KR20160053867A - Method for Processing Payment based on Application Program by using One Time Password - Google Patents

Abstract

The purpose of the present invention is to provide a method to process a payment based on an application by using one time password (OTP). The method to process a payment based on an application by using OTP comprises: a first step of storing an identification number which is generated in a user ′s mobile phone, in which a program to realize the OTP is installed, when the program is initially operated and which is stored in a predetermined storage area of the user′s mobile phone in a predetermined storage medium by confirming the identification number; a second step of receiving the OTP realized by the program executed in the user′s mobile phone, the identification number extracted from the predetermined storage area by the program, and mobile phone information of the user′s mobile phone in a near field terminal via a near field communication means of the mobile phone and receiving the OTP, the identification number, and the mobile phone information via a predetermined path when a payment request, which is requested by the user′s mobile phone, is confirmed; a third step of determining whether to process a procedure of authenticating the effectiveness of the OTP by performing a procedure of authenticating the effectiveness of the received identification number in advance; and a fourth step of performing a predetermined procedure to authenticate the effectiveness of the OTP when the effectiveness of the identification number is authenticated. The payment is processed by using a payment means determined based on an authentication result associated with the effectiveness of the OTP. The method to process a payment based on an application by using OTP is executed by a server.

Description

[0001] APPLE-BASED PAYMENT PROCESSING METHOD USING OTIPE [0002]

The present invention relates to a method executed by a server, in which a user's mobile phone in which a program implementing an OTP (One Time Password) is installed, identifies an identification number generated at the time of starting the program for the first time, And storing the identification information extracted from the storage area designated by the program and the cell phone information of the user's cell phone in a storage medium designated by the user, when confirming a payment request using the user's cell phone, The mobile terminal is provided to a nearby terminal through a short distance communication means of the mobile phone, receives via a designated path, performs a procedure for authenticating the validity of the received identification number, and determines whether to perform a procedure for authenticating the validity of the OTP And when the validity of the identification number is authenticated, the OT P based on a result of authenticating the validity of the OTP, and the payment is an application-based payment processing method using an OTP that is processed using a specified payment means based on a result of authenticating the validity of the OTP.

When a user inputs a mobile phone number and subscriber information through a user terminal and then provides the mobile phone number and subscriber information through a user terminal, the mobile phone user authenticates that the subscriber is a valid subscriber of the communication company through the mobile phone number and subscriber information, If the authentication number received through the user terminal is matched with the authentication number transmitted to the user's mobile phone, the approval number is accepted and the payment amount is charged to the next month's communication fee of the user's mobile phone (Application No. 10-2000-0020757).

However, the leakage of personal information occurs in an irregular manner, and the personal information leaked is publicly traded (or disclosed) through the Internet, and the number of lost cell phones is more than 200,000 per month on average In this situation, anyone who acquires or replicates a mobile phone of another person can have his / her mobile phone settlement approved using the leaked personal information.

Particularly, although the mobile phone settlement approval is performed in real time, the settlement of the settlement amount is performed on the average within 45 days after the approval of the payment, in case of damage using the acquired / copied mobile phone and the leaked personal information, The damage is expected to reach astronomical figures.

An object of the present invention is to provide a method executed by a server, in a user's mobile phone in which a program implementing OTP (One Time Password) is installed, And storing the OTP, which is implemented through the program executed in the user's mobile phone, and the identification number extracted from the designated storage area, A second step of receiving the mobile phone information of the mobile phone by a short distance communication terminal through a short distance communication means of the mobile phone and receiving the mobile phone information via a designated path and a procedure for authenticating the validity of the received identification number, A third step of determining whether to perform the authentication procedure; And a fourth step of performing a designated procedure for authenticating the validity of the OTP when the validity of the star number is authenticated, wherein the settlement is performed by using the specified settlement means based on the result of authenticating the validity of the OTP Based payment processing method using an apex.

A method of an application-based payment processing method using an OTFT according to the present invention is a method executed by a server, the method comprising the steps of: generating, by a user's cellular phone, a program for implementing an OTP (One Time Password) And storing the OTP and the program stored in the designated storage area in the designated storage area, and storing the OTP implemented in the program executed in the user's mobile phone and the designated storage area when the payment request using the user's mobile phone is confirmed A second step of receiving the extracted identification number and cellular phone information of the user's cellular phone through a short-distance communication terminal through a local communication means of the cellular phone, receiving the received identification number via a designated path, and a procedure for authenticating the validity of the received identification number A procedure for authenticating the validity of the OTP And a fourth step of performing a designated procedure for authenticating the validity of the OTP when the validity of the identification number is authentic, wherein the settlement is a result of authenticating the validity of the OTP Is processed using the designated payment means based on the payment information.

In the app-based payment processing method using an orthopedic device according to the present invention, the identification number is registered through the program first executed in the user's mobile phone.

The method according to the present invention is characterized by further comprising the step of authenticating whether a program registered with the identification number is installed in the user's cellular phone when confirming a payment request using the user's cellular phone .

The method may further include the step of performing a procedure for installing the program in the user's mobile phone when the program is not installed in the user's mobile phone, do.

In the app-based payment processing method using an orthopedic device according to the present invention, the mobile phone information includes information given to the user's mobile phone before the program is installed to identify the user's mobile phone.

The third aspect of the present invention is a method for processing an application-based payment using an orthopedic device according to the present invention, wherein the third step further comprises checking whether the program is installed in the user's mobile phone using the received mobile phone information .

A payment processing method using an orthopedic according to the present invention is a method executed by a server to authenticate the validity of an OTP implemented through a program executed in a user's mobile phone installed with a program implementing an OTP (One Time Password) And storing the identification number to be extracted from the designated storage area of the mobile phone through a program of the mobile phone and storing the identification number on a designated storage medium; (One Time Password) provided to the payment request terminal through the local communication means of the mobile phone and an OTP through a program of the user's mobile phone, And is transmitted to the cellular phone through the short- A second step of receiving the identification number provided to the payment request terminal via a designated path, a second step of matching the identification number stored in the storage medium with the received identification number and authenticating the OTP implemented through the program executed in the user's mobile phone A fourth step of verifying the validity of the received OTP using the information stored in the storage medium at the time of validity verification; and a fourth step of verifying the validity of the received OTP, And a fifth step of processing to process the payment requested by the payment request terminal using the specified payment means.

In the settlement processing method using orthopedic according to the present invention, the second step may further include the step of receiving mobile phone information of a user mobile phone installing the program from the payment request terminal, And confirming whether a program for implementing OTP for payment validity authentication of the payment means specified in the user's mobile phone is installed using the mobile phone information.

In the payment processing method using orthopedics according to the present invention, when a program for implementing the OTP is not installed in the user's mobile phone, a step of generating an authentication error of the OTP and providing the OTP authentication error to the payment request terminal is performed And further comprising:

In the payment processing method using orthopedic according to the present invention, the short range communication means includes at least one of Bluetooth communication means using Bluetooth, or proximity RF communication means between the user's cellular phone and the payment request terminal .

In the settlement processing method using orthopedic according to the present invention, the identification number is extracted from a designated storage area of the mobile phone as a result of user authentication through a program executed in the user's mobile phone, And is dynamically generated through the executed program.

A method for processing a small amount of mobile phone settlement according to the present invention is a method for processing a small amount settlement of a mobile phone by comparing a user's mobile phone number with an OTP (One Time Password) generated by an OTP agent provided in the user's mobile phone, Receiving OTP and OTP verification information input from the user terminal through the interface; and transmitting the received OTP and OTP verification information to the user terminal, Verifying OTP generation to be compared with the OTP by comparing the verification information and OTP verification information previously stored in the storage medium; and generating OTP generation information for generating OTP 'to be compared with the OTP when the OTP generation is verified. Determining a fixed seed value and a dynamic seed value for generating OTP 'from the OTP generation information, Generating OTP 'using the seed value and the dynamic seed value, comparing the received OTP with the generated OTP' to confirm the micropayment validity of the mobile number, And transmitting the confirmation result to the micropayment target website.

Meanwhile, a method for processing a mobile phone micropayment according to the present invention is a method for processing a micropayment of a mobile phone, the method comprising: receiving a user's mobile phone number, an OTP (One Time Password) generated by an OTP agent provided in the user's mobile phone, Receiving OTP and OTP verification information input through the interface from the user's wired terminal, receiving OTP and OTP verification information from the user terminal via the interface, And transmitting OTP and OTP verification information to the OTP server that has provided the OTP agent to the user's cellular phone by reading the mobile phone number, Receiving a comparison result of the OTP generated in the user's mobile phone, comparing the OTP ' The retail payment validation results corresponding to and is characterized in that comprises the step of transmitting to the target Web site micropayments.

The method for processing a mobile phone micropayment according to the present invention further includes receiving user resident registration number information from the user terminal and authenticating the user using the received resident registration number information and user mobile phone number information .

The method for processing a mobile phone small amount payment according to the present invention further includes a step of inquiring a micropayment limit for the user's mobile phone number and an approval for the micropayment corresponding to the micropayment limit retrieval result .

The method for processing a mobile phone micropayment according to the present invention further includes processing the micropayment amount to be charged to the mobile phone usage fee of the user.

