KR20160101805A - Payment method for other person and payment authentication system thereof - Google Patents
Payment method for other person and payment authentication system thereof Download PDFInfo
- Publication number
- KR20160101805A KR20160101805A KR1020150024364A KR20150024364A KR20160101805A KR 20160101805 A KR20160101805 A KR 20160101805A KR 1020150024364 A KR1020150024364 A KR 1020150024364A KR 20150024364 A KR20150024364 A KR 20150024364A KR 20160101805 A KR20160101805 A KR 20160101805A
- Authority
- KR
- South Korea
- Prior art keywords
- information
- payment
- terminal
- authentication system
- right holder
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
A third party payment method and a payment authentication system therefor are disclosed. The third party payment method is a payment method in which the payment authentication system transmits information on the payment means of the payment means, identification information of the right holder terminal corresponding to the payment means, and identification information of at least one permissible terminal Receiving a payment request using the payment means from a predetermined terminal; receiving, by the payment authentication system, whether the terminal is the authorized terminal based on the registration information; Determining whether the settlement authentication system permits the settlement request through a predetermined allowance confirmation process when the terminal is the acceptance terminal as a result of the determination; When it is determined that the payment request is permitted, the payment processing corresponding to the payment request is performed Includes a system, the allowable terminal is characterized in that the terminal authorized person to request payment through the payment method by the terminal holder.
Description
The present invention relates to a third party payment method and a settlement authentication system therefor, and more particularly, to a third party payment method and a billing authentication system for the same, The present invention relates to a settlement method and system that is excellent in security through physical and / or logical division in information management, and is easy to use.
Financial transactions such as settlement online are actively being carried out. Online payment has a risk of being easily abused if payment information (e.g., card number, card password, etc.) corresponding to the payment means is known to others. Therefore, the owner of the payment means (e.g., the name of the card, the owner of the corporation card, etc.) should make a special effort to prevent the payment information from being leaked.
However, there is also a need for the right holder of the payment means to allow another person to perform settlement using the payment means. A typical example is when an employee's online payment using a corporation card or a minor is using a parent's card.
Therefore, it is necessary to provide a technical idea that can enhance the security of payment information while enabling other persons who are not the owner of the payment means to perform payment.
In a case where a person other than the right holder of the payment means performs payment using a predetermined payment means, that is, the case where the right holder of the payment means and the payment request requester are separated, is defined as " third party payment " do.
In the conventional third party settlement method, the third party usually recognizes the settlement information of the settlement means, and thus there is a risk that the third party can repeatedly perform the third party settlement without the consent of the owner.
Conventional technologies related to third party settlement are as follows.
In Korean Patent Application No. 10-2002-0049331 entitled " Service Acceptance Method Using Mobile Communication Terminal "(hereinafter referred to as Prior Art 1), it is described that a technique for allowing an online service to be performed for a user requesting a specific online service It provides ideas.
Korean Patent Application No. 10-2006-0109562 entitled " Financial Transaction Method by Third Party Approval Using a Mobile Communication Terminal "(hereinafter referred to as Prior Art 2), a financial transaction party decides a third party to approve a financial transaction, Each time it is performed, it provides a technical idea that financial transactions must be approved by a third party to approve the financial transaction.
Prior Art 2 differs from the object of the present invention in that the right holder of the payment means allows another person to approve the financial transaction, so that the payment means can be used by a person other than the right person.
The technical problem to be solved by the present invention is to enable easy third party settlement and strong security, and it is an object of the present invention to provide a settlement method and a settlement method in which a third party can easily make settlement but do not know the entire settlement information, Do not abuse it.
Specifically, a terminal capable of performing settlement using the settlement means (that is, an allowable terminal) is registered in advance according to the approval of the right holder, so that it is possible to easily restrict a person who can perform settlement using the settlement means A method and a system.
In addition, even when the permitting terminal requests settlement using the settlement information corresponding to the settlement means, even if the settlement information is recognized by another person, And to provide a system and method for enabling the system.
In addition, there is a case where the right holder can not approve each payment request every time. In order to do so, a response may be automatically performed using a right holder's storage list (for example, a telephone directory and / or an authorized terminal list) And a method and system for increasing the efficiency of third party settlement by allowing an allowance policy to be defined for each terminal.
Another object of the present invention is to provide a method and system for enhancing the security of third party settlement by encrypting or encoding settlement information and restoring or decoding the settlement information by restoration information based on the rights holder terminal or the requesting terminal.
Further, in order to increase the security of the settlement, a part of the settlement information is stored in the allowable terminal, and the remaining settlement information is stored in the settlement authentication system or the holder terminal physically separated from the allowable terminal, And a system.
