KR20170091069A - System for Card Payment using Program Identity - Google Patents

Abstract

The present invention relates to a card payment system by program identification, which is performed by a server communicating with a program installed and executed in a user smartphone. According to the present invention, the card payment system by the program identification includes: a personal identification number registering unit confirming an application identification key value stored in a designated storage area of the user smartphone and storing a personal identification number of a user and the application identification key value by connecting the personal identification number of the user registering the program of the user terminal and the application identification key value; a card information mapping unit mapping and managing card information of the user registered by the program of the user smartphone and the personal identification number; a security key agreement unit agreeing on a security key value to connect the program of the user smartphone and a security channel by executing a key change process; a payment request receiving unit receiving the personal identification number of the user by extracting the card information of the user registered from the program of the user smartphone through the security channel; a personal identification number authorization unit mapping the received personal identification number with the application identification key value and authorizing a mapped state with the card information of the user at same time; and a payment processing unit processing the authorization of the payment by using the card information mapped with the personal identification number when the personal identification number is authorized.

Description

[0001] The present invention relates to a card payment system,

The present invention provides a system implemented through a server communicating with a program installed and running on a user smartphone, the system comprising: a user smart phone, as a result of user real name authentication using the user smart phone after a program specific to the user smart phone is installed, The user identification code of the user smartphone is uniquely assigned to the program of the user smartphone so as to uniquely identify the program installed in the phone and confirms the value of the app identification key stored in the designated storage area of the user smartphone, A personal identification number registration unit for connecting and storing the personal identification number and the app identification key value, a card information mapping unit for mapping and managing the card information of the user registered through the program of the user smart phone and the personal identification number, Personal identification number A key exchange process of substituting the app identification key value and the personal identification number into a key generation value of a designated key exchange protocol to be performed by communicating with the program of the user smartphone, A security key agreement unit for negotiating a security key value to be used for connection and a key generation value of the key exchange protocol to the application identification key value and the personal identification number, A payment request receiver for extracting card information of the registered user from a program of the user smartphone and receiving a user's personal identification number for requesting payment; Is mapped to an app identification key value uniquely assigned to A personal identification number authentication unit for authenticating a state mapped with the card information of the user, and a payment processing unit for processing the payment information to be approved through the card information mapped with the personal identification number when the personal identification number is authenticated To a card payment system.

Recently, as the smartphone is activated, there is an increasing need to process various payments through smart phones. Meanwhile, various types of wireless settlement using the mobile phone as well as wireless banking including at least one of WAP banking, VM banking, and IC chip banking have been provided through the mobile phone before the smartphone, Smartphone banking and payment similar to that of wireless banking and wireless payment using mobile phones of mobile phone.

Conventional wireless banking and wireless settlement through a mobile phone can be provided because the mobile phone communicates through a communication channel that can not be intervened by a third party, such as a data channel of a closed voice call network via a switchboard Respectively.

However, unlike conventional mobile phones, smart phones have the characteristics that they can freely connect to an open data communication network capable of third party intervention. As a result, smart bank-based wireless banking and wireless payment, which are currently commercialized, It can be provided only when the function is installed.

An object of the present invention is to provide a system that is implemented through a server communicating with a program installed in a user smartphone, the system comprising: A program identification of the user smartphone, which is uniquely assigned to the program of the user smartphone to uniquely identify the program installed in the user smartphone, identifies an app identification key value stored in a designated storage area of the user smartphone, A card information mapping unit for mapping and managing the card information of the user registered through the program of the user smart phone and the personal identification number, Personal smartphone program A key exchange process of assigning the app identification key value and the personal identification number to a key generation value of a designated key exchange protocol to be performed by communicating with the program of the user smartphone, A security key agreement unit for negotiating a security key value for connecting the channel, a security key agreement unit for assigning the application identification key value and the personal identification number as a key generation value of the key exchange protocol, A payment request receiver for extracting the card information of the registered user from the program of the user smart phone and receiving a user's personal identification number for requesting payment; Mapped to an app identification key value uniquely assigned to the program of A personal identification number authentication unit for authenticating a state mapped with the card information of the user and a payment processing unit for processing the payment information to be approved through the card information mapped with the personal identification number when the personal identification number is authenticated And to provide a card settlement system through identification.