On the other hand, a computer readable recording medium characterized by recording a program for executing the aforementioned method for processing a microcontent payment for a mobile phone.

Meanwhile, a mobile phone micropayment processing system according to the present invention is a mobile phone micropayment processing system including a storage medium storing a user cell phone number, OTP generation information and OTP verification information in association with each other, and a user terminal connected to a web site for a micropayment, An OTP (One Time Password) generated by an OTP agent provided in the mobile phone and an OTP verification information for generating OTP to be compared with the OTP are provided, OTP verification information, comparing the received OTP verification information with previously stored OTP verification information to verify OTP generation to be compared with the OTP, and when the OTP generation is verified, comparing the OTP verification information with the OTP verification information OTP generation information for generating OTP 'from the OTP generation information, a fixed seed value for generating OTP' from the OTP generation information, A server for determining the seed value, generating OTP 'using the determined fixed seed value and dynamic seed value, and comparing the received OTP with the generated OTP' to check the micropayment validity of the mobile number And the like.

Meanwhile, an OTP server for providing and managing an OTP agent to a user's mobile phone and a user terminal connected to a web site for a micropayment are provided with a user's mobile phone number and an OTP agent And an OTP verification information for OTP generation to be compared with the OTP, and receives the mobile phone number, OTP and OTP verification information input through the interface, And a server for transmitting OTP and OTP verification information to the OTP server. The OTP server compares the OTP verification information stored in the storage medium with the OTP verification information to generate OTP ' If the generation of the OTP 'is verified, the OTP generation information for generating the OTP' to be compared with the OTP , And determines a fixed seed value and a dynamic seed value for generating OTP 'from the OTP generation information, generates OTP' using the determined fixed seed value and the dynamic seed value, and transmits the generated OTP and the generated OTP ', verifies the micropayment validity of the mobile phone number, and transmits the comparison result of the OTP to the server.

According to the present invention, an interface for inputting a user's mobile phone number, OTP (One Time Password) generated by an OTP agent provided in the user's mobile phone, and OTP verification information for generating an OTP to be compared with the OTP, Authenticating the validity of generating an OTP 'to be compared with the OTP through the OTP verification information when the user's mobile phone number and OTP and OTP verification information are received from the user's wired terminal, OTP 'generated by the OTP generation information associated with the user's mobile phone number, and authenticates the mobile phone by comparing the OTP with the OTP received from the user's wired terminal. Thus, (Or a personal identification number) to the OTP provided to the mobile phone If you can not drive the agent has the advantage of blocking the advance that makes the mobile payment fraud approval not to offer mobile payments.

According to the present invention, by further inputting predetermined OTP verification information in the mobile phone settlement process, if the OTP generation validity is not confirmed through the OTP verification information, it is possible to prevent generation of OTP 'to be compared with the received OTP Thereby preventing unauthorized handset payment from being approved.

1 is a diagram showing a configuration of a cellular phone micropayment processing system using OTP verification information according to a first embodiment of the present invention.
2 is a diagram illustrating a mobile phone settlement process using OTP verification information according to a first embodiment of the present invention.
3 is a diagram illustrating a process of providing an OTP agent to a user's mobile phone according to a first embodiment of the present invention.
4 is a diagram illustrating a mobile phone payment approval process using OTP verification information according to a first embodiment of the present invention.
5 is a diagram showing a configuration of a system for processing micropayments for mobile phones using OTP verification information according to a second embodiment of the present invention.
6 is a diagram illustrating a mobile phone settlement process using OTP verification information according to a second embodiment of the present invention.
7 is a diagram illustrating a process of providing an OTP agent to a user's mobile phone according to a second embodiment of the present invention.
FIG. 8 is a diagram illustrating a mobile phone payment approval process using OTP verification information according to a second embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram showing a configuration of a mobile phone micropayment processing system using OTP verification information according to a first embodiment of the present invention.

More specifically, FIG. 1 illustrates an OTP (One Time Password) generated by an OTP agent included in the user's mobile phone 170 and a number of a user's mobile phone 170 in a user's wired terminal 100 connected to a website for a small- And an OTP verification information for OTP generation to be compared with the OTP is provided. Then, the mobile terminal 100 receives the mobile phone number corresponding to the user's mobile phone 170, OTP, After receiving the OTP verification information and comparing the received OTP verification information with the OTP verification information stored in the storage medium 160 to verify the OTP generation efficiency to be compared with the OTP, , The OTP 'is generated and compared with the received OTP to process a microcontribution of a mobile phone. It is to be understood that the present invention is not limited to the above- It is possible to refer to and / or modify the FIG. 1 to derive various implementation methods (for example, some components are omitted, or segmented, or combined) for the mobile phone micropayment processing system using the OTP verification information However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

For example, the mobile phone micropayment processing system shown in FIG. 1 can be applied to a system for processing a payment using a payment means of a customer, except that the payment amount is added to the communication fee of the user mobile phone 170, It is a matter of course that the present invention includes all settlement processing systems as described above.

1, the mobile phone micropayment processing system includes a user wired terminal 100 used by a user connected to a web site for a micropayment and a user mobile phone 170 carried by the user, A small-amount settlement target web which allows a user to sell type / intangible goods to the user through the terminal 100 and settle the settlement amount for the sold goods through a mobile payment means for imposing the payment amount on the user's mobile phone 170 A billing system 110 for processing a mobile phone micropayment using OTP verification information in cooperation with the user terminal 100 and the user mobile phone 170, And a mobile communication company server 165 on a mobile communication network to which the mobile communication terminal 170 is connected. The payment system 110 is connected to the web server 105, Or in the form of an internal component of the web server 105 or in the form of an internal component of the mobile communication company server 165, It is to be understood that the present invention is not limited thereto.

The user terminal (100) includes at least one personal computer and a notebook having a browser capable of accessing a web server (105) operating the micro-settlement target website, and the web server (105) And a mobile phone settlement interface for inputting the mobile phone number corresponding to the user's mobile phone 170 and the OTP and OTP verification information from the mobile phone 110 and outputting the mobile phone settlement interface to the screen output means, OTP and OTP verification information to the web server 105 or the billing system 110 by inputting the mobile phone number and the OTP and OTP verification information corresponding to the mobile phone 170.

The web server 105 has a function of selling a type / intangible goods to the user through the wired terminal 100 and paying a payment amount for the sold goods to the mobile phone 170 communication charge The user terminal 100 selects the mobile payment means as the payment means for the payment amount, and the user terminal 100 transmits the payment amount to the mobile terminal 100, Or the billing system 110 may provide the mobile phone settlement interface to the wired terminal 100. The mobile phone settlement interface may be provided to the user terminal 100 through the payment system 110. [

The user mobile phone 170 is a mobile phone possessed by a user who purchases tangible / intangible goods sold by the Web server 105, and authenticates the payment validity using the communication charge imposed on the user mobile phone 170 (For example, a screen output, or a function of outputting the generated OTP by using a local communication means such as Bluetooth, Wi-Fi, RF communication, etc.), a function of downloading an OTP agent (Which can be output to the wired terminal 100).

According to the present invention, the user terminal 100 is an example of a first terminal that a user connects to a server through a communication network and purchases tangible / intangible goods to be sold in the server, It is possible to carry out various modifications according to the type and characteristics of the communication network and the server.

According to the present invention, the user mobile phone 170 is an embodiment of a second terminal equipped with an OTP agent for authenticating payment validity for a purchase price of goods purchased through the first terminal, The terminal may include all communication terminals except for the first terminal.

For example, if the server connected to the first terminal is a home shopping server, the first terminal may include a user's IPTV, and the second terminal may include a wired phone / VoIP phone provided near the IPTV can do.

Alternatively, if the server to which the first terminal is connected is an ARS server, the first terminal may include a user's wired telephone / mobile phone / VoIP phone, and the second terminal may include another voice communication The second terminal includes a wired telephone / VoIP phone if the first terminal is a cellular phone, and the second terminal includes a wired / VoIP phone if the first terminal is a cellular phone, The second terminal may include a landline phone / mobile phone if the VoIP phone is a VoIP phone).

That is, it is to be appreciated that the user terminal 100 of the present invention is not limited to the above-described wire terminal, and that the user terminal 170 of the present invention is not limited to a mobile phone.

The mobile communication company server 165 is a collective term for a mobile communication company server provided on a mobile communication network to which the user mobile phone 170 is connected and which interfaces with the mobile phone. In the payment system 110, A data exchange server, a WAP (WAP) server for transmitting information (or data) requesting to provide information (or data) to the user mobile phone 170 through a mobile communication system (e.g., an exchange, a base station, It is preferable that the server includes at least one server.

According to the embodiment of the present invention, the mobile communication company server 165 has a function of authenticating a user by inquiring a subscriber D / B (not shown) through the user's mobile phone 170 number and user's resident registration number information, 170 to provide the OTP agent or manage the OTP agent provided to the user's mobile phone 170 through a predetermined OTP server (not shown).

According to the embodiment of the present invention, when the OTP agent is provided to the user's mobile phone 170 or the OTP agent is provided to the user's mobile phone 170, the mobile communication company server 165 transmits the OTP agent to the user's mobile phone 170 It is preferable that the corresponding mobile phone number and the OTP agent information corresponding to the OTP agent included in the user mobile phone 170 are linked and stored.