According to an embodiment of the present invention, the payment information can be divided into at least two parts, and the payment information is combined with at least one of identification information of the right holder terminal, application identification information of the right holder terminal and authentication information of the right holder, So that the security can be enhanced.
According to another aspect of the present invention, there is provided a third party payment method including: a settlement authentication system for receiving information on payment means of a payment means, identification information of a right holder terminal corresponding to the payment means, The method comprising: receiving registration information including identification information of at least one permissible terminal capable of requesting payment; receiving, by the payment authentication system, a payment request using the payment means from a predetermined terminal; Determining whether the terminal is the accepting terminal based on the registration information, determining whether the payment authentication system permits the payment request through a predetermined acceptance checking process when the terminal is the accepting terminal And the settlement authentication system judges that the settlement request is permitted based on the confirmation result Wherein the accepting terminal is a terminal of the other authorized to request payment through the payment means by the right holder terminal.
Wherein the step of confirming whether or not the settlement authentication system permits the settlement request through a predetermined permission confirmation process comprises the steps of the settlement authentication system transmitting an allowance request signal to the right holder terminal, And confirming whether or not it is permitted to do so.
Wherein the step of confirming the acceptance according to the response from the right holder terminal can determine that the settlement request is allowed when the reject signal is not received within a predetermined time in response to the permission request signal.
The response from the right holder terminal can be determined according to whether or not the identification information of the terminal included in the permission request signal is stored in the right holder terminal's storage list.
Wherein the step of confirming whether or not the payment request is allowed through the payment approval system by a predetermined permission confirmation process includes a step of confirming a previously stored permission policy such that the payment authorization system corresponds to the at least one permissible terminal, The billing authentication system can perform different permission checking processes according to the settlement request or the acceptance terminal based on the checked permission policy.
The permission policy may include information on whether to perform the permission confirmation process through the right holder terminal according to at least one of a payment amount corresponding to the payment request, a payment time, or a type of a franchisee.
Wherein the third party payment method comprises the steps of the payment authentication system transmitting a registration request signal including identification information of the terminal to the right holder terminal when the terminal is not an authorized terminal, And registering the terminal as an acceptance terminal corresponding to the payment means when a registration approval signal is received from the right holder terminal.
Wherein the step of performing a payment process corresponding to the settlement request comprises the steps of: confirming first part information corresponding to a part of the settlement information corresponding to the settlement means, and performing a payment process corresponding to at least a part of the remaining information Wherein the first part information is information transmitted from the terminal or the rights holder terminal and the second part information is information transmitted from the terminal or the rights holder terminal, Wherein the part information is information stored in the payment authentication system, or the first part information and the second part information are stored in the payment authentication system, wherein the restoration information includes at least one of identification information of the terminal, Identification information of an application installed in the terminal, user authentication information received from the terminal, It may be information that can be restored on the basis of - the identification information, the identification information, the information being based on at least one of the owner authentication information is received from the owner of the terminal application installed on the terminal holder.
The first part information or the second part information may be information set differently for each of the allowed terminals.
Wherein the step of performing the payment processing corresponding to the payment request includes checking the first part information corresponding to a part of the payment information corresponding to the payment means, Checking the third part information corresponding to the remaining part of the payment information to perform the settlement processing using the specified payment information by specifying the payment information, Two pieces of the second part information and the third part information are information transmitted from the terminal and the right holder terminal respectively and the other is information stored in the payment authentication system, At least two of the first part information, the second part information, and the third part information are stored in the payment authentication system, The identification information of the terminal, the identification information of the application installed in the terminal, the user authentication information received from the terminal, the identification information of the right holder terminal, the identification information of the application installed in the right holder terminal, Which is information based on at least one of the following information.
The third party payment method for solving the technical problem is characterized in that the payment authentication system includes information on the payment means of the payment means and identification information of at least one permissible terminal corresponding to the payment means, And registering the registration information including the user authentication information for each of the allowed terminals; receiving, by the payment authentication system, a payment request using the payment means from a predetermined terminal; Determining whether the terminal is the granting terminal and, if the terminal is the granting terminal, performing permitter authentication to determine whether the user authentication information received from the terminal corresponds to user authentication information stored in the registration information And, if the permitter authentication is successful, Comprising the step of performing processing, the allowable terminal may be a terminal of an authorized person to request the payment through the payment method by a terminal holder corresponding to the payment method.