A card payment system based on program identification according to the present invention is a system implemented through a server communicating with a program installed and running on a user smart phone, the system comprising: Authenticates the application identification key value uniquely assigned to the program of the user smartphone and stored in the designated storage area of the user smartphone to uniquely identify the program installed on the user smartphone as a result of user real name authentication, A personal identification number registration unit for storing a program of the smart phone in association with the personal identification number of the registered user and the app identification key value and a management unit for managing and managing the card identification information of the user registered through the program of the user smart phone, A card information mapping unit When the personal identification number is inputted through the program of the smartphone, the key identification process is performed by substituting the app identification key value and the personal identification number into the key generation value of the designated key exchange protocol to be performed by communicating with the program of the user smart phone A security key agreement unit for negotiating a security key value for connecting a secure channel of the user smartphone with a secure channel, a key agreement unit for assigning the application identification key value and the personal identification number to a key generation value of the key exchange protocol, A payment request receiver for extracting card information of the registered user from the program of the user smart phone through a secure channel formed based on the security key value and receiving a user's personal identification number for requesting payment, The user of the smartphone having the secure channel A personal identification number authentication unit that is mapped with an app identification key value uniquely assigned to the RAM and that is mapped with the card information of the user; and a personal identification number authentication unit that, when the personal identification number is authenticated, And a payment processing section for processing the received payment information so as to be approved.

In the card payment system according to the present invention, it is possible to use a verification key value (for example, a verification key value) for verifying an assignment key value (or an assignment key value dynamically generated based on a key generation rule embedded in the program) (Or a key generation rule for dynamically generating the verification key value), and a verification key holding unit for, when the program installed in the user smart phone is activated, a verification key value (or a verification key value dynamically generated based on the key generation rule) A program verification unit for verifying an assignment key value (or an assignment key value dynamically generated based on the key generation rule) embedded in the program through the user's smartphone, After receiving the user information receiver and the encrypted user information, An application identification key determination unit for determining an app identification key value that uniquely identifies a program of the user smart phone as a result of the user real name authentication, Further comprising an app identification key assigning unit for encrypting the app identification key value through a session key value and providing the app identification key value to the user smart phone through the data network and storing the encrypted app identification key value in a designated storage area of the user smart phone.

The card payment system according to the present invention may further include an invoice providing unit for providing N (N > = 1) bill information to the user as a program of the user smartphone.

In the card settlement system according to the present invention, when the N (N > = 1) bill information is provided to the user smartphone program, n (1? n? N) settlement bill identification values.

In order to uniquely identify a program installed in a user's smartphone, a card payment system based on program identification according to the present invention may include an application identification key value uniquely allocated to each program installed in each smart phone, A card information mapping unit for mapping and storing the card information of the user and the personal identification number and storing the combined information and a program uniquely identified through the application identification key value, A security key agreement unit for negotiating a security key value for connecting the program and the secure channel by performing a key exchange procedure using the identification number as a key generation value of the designated key exchange protocol, Based on the key value, the security channel formed with the program of the smart phone A payment request receiver for receiving a personal identification number for requesting settlement using the card-registered card information; and an input unit for inputting the received card identification information through a program that is uniquely identified through the app identification key value, And a payment processor for processing the payment information to be approved through the card information mapped with the personal identification number when the personal identification number is authenticated.