Here, the OTP agent information may include at least one of version information of an OTP agent, an OTP generation algorithm, and an OTP generation method in the user's mobile phone 170 corresponding to the mobile phone number.

Here, the OTP generation algorithm and the OTP generation method can use different algorithms and generation methods for respective OTP agents, and thus the present invention is not limited thereto.

According to the present invention, the billing system 110 includes a mobile phone number 170 corresponding to a user mobile phone 170 having an OTP agent for generating an OTP for authenticating payment validity using a communication fee charged to the user mobile phone 170, OTP generation information including at least one fixed seed value for generating an OTP 'to be compared with the OTP generated through the OTP agent provided in the cellular phone and a parameter for determining a dynamic seed value, And a storage medium 160 for storing and storing OTP verification information for verifying the validity of generating OTP 'through information, or is connected through a communication network.

The mobile phone number is a general term of information that can identify the user mobile phone 170 and includes at least one of a phone number, an ESN, and a subscriber identification number assigned to the user mobile phone 170, (Or unique code) encrypted in the memory of the cellular phone 170, a USIM serial number assigned to the USIM provided in the user cell phone 170, and a unique number (or unique code) recorded in the USIM .

The OTP generation information includes at least one fixed seed value used for generating an OTP according to the OTP generation algorithm and the OTP generation method in an OTP agent provided in the cellular phone, and a parameter for determining a dynamic seed value .

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation information includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, And synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronized OTP.

Alternatively, if the OTP is generated in a challenge-response manner, the fixed seed value of the OTP generation information includes a seed fixed to be substituted into the challenge-response OTP generation algorithm, and the parameters of the OTP generation information include the challenge- And a random number generation seed for generating a random number corresponding to the dynamic seed value of the response type OTP.

According to the embodiment of the present invention, the OTP generation information is encrypted in the memory of the user phone 170 in association with the OTP agent downloaded to the user phone 170, or stored in the memory of the user phone 170 It is desirable to store it in the USIM (capable of storing encrypted data).

The OTP verification information may include OTP agent information stored in the storage medium 160 when the OTP agent included in the user's mobile phone 170 and OTP generation information are received from the wired terminal 100 A user password or a user's personal identification number for verifying the generation of an OTP to be compared with the OTP.

According to an embodiment of the present invention, the OTP verification information may include a user password or a user personal identification number input to generate the OTP by driving the OTP agent in the user's mobile phone 170, Or a second user password or a user personal identification number that is extracted (or decrypted when decrypted) from the memory (or USIM) provided in the mobile phone via the user's personal identification number or stored in the storage medium 160 It is preferable to include a separate user password or a user personal identification number registered to verify that the OTP to be compared with the OTP is generated using the OTP generation information.

According to an embodiment of the present invention, the storage medium 160 stores (not shown) the OTP agent information in association with the user's mobile phone number 170.

Referring to FIG. 1, the billing system 110 includes a billing system 110 for inputting a mobile phone number, OTP, and OTP verification information corresponding to the user's cellular phone 170 to a user terminal 100 connected to the website An information receiving means 120 for receiving a mobile phone number and OTP and OTP verification information corresponding to the user's mobile phone 170 through the mobile phone settlement interface; An OTP validity verification unit 140 for comparing the received OTP verification information with the OTP verification information already stored in the storage medium 160 to verify the OTP generation effectiveness to be compared with the OTP; , Determines OTP generation information for generating OTP 'to be compared with the OTP, determines a fixed seed value and a dynamic seed value for generating OTP' from the OTP generation information, A payment validity authentication means 145 for generating OTP 'using the determined fixed seed value and dynamic seed value, comparing the received OTP with the generated OTP' to check the micropayment validity of the mobile phone number, And an information providing means (150) for transmitting the result of the micropayment validity check to the mobile phone number to the micropayment target website.

According to the embodiment of the present invention, the mobile phone payment interface includes a user interface for inputting mobile communication company selection information corresponding to the user's mobile phone 170 or user's resident registration number information to the mobile phone number, OTP and OTP verification information It is preferable to further include the above.

According to the present invention, the settlement system 110 further includes a user interface for inputting the mobile communication company selection information or the user's resident registration number information to the mobile phone settlement interface, The mobile communication company server 165 transmits the user's mobile phone number 170 and user's resident registration number information to the mobile communication company server 165 corresponding to the mobile communication company selection information, And a user authentication unit 125 for authenticating the user by receiving and reading the user authentication result corresponding to the user identification number 170 and the user resident registration number confirmation result.

According to the present invention, the payment system 110 includes an agent checking means 130 for checking whether an OTP agent is installed in the user's mobile phone 170 corresponding to the number of the user's mobile phone 170, When the OTP agent is not installed in the mobile phone 170, an agent providing means 135 for processing the message including the CallBack URL for downloading the OTP agent to the user phone 170 .

According to the present invention, each means constituting the settlement system 110 may be realized as a separate server for each means, or in the form of a predetermined authentication server (or relay server) including the means, The above means may be implemented in the form of a component in the web server 105, or the means may be implemented in the form of a component in the mobile communication server 165, Some of the means may be implemented as components in the web server 105 and some of the means may be implemented as components in the carrier server 165 or some of the means may be implemented as components in the web server 105, It is possible to implement the mobile communication company server 165 as a component in the mobile communication company server 165 and the remaining part as a separate server, Bayida put out to clarify SHALL not limited by the embodiment to which the present invention method.

The user accesses the Web server 105 to purchase a type / intangible goods, and a payment amount corresponding to the purchase price for the goods is paid through a communication fee charged to the user phone 170 The payment interface providing means 115 may relay the web server 105 directly to the wired terminal 100 or the web server 105 through the communication network to which the wired terminal 100 is connected, The mobile terminal 100 is provided with a mobile phone settlement interface for inputting a mobile phone number corresponding to the user mobile phone 170 and OTP and OTP verification information.

When the mobile phone settlement interface is provided to the user terminal 100 by the payment interface providing means 115, the information receiving means 120 receives the information input through the mobile phone settlement interface from the user terminal 100 And connects a communication session for receiving OTP and OTP verification information with the cell phone number corresponding to the user cell phone 170. [

According to an embodiment of the present invention, the payment interface providing unit 115 connects a communication channel with the user terminal 100 and provides the mobile phone payment interface to the user terminal 100 through the communication channel The information receiving means 120 confirms the user terminal 100 information (for example, IP address) from the communication channel provided to the user terminal 100 through the mobile phone settlement interface, A communication session for receiving OTP and OTP verification information from the wired terminal 100 based on the mobile phone number and the mobile phone number corresponding to the user mobile phone 170 And a memory area and a communication thread code allocated to receive the OTP verification information).

According to another embodiment of the present invention, when the payment interface providing means 115 provides the mobile phone settlement interface to the user terminal 100 through the web server 105, the information receiving means 120 The mobile terminal 100 receives information on the user's wired terminal 100 from the web server 105 and receives the mobile phone number corresponding to the user's mobile phone 170 from the wired terminal 100, It is preferable to connect a communication session for receiving the OTP verification information (e.g., a memory area and a communication thread allocated to receive OTP and OTP verification information from the mobile terminal number from the wired terminal 100) Do.

Here, the communication session encrypts and receives the mobile phone number, OTP, and OTP verification information corresponding to the user mobile phone 170, and transmits the mobile phone number, OTP, and OTP verification information corresponding to the encrypted user mobile phone 170 And decrypting the encrypted communication session.

When the communication session is established with the user terminal 100, the information receiving means 120 receives the mobile phone number corresponding to the user's mobile phone 170 from the user terminal 100 through the communication session, OTP and OTP verification Information is received.

When the mobile communication terminal corresponding to the user's mobile phone 170 and the OTP and OTP verification information further receive the mobile communication company selection information or the user's resident registration number information from the wired terminal 100, The mobile communication company server 165 transmits the number of the user's cell phone 170 and the user's resident registration number information to the mobile communication company server 165 corresponding to the selection information, The user authentication means 125 receives and reads the user authentication result and authenticates the user who has made a request for the micropayment of the mobile phone when the user authentication result for the resident registration number information is constructed and transmitted.

The agent checking means 130 transmits the number of the user's cellular phone 170 to a server that provides and manages the OTP agent to the user's cellular phone 170. The OTP agent D / B (not shown) (170) corresponding to the number of the user's cellular phone (170) is provided with an OTP agent for generating an OTP for authenticating the cellular phone micro settlement, and transmits an OTP agent confirmation result corresponding to the confirmation result The agent checking unit 130 receives and reads out the OTP agent check result and confirms whether the OTP agent for generating the OTP for authenticating the mobile phone settlement is provided to the user phone 170 .

According to an embodiment of the present invention, an OTP agent is provided from the billing system 110 to the user's mobile phone 170, and the OTP agent information and the mobile phone number provided to the user's mobile phone 170 are stored in the storage medium 160 It is possible to check whether the OTP agent is provided to the user's mobile phone 170 through the storage medium 160. [

If the OTP agent for generating the OTP for authenticating the cellular phone micro settlement is not provided to the user's cellular phone 170 as a result of the confirmation of the agent confirmation means 130, And a message including a callback URL for downloading an OTP agent is transmitted to the user's mobile phone 170.