The third party settlement method for solving the technical problem is a settlement method in which an application system installed in a rights holder terminal for a third party payment method selects at least one permitting terminal capable of requesting settlement of a terminal of another person through a predetermined payment means The identification information of the selected at least one permitting terminal is registered in the payment authentication system as registration information including the information on the payment means and the identification information of the right holder terminal, Means for receiving an acceptance request signal from the payment authorization system when the payment request using the means is transmitted and the payment authorization system determines that the requesting terminal is the permissible terminal; Response in response to the request signal - Wherein the settlement processing corresponding to the settlement request is selectively performed by the settlement authentication system in response to the response, wherein the settlement processing includes performing a non-response that does not transmit any signal for a predetermined period of time.
Wherein the third party payment method further comprises transmitting the part information corresponding to at least part of the payment information corresponding to the payment means to the payment authentication system by the application system, And the payment information specified based on the confirmed part information, the remaining information of the payment information excluding the part information is stored in the payment authentication system or the request terminal or is divided into the payment authentication system and the request terminal The payment processing can be performed using the stored information.
The third party payment method for solving the above technical problem is characterized in that an application system installed in a requesting terminal for making a payment request through a predetermined payment means for the third party payment method transmits a payment request to a payment authentication system - the payment authentication system includes registration information including identification information of the right holder terminal corresponding to the payment means, identification information of the right holder terminal corresponding to the payment means, and identification information of at least one permitting terminal capable of requesting payment through the payment means And transmitting the part information corresponding to a part of the payment information to the payment authentication system when the payment terminal determines that the request terminal is the permissible terminal by the payment authentication system, The part information is confirmed by the payment authentication system, The information on the payment information that is specified based on the settlement information excluding the part information of the settlement information is stored in the settlement authentication system or the holder terminal or is divided and stored in the settlement authentication system and the holder terminal. Processing is performed.
The third party payment method may be implemented by a computer program installed in the data processing apparatus.
According to an aspect of the present invention, there is provided a billing authentication system comprising: information on a payment means of a payment means; identification information of at least one permitting terminal corresponding to the payment means and requesting payment through the payment means; An interface module for receiving a payment request using the payment means from a predetermined terminal, and a terminal module for registering and storing registration information including a right holder terminal capable of accepting payment, And if the terminal is the accepting terminal, it is determined whether the payment request is permitted through a predetermined permission checking process, and if the payment request is permitted based on the check result, When the payment request is received, It comprises a control module.
The control module transmits an acceptance request signal to the right holder terminal corresponding to the terminal and confirms whether or not the permission request signal is allowed according to a response from the right holder terminal.
The control module may check a previously stored allowance policy to correspond to the at least one permitting terminal and perform different allowance checking processes according to the payment request or the permitting terminal based on the checked permission policy.
If the terminal is not an authorized terminal, the payment authentication system for third party payment transmits a registration request signal including the identification information of the terminal to the right holder terminal, and in response to the transmission, And a registration module for registering the terminal as an accepting terminal corresponding to the payment means when the terminal is received.
The control module checks the first part information corresponding to a part of the payment information corresponding to the payment means and identifies the second part information corresponding to at least a part of the remaining information among the payment information to specify the payment information Wherein the first part information is information transmitted from the terminal or the right holder terminal and the second part information is information stored in the payment authentication system, The part information and the second part information are stored in the settlement authentication system but different restoration information, and the restoration information includes identification information of the terminal, identification information of an application installed in the terminal, user authentication information received from the terminal, Or identification information of the right holder terminal, identification information of an application installed in the right holder terminal, It may be information that can be restored on the basis of - the owner of the authentication information received from the terminal information being based on at least one.
The control module checks the first part information corresponding to a part of the payment information corresponding to the payment means, confirms the second part information corresponding to a part of the payment information, The first part information, the second part information, and the third part information are identified by checking the corresponding third part information, specifying the payment information, and performing payment processing using the specified payment information, Wherein the first part information is information transmitted from the terminal and the right holder terminal, and the other is information stored in the payment authentication system, or at least two of the first part information, the second part information, Wherein the restoration information is stored in the payment authentication system, wherein the restoration information includes identification information of the terminal, identification information of an application installed in the terminal, Which is based on at least one of user authentication information received from a terminal, identification information of the right holder terminal, identification information of an application installed in the right holder terminal, and right holder authentication information received from the right holder terminal Information.
According to the technical idea of the present invention, it is possible to perform payment using the payment means by registering in advance a terminal approved by the right holder for each payment means and capable of performing settlement using the payment means (i.e., There is an effect that it is possible to easily select the other person while limiting it.
Specifically, an employee or a child of a corporation registers in advance permission terminal identification information (for example, a telephone number) to be used for third party settlement without holding a corporation card or a card of a parent, Card or the like can be used.
In addition, the terminal that has not been registered in advance can be easily registered as the permitting terminal when the right holder approves it.
In addition, even when the permitting terminal requests settlement using the settlement information corresponding to the settlement means, the right holder must approve the settlement processing so that the settlement processing is performed, so that even if the settlement information is recognized by the other person, .