In the card settlement system according to the present invention, an application identification key allocation for allocating an app identification key value that uniquely identifies the program installed in the smart phone, And further comprising:

In the card settlement system according to the present invention, a verification key value for verifying an assignment key value (or an assignment key value dynamically generated based on a key generation rule nested in the program) embedded in a program provided by a user's smartphone (Or a key generation rule for dynamically generating the verification key value); and a verification key generation unit for generating a verification key value (or a verification key value, which is dynamically generated based on the key generation rule, (Or an assigned key value dynamically generated based on the key generation rule) embedded in the program via the network, and a program verification unit for receiving encrypted user information from the smartphone through the data network of the smartphone And decrypting the encrypted user information, and then decrypting the real name of the user Further comprising an application identification key determination unit for determining an application identification key value that uniquely identifies the program and a user real name authentication unit for authenticating the application, And provides the encrypted data to the smartphone through the data network.

The card settlement system according to the present invention is characterized by comprising an authentication number determination unit for determining an authentication number value for authenticating the program through the telephone network of the smartphone, An authentication number sending unit that processes a message including the authentication number value to be sent to a smartphone, a program uniquely identified through the app identification key value using the app identification key value and an authentication number value as a key generation value, A personal identification number receiver for receiving a personal identification number encrypted through the agreed-upon provisional security key value from the smart phone, a personal identification number receiver for agreeing a security key value for connecting the channel or confirming a pre- A temporary secret key for decrypting the encrypted personal identification number through the provisional security key value The personal identification number registration unit may store the personal identification number and the app identification key value in a storage medium in connection with the personal identification number and the app identification key value.

The card settlement system according to the present invention may further include an authentication number authentication unit for authenticating the authentication number value, and the personal identification number receiving unit receives the encrypted authentication number value through the temporary security key value , The temporary security key decryption unit decrypts the authentication number value using the temporary security key value, and the authentication number authentication unit compares the decrypted authentication number value with the authentication number value sent to the smartphone and authenticates .

The card settlement system according to the present invention may further include an invoice providing unit for providing N (N > = 1) bill information to the smartphone, A security key value that connects a secure channel and a program uniquely identified through the application identification key value using the identification key value and the personal identification number as a key generation value, or confirms a pre-agreed security key value, Encrypting the N bill information via the security key value, and transmitting the encrypted N bill information to the smart phone.

In the card settlement system according to the present invention, when the N (N > = 1) bill information is provided to the smartphone, the payment request receiver may receive n 1 ≤ n ≤ N) settlement bill identification values.

The card settlement system according to the present invention includes a personal identification number registration unit for connecting and storing an app identification key value allocated to uniquely identify a program provided in a smartphone of a user and the personal identification number of the user, And a security key agreement unit configured to establish a security channel in which a mapping state between the personal identification number and the card information can be authenticated by agreeing with the unique program, A payment request receiving unit for receiving a personal identification number that is input and requesting payment through the mapped card information through the configured secure channel; and a payment information receiving unit for receiving the received personal identification number through the unique program, A personal identification number authentication unit for authenticating the personal identification number when the personal identification number is authenticated; And a settlement processing unit for processing the settlement through approval of the card information mapped with the personal identification number.

According to the present invention, the security key agreement unit can confirm the security key value that agrees with the security key value that connects the unique program with the secure channel, or confirm the security key value using the APP ID key and the personal identification number as the key generation value.

According to the present invention, the card settlement system may further comprise an app identification key assigning unit for assigning an app identification key value that uniquely identifies the program on the program of the smart phone, A verification key holding unit for holding a verification key value (or a key generation rule for dynamically generating the verification key value) for verifying an embedded assignment key value (or an assignment key value dynamically generated based on a key generation rule embedded in the program) When the program stored in the smart phone is activated, an assignment key value embedded in the program (or a dynamic generation based on the key generation rule) based on the verification key value (or a verification key value dynamically generated based on the key generation rule) A program verification unit for verifying the encrypted key value from the smartphone through the data communication network of the smartphone; A user real name authentication unit for decrypting the encrypted user information and authenticating the real name of the user after decrypting the encrypted user information; an application identification key determination unit for determining an application identification key value that uniquely identifies the program; The app identification key assigning unit may encrypt the app identification key value through the session key value exchanged with the smart phone and provide the app identification key value to the smart phone through the data communication network.