According to the embodiment of the present invention, when it is determined that the OTP agent is not provided in the user mobile phone 170, the agent providing means 135 displays a pop-up output through the mobile phone payment interface provided to the user terminal 100 Or an OTP agent downloading interface (or menu) included in the mobile phone payment interface and outputting the OTP agent download request, and transmits the OTP agent download request to the user's cellular phone 170 in response to the OTP agent download request, It is desirable to process the message including the callback URL for OTP agent download to be transmitted.

The callback portal for downloading the OTP agent includes URL information of the mobile communication company server 165 or a predetermined OTP server that is configured / affiliated with the mobile communication company server 165 to manage the OTP agent And the user phone 170 receiving the message including the callback URL downloads the OTP agent according to the OTP agent download procedure using the predetermined mobile communication network, (170).

After the OTP agent is downloaded to the user's mobile phone 170, the mobile communication server 165 (or the OTP server) provided with the OTP agent to the user's mobile phone 170 receives the OTP agent And provides OTP generation information for generating an OTP to the user mobile phone 170 through the OTP generation information.

According to an embodiment of the present invention, the mobile communication company server 165 (or the OTP server) allocates one or more fixed seed values for generating an OTP through an OTP agent provided in the user mobile phone 170, Generating (or extracting from the database storing OTP generation information) OTP generation information including one or more fixed seed values assigned and parameters for determining one or more dynamic seed values required to generate an OTP through the OTP agent, It is preferable that the generated OTP generation information is provided to the user's mobile phone 170 via the mobile communication network and the OTP generation information is provided to the mobile phone server 165 Connects the secure mobile communication channel with the user mobile phone 170. [

According to the embodiment of the present invention, after the OTP agent is downloaded to the user's mobile phone 170 or the OTP agent downloaded to the user's mobile phone 170, It is preferable that the OTP generation information is generated (or extracted) and provided to the user's cellular phone 170. The OTP generation information is encrypted and stored in a memory provided in the user's cellular phone 170, (Universal Subscriber Identity) Module (USIM) provided in the user's cellular phone 170).

According to the embodiment of the present invention, after the OTP agent is downloaded to the user mobile phone 170 or when the OTP agent downloaded to the user mobile phone 170 is initially executed, the user mobile phone 170 transmits the OTP agent A user password or a user's personal identification number for generating an OTP is input to the mobile phone 170 and the input user password or the user's personal identification number is encrypted and stored in a memory provided in the mobile phone 170, The OTP agent outputs an interface for inputting a user's password or a user's personal identification number when the OTP agent is generated by driving the OTP agent, (Or USIM) stored in the memory It is desirable to verify the validity of the OTP generation by comparing the user's password or the user's personal identification number.

According to an embodiment of the present invention, when the user password or the user's personal identification number is used as OTP verification information, the OTP agent transmits a communication channel (for example, And transmits the user password or the user personal identification number to the billing system 110. The billing system 110 transmits the user password or the user personal identification number to the billing system 110, (Or receives the user's personal identification number including the user's resident registration number information), and transmits the OTP verification information including the mobile phone number and the user's password or the user's personal identification number And stores it in the storage medium 160. [

According to another embodiment of the present invention, a second user password or a user personal identification number corresponding to the OTP verification information is stored in a memory (or USIM) provided in the user's cellular phone 170 in addition to the user password or the user's personal identification number The OTP agent outputs an interface for registering the OTP verification information, and transmits a second user's password or a user's personal identification number input through the interface to a memory (not shown) provided in the user's cellular phone 170 (For example, a secure communication channel based on an encryption / decryption) with the billing system 110 through the user's mobile phone 170 after the billing system 110 (or the USIM) Transmits a second user's password or a user's personal identification number stored in the memory (or USIM) to the billing system 110) confirms the mobile phone number corresponding to the user mobile phone 170 that has transmitted the second user password or the user personal identification number (or receives the mobile phone number including the user's resident registration number information in the second user password or the user personal identification number ) And stores the OTP verification information including the mobile phone number and the second user password or the user's personal identification number in the storage medium 160 in association with each other. When the second user password or the user personal identification number is stored in the memory (or USIM), a second user password stored in the memory (or USIM) or a user personal identification number Is also output.

According to another embodiment of the present invention, when registering a separate user password or user's personal identification number in addition to the user password or the user's personal identification number, the OTP agent outputs an interface for registering the OTP verification information, Decryption-based secure communication channel) with the billing system 110 through the user's mobile phone 170 when the user's personal identification number is input through the user's mobile phone 170, The billing system 110 transmits the separate user password or the user's personal identification number to the system 110 and the billing system 110 transmits the separate user's password or the mobile phone number corresponding to the user's cellular phone 170 that transmitted the user's personal identification number Confirmation (or the separate user password or user personal identification number Receiving information including a user social security number) and, in conjunction the OTP verification information including the separate user password or the user's personal identification number and the mobile phone number is stored in the storage medium 160.

The OTP validation means 140 verifies the user's wired terminal 100 information or communication session information corresponding to the user's wired terminal 100 and transmits the user's wired terminal 100 information or information from the storage medium 160 Verifying the validity of generating the OTP 'to be compared with the OTP by comparing the received OTP verification information with the confirmed OTP verification information by checking the OTP verification information connected to the communication session information.

If the validity of generating the OTP 'to be compared with the OTP is verified through the OTP verification information, the payment validity authentication unit 145 generates an OTP' to be compared with the OTP from the storage medium 160 Determining a fixed seed value and a dynamic seed value for generating OTP 'from the OTP generation information, and determining an OTP' to be compared with the received OTP using the determined fixed seed value and dynamic seed value, .

If the OTP 'is generated, the payment validity authentication unit 145 compares the received OTP with the generated OTP' to confirm the payment validity of the mobile phone number, (150) transmits a result of the micropayment validity check on the mobile phone number to the web server (105) operating the micropayment target website.

Referring to FIG. 1, the billing system 110 includes a settlement processing unit (not shown) for processing the settlement amount to be paid through a communication charge imposed on the mobile phone when the settlement validity is authenticated by the settlement validity authentication unit 145 (155).

According to the method of the present invention, the payment processing unit 155 confirms the payment amount to be charged to the communication fee of the user's mobile phone 170 from the web server 105, It is preferable to inquire the payment limit for the number of the user's cell phone 170 and compare the payment amount with the payment limit to approve payment through the communication fee charged to the mobile phone.

According to another embodiment of the present invention, the payment processing unit 155 can store and manage the number of the user's mobile phone 170 and the corresponding payment limit information through a separate database. In this case, The processing unit 155 may inquire the payment limit for the number of the user's cell phone 170 through the database and compare the payment amount with the payment limit to approve payment through the communication fee charged to the mobile phone Do.

If the settlement using the communication charge imposed on the mobile phone is approved, the settlement processing unit 155 processes the settlement amount to be charged to the communication fee for the user mobile phone 170 through the mobile communication company server 165 And transmits payment approval information for the payment amount to the web server 105.

2 is a diagram illustrating a mobile phone settlement process using OTP verification information according to a first embodiment of the present invention.

2 is a diagram illustrating an OTP (One Time Password) generated by an OTP agent included in the user's mobile phone 170 and a number of a user's mobile phone 170 in a user's wired terminal 100 connected to a website for a small- And an OTP verification information for OTP generation to be compared with the OTP is provided. Then, the mobile terminal 100 receives the mobile phone number corresponding to the user's mobile phone 170, OTP, OTP verification information. As a person skilled in the art to which the present invention pertains, it is possible to refer to and / or modify the FIG. 2 to variously implement the mobile phone settlement process using the OTP verification information. It will be appreciated that the method may be inferred from a method (e.g., an implementation where some steps are omitted or the order is changed) It becomes to include the place, to which the technical feature that is not limited to the exemplary method shown in the figure 2.

Hereinafter, the billing system 110 shown in FIG. 1 is referred to as a "server"

Referring to FIG. 2, a user connects to the web server 105 to purchase a tangible / intangible product, and transmits a payment amount corresponding to the purchase price for the goods to a communication charge imposed on the user cellular phone 170 (200), the server relays the web server (105) directly to the user terminal (100) through the communication network connected to the user terminal (100) A mobile phone settlement interface for inputting the mobile phone number corresponding to the user mobile phone 170 and the OTP and OTP verification information to the user terminal 100 is processed 205 and the mobile phone settlement interface And the OTP and OTP verification information are received (210).

According to the embodiment of the present invention, the mobile phone payment interface includes a user interface for inputting mobile communication company selection information corresponding to the user's mobile phone 170 or user's resident registration number information to the mobile phone number, OTP and OTP verification information It is preferable to further include the above.

If the mobile phone number, the OTP and the OTP verification information are received from the wired terminal 100 (step 215), and the mobile communication company selection information and the user's resident registration number information are further received (220), the server responds to the mobile communication company selection information The mobile communication company server 165 transmits the number of the user's cell phone 170 and the user's resident registration number information to the mobile communication company server 165 to request the user authentication and transmits the number of the user's cell phone 170 through the subscriber D / When the user authentication result for the user resident registration number information is constructed and transmitted, the user authentication result is received and read to authenticate the user requesting the microcontent settlement (225).

If the user is not authenticated 230, the server generates a user authentication error and transmits the user authentication error to the user terminal 100 (or the user mobile phone 170) and the web server 105 (235).

