270 And a PIN authentication unit 232 having a data providing unit 238 and performing an authentication procedure for using the chip 220 of the noncontact medium 100 according to an embodiment of the present invention.

When the chip 220 of the noncontact medium 100 is interfaced with the terminal 105, the interlocking module 250 of the terminal 105 acquires one or more designated input values and transmits the chip of the noncontact medium 100 And the input value receiver 234 receives the input value from the interfaced terminal 105. The input value may be a time value obtained through the timer of the terminal 105, an eigenvalue unique to the terminal 105, a received value received from the outside of the terminal 105, ) Of the generated values. According to another embodiment of the present invention, when the input value provided from the terminal 105 is not used to configure or encrypt the data (c), the input value receiver 234 may be omitted, The invention is not limited.

The encryption processing unit 236 encrypts the stored value stored in the chip 220 of the noncontact medium 100 using one or more of the input values received from the terminal 105 interfaced with the input value receiving unit 234, (C) corresponding to the object.

According to the first data (c) of the present invention, the data (c) may include a storage value (e.g., unique code, etc.) stored in the chip 220 of the noncontact medium 100.

According to the second data (c) of the present invention, the data (c) includes an input value received from the interfaced terminal 105 (e.g., a time value obtained through a timer of the terminal 105, 105, a received value received from the outside of the terminal 105, a generated value generated in the terminal 105, and the like).

According to the third data (c) of the present invention, the data (c) includes a generated value (c) generated in the chip 220 of the noncontact medium 100 A random number c for session key exchange, a hash value generated by hashing at least one of the stored value and the input value, and the like).

According to the fourth data (c) of the present invention, the data (c) includes a stored value stored in the chip 220 of the noncontact medium 100, an input value received from the terminal 105, And a generated value (c) generated in the memory 220. It is to be noted that what value is included in the data (c) can be modified according to the intention of a person skilled in the art, and the present invention covers all the variant embodiments as a scope of right.

According to a preferred embodiment of the present invention, the data (c) preferably includes the storage value, the input value and the random number c to enhance the security of end-to-end media-proprietary authentication. For example, the data (c) includes a unique code stored in the chip 220 of the noncontact medium 100, a time value received from the interfaced terminal 105 and a unique value And the random number c generated in the chip 220. In this case, the unique code is a value for authenticating the noncontact medium 100 by the authentication module 270 The time value is used as a timestamp of the end-to-end media-proprietary authentication, and the eigenvalue is used as a value for authenticating the terminal 105 interfaced with the non-contact medium 100 in the authentication module 270, The value (c) may be used as a value for exchanging the session key to be used for decryption of the encrypted data (s) encrypted in the authentication module 270.

If the data c corresponding to the encryption target is configured using at least one of the first to fourth data (c) embodiments, the encryption processing unit 236 encrypts the data c to be decryptable only through the designated authentication module 270 And encrypts the data (c) to generate encrypted data (c).

According to the first cipher data (c) embodiment of the present invention, the chip 220 of the noncontact medium 100 is provided with an encryption / decryption module (e.g., an encryption / decryption module) for decrypting the encrypted data only through the designated authentication module 270, Decryption algorithm and an encryption / decryption key value (e.g., a master key) may be embedded in the encryption / decryption function of the chip 220. The encryption processing unit 236 may encrypt the data c ) To encrypt the data (c) so as to be decryptable only through the designated authentication module (270) to generate the encrypted data (c).

According to the second cipher data (c) of the present invention, the chip 220 of the noncontact medium 100 may be provided with the second code data 230 during the process of mounting the chip module 230 or after the chip module 230 is mounted (For example, a master key of the chip 220 or an encryption / decryption key recorded for encryption / decryption) stored at the time of issuing the encryption key, and the encryption processing unit 236 includes a specified authentication module 270 (C) as an encryption key and encrypts the data (c) so that the data c can be decrypted only through the specified authentication module 270 It is possible to generate the encrypted data (c).

According to the third cipher data (c) embodiment of the present invention, the encryption processing unit 236 includes an encryption function (for example, encryption algorithm) matched with the decryption function of the specified authentication module 270, (C) by encrypting the data (c) so that it can be decrypted only through the specified authentication module 270 by using a value designated as an encryption key among the input values received through the receiver 234 as an encryption key .

According to the fourth encryption data (c) embodiment of the present invention, the encryption processing unit 236 includes an encryption key generation function (e.g., a hash algorithm) and an encryption function matched with the decryption function of the specified authentication module 270 And generates an encryption key by applying at least one of an input value received through the input value receiver 234 and a storage value stored in the chip 220 to the encryption key generating function, The encrypted data c can be generated by encrypting the data c through the designated authentication module 270 in a decryptable manner.

According to a preferred embodiment of the present invention, the cryptographic processing unit 236 includes a unique code stored in the chip 220 of the noncontact medium 100, a time value received from the interfaced terminal 105, The encrypted data c may be generated by encrypting the data c including the random number c generated in the chip 220 through the master key if the terminal 105 is not authenticated .

When the encrypted data c is generated through the encryption processing unit 236, the data providing unit 238 provides the encrypted data c generated through the encryption processing unit 236 to the interfaced terminal 105 C so that the encrypted data c is transmitted to the designated authentication module 270 via the terminal 105. [

Referring to FIG. 2, the interlocking module 250 of the terminal 105 reads encrypted data (hereinafter referred to as encrypted data) encrypted and generated in the chip 220 of the noncontact medium 100 from the chip 220 of the noncontact medium 100 and a data relay unit 256 for performing a procedure for transmitting the encrypted data c to the specified authentication module 270. The authentication module 270 may be a microprocessor,

The chip interworking procedure unit 254 encrypts data c from the chip 220 of the noncontact medium 100 interfaced with the NFC module of the terminal 105 inside the chip 220 of the non- And receives the generated cipher data c. At this time, the encrypted data (c) can not be decrypted by the terminal 105.

The data relay unit 256 performs a procedure for transmitting the encrypted data (c) to the designated authentication module 270. The data relaying unit 256 may transmit the cipher data c to the server having the authentication module 270. The data relay unit 256 may transmit the encryption data c to the relay server associated with the server having the authentication module 270. The relay server may transmit the encryption data c to the authentication module 270 270). Alternatively, the data relay unit 256 may provide the encrypted data (c) to a program communicating with a server having the authentication module 270 among the programs of the terminal 105, 270 to transmit the encrypted data (c).