According to the present invention, the card settlement system may include an authentication number determination unit for determining an authentication number value for authenticating the program through a voice communication network of the smartphone, a telephone number assigned to the voice call network of the smart phone, An authentication number sending unit for sending a message including the authentication number value to the smartphone through the smart phone; and a security unit for associating the unique program with the temporary secure channel using the application identification key value and the authentication number value as a key generation value A personal identification number receiver for receiving a personal identification number encrypted through the agreed-upon temporary security key value from the smartphone, a personal identification number receiver for agreeing with the key value or confirming the pre- And a temporary security key decrypting unit for decrypting the encrypted personal identification number through a key value, The star number registration unit may store the personal identification number and the app identification key value in a storage medium in association with the personal identification number and the app identification key value. The card settlement system further includes an authentication number authentication unit for authenticating the authentication number value. In this case, the personal identification number receiving unit receives the encrypted authentication number value through the temporary security key value, and the temporary security key decryption unit The authentication number authentication unit decrypts the authentication number value using the temporary security key value, and the authentication number authentication unit compares the decrypted authentication number value with the authentication number value sent to the smartphone and can authenticate the authentication number value.

According to the present invention, the card settlement system further includes an invoice providing unit for providing N (N > = 1) bill information to the smartphone, The security key value for connecting the unique program and the secure channel is confirmed or the security key value is pre-agreed by using the identification number as the key generation value, and the bill supply unit encrypts the N bill information through the security key value To the smartphone.

Meanwhile, when N (N > = 1) pieces of billing information are provided to the smartphone, the payment request receiver receives n (1? N? N) billing object identification values among the N pieces of billing information through the secure channel .

A smartphone according to the present invention is a smartphone for communicating with a server, comprising: a personal identification number input unit for inputting a personal identification number mapped with card information of a user; And a settlement request unit for transmitting the input personal identification number to the server using the secure channel.

According to the present invention, the smartphone may further include an app identification key registration unit for registering an app identification key value that uniquely identifies a program provided in the smart phone.

According to the present invention, the secure channel consensus consensus security key values connecting the server and the secure channel using the personal identification number and the app identification key value input by the user as key generation values, can confirm.

According to the present invention, the smartphone may further include: an assignment key holding unit for holding an assigned key value assigned to the program; a verification data forming unit for composing program verification data for verifying the program; A program verification request unit for encrypting the verification data and transmitting the verification data to the server through the data communication network of the smartphone; a user information input unit for inputting user information for authenticating the user's real name; A user information transmitter for encrypting the user information through the data communication network and transmitting the encrypted user identification key value to the server through the data communication network; And an app identification key receiving unit The app identification key registration unit may decode the app identification key value through the session key value and register it in the program or replace the assignment key value with the app identification key value.

According to the present invention, the smartphone uses the authentication number value received through the voice communication network of the smart phone and the app identification key value as a key generation value to agree a provisional security key value connecting the server and the temporary secure channel And a personal identification number transmitter for encrypting the personal identification number to be mapped with the card information through the temporary security key value and transmitting the encrypted personal identification number to the server through the data communication network.

According to the present invention, the smartphone further comprises a card information input unit for inputting and processing card information of a user to be mapped with the personal identification number, and a card information registration unit for transmitting the card information to the server, The settlement unit consults the security key value connecting the server and the secure channel or confirms the pre-agreed security key value using the personal identification number input by the user and the app identification key value as the key generation value, May encrypt the card information through the security key value and transmit the encrypted card information to the server through the data communication network.

According to the present invention, the smartphone further includes an invoice requesting unit for transmitting invoice request information for requesting N (N > = 1) invoices to the server, And the security key value for connecting the server and the secure channel using the number and the app identification key value as a key generation value, or confirms the pre-agreed security key value, and the bill request unit transmits the bill request information to the security key value And transmit the encrypted data to the server through the data communication network.