If the user is authenticated (225) or only the mobile phone number, OTP and OTP verification information is received (215) from the user's wired terminal (100), the server sends the user's cell phone number (240) whether an OTP agent for generating an OTP for authenticating the cellular phone settlement is provided to the mobile terminal (170).

If the OTP agent is not installed in the user phone 170, the server processes the OTP agent to be provided to the user phone 170 through the process shown in FIG.

On the other hand, if the OTP agent is installed in the user's mobile phone 170 (245), the server verifies the validity of generating OTP 'to be compared with the OTP through the process shown in FIG. 4, And verifies the validity of the payment by comparing the OTP and the OTP '.

3 is a diagram illustrating a process of providing an OTP agent to a user's mobile phone 170 according to a first embodiment of the present invention.

3 is a flowchart illustrating a method of providing an OTP agent to a user's cellular phone 170 in a case where the OTP agent is not installed in a user's cellular phone 170 in the process illustrated in FIG. Message to be transmitted to the user's mobile phone 170 and providing the OTP agent to the user's mobile phone 170 through the message. In the present invention, It is possible to refer to and / or modify the FIG. 3 to infer various implementations (e.g., omissions of some of the steps or an altered implementation) of the process of providing the OTP agent to the user cell phone 170 It should be understood, however, that the present invention includes all such contemplated embodiments, Technical features are not limited.

Hereinafter, the billing system 110 shown in FIG. 1 is referred to as a "server"

Referring to FIG. 3, if the OTP agent is not installed in the user's mobile phone 170 in the process shown in FIG. 2, the server includes a callback URL for downloading the OTP agent to the user's mobile phone 170 (300), and the user mobile phone (170) receiving the message in response to the message transmits the message to the mobile communication server server (165) (or the OTP server) corresponding to the callback message Lt; / RTI >

The mobile communication company server 165 (or the OTP server) corresponding to the callback URL provides the OTP agent to the user's mobile phone 170 (305).

If the OTP agent is provided 310 to the user's mobile phone 170, the user's mobile phone 170 inputs a user password or a user's personal identification number for generating an OTP through the OTP agent, The password or the user's personal identification number is encrypted and stored in a memory provided in the mobile phone or stored in a USIM provided in the user's cell phone 170 and registered in the memory 315. The stored password is compared with the OTP generated through the OTP agent (Or confirms) OTP verification information for verifying the validity of generating the OTP 'and transmits the OTP verification information to the server 320. The server checks the number of the user's cellular phone 170 that transmitted the OTP verification information, The number of the user's cell phone 170 and the OTP verification information are linked and stored in the storage medium 160 (325).

4 is a diagram illustrating a mobile phone payment approval process using OTP verification information according to a first embodiment of the present invention.

4, after the number of the user's mobile phone 170 and OTP and OTP verification information are received from the wired terminal 100 in the process shown in FIG. 2, the OTP verification information is read and the OTP ' If the generation validity is confirmed, it is confirmed that the payment validity is compared with the received OTP after the OTP 'is generated, and a payment approval process is performed. Referring to and / or modified with reference to FIG. 4, various implementations of the handset payment approval process using the OTP verification information (for example, omitting some steps or changing the order) may be inferred. All of the above-mentioned embodiments can be deduced. The technical features of the present invention are not limited to those shown in FIG.

Hereinafter, in FIG. 4, the billing system 110 shown in FIG. 1 is referred to as a "server" for the sake of convenience.

4, after the number of the user's mobile phone 170 and OTP and OTP verification information are received from the user's wired terminal 100 in the process shown in FIG. 2, the server compares the received OTP verification information with the OTP verification information, The OTP verification information stored in the storage medium 160 is compared with each other to confirm the validity of OTP 'generation (400).

If the validity of OTP generation is not verified at step 405, the server generates payment error information and transmits it to the wired terminal 100 (or the user phone 170) and the web server 105 (step 410) .

On the other hand, if the OTP 'generation validity is confirmed (405), the server confirms OTP generation information to generate OTP' to be compared with the received OTP (415), and generates OTP ' (420), generates OTP 'using the determined fixed seed value and the dynamic seed value, and compares the received OTP with the received OTP to authenticate the payment validity (425).

If the payment validity is not authenticated (430), the server generates payment error information and transmits it to the user terminal (100) (or the user mobile phone (170)) and the web server (440).

If the payment validity is authenticated (430), the server generates the payment validity result and transmits it to the user terminal 100 (or the user mobile phone 170) and the web server 105 (step 435) In response to the payment validity result, the payment approval is processed through the communication fee of the user mobile phone 170 (440).

According to the embodiment of the present invention, the server confirms a payment amount to be charged to the communication fee of the user's mobile phone 170 from the web server 105, ), And confirms the settlement through the communication charge imposed on the mobile phone by comparing the settlement amount with the settlement limit.

FIG. 5 is a diagram illustrating a configuration of a system for processing micropayments for mobile phones using OTP verification information according to a second embodiment of the present invention.

5 shows an example of an OTP (One Time Password) generated by an OTP agent included in the user's mobile phone 575 and a number of a user's mobile phone 575 to a user's wired terminal 500 connected to a website for a small- And an OTP verification information for OTP generation to be compared with the OTP is provided. Then, the mobile phone number, the OTP and the OTP corresponding to the user's mobile phone 575 are transmitted from the user's wired terminal 500 through the interface. When the OTP server 560 receives the OTP verification information and transmits the mobile phone number, the OTP and the OTP verification information to the OTP server 560 of the OTP agent provided in the user's mobile phone 575, A system configuration for processing a small-size mobile phone settlement by authenticating the validity of a payment, and having a person skilled in the art to which the present invention pertains, refer to FIG. 5 (For example, a part of components may be omitted, or a fragmented or combined implementation method) may be inferred from the OTP verification information of the mobile phone micro settlement processing system using the OTP verification information. However, And all the methods to be inferred, and the technical features thereof are not limited only by the method shown in FIG.

For example, the mobile phone micropayment processing system shown in FIG. 5 can be applied to a system for processing a payment using a payment means of a customer, except that the payment amount is added to the communication fee of the user mobile phone 575, It is a matter of course that the present invention includes all settlement processing systems as described above.

5, the mobile phone micropayment processing system includes a user wired terminal 500 used by a user who accesses a website for a micropayment and a user mobile phone 575 owned by the user, A small-amount settlement target web which allows a user to sell type / intangible goods to the user through the terminal 500, and settle the settlement amount for the sold goods through a mobile payment means for imposing the payment amount on the user's mobile phone 575 A billing system 510 for processing a mobile phone micropayment using OTP verification information in cooperation with the user terminal 500 and the user mobile phone 575, An OTP server 560 for authenticating the payment validity through the OTP generated by the OTP agent provided in the mobile phone 575, The payment system 510 may be implemented in the form of an authentication server (or relay server) connected to the web server 505 and the mobile communication company server 570, It is to be understood that the present invention is not limited to the above embodiments, and may be implemented in the form of an internal component of the web server 505 or an internal component of the mobile communication company server 570.

The wired terminal 500 includes one or more personal computers and a notebook having a browser capable of accessing a web server 505 operating the micro-settlement target website, and the web server 505 or the billing system And a mobile phone settlement interface for inputting the mobile phone number corresponding to the user's mobile phone 575 and the OTP and OTP verification information from the mobile phone 510 and outputting the mobile phone settlement interface to the screen output means, And transmits OTP and OTP verification information to the web server 505 or the settlement system 510 by inputting the mobile phone number and OTP and OTP verification information corresponding to the mobile phone 575.

The web server 505 includes a mobile phone payment means for selling tangible / intangible goods to the user through the user terminal 500 and imposing a payment amount on the sold goods on the communication charges of the user mobile phone 575, If the user terminal 500 selects the mobile phone payment means as the payment means for the payment amount, the user terminal 500 determines that the mobile terminal 500 is a mobile terminal, The mobile phone payment interface is provided to the user terminal 500 through the payment system 510 or the mobile phone payment interface is provided to the user terminal 500 through the payment system 510. [

The user mobile phone 575 is a mobile phone possessed by a user who purchases tangible / intangible goods sold by the web server 505, and authenticates the payment validity using the communication charge imposed on the user mobile phone 575 (For example, a screen output, or a function of outputting the generated OTP by using a local communication means such as Bluetooth, Wi-Fi, RF communication, etc.), a function of downloading an OTP agent (Which can be output to the wired terminal 500).

According to the present invention, the user terminal 500 is an example of a first terminal that a user connects to a server through a communication network and purchases tangible / intangible goods to be sold in the server, It is possible to carry out various modifications according to the type and characteristics of the communication network and the server.

According to the present invention, the user mobile phone 575 is an embodiment of a second terminal equipped with an OTP agent for authenticating payment validity for a purchase price of goods purchased through the first terminal, The terminal may include all communication terminals except for the first terminal.

For example, if the server connected to the first terminal is a home shopping server, the first terminal may include a user's IPTV, and the second terminal may include a wired phone / VoIP phone provided near the IPTV can do.