The chip interworking procedure unit 254 transmits the data s including the dynamic code dynamically generated by the authentication module 270 to the chip 220 of the noncontact medium 100 through the chip 220, It is preferable to maintain the interlocked state of the noncontact medium 100 with the chip 220 until decrypted ciphered data s is received.

2, the authentication module 270 of the server side 110 stores authentication information for authenticating the key value (s) and / or the data (c) for decrypting the encrypted data (c) And an information storage unit 272. The key value s may include a key having a symmetric key relationship with the key value c provided in the chip 220 of the noncontact medium 100 or a key having a public key infrastructure structure relationship.

The information storage unit 272 checks the key value s for decrypting the encrypted password data c in the chip 220 of the noncontact medium 100 issued to the user and stores the key value s in the designated storage medium 135 do. The information storage unit 272 may store the keys provided in the chip 220 of the noncontact medium 100 at least one of the first issuance, the second issuance, and the issuance time of the noncontact medium 100, The key value s matching with the value c can be confirmed and stored in the designated storage medium 135. [ Alternatively, the authentication module 270 extracts / generates an encryption / decryption key to be used in the chip 220 of the noncontact medium 100 and provides the encryption / decryption key to the terminal 105 in the form of the received value, Decryption key is generated in the chip 220 of the authentication module 270 and the encryption / decryption key is also generated in the authentication module 270, the information storage unit 272 may not store the key value s in advance .

The information storage unit 272 confirms authentication information for authenticating the data c decrypted by the chip 220 of the noncontact medium 100 and stores the decrypted data in the designated storage medium 135 . Preferably, when the data (c) includes a unique code stored in the chip 220 of the noncontact medium 100, the information storage unit 272 stores the primary issuance of the noncontact medium 100, The unique code included in the chip 220 of the noncontact medium 100 may be checked at least one time point after the issuance of the unique code and the authentication information including the unique code may be stored in the designated storage medium 135. [ If the data c includes an eigenvalue unique to the terminal 105, the information storage unit 272 may transmit the data to the user terminal 105 through the interworking module 250 (Or a program) corresponding to the terminal 105 in the terminal 105 in cooperation with the interworking module 250 (or the program) Authentication information including the identified eigenvalues may be stored in the designated storage medium 135. [ On the other hand, the authentication module 270 extracts / generates the value included in the data (c) and provides the value to the terminal 105 in the form of the received value or a rule matching the generation rule of the authentication module 270 When the generated value generated by the terminal 105 or the chip 220 of the noncontact medium 100 is included in the data c, the information storage unit 272 may not store the generated value in advance.

According to the embodiment of the present invention, the key value (s) and the authentication information are used to identify a user who has been issued the noncontact medium 100, a terminal 105 to be interfaced with the noncontact medium 100 And an application identification value for identifying a terminal identification value of the terminal 105 and a program (e.g., a program corresponding to (or linked to) the interworking module 250) stored in the terminal 105 desirable.

Referring to FIG. 2, the authentication module 270 of the server side 110 receives data (c) encrypted by the chip 220 of the noncontact medium 100 interfaced with the terminal 105 A decryption processing unit 276 for decrypting the encrypted data c encrypted by the chip 220 of the noncontact medium 100 to confirm the data c; And an authentication procedure unit 278 for performing a procedure for authenticating validity. According to an embodiment of the present invention, the authentication procedure of the data (c) may be performed through a separate server. In this case, the authentication procedure unit 278 requests the authentication server to authenticate the data (c) . According to another modified embodiment of the present invention, it is possible to process the settlement using the end-to-end medium ownership authentication using the noncontact medium 100. In this case, the authentication module And a result providing unit 290 for providing the authentication result of the data (c) performed through the database (278) to the designated path.

The encrypted data c transmitted from the chip 220 of the noncontact medium 100 is transmitted from the terminal 105 interfaced with the chip 220 of the noncontact medium 100 to the data receiving unit 274, (C) encrypted in the chip 220 of the noncontact medium 100 interfaced with the terminal 105 via the path. The cipher data (c) according to an embodiment of the present invention can be received in association with at least one identification value.

The decryption processing unit 276 confirms the key value s corresponding to the chip 220 of the noncontact medium 100 interfaced with the terminal 105. [ The decryption processing unit 276 may decrypt the decrypted encrypted data c in the chip 220 of the noncontact medium 100 by using at least one identification value received from the terminal 105, The value (s) can be confirmed. The decryption processing unit 276 decrypts the encrypted data c from the chip 220 of the noncontact medium 100 using the identified key value s to confirm the data c.

When the data c includes the unique code, the authentication procedure unit 278 authenticates the validity of the unique code included in the data c using the unique code stored in the storage medium 135 Can be performed. Or if the data c includes an eigenvalue, the authentication procedure unit 278 authenticates the validity of the eigenvalues included in the data c using the eigenvalues stored in the storage medium 135 Can be performed. Alternatively, when the time value is included in the data (c), the authentication procedure unit 278 may store and manage the time value as a time stamp. Meanwhile, when the data (c) contains the value extracted / generated by the authentication module 270, the authentication procedure unit 278 reads the cipher data c from the chip 220 of the noncontact medium 100, And generates and outputs a predetermined value to the terminal 105 and maintains the generated value. The validity of the value included in the data (c) can be authenticated using the extracted value.

In the case of processing settlement using the end-to-end media ownership authentication using the noncontact media 100 without combining the one-time authentication code authentication according to another modified embodiment of the present invention, And provide the authentication result of the data (c) performed through the authentication unit 278 to the designated path. Preferably, the authentication result may be provided to the result confirmation unit 208 of the payment processing module 200.

Referring to FIG. 2, the authentication module 270 of the server side 110 includes a dynamic code verification unit 280 for confirming a dynamic code generated to be provided to the chip 220 of the noncontact medium 100, An encryption processing unit 282 for encrypting the generated dynamic code so as to be decryptable in the chip 220 of the noncontact medium 100 to generate encrypted data s, 105 and a data transfer unit 284 for transferring the data to the chip 220 of the noncontact medium 100.