According to the present invention, the smartphone further comprises: an invoice information receiver for receiving N (N > = 1) bill information from the server; The settlement requesting unit may transmit the personal identification number and the n billing object identification values to the server using the secure channel.

A card settlement method according to the present invention is a card settlement method through program identification of a server capable of communicating with a smartphone of a user, the method comprising: determining an app identification key value allocated to uniquely identify a program provided in the smart phone, A card information mapping step of mapping and storing the card information of the user and the personal identification number and a mapping step of mapping the personal identification number and the card information in agreement with the unique program, A payment request receiving step of receiving a personal identification number input through the unique program and requesting payment through the mapped card information through the configured secure channel; , The received personal identification number is input through the unique program When the personal identification number authentication step and the personal identification number to authenticate that the map and the group certification card information includes a payment processing step of processing the payment is to be approved over the personal identification number and mapping the card information.

According to the present invention, in the security key negotiation step, the security key value for connecting the unique program and the secure channel may be agreed or the security key value may be pre-negotiated using the application identification key value and the personal identification number as key generation values .

According to the present invention, the card payment method may further include an application identification key allocation step of allocating an application identification key value that uniquely identifies the program on the program of the smartphone.

According to the present invention, the card payment method may further include a verification key value (or a verification key value) for verifying an assignment key value (or an assignment key value dynamically generated based on a key generation rule embedded in the program) (Or a key generation rule for dynamically generating a verification key value) when the program of the smartphone is activated; (Or an assigned key value dynamically generated based on the key generation rule) included in the encrypted key information, and receiving the encrypted user information from the smartphone through the data communication network of the smartphone; Authenticating the real name for the user after decrypting the user information; Further comprising: determining an identification key value, the app identification key assignment step may be provided to the smart phone to encrypt the app identify key value through the smart phone and the exchanged session key value through the data communication network.

According to the present invention, the card settlement method further comprises: determining an authentication number value for authenticating the program through a voice call network of the smartphone; The method comprising: processing a message including the authentication number value to be transmitted to a mobile phone; and agreeing a security key value connecting the unique program with a temporary secure channel using the application identification key value and the authentication number value as a key generation value, The method comprising the steps of: confirming an agreed security key value; receiving an encrypted personal identification number from the smart phone through the agreed-upon temporary security key value; and decrypting the encrypted personal identification number through the agreed- Wherein the personal identification number registration step stores the personal identification number and the app identification key value in association with each other It can be stored in the body.

According to the present invention, the card payment method further comprises: receiving an encrypted authentication number value using the temporary security key value; decoding the authentication number value using the temporary security key value; And comparing and authenticating the authentication number value sent to the smartphone.

According to the present invention, the card settlement method comprises: agreeing a security key value connecting the unique program and a secure channel using the app identification key value and the personal identification number as a key generation value, or confirming a pre-agreed security key value And encrypting the N billing information through the security key value and transmitting the encrypted N billing information to the smartphone.

If N (N > = 1) pieces of billing information are provided to the smartphone, the payment request receiving step receives n (1? N? N) Lt; / RTI >

A card payment method according to the present invention is a card payment method through program identification of a smartphone communicating with a server, the card payment method comprising: a personal identification number input step of inputting a personal identification number mapped with card information of a user; And a settlement requesting step of transmitting the inputted personal identification number to the server using the secure channel, wherein the settlement request step comprises: a secure channel summing step of establishing a secure channel in which a state of mapping between the personal identification number and the card information can be authenticated, .

According to the present invention, the card payment method may further include an app identification key registration step of registering an app identification key value that uniquely identifies a program provided in the smart phone.

According to an aspect of the present invention, the secure channel sum step may be a step of using a personal identification number input by the user and the app identification key value as a key generation value to agree a security key value connecting the server and the secure channel, You can check the key value.