Alternatively, if the server to which the first terminal is connected is an ARS server, the first terminal may include a user's wired telephone / mobile phone / VoIP phone, and the second terminal may include another voice communication The second terminal includes a wired telephone / VoIP phone if the first terminal is a cellular phone, and the second terminal includes a wired / VoIP phone if the first terminal is a cellular phone, The second terminal may include a landline phone / mobile phone if the VoIP phone is a VoIP phone).

That is, it is to be appreciated that the user terminal 500 of the present invention is not limited to the above-described wired terminal and that the user terminal 575 of the present invention is not limited to a mobile phone.

The mobile communication company server 570 is a collective term for a mobile communication company server that is provided on a mobile communication network to which the user mobile phone 575 is connected and interfaces with the mobile phone. In the payment system 510, A data exchange server, a WAP (WAP) server, and the like, which transmit information (or data) requesting to provide the information (or data) to the user's mobile phone 575 through a mobile communication system (e.g., an exchange, a base station, It is preferable that the server includes at least one server.

According to an embodiment of the present invention, the mobile communication company server 570 has a function of authenticating a user by inquiring a subscriber D / B (not shown) through a user's mobile phone 575 number and user's resident registration number information, 575 to an OTP agent provided to the user's mobile phone 575 through an OTP server 560 providing an OTP agent.

According to the embodiment of the present invention, when the OTP agent is provided to the user's mobile phone 575 or the OTP agent is provided to the user's mobile phone 575, the mobile communication company server 570 transmits the OTP agent to the user's mobile phone 575 It is preferable that the corresponding mobile phone number and the OTP agent information corresponding to the OTP agent included in the user mobile phone 575 are linked and stored.

Here, the OTP agent information may include at least one of OTP agent version information, OTP generation algorithm, and OTP generation method of the OTP agent included in the user's mobile phone 575 corresponding to the mobile phone number.

Here, the OTP generation algorithm and the OTP generation method can use different algorithms and generation methods for respective OTP agents, and thus the present invention is not limited thereto.

The OTP server 560 authenticates the payment validity through the OTP generated by the OTP agent included in the user's mobile phone 575. The OTP server 560 may include an OTP agent for generating the OTP For determining a dynamic seed value and one or more fixed seed values for generating an OTP 'to be compared with an OTP generated through an OTP agent provided in the cellular phone, And a storage medium 565 for storing OTP verification information for verifying the validity of generating OTP 'through the OTP generation information in association with each other, .

The mobile phone number is a generic term of information that can identify the user mobile phone 575 and includes at least one of a phone number, an ESN, and a subscriber identification number assigned to the user mobile phone 575, (Or unique code) encrypted in the memory of the mobile phone 575, a USIM serial number assigned to the USIM provided in the user cell phone 575, and a unique number (or unique code) recorded in the USIM .

The OTP generation information includes at least one fixed seed value used for generating an OTP according to the OTP generation algorithm and the OTP generation method in an OTP agent provided in the cellular phone, and a parameter for determining a dynamic seed value .

For example, if the OTP is generated in a time-synchronized manner, the fixed seed value of the OTP generation information includes a seed fixed to be substituted into the time-synchronized OTP generation algorithm, And synchronization time setting information for determining a synchronization time corresponding to the dynamic seed value of the time-synchronized OTP.

Alternatively, if the OTP is generated in a challenge-response manner, the fixed seed value of the OTP generation information includes a seed fixed to be substituted into the challenge-response OTP generation algorithm, and the parameters of the OTP generation information include the challenge- And a random number generation seed for generating a random number corresponding to the dynamic seed value of the response type OTP.

According to the embodiment of the present invention, the OTP generation information is encrypted and stored in the user's mobile phone 575 memory in association with the OTP agent downloaded to the user's mobile phone 575, It is desirable to store it in the USIM (capable of storing encrypted data).

The OTP verification information may include OTP agent information stored in the storage medium 565 when receiving the OTP agent generated from the OTP agent and the OTP agent provided in the user's mobile phone 575 from the wired terminal 500 A user password or a user's personal identification number for verifying the generation of an OTP to be compared with the OTP.

According to the embodiment of the present invention, the OTP verification information may include a user password or a user personal identification number input to generate the OTP by driving the OTP agent in the user's mobile phone 575, Or a second user's password or a user's personal identification number extracted (or decrypted if encrypted) from a memory (or USIM) provided in the mobile phone via the user's personal identification number or stored in the storage medium 565 It is preferable to include a separate user password or a user personal identification number registered to verify that the OTP to be compared with the OTP is generated using the OTP generation information.

The OTP server 560 compares the OTP verification information with the OTP verification information stored in the storage medium 565 to provide the OTP verification information to be compared with the OTP verification information, When the generation validity of the OTP 'generation is verified, OTP generation information for generating OTP' to be compared with the OTP is confirmed, and a fixed seed value for generating OTP 'from the OTP generation information and a dynamic seed value , Generates OTP 'using the determined fixed seed value and dynamic seed value, compares the received OTP with the generated OTP' to check the micropayment validity of the mobile phone number, 510).

Referring to FIG. 5, the billing system 510 includes a billing system 510 for inputting mobile phone number, OTP, and OTP verification information corresponding to the user's mobile phone 575 to a user terminal 500 connected to the website An information receiving unit 520 for receiving a mobile phone number and OTP and OTP verification information corresponding to the user's mobile phone 575 through the mobile phone payment interface; An OTP provision unit 540 for transmitting the received mobile phone number, OTP and OTP verification information to an OTP server 560 of an OTP agent provided in the user mobile phone 575, An authentication result receiving means 545 for receiving the comparison result of the OTP 'generated based on the verification information and the OTP generated in the user's mobile phone 575, and the OTP' Provided by the providing means (550) for transmitting information by making a small payment validation result to the micropayments the website corresponding to the comparison results characterized in that formed.

According to the embodiment of the present invention, the mobile phone settlement interface includes a user interface for inputting mobile communication company selection information corresponding to the user's mobile phone 575 or user's resident registration number information to the mobile phone number, OTP and OTP verification information It is preferable to further include the above.

According to the present invention, the settlement system 510 further includes a user interface for inputting the mobile communication company selection information or the user's resident registration number information to the mobile phone settlement interface, The mobile communication company server 570 transmits the user's mobile phone number 575 and user's resident registration number information to the mobile communication company server 570 corresponding to the mobile communication company selection information, And a user authentication means (525) for authenticating the user by receiving and reading the user authentication result corresponding to the user identification number (575) number and the result of checking the user's resident registration number.

According to the present invention, the payment system 510 includes an agent checking means 530 for checking whether an OTP agent is installed in a user's mobile phone 575 corresponding to the number of the user's mobile phone 575, When the OTP agent is not installed in the mobile phone 575, an agent providing means 535 for processing such that a message including a callback URL for downloading an OTP agent is transmitted to the user mobile phone 575 .

According to the present invention, each of the means constituting the payment system 510 may be implemented as a separate server for each of the means, or in the form of a predetermined authentication server (or relay server) including the means, The above means may be implemented in the form of components in the web server 505, or the means may be implemented in the form of components in the mobile communication server 570, Some of the means may be implemented as components in the web server 505 and some of the means may be implemented as components in the carrier server 570 or some of the means may be implemented as components in the web server 505, It is possible that the mobile communication company server 570 is implemented as a component in the mobile communication company server 570 and the other part is implemented as a separate server. Bayida put out to clarify SHALL not limited by the embodiment to which the present invention method.

The user connects to the web server 505 to purchase the type / intangible goods, and transmits a settlement amount corresponding to the purchase price for the goods to the mobile phone 575 through a communication fee charged to the user mobile phone 575 The payment interface providing means 515 may relay the web server 505 directly to the wired terminal 500 through the communication network to which the wired terminal 500 is connected, And a mobile phone settlement interface for inputting a mobile phone number corresponding to the user mobile phone 575 and OTP and OTP verification information to the wired terminal 500 is provided.

When the mobile phone payment interface is provided to the user terminal 500 by the payment interface providing means 515, the information receiving means 520 receives the mobile phone payment interface input from the user terminal 500 through the mobile phone payment interface And connects a communication session for receiving OTP and OTP verification information with the mobile phone number corresponding to the user mobile phone 575. [

According to an embodiment of the present invention, the payment interface providing unit 515 connects a communication channel with the user terminal 500 and provides the mobile phone payment interface to the user terminal 500 through the communication channel The information receiving means 520 confirms the user terminal 500 information (for example, an IP address) from the communication channel provided to the user terminal 500 through the mobile phone settlement interface, A communication session for receiving the mobile phone number corresponding to the user mobile phone 575 and OTP and OTP verification information from the user terminal 500 based on the mobile phone number, And a memory area and a communication thread code allocated to receive the OTP verification information).

According to another embodiment of the present invention, when the payment interface providing unit 515 provides the mobile phone settlement interface to the user terminal 500 through the web server 505, the information receiving unit 520 The mobile terminal 500 receives information of the user terminal 500 from the web server 505 and receives a mobile phone number corresponding to the user mobile phone 575 from the user terminal 500, It is preferable to connect a communication session for receiving the OTP verification information (e.g., a memory area and a communication thread allocated to receive OTP and OTP verification information from the mobile terminal number from the wired terminal 500) Do.