Further, there may occur a case where the right holder can not approve the request every time a payment request is made. To this end, a response is automatically performed using the right holder's storage list (for example, the list of allowed terminals on the telephone directory and / or the application) , It is possible to define an allowance policy for each permitted terminal, thereby enhancing the effectiveness of third party settlement.
In addition, the present invention provides an effect of enhancing the security of third party settlement by protecting settlement information by a method such as encryption or encoding and restoring the decoded or decoded payment information by restoration information based on the right holder terminal or the requesting terminal .
Further, by registering the payment information (for example, the card number, the account number, the password, and the like), it is possible to reduce the inconvenience that the user has to input the payment information every time the payment is made, Occupancy and segregation of encryption / decryption keys are performed, thereby providing an effect of greatly enhancing security.
In addition, since the entire payment information can be confirmed only in the payment authentication system without being confirmed at the user terminal, there is an effect that security can be secured even if settlement is leaked or seized at a user terminal having a relatively low security.
When the payment information is divided into three pieces of different pieces of information, the three pieces of part information are collected by the payment authentication system in a physically separated state in both the permitting terminal, the right holder terminal and the payment authentication system, Can be restored based on different restoration information (for example, restoration information based on the right holder terminal or restoration information based on the permitting terminal) so that the part information is present in the payment authentication system but logically divided and stored. There is an effect that sex is provided.
BRIEF DESCRIPTION OF THE DRAWINGS A brief description of each drawing is provided to more fully understand the drawings recited in the description of the invention.
FIG. 1 shows a schematic configuration for implementing a third party payment method according to an embodiment of the present invention.
2 shows a schematic configuration of a payment authentication system for a third party payment method according to an embodiment of the present invention.
FIG. 3 to FIG. 6 illustrate data flows of a third party payment method according to an embodiment of the present invention.
7 is a diagram illustrating an example of information stored in a payment authentication system for a third party payment method according to an embodiment of the present invention.
In order to fully understand the present invention, operational advantages of the present invention, and objects achieved by the practice of the present invention, reference should be made to the accompanying drawings and the accompanying drawings which illustrate preferred embodiments of the present invention.
Also, in this specification, when any one element 'transmits' data to another element, the element may transmit the data directly to the other element, or may be transmitted through at least one other element And may transmit the data to the other component. Conversely, when one element 'directly transmits' data to another element, it means that the data is transmitted to the other element without passing through another element in the element.
BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the preferred embodiments of the present invention with reference to the accompanying drawings. Like reference symbols in the drawings denote like elements.
FIG. 1 shows a schematic configuration for implementing a third party payment method according to an embodiment of the present invention.
Referring to FIG. 1, a
The terminal (for example, 200 or 210) may be a terminal of another person in any case, not the name of the payment means. For example, if the payment means is a corporation card, the terminal (for example, 200 or 210) may be a terminal of an employee authorized to use the payment means from the right holder of the corporation card, The terminal (e.g., 200, 210) may be a terminal of a child who is authorized to use the payment means from a parent.
The
The
The terminal (e.g., 200) and the
According to the technical idea of the present invention, the holder of the payment means can select a terminal that can perform payment using the payment means. The selected terminal is defined as an accepting terminal. Therefore, the
The registration information may be collectively registered by the
The registration information may be stored such that user authentication information is associated with each permitted terminal. The user authentication information may be information for authenticating a user of the permitting terminal, that is, a user who has allowed the holder to use the payment means (hereinafter, referred to as an "allower"). Therefore, the settlement process can be performed only when the permitter inputs his / her user authentication information in order to perform settlement using the settlement means. The user authentication information may be information for authenticating a permitter separately from authentication information (e.g., card password) of the payment means. As described above, according to the technical idea of the present invention, the user authentication information can be set for each permitter of the specific payment means separately from the authentication information (e.g., password) of the specific payment means and the payment processing is performed when the user authentication information is authenticated . According to this technical configuration of the present invention, it is possible to prevent a risk that a non-permitted person performs an erroneous settlement using an allowable terminal, and the non-repudiation of a permitter can be prevented. The user authentication information may be set by an allower, and a password, a pattern, or physical information (e.g., fingerprint, iris, etc.) of a permitter may be used.
On the other hand, the payment authentication may not be successful even if the registered authorized terminal requests payment. The
According to the technical idea of the present invention, the acceptance checking process may be the same process applied to all accepting terminals, but may be performed in different ways for each accepting terminal.