When the encrypted data c is decrypted to confirm the data c and / or the validity of the data c is authenticated, the dynamic code verifying unit 280 determines whether or not the noncontact And identifies the dynamically generated dynamic code for presentation to chip 220 of media 100. The dynamic code may be dynamically generated in the authentication module 270, or may be generated via a separate code generation server.

According to the first dynamic code generation method of the present invention, the dynamic code can be dynamically generated in a random value form of a designated size through a specified random number algorithm.

According to the second dynamic code generation method of the present invention, the dynamic code can be dynamically generated by applying one or more seeds to a specified code generation algorithm (for example, an algorithm for generating an OTP, a hash algorithm, etc.). At this time, the seed to be applied to the code generation algorithm preferably includes at least one fixed seed and a dynamic seed. Preferably, the seed includes values available in the authentication module 270, and at least one of the seeds may include a value included in the data (c). For example, a time value or a random value included in the data (c) may be used as a fixed seed, and a unique code included in the data (c) may be used as a fixed seed.

According to the embodiment of the present invention, the dynamic code verifying unit 280 maintains the generated dynamic code for a predetermined period of time (e.g., the authentication completion time of the disposable authentication code corresponding to the dynamic code) 200 to establish a mapping relationship with the payment means of the user registered through the payment method registration unit 202 for the predetermined period of time. In this case, the dynamic code may be used as a dynamic identification value that is mapped to the payment means of the user.

The encryption processing unit 282 generates / verifies an encryption key for generating encrypted data (s) so as to be decryptable through the chip 220 of the noncontact medium 100. Preferably, the encryption processing unit 282 can generate / verify an encryption key by generating a session key using the random number c and the key value s included in the data c. However, the encryption key is not limited to the type of the session key. The key value (s) registered at least one of the primary issuance, the secondary issuance, and the post-issuance time of the noncontact medium 100 may be encrypted using an encryption key Or may generate an encryption key through a key generation algorithm that matches a key generation algorithm included in the chip 220 of the noncontact medium 100.

According to an embodiment of the present invention, the encryption processing unit 282 may include a MAC (Message Authentication Code) for verifying the validity of the dynamic code to be provided to the chip 220 of the noncontact medium 100 through the encrypted data (s) Can be generated. For example, the encryption processing unit 282 may generate a MAC for verifying the validity of the dynamic code using the random number c and the session key. However, the MAC generation process is not limited to the above example, and various modifications may be made to those skilled in the art, and the present invention is not limited thereto.

The encryption processing unit 282 constitutes data s to be provided to the chip 220 of the noncontact medium 100 and encrypts the data s using the generated / s. Preferably, the data (s) includes the dynamic code, and may further include the MAC according to an implementation method.

The data transmission unit 284 transmits the encrypted data s to the terminal 105 via the designated path so that the encrypted data s is transmitted to the chip 105 of the non- (220). Preferably, the encrypted data (s) is transmitted to the terminal 105 along a reverse path of the path on which the encrypted data (c) is received, and reaches the interworking module 250. However, the path for transmitting the encrypted data (s) is not limited to the reverse path.

Referring to FIG. 2, the interlocking module 250 of the terminal 105 decrypts data (s) including a dynamic code from the authentication module 270 through the chip 220 of the noncontact medium 100 A data relay unit 256 for receiving ciphered encrypted data s and a chip interlocking unit 250 for providing the ciphered data s to the chip 220 of the noncontact medium 100 interfaced with the terminal 105, And a procedure unit 254.

When the authentication module 270 generates and transmits the encrypted data s encrypted by decrypting the data s including the dynamic code through the chip 220 of the noncontact media 100, (S) encrypted by encrypting the data (s) including the dynamic code via a designated path. The encrypted data (s) is not decrypted through the terminal 105.

The chip interlocking procedure unit 254 provides the cipher data s to the chip 220 of the noncontact medium 100 interfaced with the terminal 105 to thereby generate the decrypted data s ) In response to the authentication code corresponding to the dynamic code included in the authentication code.

2, the chip module 230 of the noncontact medium 100 includes a data verifying unit (not shown) for receiving the encrypted password data s from the interfaced terminal 105 via the authentication module 270 A decryption processing unit 242 for decrypting encrypted data s encrypted through the authentication module 270 to identify data s including a dynamic code, And a code providing unit (244) for identifying the disposable authentication code corresponding to the code and providing the disposable authentication code to the interfaced terminal (105).

The data verifying unit 240 decrypts the data s including the dynamic code dynamically generated in the authentication module 270 through the chip 220 of the noncontact medium 100 from the interfaced terminal 105 Possibly encrypted data (s).

The decryption processing unit 242 generates / verifies a decryption key for decrypting the encrypted data s through the authentication module 270, and decrypts the decrypted data s using the decrypted / And decodes the data s to perform a decoding procedure. The decryption of the encrypted data (s) may be performed through an encryption / decryption module corresponding to the encryption / decryption function provided in the chip 220 of the noncontact medium 100 or via the decryption processing unit 242 have. If decryption is performed through the encryption / decryption module, the decryption processing unit 242 may provide the encryption data (s) to the encryption / decryption module so as to be decrypted. Preferably, the data (s) includes the dynamic code, and may further include the MAC according to an implementation method.

When the encrypted data s is encrypted through the session key according to the embodiment of the present invention, the decryption processing unit 242 (or the encryption / decryption module) uses the random number c included in the data c, Generates and confirms a decryption key in the form of generating a session key using the key value c used to generate the decryption data c and generates the decryption key using the decryption key generated / It is possible to confirm the data s by decoding. However, the decryption key is not limited to the session key. The decryption key may be decrypted through a key generation algorithm that matches the key value c with a decryption key or a key generation algorithm included in the authentication module 270, Key can be generated. However, the decryption key is not limited to the session key. The decryption key may be decrypted through a key generation algorithm that matches the key value c with a decryption key or a key generation algorithm included in the authentication module 270, Key can be generated. Preferably, the data (s) comprises the dynamic code and may further comprise the MAC.

According to an embodiment of the present invention, the decryption processing unit 242 (or the encryption / decryption module) generates a MAC by using the same rules as the rules for generating a MAC in the authentication module 270, The validity of the dynamic code included in the data (s) can be verified in comparison with the included MAC.