Here, the communication session encrypts and receives the mobile phone number, OTP, and OTP verification information corresponding to the user mobile phone 575, and transmits the mobile phone number, OTP, and OTP verification information corresponding to the encrypted user mobile phone 575 And decrypting the encrypted communication session.

When the communication session is established with the user terminal 500, the information receiving means 520 receives the mobile phone number corresponding to the user's mobile phone 575 from the user terminal 500 through the communication session, OTP and OTP verification Information is received.

When the mobile communication terminal corresponding to the user's mobile phone 575 and the OTP and OTP verification information further receive the mobile communication company selection information or the user's resident registration number information from the wired terminal 500, The mobile communication company server 570 transmits the user's mobile phone number 575 and the user's resident registration number information to the mobile communication company server 570 corresponding to the selection information, The user authentication means 525 receives and reads the user authentication result and authenticates the user who has made a request for the micropayment of the mobile phone.

The agent confirmation means 530 transmits the user's mobile phone number 575 to the OTP server 560 that provides and manages the OTP agent to the user's mobile phone 575, It is confirmed whether an OTP agent for generating an OTP for authenticating the cellular phone settlement is provided to the user's mobile phone 575 corresponding to the number of the user's mobile phone 575 through the agent D / B (not shown) The agent confirmation unit 530 receives and reads out the OTP agent confirmation result and generates an OTP for authenticating the mobile phone settlement to the user's mobile phone 575 And checking whether an OTP agent is provided.

According to the embodiment of the present invention, the OTP agent is provided from the payment system 510 to the user's mobile phone 575, and the OTP agent information and the mobile phone number provided to the user's mobile phone 575 are stored in the storage medium 565 It is possible to check whether the OTP agent is provided to the user's mobile phone 575 via the storage medium 565. [

If the OTP agent for generating the OTP for authenticating the cellular phone micro settlement is not provided to the user's mobile phone 575 as a result of the confirmation of the agent confirmation means 530, And a message including a callback URL for downloading an OTP agent is transmitted to the user's mobile phone 575. [

According to the embodiment of the present invention, when it is determined that the OTP agent is not provided in the user's mobile phone 575, the agent providing means 535 outputs a pop-up output through the mobile phone payment interface provided to the user's wired terminal 500 Or an OTP agent download request (or a menu) included in the mobile phone settlement interface and output. The OTP agent download request is requested by the user, and the OTP agent download request is transmitted to the user's mobile phone 575 in response to the OTP agent download request. It is desirable to process the message including the callback URL for OTP agent download to be transmitted.

Here, the callback URL for downloading the OTP agent preferably includes the URL information of the OTP server 560 that provides the OTP agent to the user's mobile phone 575, and when receiving the message including the callback URL The user's mobile phone 575 downloads the OTP agent according to an OTP agent download procedure using a predetermined mobile communication network and mounts the OTP agent in the user's mobile phone 575. [

After the OTP agent is downloaded to the user's mobile phone 575, the OTP server 560 provided by the OTP agent to the user's mobile phone 575 generates an OTP through the OTP agent included in the user's mobile phone 575 To the user's mobile phone 575. The OTP generation information is transmitted to the user's mobile phone 575 via the network.

According to an embodiment of the present invention, the OTP server 560 allocates one or more fixed seed values for generating an OTP through an OTP agent included in the user mobile phone 575, (Or extracts OTP generation information from the database storing the OTP generation information) including a parameter and a parameter for determining one or more dynamic seed values necessary for generating an OTP through the OTP agent, and generates the generated OTP generation information The OTP server 560 may provide the OTP generation information to the user's mobile phone 575. The OTP server 560 may provide the OTP generation information to the user's mobile phone 575 through a mobile communication network, Lt; / RTI >

According to the embodiment of the present invention, after the OTP agent is downloaded to the user's mobile phone 575 or when the OTP agent downloaded to the user's mobile phone 575 is initially executed, the OTP server 560 generates the OTP The OTP generation information may be encrypted and stored in a memory provided in the user's mobile phone 575 or may be stored in the user's mobile phone 575 A Universal Subscriber Identity Module (USIM)).

According to the embodiment of the present invention, after the OTP agent is downloaded to the user's mobile phone 575 or when the OTP agent downloaded to the user's mobile phone 575 is initially executed, the user's mobile phone 575 transmits the OTP agent And stores the input user password or the user's personal identification number in a memory provided in the mobile phone or stores the encrypted user's personal identification number in the user's mobile phone 575 The OTP agent outputs an interface for inputting a user's password or a user's personal identification number when the OTP agent is generated by driving the OTP agent, (Or USIM) stored in the memory It is desirable to verify the validity of the OTP generation by comparing the user's password or the user's personal identification number.

According to one embodiment of the present invention, when the user password or the user's personal identification number is used as OTP verification information, the OTP agent communicates with the payment system 510 through the user's mobile phone 575, And transmits the user password or the user personal identification number to the payment system 510. The payment system 510 transmits the user password or the user personal identification number to the payment system 510, (Or receives the user's personal identification number including the user's resident registration number information), and transmits the OTP verification information including the mobile phone number and the user's password or the user's personal identification number And stores it in the storage medium 565. [

According to another embodiment of the present invention, a second user password or a user personal identification number corresponding to the OTP verification information is stored in a memory (or USIM) provided in the user's mobile phone 575 in addition to the user password or the user's personal identification number The OTP agent outputs an interface for registering the OTP verification information and transmits a second user's password or a user's personal identification number inputted through the interface to a memory (For example, a secure communication channel based on an encryption / decryption) with the billing system 510 through the user's mobile phone 575 after storing (or encrypting) the billing system 510 Transmits a second user's password or a user's personal identification number stored in the memory (or USIM) to the billing system 510) confirms the mobile phone number corresponding to the user's mobile phone 575 that has transmitted the second user's password or the user's personal identification number (or receives the mobile phone number including the user's resident registration number information in the second user's password or the user's personal identification number ), And stores the OTP verification information including the mobile phone number and the second user password or the user's personal identification number in the storage medium 565. When the second user password or the user personal identification number is stored in the memory (or USIM), a second user password stored in the memory (or USIM) or a user personal identification number Is also output.

According to another embodiment of the present invention, when registering a separate user password or user's personal identification number in addition to the user password or the user's personal identification number, the OTP agent outputs an interface for registering the OTP verification information, Decryption-based secure communication channel) with the settlement system 510 through the user's mobile phone 575, and transmits the settlement request message to the billing system 510 via the user's mobile phone 575, The billing system 510 transmits the separate user password or the user's personal identification number to the system 510 and the billing system 510 transmits the separate user's password or a mobile phone number corresponding to the user's mobile phone 575 that transmitted the user's personal identification number Confirmation (or the separate user password or user personal identification number Receiving information including a user social security number) and, in conjunction the OTP verification information including the separate user password or the user's personal identification number and the mobile phone number is stored in the storage medium 565.

When OTP verification information for verifying the validity of generating the OTP and the OTP to be compared with the OTP is received from the user's wired terminal 500, the OTP providing unit 540 transmits the OTP, And transmits OTP and OTP verification information to the OTP server 560 of the OTP agent provider provided in the user's mobile phone 575.

The OTP server 560 receives the mobile phone number, OTP and OTP verification information from the payment system 510, verifies OTP verification information associated with the mobile phone number from the storage medium 565, And verifies the validity of generating OTP 'to be compared with the OTP by comparing the OTP verification information with the OTP verification information.

If the validity of generating the OTP 'to be compared with the OTP is verified through the OTP verification information, the OTP server 560 transmits the OTP' Determines a fixed seed value and a dynamic seed value for generating OTP 'from the OTP generation information, generates an OTP' to be compared with the received OTP using the determined fixed seed value and the dynamic seed value .

If the OTP 'is generated, the OTP server 560 compares the received OTP with the generated OTP' to confirm payment validity with respect to the mobile phone number, and transmits the payment validity result to the payment system 510 The authentication result receiving means 545 receives and verifies the settlement validity result from the OTP server 560 to confirm the settlement validity.

The information providing means 550 transmits the result of the micropayment validity check corresponding to the OTP 'and the OTP generated by the user's mobile phone 575 to the web server 505 operating the micropayment target website .

Referring to FIG. 5, the payment system 510 includes a payment processing means (for example, a payment processing means) for processing the payment amount through payment of a communication fee charged to the mobile phone when the payment validity is authenticated by the OTP server 560 555). ≪ / RTI >

According to the method of the present invention, the payment processing means 555 confirms the payment amount to be charged to the communication fee of the user's mobile phone 575 from the web server 505, It is preferable to inquire the payment limit for the number of the user's mobile phone 575 and to compare the payment amount with the payment limit to approve payment through the communication fee charged to the mobile phone.

According to another embodiment of the present invention, the payment processing unit 555 can store and manage the number of the user's mobile phone 575 and the corresponding payment limit information through a separate database. In this case, The processing means 555 inquires the settlement limit for the number of the user's mobile phone 575 through the database and compares the settlement amount with the settlement limit to approve payment through the communication fee charged to the mobile phone Do.

When payment using the communication fee charged to the mobile phone is approved, the payment processing unit 555 performs processing such that the payment amount is charged to the communication fee for the user mobile phone 575 through the mobile communication company server 570 And transmits payment approval information for the payment amount to the web server 505.

6 is a diagram illustrating a mobile phone settlement process using OTP verification information according to a second embodiment of the present invention.