For example, the permission confirmation process may refer to a process of confirming whether the
Also, the permission confirmation process may be determined based on a response of the
According to the technical idea of the present invention, when a payment rejection signal is not received from the
Meanwhile, the
The storage list may be a telephone directory stored in the
When the storage list is a telephone book, information indicating an affiliation with an acquaintance (e.g., information indicating an employee of the same company, etc.) as well as a telephone number of acquaintances may be included. Then, the
It is a matter of course that the allowance request signal may include the identification information (e.g., telephone number) of the granting terminal that transmitted the settlement request for the technical idea of the present invention.
If the payment request using the payment means is received from a predetermined terminal and the terminal is not an accepting terminal corresponding to the payment means, the
When the
The payment information in the present invention may mean information that can identify the payment means necessary for payment. The payment information may be, for example, a card number, but is not limited thereto, and the payment information may be account identification information or a predetermined identification code that is variously defined for payment according to a payment method. In any case, the payment information may mean information that can identify the payment means or information that is variously defined to identify the payment means.
According to an embodiment of the present invention, the payment information may be divided into two or three pieces of part information and stored.
If the payment information is divided into the first part information and the second part information, the part information may be physically divided. For example, the first part information may be stored in the authorization terminal (for example, 200) or the
In this case, the
In addition, the
For example, when the first part information stored in the allowable terminal (for example, 200) is transmitted to the
When one of the part information is received from the receiving terminal (for example, 200) or the
Meanwhile, both the first part information and the second part information may be stored in the
Even if each piece of information is stored in the
The restoration information based on the
According to another embodiment of the present invention, the payment information may be divided into three pieces of information, that is, first part information, second part information, and third part information. Even in this case, each part information may be physically divided and stored. That is, each part information may be physically divided and stored in an accepting terminal (for example, 200), an
According to another embodiment, at least two of the three pieces of part information may be logically divided and stored in the
Even if at least two pieces of part information are stored in the
In the present specification, the predetermined information is transmitted not only when the information is transmitted by itself, but also when information in which the information is modified or changed in a predetermined manner is transmitted. That is, as long as the information can be confirmed on the side receiving the information, the information can be transmitted in a predetermined manner after the protection processing is performed. Therefore, when the first part information or the second part information is transmitted to the
According to the technical idea of the present invention, the accepting terminal (for example, 200) can communicate with the
In the following description, when the authentication information is generated based on predetermined information, the predetermined information is defined as basic information.
For example, the fact that the authentication information is generated by a plurality of basic information (for example, the identification information of the
According to an embodiment, information in which each of a plurality of pieces of basic information is protected (e.g., encoded, encrypted, and / or hashed) in a predetermined manner is included in the authentication information, or a plurality The dogs may be combined (or mixed) in a predetermined manner to include protected-processed information, or the entire plurality of basic information may be combined (or mixed) in a predetermined manner to include the protected-processed information.
In any manner, the authentication side (that is, the payment authentication system 200) knows the information corresponding to each of the basic information on which the authentication information is generated, and stores the authentication information in a manner corresponding to the manner in which the authentication information is generated Authentication authentication information that can authenticate the user.
Accordingly, when the predetermined authentication information is authenticated, it means that each of the basic information based on the generation of the authentication information is authenticated. The fact that each basic information is authenticated means that a device, user, or software corresponding to the basic information is legitimate.
The
As a result, the authentication information can be generated by at least one basic information as described above. The basic information of the authentication information may include first part information which is a part of the payment information. The first part information may be part of the payment information and may be information stored in the granting terminal (e.g., 200). The first part information may be calculated in a predetermined manner so as to be recovered by the
The basic information of the authentication information may further include a server generation key. The server creation key may be information generated by the
The
The
When the authentication information for identification is specified, the authentication information received from the
According to the technical idea of the present invention, the allowable terminal (for example, 200) and the application may be stored in advance in the
The granting terminal (e.g., 200) may generate authentication information. The authentication information may be generated based on at least the first part information. The server generation key may be further included as basic information of the authentication information. Alternatively, the identification information of the permitting terminal (e.g., 200), the identification information of the application, and / or the user authentication information may further be used as basic information, and the generated authentication information may be transmitted to the
Then, in the
Also, the
For example, the
In addition, since extraction and restoration of the first part information and the second part information do not mean a sequence, any of them can be extracted or restored first, and the remainder may be combined to perform a payment process. Average experts in the field can easily understand.