When the encrypted data s is decrypted and the data s is verified and / or the MAC contained in the data s is verified, the code providing unit 244 decrypts the dynamic Check the disposable authentication code corresponding to the code.

According to the first authentication code verification method of the present invention, the code providing unit 244 can directly check the dynamic code included in the decrypted data (s) with a disposable authentication code.

According to the second authentication code verification method of the present invention, the code providing unit 244 can confirm a partial code of the dynamic code included in the decrypted data (s) with an authentication code of a specified number of digits. For example, when the dynamic code is a 16-byte code, the code providing unit 244 checks the 8-byte code of the 16-byte code with the authentication code, or writes the 6-byte code, , Or check the back seven byte code with the authentication code. Alternatively, the nibble or byte at the designated position can be selectively extracted and confirmed by the authentication code. If there is a padding area in the dynamic code, it is preferable not to include the padding area in some code corresponding to the authentication code.

According to the third authentication code verification method of the present invention, the code providing unit 244 can confirm the code generated by processing the dynamic code with the authentication code of the designated digit. For example, the authentication code may include a code that hashes the dynamic code with a specified hash algorithm. Alternatively, the authentication code may be generated by adding the dynamic code to a seed of a specified code generation rule (for example, a rule for using (possibly skipping) a hash algorithm for generating a code of a specified number of digits and at least one seed provided in the chip 220) As shown in FIG. Alternatively, the authentication code may include a code dynamically generated by using the input value as a seed of a designated code generation rule. Alternatively, the authentication code may include a dynamic generated code using the input value and the dynamic code as a seed of the designated code generation rule.

According to the fourth authentication code verification method of the present invention, the code providing unit 244 can identify N (N? 2) digit authentication codes by combining the first to third authentication code verification methods. For example, the code providing unit 244 configures a code (1? N <N) of the N-digit number of the authentication codes according to the second authentication code checking method, Nn) digits, and then the N-digit code and the (Nn) code are combined to confirm the N-digit number of the authentication code.

Meanwhile, the authentication code may have various forms or structures. According to the present invention, the authentication code is used as identification means for identifying the payment means of the user, and is used as authentication means for using the payment means of the user.

According to the first authentication code embodiment of the present invention, the authentication code may be in the form of a number of disposable numbers of a specified number of digits.

According to the second authentication code embodiment of the present invention, the authentication code may be in the form of a disposable string of a designated size formed by combining one or more of numbers, letters, symbols, and the like.

According to the third authentication code embodiment of the present invention, the authentication code may be in the form of a disposable card number or a disposable account number of a designated number system. For example, when the authentication code is in the form of a one-time card number, the dynamic code corresponds to the serial number of the card number system, combines the designated BIN to identify the one-time card number and generates the check sum digit The authentication code in the form of a disposable card number can be confirmed.

The code providing unit 244 provides the interfaced terminal 105 with a disposable authentication code identified through at least one of the first to fourth authentication code checking methods. The disposable authentication code provided to the terminal 105 may be in the form of the first to third authentication code embodiments, and may be transmitted to the terminal 105 through the program of the terminal 105, Can be processed in the form of an embodiment.

According to the method of the present invention, when the disposable authentication code is transmitted to the authentication module 270 through the path specified through the interlocking module 250 of the terminal 105, Can be decrypted only through the authentication module 270 and transmitted. In this case, the disposable authentication code is encrypted according to the encryption method of the encryption data (c), or is encrypted by reusing the decryption key generated / confirmed to decrypt the encryption data (s) as an encryption key, May be encrypted by generating / verifying a new encryption key based on the further exchanged value in the process of receiving the data (s).

Meanwhile, the PIN authentication unit 232 of the chip 220 of the noncontact medium 100 transmits the input value via the input value receiving unit 234 to a point of time before or after receiving the input value, The authentication process for using the chip 220 of the noncontact medium 100 can be performed at any time point before, during, or after receiving the encrypted data (s). Preferably, the authentication procedure for using the chip 220 may include a PIN authentication procedure.

Referring to FIG. 2, the interlocking module 250 of the terminal 105 reads encrypted data (s) from the chip 220 of the noncontact medium 100 inside the chip 220 of the noncontact medium 100 A chip interlocking procedure unit 254 for performing a procedure for receiving a disposable authentication code corresponding to the dynamic code contained in the decrypted data s, and a disposable authentication code transmitted to the authentication module 270 through the designated path And a code processing unit 258 for performing a procedure for performing the above-described operations.

If the disposable authentication code corresponding to the dynamic code contained in the data (s) obtained by decoding the encrypted data (s) is confirmed and transmitted within the chip 220 of the noncontact medium 100, the chip interlocking procedure unit 254 receive the disposable authentication code from the chip 220 of the interfaced non-contact media 100.

According to the first authentication code processing method of the present invention, when an input area for inputting a disposable authentication code is displayed on the screen of the terminal 105, the code processing unit 258 transmits the disposable authentication code to the input area manually / Automatic input, and the input authentication code is transmitted to the authentication module 270 through the designated path according to the specified security procedure. Preferably, the disposable authentication code may be automatically entered into an input area of a program corresponding to (or linked to) the interlock module 250.

According to the second authentication code processing method of the present invention, the code processing unit 258 transmits the disposable authentication code to the authentication module 270 through the designated path according to the specified security procedure without displaying / Can be performed. The disposable authentication code may be transmitted through a program corresponding (or linked) to the interworking module 250.

Referring to FIG. 2, the authentication module 270 of the server side 110 decrypts encrypted data (s) in the chip 220 of the noncontact medium 100 interfaced with the terminal 105 a code receiving unit 286 for receiving a disposable authentication code corresponding to the dynamic code included in the received authentication code through a designated path, a code authentication unit 288 for performing a procedure for authenticating the validity of the received authentication code, And a result provider 290 for providing the authentication result of the disposable authentication code performed through the code authentication unit 288 to the designated path.

The code receiving unit 286 receives the discrete authentication code corresponding to the dynamic code included in the data s decrypted by the encrypted data s and outputs the disposable authentication code to the chip 220 of the noncontact medium 100, And may receive the disposable authentication code from the terminal 105 via a specified security procedure and path.