6 is a diagram illustrating an OTP (One Time Password) generated by an OTP agent included in the user's mobile phone 575 and the number of a user's mobile phone 575 to a user's wired terminal 500 connected to a website for a small- And an OTP verification information for OTP generation to be compared with the OTP is provided. Then, the mobile phone number, the OTP and the OTP corresponding to the user's mobile phone 575 are transmitted from the user's wired terminal 500 through the interface. OTP verification information, and it is possible to refer to and / or modify the FIG. 6 if a person having ordinary skill in the art to which the present invention belongs. It will be appreciated that the method may be inferred from a method (e.g., an implementation where some steps are omitted or the order is changed) It becomes to include the place, to which the technical feature that is not limited to the exemplary method shown in the figure 6.

Hereinafter, in FIG. 6, the payment system 510 shown in FIG. 5 is referred to as a "server" for the sake of convenience.

Referring to FIG. 6, a user accesses the web server 505 to purchase a type / intangible goods and transmits a payment amount corresponding to the purchase price for the goods to a communication fee charged to the user mobile phone 575 (600), the server relays the web server (505) either directly to the user's wired terminal (500) through a communication network connected to the user terminal (500) A mobile phone settlement interface for inputting a mobile phone number corresponding to the user mobile phone 575 and OTP and OTP verification information is processed by the user terminal 500 in operation 605, And the OTP and OTP verification information are received (610).

According to the embodiment of the present invention, the mobile phone settlement interface includes a user interface for inputting mobile communication company selection information corresponding to the user's mobile phone 575 or user's resident registration number information to the mobile phone number, OTP and OTP verification information It is preferable to further include the above.

If the mobile phone number, the OTP and the OTP verification information are received from the user terminal 500 (step 615), and the mobile communication company selection information and the user's resident registration number information are further received (step 620), the server responds to the mobile communication company selection information The mobile communication company server 570 requests the user authentication by transmitting the user's mobile phone number 575 and the user's resident registration number information to the mobile communication company server 570. The mobile communication company server 570 transmits the user's mobile phone 575 number When the user authentication result for the user's resident registration number information is constructed and transmitted, the user authentication result is received and read to authenticate the user requesting the micropayment of the mobile phone (625).

If the user is not authenticated (630), the server generates a user authentication error and transmits the user authentication error to the user terminal (or the user mobile phone 575) and the web server 505 (635).

If the user is authenticated (625) or only the mobile phone number, OTP and OTP verification information is received (615) from the user terminal (500), the server sends the user's mobile phone number 575) whether an OTP agent for generating an OTP for authenticating the cellular phone settlement is provided (640).

If the OTP agent is not installed in the user's mobile phone 575, the server processes the OTP agent to be provided to the user's mobile phone 575 through the process shown in FIG.

On the other hand, if the OTP agent is installed in the user's mobile phone 575 (645), the server verifies the validity of generating OTP 'to be compared with the OTP through the process shown in FIG. 8, And verifies the validity of the payment by comparing the OTP and the OTP '.

7 is a diagram illustrating a process of providing an OTP agent to a user's mobile phone 575 according to a second embodiment of the present invention.

7 is a flowchart illustrating a method of providing an OTP agent to the user's mobile phone 575 when the OTP agent is not installed in the user's mobile phone 575 in the process illustrated in FIG. Message to the user's mobile phone 575 and provides the OTP agent to the user's mobile phone 575 through the message. As shown in the figure, , It is possible to refer to and / or modify this FIG. 7 to infer various implementations (e.g., omitting some steps or changing the order) about the process of providing an OTP agent to the user's mobile phone 575 It should be understood, however, that the present invention includes all such contemplated embodiments, Technical features are not limited.

Hereinafter, the billing system 510 shown in FIG. 5 is referred to as a "server"

Referring to FIG. 7, if the OTP agent is not installed in the user's mobile phone 575 in the process shown in FIG. 6, the server includes a callback URL for downloading the OTP agent to the user's mobile phone 575 (700). In response to the message, the user's mobile phone (575) receiving the message requests the OTP agent to the OTP server (560) corresponding to the callback URL.

The OTP server 560 corresponding to the callback URL provides the OTP agent to the user's mobile phone 575 (705).

If the OTP agent is provided to the user's mobile phone 575 in operation 710, the user mobile phone 575 inputs a user password or a user's personal identification number for generating an OTP through the OTP agent, The password or the user's personal identification number is stored in the memory provided in the cellular phone or stored in the USIM provided in the user's mobile phone 575 and registered in the memory 715 and compared with the OTP generated through the OTP agent (Or confirms) OTP verification information for verifying the validity of generating the OTP 'and transmits the OTP verification information to the server 720. The server checks the number of the user's mobile phone 575 that transmitted the OTP verification information, The number of the user's mobile phone 575 and the OTP verification information are linked and stored in the storage medium 565 (725).

FIG. 8 is a diagram illustrating a mobile phone payment approval process using OTP verification information according to a second embodiment of the present invention.

8, after the number of the user's mobile phone 575 and OTP and OTP verification information are received from the wired terminal 500 in the process shown in FIG. 6, the billing system 510 transmits the mobile phone number And OTP and OTP verification information to the OTP server 560. The OTP server 560 verifies OTP 'generation validity to generate OTP', compares the generated OTP with the OTP to validate the payment, 8 is a flowchart illustrating a payment approval process based on the settlement validity in the settlement system 510 according to an exemplary embodiment of the present invention. Or modification of the OTP verification information, it is possible to infer various implementation methods (for example, omitting some steps or changing the order) of the mobile phone payment approval process using the OTP verification information, The present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Hereinafter, in FIG. 8, the billing system 510 shown in FIG. 5 is referred to as a "server" for the sake of convenience.

Referring to FIG. 8, after receiving the user's mobile phone number 575 and OTP and OTP verification information from the user terminal 500 in the process shown in FIG. 6, the server transmits the mobile phone number, OTP and OTP verification The OTP server 560 provides the information to the OTP server 560. The OTP server 560 compares the OTP verification information with the OTP verification information stored in the storage medium 565 to check the validity of the OTP generation (805) .

If it is determined that the OTP 'generation validity is not confirmed 810, the OTP server 560 generates and transmits the payment error information to the server 815. The server transmits the payment error information to the user terminal 500, (Or the user mobile phone 575) and the web server 505 (820).

On the other hand, if the validation of the OTP 'generation is confirmed (810), the OTP server 560 checks (825) OTP generation information for generating an OTP' to be compared with the received OTP (825) The generated fixed seed value and dynamic seed value are determined 830, and OTP 'is generated using the determined fixed seed value and dynamic seed value to compare the received OTP with the received OTP to verify the payment validity 835.

If the payment validity is not authenticated 840, the OTP server 560 generates and transmits the payment error information to the server 815. The server transmits the payment error information to the user terminal 500 User mobile phone 575) and the web server 505 (step 820).

If the payment validity is authenticated 840, the OTP server 560 generates the payment validation result and transmits it to the server 845. The server transmits the payment validity result to the user terminal 500, (Or the user's mobile phone 575) and the web server 505 (step 850), and the payment approval is processed through the communication fee of the user's mobile phone 575 corresponding to the payment validity result (step 855).

According to the embodiment of the present invention, the server confirms the payment amount to be charged to the communication rate of the user's mobile phone 575 from the web server 505, It is preferable to display the payment limit and compare the payment amount with the payment limit to approve payment through the communication fee charged to the mobile phone.

100: User wired terminal 105: Web server
110: Payment system 115: Payment interface providing means
120: Information receiving means 125: User authentication means
130: Agent checking means 135: Agent providing means
140: OTP validation means 145: Payment validity authentication means
150: Information providing means 155: Payment processing means
160: Storage medium 165: Mobile carrier server
170: User's cell phone

Claims (6)

In a method executed by a server,
A first step of checking the identification number stored in a designated storage area of the user's mobile phone and storing the identification number in a designated storage medium when the user's mobile phone installed a program implementing OTP (One Time Password)
The mobile terminal of claim 1, wherein when the payment request using the user's mobile phone is confirmed, the OTP implemented through the program executed by the user's mobile phone, the identification number extracted from the storage area designated by the program and the mobile phone information of the user's mobile phone, A second step of receiving the signal via a designated path; And
Determining whether to perform a procedure for authenticating the validity of the OTP by performing a procedure for authenticating the validity of the received identification number;
And a fourth step of performing a designated procedure for authenticating the validity of the OTP when the validity of the identification number is authenticated,
Wherein the payment is processed using the payment means specified based on a result of authenticating the validity of the OTP.
2. The method according to claim 1,
Wherein the application program is registered through the program executed in the user's mobile phone for the first time.
The method according to claim 1,
Further comprising the step of authenticating whether a program registered with the identification number is installed in the user's mobile phone when the payment request using the user's mobile phone is confirmed.
The method of claim 3,
Further comprising the step of performing a procedure for installing the program on the user's mobile phone when the program is not installed in the user's mobile phone.
The mobile communication terminal according to claim 1,
And the information provided to the user's mobile phone before the program is installed to identify the user's mobile phone.
2. The method according to claim 1,
Further comprising the step of checking whether the program is installed in the user's mobile phone using the received mobile phone information.

Images