Then, the
Meanwhile, the first part information and the second part information may be different information for each permitted terminal. That is, different second part information for the same payment means may be stored in the
If the payment information is divided into two parts, the first part information, which is a part of the payment information, may be stored in the acceptance terminal (200, for example) The information may be stored in the
Meanwhile, the second part information may be the entirety of the information other than the first part information of the payment information, but may be part of the remaining information. That is, the payment information may be divided into three pieces. In this case, the third part information, which is information other than the first part information and the second part information, may be stored in a predetermined storage system. The system in which the third part information is stored may be the
When the storage system is the
Even when the third part information is stored in the
For example, the
The second part information may then include at least some of the identification information of the granting terminal (e.g., 200), the identification of the application, or the user authentication information (e.g., identifying information of the granting terminal Information) that can be decoded based on the information. The third part information may be information to be decrypted based on at least a part of the identification information of the
According to the technical idea of the present invention, at least two pieces of payment information are divided, and a part of the divided payment information (for example, first part information and second part information) may be stored in a physically divided system. In some implementations, some of the partitioned payment information (e.g., the second part information and the third part information) are logically separated as described above even though they are stored in the same system (e.g., payment authentication system 200) Can be. And the conditions required to verify the stored information may be different. Therefore, security can be enhanced.
Meanwhile, when the storage system is the
Then, the
As a result, the payment information may be divided into two or three pieces, and some of them may be physically separated or logically separated. Therefore, in the case where the billing information divided by the
The configuration of the
2 shows a schematic configuration of a payment authentication system for a third party payment method according to an embodiment of the present invention.
2, a
Herein, a module may mean a functional and structural combination of hardware for carrying out the technical idea of the present invention and software for driving the hardware. For example, each of the above configurations may refer to a logical unit of a predetermined code and a hardware resource for executing the predetermined code, and may be a code physically connected to one another or a specific type of hardware May be easily deduced to the average expert in the field of the present invention. Accordingly, each of the above-described configurations refers to a combination of hardware and software that performs the functions defined in this specification, and does not mean a specific physical configuration.
The
The
An example of the registration information is shown in Fig. 7 is a diagram illustrating an example of information stored in a payment authentication system for a third party payment method according to an embodiment of the present invention.
Referring to FIG. 7, the registration information may be stored such that identification information for a predetermined payment means and identification information for an authorization terminal corresponding to the payment means (e.g., terminal 2, terminal 3, terminal 4, etc.) have. The accepting terminal may be set by the
Also, identification information (e.g., terminal 1) of the
Also, as described above, the user authentication information of the permitter may be stored in the registration information for each permissible terminal (for example, 200). The user authentication information can be set by the allowers and can be used for the non-repudiation of the settlement request of the permitter, and the user terminal 200 (for example, It can be prevented from being used to make a request.
In addition, it is needless to say that the registration information may further include information on the permission policy set for each permitted terminal as described above.
Referring again to FIG. 2, the
The allowed
The
Also, when the
However, in order to enhance the security, the payment information may be separately stored in at least two parts such as the credit terminal (for example, 200) and the
Also, the
Also, the
The
It should be noted that the response of the
The
FIG. 3 to FIG. 6 illustrate data flows of a third party payment method according to an embodiment of the present invention.
Referring to FIG. 3, registration information may be registered in the payment authentication system 100 (S100). Then, the
Of course, the response may be an acknowledgment signal (or a reject signal may not be received within a predetermined time). In this case, the
Referring to FIG. 4, the
If the payment request corresponds to the accepted permission policy, it is determined that the payment authentication is successful and the payment process can be performed immediately (S230). Then, the settlement processing result can be transmitted to the terminal (e.g., 200) (S231). If the settlement request does not correspond to the approved permission policy, the
Referring to FIG. 5, the
Referring to FIG. 6, the
Meanwhile, the
Then, the
According to an embodiment, the payment information may be divided into first part information, second part information, and third part information, and the second part information and the third part information may be separated into physically separated devices (for example, Information that is stored in the
The third party payment method according to the embodiment of the present invention can be implemented as a computer-readable code on a computer-readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, an optical data storage device, and the like in the form of a carrier wave (for example, . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. And functional programs, codes, and code segments for implementing the present invention can be easily inferred by programmers skilled in the art to which the present invention pertains.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed embodiments, but, on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.
Claims (23)
The payment authentication system receiving a payment request using the payment means from a predetermined terminal;
Determining whether the payment authentication system is the acceptance terminal based on the registration information; And
Determining whether the payment authentication system permits the payment request through a predetermined permission checking process if the terminal is the permitting terminal; And
And performing payment processing corresponding to the payment request when the payment authentication system determines that the payment request is allowed based on the confirmation result,
Wherein the accepting terminal is a terminal of the third party authorized to request payment by the right holder terminal through the payment means.
Wherein the settlement authentication system transmits an acceptance request signal to the right holder terminal and confirms whether the settlement authentication system permits according to a response from the right holder terminal upon transmission.
And determines that the payment request is permitted when the reject signal is not received within a predetermined time in response to the permission request signal.
And determining whether the identification information of the terminal included in the permission request signal is stored in the storage list of the right holder terminal.