The code authenticating unit 288 verifies the dynamic code confirmed through the dynamic code verifying unit 280 or the dynamic code provided to the terminal 105 through the data transmitting unit 284, After verifying the authentication code, it can be compared with the disposable authentication code received through the code receiving unit 286 to verify the validity. In this case, the code authentication unit 288 provides the disposable authentication code to the code authentication server, requests authentication, and receives a result of the authentication .

The result provider 290 is generated and encrypted on the server side 110 as the authentication result of the cipher data c generated in the chip 220 of the noncontact medium 100, The authentication result for the disposable authentication code corresponding to the dynamic code decrypted in the chip 220 of the noncontact medium 100 is provided to the authentication server 220 and the authentication result is provided through the designated path. Preferably, the authentication result may be provided to the result confirmation unit 208 of the payment processing module 200.

2, the payment processing module 200 of the server side 110 includes a result confirmation unit 208 for confirming an authentication result performed through the authentication module 270, In the case where the authentication result confirmed by the payment request registration unit 202 is successful, the payment procedure corresponding to the payment request confirmed through the payment request confirmation unit 204 is performed using the payment means of the user registered through the payment method registration unit 202 And a settlement procedure performing unit 210 for processing the settlement procedure.

The result confirming unit 208 confirms the authentication result of the authentication combining the end-to-end medium-ownership authentication using the non-contact medium 100 performed through the authentication module 270 and the one-time authentication code authentication. According to an embodiment of the present invention, the result confirming unit 208 can confirm an end-to-end medium ownership authentication result using the non-contact medium 100 performed through the authentication module 270, and thus the present invention is not limited thereto .

The settlement procedure execution unit 210 reads the authentication result confirmed by the result confirmation unit 208 and confirms that the authentication is successful. If the authentication result of the end-to-end medium possessing authentication result and / or the one-time authentication code authentication result using the noncontact medium 100 of the user is successful, the payment procedure performing unit 210 registers And processes the user's payment means to be used for the payment request confirmed through the payment request confirmation unit 204. [

If the payment processing module 200 is provided in the financial company server 130 and the payment means of the user is registered in the storage medium 135 of the financial company, (For example, extracting the payment method information of the user mapped with the noncontact medium 100 corresponding to the authentication result, extracting the payment method information of the user mapped to the terminal 105, Extracting the payment method information of the user mapped to the program of the user 105, extracting the payment method information of the user mapped with the authentication module 270, and the like) 204 to perform the payment approval procedure for the payment request information confirmed through the payment processing unit 204. [

Or the settlement processing module 200 is provided in a server other than the financial company and the payment means information of the user is registered in the storage medium 135 of the financial company and the storage medium 135 The settlement procedure performing unit 210 extracts the settlement unit identification value from the storage medium 135 of the server (e.g., extracts the identification information of the noncontact medium 100 corresponding to the authentication result) Extracting a payment means identification value of the mapped user, extracting a payment means identification value of a user mapped with the terminal 105, extracting a payment means identification value of a user mapped with the program of the terminal 105, And extracts the settlement identification value of the extracted user and the settlement request information confirmed through the settlement request verification unit 204 from the financial institution server corresponding to the payment means of the user, (130) to request the payment approval procedure to be performed.

Meanwhile, the payment processing module 200 may be configured so that the payment processing module 210 processes the payment procedure for the payment request using the payment means of the user registered through the payment method registration unit 202 The server and the payment means of the user can be variously modified according to the registered storage medium 135. It is clear that the present invention includes the number of all cases that can be modified depending on each server as a right range I will.

3 is a diagram illustrating an operation of the payment processing module 200 and a payment request process according to an embodiment of the present invention.

More specifically, FIG. 3 illustrates a process in which the payment processing module 200 confirms the payment request when a settlement using the user's terminal 105 is requested after the payment processing module 200 registers the user's payment means 3, the operation of the payment processing module 200 and various execution methods of the payment request process (for example, a part of a part It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention is not limited to the disclosed embodiments, .

Referring to FIG. 3, the payment processing module 200 registers the payment means of the user to be used in the payment procedure from the user terminal 105 and stores the payment means in the storage medium 135 (300). If at least one identification value to be mapped to the payment means of the user is confirmed, the payment processing module 200 determines that the payment means has at least one identification value (305).

The merchant server 115 accesses the merchant server 115 through the user's terminal 105 and performs the merchandise purchase procedure 310. The merchant server 115 performs the merchandise sales procedure in connection with the terminal 105 The merchant server 115 requests the terminal 105 to select a settlement method for settlement of purchase goods in step 315. If the settlement server 115 determines that the settlement method is not available, When the conventional payment method is selected, the terminal 105 and the merchant server 115 perform the conventional payment procedure according to the selected payment method (325). If the terminal 105 and the merchant server 115 perform end-to-end media ownership authentication using the non- If the settlement using the double-combined authentication of the one-time authentication code authentication is selected 320, the terminal 105 transmits the end-to-end media using the user's noncontact medium 100 to the merchant server 115 or the payment processing module 200 Authentication and disposable To increase the code authentication request payment using dual authentication combined (330).

The settlement processing module 200 receives a settlement request from the user's terminal 105 or the merchant's server 115 using the user's noncontact medium 100 using end-to-end medium ownership authentication and disposable authentication code authentication (335). Preferably, the payment processing module 200 may receive payment request information including a payment amount, merchant information, and a user identification value.

If the settlement processing module 200 requests settlement using the authentication combining the end-to-end medium-ownership authentication using the user's noncontact medium 100 and the one-time authentication code authentication, the settlement processing module 200 transmits the noncontact (340) requesting authentication combining the end-to-end medium-ownership authentication using the medium 100 and the one-time authentication code authentication.

4 illustrates an end-to-end medium access authentication process between the chip 220 and the server side 110 of the noncontact medium 100 according to an embodiment of the present invention.

4 illustrates a case where a chip module 230 provided in a chip 220 of a noncontact medium 100 interfaced with a terminal 105 generates cipher data c and transmits the cipher data c to the interlocking module 250 of the terminal 105 The authentication module 270 of the server side 110 authenticates the chip 220 of the noncontact medium 100 through the cipher data c, (Or program) that is interfaced with the chip 220 of the noncontact medium 100. As a person skilled in the art, it is assumed that the validity of the terminal 105 (E.g., omitting some steps or changing the order) for the end-to-end media-proprietary authentication process, the present invention can be applied to all of the above- Method, and the thread shown in FIG. 4 Only the method is not limited that technical feature.