And confirming a previously stored allowance policy such that the payment authentication system corresponds to the at least one granting terminal,
The payment authentication system includes:
And a different acceptance check process is performed according to the settlement request or the acceptance terminal based on the checked acceptance policy.
Wherein the third party payment method includes information on whether or not to perform the permission checking process through the right holder terminal according to at least one of a payment amount corresponding to the payment request, a payment time, or a type of a franchisee.
The third party payment method includes:
The payment authentication system transmitting a registration request signal including identification information of the terminal to the right holder terminal;
Further comprising the step of registering the terminal as an accepting terminal corresponding to the payment means when the payment authentication system receives a registration approval signal from the right holder terminal in response to the transmission.
The payment authentication system checks the first part information corresponding to a part of the payment information corresponding to the payment means and identifies the second part information corresponding to at least a part of the remaining information among the payment information to specify the payment information And performing payment processing using the specified payment information,
Wherein the first part information is information transmitted from the terminal or the right holder terminal and the second part information is information stored in the payment authentication system,
Wherein the first part information and the second part information are stored in the settlement authentication system, but different reconstruction information, the reconstruction information includes identification information of the terminal, identification information of an application installed in the terminal, Authentication information, or information based on at least one of identification information of the right holder terminal, identification information of an application installed in the right holder terminal, and right holder authentication information received from the right holder terminal. Third party payment method.
And the information is differently set for each of the allowed terminals.
The payment authentication system checks the first part information corresponding to a part of the payment information corresponding to the payment means, confirms the second part information corresponding to a part of the payment information, The third part information identifying the payment information, and performing settlement processing using the specified payment information,
Wherein at least one of the first part information, the second part information and the third part information is information transmitted from the terminal and the right holder terminal, and the other information is information stored in the payment authentication system,
Wherein at least two of the first part information, the second part information, and the third part information are stored in the settlement authentication system, wherein the restoration information includes identification information of the terminal, Wherein the authentication information is information based on at least one of identification information of the application, user authentication information received from the terminal, identification information of the right holder terminal, identification information of an application installed in the right holder terminal, and right holder authentication information received from the right holder terminal And the third party payment information is information that can be restored based on the third party payment method.
The payment authentication system receiving a payment request using the payment means from a predetermined terminal;
Determining whether the payment authentication system is the acceptance terminal based on the registration information; And
Performing a permitter authentication to determine whether the user authentication information received from the terminal corresponds to the user authentication information stored in the registration information when the terminal is the permitting terminal; And
And performing a settlement process corresponding to the settlement request when the permitter authentication is successful,
And the accepting terminal is a terminal of the third party authorized to request payment through the payment means by the right holder terminal corresponding to the payment means.
When a payment request using the payment means is transmitted from a predetermined requesting terminal to the payment authentication system and the payment terminal is determined to be the charging terminal by the payment authentication system, ; And
The application system performing a response in response to the grant request signal, the response comprising a non-response that does not transmit any signal for a period of time,
And a payment processing corresponding to the payment request is selectively performed by the payment authentication system according to the response.
Further comprising transmitting, by the application system, part information corresponding to at least a part of the payment information corresponding to the payment means to the payment authentication system,
The part information is confirmed by the payment authentication system, and the payment information specified based on the confirmed part information, the remaining information of the payment information excluding the part information is stored in the payment authentication system or the request terminal, And the settlement processing is performed using the settlement authentication system and the request terminal.
And transmitting the part information corresponding to a part of the payment information to the payment authentication system when the application terminal determines that the requesting terminal is the permitting terminal by the payment authentication system,
Wherein the part information is confirmed by the payment authentication system and the payment information specified based on the confirmed part information, information excluding the part information of the payment information is stored in the payment authentication system or the rights holder terminal, And the settlement processing is performed using the settlement authentication system and the holder terminal in a divided manner.
An interface module for receiving a payment request using the payment means from a predetermined terminal;
An authorized terminal determination module for determining based on the registration information whether the terminal is the authorized terminal; And
If it is determined that the terminal is the accepting terminal, it is checked whether the payment request is allowed through a predetermined permission checking process. If it is determined that the payment request is permitted based on the checking result, A payment authentication system for a third party payment including a control module for performing payment.
And transmits a permission request signal to the right holder terminal corresponding to the terminal, and confirms whether the right holder terminal is allowed according to a response from the right holder terminal.
And determining whether the identification information of the terminal included in the permission request signal is stored in the storage list of the right holder terminal.
Checking an allowance policy stored in advance so as to correspond to the at least one permitting terminal,
And a different acceptance checking process is performed according to the payment request or the permitting terminal based on the checked permission policy.
The payment authentication system for third party payment includes:
A registration request signal including identification information of the terminal is transmitted to the right holder terminal, and when a registration approval signal is received from the right holder terminal in response to the transmission, And further comprising a registration module.
The first part information corresponding to a part of the payment information corresponding to the payment means is confirmed and the second part information corresponding to at least a part of the remaining information of the payment information is checked to specify the payment information, The settlement processing is carried out using the settlement processing,
Wherein the first part information is information transmitted from the terminal or the right holder terminal and the second part information is information stored in the payment authentication system,
Wherein the first part information and the second part information are stored in the settlement authentication system, but different reconstruction information, the reconstruction information includes identification information of the terminal, identification information of an application installed in the terminal, Authentication information, or information based on at least one of identification information of the right holder terminal, identification information of an application installed in the right holder terminal, and right holder authentication information received from the right holder terminal. Payment authentication system for third party payment.
And the information is differently set for each of the allowed terminals.
The system checks the first part information corresponding to a part of the payment information corresponding to the payment means, confirms the second part information corresponding to a part of the payment information, and the third part information corresponding to the remaining part of the payment information, Confirms the part information, identifies the payment information, performs payment processing using the specified payment information,
Wherein at least one of the first part information, the second part information and the third part information is information transmitted from the terminal and the right holder terminal, and the other information is information stored in the payment authentication system,
Wherein at least two of the first part information, the second part information, and the third part information are stored in the settlement authentication system, wherein the restoration information includes identification information of the terminal, Wherein the authentication information is information based on at least one of identification information of the application, user authentication information received from the terminal, identification information of the right holder terminal, identification information of an application installed in the right holder terminal, and right holder authentication information received from the right holder terminal And the second information is information that can be restored based on the first information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150024364A KR20160101805A (en) | 2015-02-17 | 2015-02-17 | Payment method for other person and payment authentication system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150024364A KR20160101805A (en) | 2015-02-17 | 2015-02-17 | Payment method for other person and payment authentication system thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20160101805A true KR20160101805A (en) | 2016-08-26 |
Family
ID=56885810
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150024364A KR20160101805A (en) | 2015-02-17 | 2015-02-17 | Payment method for other person and payment authentication system thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20160101805A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20020049331A (en) | 2000-12-19 | 2002-06-26 | 엘지전자 주식회사 | Matching Apparatus between Peripheral Processor and Device Controller |
KR20060109562A (en) | 2005-04-15 | 2006-10-23 | 정관선 | Method for approving a settlement of a financetransaction depend on an outsider |
-
2015
- 2015-02-17 KR KR1020150024364A patent/KR20160101805A/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20020049331A (en) | 2000-12-19 | 2002-06-26 | 엘지전자 주식회사 | Matching Apparatus between Peripheral Processor and Device Controller |
KR20060109562A (en) | 2005-04-15 | 2006-10-23 | 정관선 | Method for approving a settlement of a financetransaction depend on an outsider |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10205711B2 (en) | Multi-user strong authentication token | |
US10360561B2 (en) | System and method for secured communications between a mobile device and a server | |
CN106537403B (en) | System for accessing data from multiple devices | |
EP3138265B1 (en) | Enhanced security for registration of authentication devices | |
US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
KR101451359B1 (en) | User account recovery | |
CN107426235B (en) | Authority authentication method, device and system based on equipment fingerprint | |
WO2019226115A1 (en) | Method and apparatus for user authentication | |
JP2015515168A (en) | Method for confirming identification information of user of communication terminal and related system | |
KR20160115927A (en) | System and method for communicating credentials | |
US9323911B1 (en) | Verifying requests to remove applications from a device | |
KR20220167366A (en) | Cross authentication method and system between online service server and client | |
WO2015150917A2 (en) | System and method for authenticating transactions through a mobile device | |
CN110582986B (en) | Security authentication method for generating security key by combining authentication factors of multiple users | |
KR20140011924A (en) | Digital system for pair user authentication, authentication system, and providing method thereof | |
KR102053993B1 (en) | Method for Authenticating by using Certificate | |
KR101576075B1 (en) | Mobile payment system, mobile terminal, and mobile payment method | |
KR101799517B1 (en) | A authentication server and method thereof | |
KR101221728B1 (en) | The certification process server and the method for graphic OTP certification | |
KR101195027B1 (en) | System and method for service security | |
KR20160110704A (en) | Using method for mobile payment and payment service system thereof | |
KR101212510B1 (en) | System and method for service security based on location | |
KR20160101805A (en) | Payment method for other person and payment authentication system thereof | |
JP4578352B2 (en) | Communication mediating apparatus, data providing apparatus, and data providing system | |
KR101705293B1 (en) | Authentication System and method without secretary Password |