Referring to FIG. 4, the authentication module 270 determines whether or not the noncontact medium 100 has been issued during the first issuance, the second issuance, and after the issuance of the noncontact medium 100, (S) for decrypting the encrypted data (s) generated in the chip 220 of the noncontact medium 100 at least one time and storing the key value s in the designated storage medium 135 (400). In addition, the authentication module 270 may determine that the chip 220 of the noncontact medium 100 is inserted into the noncontact medium 100 at least one of the first issuance, the second issuance, and the post- The authentication information including the unique code recorded in the storage medium 135 may be checked and stored in the storage medium 135 (400). Meanwhile, the authentication module 270 determines whether or not the terminal 105 (or the program) that is interfaced with the chip 220 of the noncontact medium 100 in the process of authenticating ownership of the noncontact medium 100 with the chip 220, (400) to authenticate the authentication information including the unique value of the terminal (105) on which the interlocking module (250) is mounted in order to authenticate the validity of the terminal (105).

End media ownership authentication between the chip 220 and the server side 110 of the noncontact media 100 according to the present invention is performed by attaching chips 220 of the noncontact media 100 to the terminal 105 having the interlock module 250 May be interfaced. Information for instructing the terminal 105 to interface the chip 220 of the noncontact medium 100 to the user terminal 105 is displayed so as to guide the chip 220 of the noncontact medium 100 to be interfaced, Information for instructing the user terminal 105 to interface the non-contact medium 100 from the payment processing module 200 may be provided.

Referring to FIG. 4, the interworking module 250 provided in the terminal 105 of the user accesses the chip (not shown) of the noncontact medium 100 through the contactless interface of the terminal 105 according to the request / 220) is interfaced to the terminal 105 (405). Preferably, the interlocking module 250 can verify that the chip 220 of the noncontact medium 100 interfaces with the NFC module of the terminal 105 through NFC.

If it is confirmed that the chip 220 of the noncontact medium 100 is interfaced with the terminal 105, the interlocking module 250 obtains an input value to be provided to the chip 220 of the noncontact medium 100 410). Preferably, the input value is a time value obtained through the timer of the terminal 105, an eigenvalue uniquely assigned / assigned to the terminal 105, an external value of the terminal 105 ), And a generated value generated in the terminal 105, and the interworking module 250 may transmit the input value (e.g., the received value) (Or a separate receiving value providing server) in order to obtain the authentication information.

The interlocking module 250 provides the input values to the chips 220 of the noncontact media 100 interfaced with the chips 220 of the noncontact media 100, (420) the input value from the interfaced terminal (105).

The chip module 230 includes at least one of a unique code provided in the chip 220 of the noncontact medium 100 and an input value received from the terminal 105, (c) (425), a key value (C2) provided in the chip (220) of the noncontact medium (100) at least at one point in time of the first issuance, the second issuance and the subsequent issuance of the noncontact medium (c) to encrypt the data (c) so as to be decryptable only through the designated authentication module 270 using the encrypted data (c) (430).

If the cipher data c is generated, the chip module 230 provides the cipher data c to the interfaced terminal 105 and transmits the ciphered data c to the interworking module 250 of the terminal 105, (C) from the chip 220 of the interfaced non-contact medium 100 (440).

The interlocking module 250 performs a procedure for transmitting the encrypted password data c in the chip 220 of the noncontact medium 100 to the designated authentication module 270 through the designated path 445, The authentication module 270 provided on the side 110 receives encrypted encryption data c in the chip 220 of the noncontact medium 100 through a designated path.

The authentication module 270 checks the key value s registered at least at one point in time of the primary issuance, the secondary issuance, and the post-issuance of the noncontact medium 100 to decrypt the encrypted data (c) Decrypts encrypted data c in the chip 220 of the noncontact medium 100 by using the key value s to decrypt the encrypted data c in the chip 220 of the noncontact medium 100 The configured data c is confirmed (460). If the time value provided to the chip 220 of the noncontact medium 100 from the interlocking module 250 is included in the data c, the authentication module 270 determines the time value included in the data c The corresponding time stamp can be confirmed and stored.

The authentication module 270 may store authentication information (for example, stored in the chip 220 of the noncontact medium 100) stored at least one of the time of the primary issuance, the secondary issuance, Authenticating (465) the validity of the data (c) configured in the chip 220 of the noncontact media 100 and / or using the interlocking module 250 (or the interlocking module 250) (Or cooperating) with the terminal 105 (or the interlocking module 250) at one point in time or later when the terminal 105 (corresponding to the interlocking module) is mounted on the terminal 105 interfaced with the noncontact medium 100. [ (C) configured in the chip 220 of the noncontact medium 100 using the authentication information (for example, an eigenvalue or the like unique to the terminal 105) (465).

According to the method of the present invention, the authentication of the data (c) using the authentication information registered at least one of the time of the first issuance, the second issuance, and the issuance of the noncontact medium 100 is performed by the non- ) Authentication of the data (c) using the authentication information registered through the terminal 105 (or the program corresponding to (or linking to) the interworking module 250) (Or program) that is interfaced with the chip 220 of the noncontact media 100. The end-to-

If the validity of the data (c) is not authenticated, the authentication module 270 generates an authentication error of the end-to-end media owning authentication and transmits it through a designated path (470) End medium-entitlement authentication authentication error (step 475).

On the other hand, if the validity of the data (c) is authenticated, the authentication module 270 confirms the dynamically generated dynamic code, encrypts the encrypted dynamic code only through the chip 220 of the noncontact medium 100, Can be performed.

FIG. 5 illustrates an end-to-end medium-ownership authentication and a disposable authentication code provision process between the chip 220 and the server side 110 of the noncontact medium 100 according to an embodiment of the present invention.

5 shows the encrypted data c constructed and encrypted within the chip 220 of the noncontact medium 100 through the process shown in FIG. 4 in the authentication module 270 of the server side 110 The encrypted dynamic code generated in the server side 110 is decrypted only through the chip 220 of the noncontact medium 100 and is transmitted to the chip 220 of the noncontact medium 100 through the terminal 105 And a disposable authentication code corresponding to the dynamic code of the server side 110 decrypted through the chip 220 of the noncontact medium 100 is provided to the terminal 105. In this case, Those skilled in the art will be able to refer and / or modify FIG. 5 to illustrate the various ways of performing the end-to-end authentication and authentication code delivery process (e.g., some steps may be omitted, Can be inferred from Would, in the present invention are made, including any exemplary way in which the inference, to which the technical feature that is not limited to the exemplary method shown in the figure 5.

Referring to FIG. 5, when the validity of the data (c) decrypted by the encrypted data c constituted within the chip 220 of the noncontact medium 100 through the process shown in FIG. 4 is authenticated, Module 270 identifies (500) the dynamically generated dynamic code on server side 110 based on the authentication result of end-to-end media owning authentication. According to an embodiment of the present invention, the dynamic code includes at least one of a dynamically generated code value in the form of a random value of a specified size through a specified random number algorithm, a dynamic value generated by applying one or more seeds to a specified code generation algorithm .

If the dynamic code generated on the server side 110 is confirmed, the authentication module 270 encrypts the dynamic code by decrypting only through the chip 220 of the noncontact medium 100 interfaced with the terminal 105 (505). &Lt; / RTI &gt; For example, the authentication module 270 may generate an encryption key in the form of a session key using the random number c and the key value s included in the data c. Meanwhile, the authentication module 270 may generate a MAC for verifying the dynamic code in the chip 220 of the non-contact medium 100 (510). The authentication module 270 includes the identified dynamic code and configures the data (s) further including the MAC according to an implementation method (515), and transmits the generated data to the noncontact medium (520) by encrypting the data (s) so as to be decryptable only through the chip (220) of the memory (100).

If the encrypted data s is generated, the authentication module 270 transmits the encrypted data s through the designated path 525 and transmits the encryption data s to the terminal 220 interfaced with the chip 220 of the non- The interworking module 250 of the communication module 105 receives the encrypted data s through the designated path (530).

The interlocking module 250 provides cryptographic data s to the chip 220 of the interfaced noncontact media 100 and transmits the cryptographic data s to the chip module 230 provided in the chip 220 of the non- Receives the encrypted data (s) from the interfaced terminal 105 (540).

The chip module 230 generates or confirms a decryption key for decrypting the encrypted encryption data s through the authentication module 270 in the chip 220. Preferably, the chip module 230 decrypts the encrypted data (s) through a matching process with a process of generating / verifying an encryption key for generating the encrypted data (s) in the authentication module 270 / RTI &gt; and / or &lt; / RTI &gt;

The chip module 230 decrypts encrypted data s through the authentication module 270 through the generated / confirmed decryption key to verify the data s. Meanwhile, if the data (s) includes a MAC, the chip module 230 can verify the MAC included in the decoded data (s) (555). If the MAC is not verified, the chip module 230 provides an authentication error to the interfaced terminal 105 (560) and the interfacing module 250 of the terminal 105 transmits the interfaced non-contact media 100 (Step 565).

If the encrypted data s is decrypted and the data s is verified and / or the MAC contained in the data s is verified, the chip module 230 may include the decrypted data s The interworking module 250 of the terminal 105 identifies the interworking of the dynamic code with the discrete authentication code corresponding to the dynamic code to the interfaced terminal 105 The disposable authentication code is received from the chip 220 of the non-contact medium 100 (580).

The interlocking module 250 performs a procedure for providing a disposable authentication code received from the chip 220 of the noncontact medium 100 to the authentication module 270 through a designated path (585). For example, when an input area for inputting a disposable authentication code is displayed on the screen of the terminal 105, the interlocking module 250 may process the disposable authentication code to be automatically input to the input area, The input authentication code can be transmitted to the authentication module 270 via the designated path according to the specified security procedure. Alternatively, the interlocking module 250 may perform a procedure of transmitting the disposable authentication code to the authentication module 270 through a designated path according to a specified security procedure without a display / automatic entry procedure of the disposable authentication code. Meanwhile, the disposable authentication code may be transmitted to the authentication module 270 through a program corresponding (or linked) to the interlocking module 250.

FIG. 6 illustrates a process of authenticating a disposable authentication code and providing a settlement procedure according to an embodiment of the present invention.

6 is a flowchart illustrating a process of making a settlement process of a settlement request using the settlement means of a previously registered user on the basis of an end-to-end medium ownership authentication result and / or a disposable authentication code authentication result using the noncontact medium 100 If the person skilled in the art is familiar with the present invention, referring to and / or modified from FIG. 6, various methods of providing the disposable authentication code authentication and payment procedure (for example, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention is not to be limited to the specific embodiments thereof, Or more.

Referring to FIG. 6, the authentication module 270 receives a disposable authentication code corresponding to the dynamic code decrypted by the chip 220 of the noncontact medium 100 interfaced with the terminal 105 through a designated path (600 ).

If the disposable authentication code is received through the designated path, the authentication module 270 determines whether or not a password provided to the chip 220 of the noncontact medium 100 interfaced with the terminal 105 through the process shown in FIG. Confirms the dynamic code included in the data (s), and authenticates the validity of the disposable authentication code received through the terminal 105 (605) using the dynamic code.

If the validity of the received disposable authentication code is not authenticated, the authentication module 270 transmits an authentication error for the authentication code to the interworking module 250 of the terminal 105 over the designated path (610) , The terminal 105 receives and outputs the authentication error through the designated path (615).

Meanwhile, if the validity of the received disposable authentication code is authenticated, the authentication module 270 provides the authentication result including the identification value mapped to the payment means of the user to the payment processing module 200 (620) The payment processing module 200 receives the authentication result from the authentication module 270 (625).

The payment processing module 200 confirms the payment means of the user mapped with at least one identification value through the process shown in FIG. 3 based on the authentication result (630). If the payment method of the user is confirmed, the payment processing module 200 processes the payment request of the requested payment request through the process shown in FIG. 3 using the payment means of the identified user 635). Here, the authentication result is used as an identification means for identifying the payment means of the user, and can be further used as an authentication means of the payment procedure using the payment means of the user according to the method of operation.

If the settlement procedure using the payment means of the user is completed (or stopped), the payment processing module 200 provides a payment processing result to the user terminal 105 and / or the merchant server 115 (640) .

100: non-contact medium 105: terminal
110: server side 115: merchant server
120: payment relay server 125: operational server
130: Financial institution server 200: Payment processing module
202: settlement means registration unit 204: settlement request confirmation unit
206: authentication request unit 208: result confirmation unit
201: Payment procedure performing part 220: Chip
230: Chip module 232: PIN authentication unit
234: input value receiving unit 236:
238: data providing unit 240: data checking unit
242: decoding processing section 244:
250: interlocking module 252: interface confirmation unit
254: chip interlock procedure unit 256: data relay unit
258: code processor 270: authentication module
272: Information storage unit 274: Data receiving unit
276: decryption processing unit 278: authentication procedure unit
280: dynamic code verifying unit 282:
284: Data transferring unit 286: Code receiving unit
288: code authentication unit 290:

Claims (26)

A payment processing method executed by a server that communicates with a terminal of a user interfaced with a chip of a noncontact medium owned by a user,
(C) generated in the chip of the noncontact medium by encrypting the data (c) constituted within the chip of the noncontact medium interfaced with the terminal of the user used for the payment when the payment request using the terminal of the user is confirmed, From a terminal interfaced with a chip of the noncontact medium;
A second step of confirming a dynamically generated dynamic code for providing to the chip of the noncontact medium based on a result of the validity check of the data (c) decrypted by the encrypted data (c);
A third step of providing encrypted data (s) obtained by encrypting data (s) including the dynamic code to a chip of the noncontact medium via a terminal interfaced with the chip of the noncontact medium;
A fourth step of decrypting the encrypted data (s) in a chip of the noncontact medium from a terminal interfaced with the chip of the noncontact medium and receiving a disposable authentication code corresponding to the confirmed dynamic code; And
And a fifth step of, if the validity of the authentication code is authenticated, processing the requested payment procedure to be performed using the payment means of the previously registered user. How to process your payment.
The method according to claim 1,
Further comprising the step of registering the payment means of the user in a designated storage medium and registering the user's payment means in the designated storage medium.
The method according to claim 1,
Further comprising registering and storing a unique code recorded on a chip of the noncontact medium of the user, and storing the unique code recorded on the chip of the noncontact medium of the user.
The method according to claim 1,
Further comprising the step of registering and storing the key value (s) corresponding to the key value (c) recorded on the chip of the noncontact medium of the user. Combined payment processing method.
The method according to claim 1,
Further comprising the step of mapping and registering the user's payment means and the noncontact media of the user. The method of claim 12, further comprising:
The method according to claim 1,
Further comprising the step of mapping and registering the user's payment means and the terminal of the user. The method of claim 12, wherein the method further comprises:
The method according to claim 1,
Further comprising the step of mapping and registering the payment means of the user and a program provided in the terminal of the user. The method of claim 12, wherein the method further comprises:
The method according to claim 1,
And requesting the terminal of the user to interface with the noncontact media. The method according to claim 1,
2. The method according to claim 1, wherein the data (c)
And a unique code recorded on a chip of the noncontact medium. The method of claim 12,
2. The method according to claim 1, wherein the data (c)
And the input value input to the chip of the noncontact medium through the terminal of the user is included.
11. The method of claim 10,
A time value obtained through a timer of the terminal,
A unique value uniquely provided / assigned to the terminal,
A reception value received from the outside of the terminal,
End-medium-ownership authentication and disposable-authentication-code authentication, wherein the generated end-to-end media ownership authentication includes at least one or two or more generated values generated in the terminal.
2. The method according to claim 1, wherein the data (c)
And a random number value (c) generated in the chip of the noncontact medium.
2. The method according to claim 1, wherein the encrypted data (c)
(C) recorded in the chip of the noncontact medium is used as an encryption key to decrypt the encrypted data in the chip of the noncontact medium only through the authentication module having the key value (s) corresponding to the key value End-medium-ownership authentication and the disposable authentication code authentication.
The method according to claim 1,
(C) configured to decrypt the received encrypted data (c) through a key value (s) corresponding to a key value (c) recorded on a chip of the noncontact medium to identify data (c) -Stage 1; And
(C) authenticating the validity of the decrypted data (c). The method of claim 12, further comprising:
15. The method of claim 14,
And comparing and authenticating the inherent code registered in the registration process of the noncontact media with a unique code included in the data (c). Way.
2. The method of claim 1,
Wherein the dynamic random number generator generates dynamic random number values of a predetermined size through the designated random number algorithm.
2. The method of claim 1,
Wherein one or more seeds are applied to the designated code generation algorithm to generate the one or more seeds.
18. The method of claim 17,
And the value included in the data (c) is at least one of the values included in the data (c).
The method according to claim 1,
Further comprising generating a session key using a random number c included in the data c,
Wherein the encrypted data (s) is encrypted so as to be decryptable only through a chip of the noncontact medium using the session key.
20. The method of claim 19,
Generating a MAC (Message Authentication Code) for verifying the validity of the dynamic code using the random number c included in the data c and the session key,
Wherein the data (s) comprises the dynamic code and a MAC. The method of claim 12, wherein the data (s) comprises the dynamic code and the MAC.
The method according to claim 1, wherein the encrypted data (s)
(C) included in the data (c) in the chip of the noncontact medium, wherein the session key is decrypted through a session key generated using a random number value (c) included in the data (c) Way.
The method of claim 1, wherein the disposable authentication code comprises:
And the dynamic code included in the data (s) is included.
The method of claim 1, wherein the disposable authentication code comprises:
And a part of the dynamic code included in the data (s) is included.
The method of claim 1, wherein the disposable authentication code comprises:
And a code generated by using the dynamic code included in the data (s).
The method of claim 1, wherein the disposable authentication code comprises:
And the combination of the dynamic code (or a part of the dynamic code) included in the data (s) and the code generated on the chip of the noncontact medium. How to process your payment.
The method of claim 1, wherein the disposable authentication code comprises:
The one-time use number of the specified number of digits, the one-time use number of the specified size, the one-time card number of the card number system, and the one-time account number of the account number system. Combined payment processing method.

Images