According to the present invention, the card payment method further includes the steps of: maintaining an assigned key value assigned to the program; configuring program verification data for verifying the program; encrypting the program verification data through the assigned key value Transmitting the user information to the server through the data communication network of the smartphone; inputting user information for authenticating the user's real name; and transmitting the user information to the server through the assignment key value (session key value exchanged during program verification) Further comprising the steps of: encrypting the user information and transmitting the encrypted user information key to the server through the data communication network; and receiving the encrypted application identification key value through the data communication network from the server through the session key value exchanged with the server, The app identification key registration step decodes the app identification key value through the session key value Or may be registered in the program, or the access key value may be replaced with the access key value.

According to the present invention, the card settlement method may further include a temporary security key value linking the server and the temporary secure channel using the authentication number value received through the voice communication network of the smartphone and the app identification key value as a key generation value And encrypting the personal identification number to be mapped with the card information through the temporary security key value and transmitting the encrypted personal identification number to the server through the data communication network.

According to the present invention, the card payment method may further include inputting a card information of a user to be mapped with the personal identification number, using the personal identification number input by the user and the app identification key value as key generation values Accepting a security key value for connecting the server with a secure channel or confirming a pre-agreed security key value, and transmitting the encrypted card information to the server through the data communication network by encrypting the card information through the secure key value can do.

According to the present invention, the card settlement method further comprises: accepting a security key value connecting the server and the secure channel by using the personal identification number and the app identification key value input by the user as a key generation value, Encrypting the request information requesting N (N > = 1) bills to the server through the security key value, and transmitting the encrypted request request information to the server through the data communication network.

According to the present invention, the card payment method further comprises: receiving N (N? 1) pieces of billing information from the server; calculating n (1? N? N) And the payment request step may transmit the personal identification number and the n billing object identification values to the server using the secure channel.

According to the present invention, an application identification key value that uniquely identifies a program verified by interposing a data communication network and a voice call network of a smartphone is mapped to a personal identification number input by a user, and the personal identification number and the application identification key value And then authenticates the personal identification number input through the authenticated program through the application identification key value, and transmits the smart card payment information through the mapped card information It is advantageous to provide a secure, simple and convenient smartphone settlement than a smartphone settlement using a conventional authorized certificate.

FIG. 1 is a diagram illustrating a configuration of a card settlement system according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a smartphone function according to an embodiment of the present invention.
3 is a diagram illustrating a program verification process according to an embodiment of the present invention.
4 is a diagram illustrating a process of assigning a user authentication and an app identification key according to an embodiment of the present invention.
5 is a diagram illustrating a personal identification number registration process according to an embodiment of the present invention.
6 is a diagram illustrating a process of mapping a personal identification number and a card information according to an embodiment of the present invention.
7 is a diagram illustrating a bill registration and provision process according to an embodiment of the present invention.
8 is a diagram illustrating a payment process using an app identification key and a personal identification number according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

FIG. 1 is a diagram illustrating a configuration of a card settlement system according to an embodiment of the present invention.

1 is a block diagram of a smart phone 200 according to an embodiment of the present invention. Referring to FIG. 1, a smart phone 200 includes a data communication network and a voice communication network, And mapping the user's card information and the personal identification number through the secure channel configured through the application identification key value and the user's personal identification number, The system is configured to authenticate whether payment is requested by inputting from the program to which the identification key value is assigned, and to process the payment through the card information of the user so as to be approved. As a person skilled in the art, , See and / or modify Figure 1 to illustrate various ways of implementing the card payment system (e.g., , Or would be able to infer the granular or, or combined embodiment method), the present invention is made, including any exemplary way in which the inference, to which the the technical features are not limited to the exemplary method shown in the figure 1.

The card settlement system of the present invention comprises a smart phone 200 on which the program is installed and a server capable of communicating with the smart phone 200 through a data communication network and a voice communication network of the smart phone 200, The server includes a program distribution server 181 for registering a program to be distributed to the smart phone 200, a payment request side terminal or server for providing bill information to be billed to the user, payment for the bill through the card information of the user To the payment approval server 184 of the card issuer who approves the payment approval. The server constituting the card settlement system may be a server of a card issuer issuing a card corresponding to the card information of the user or a server of a transit provider relaying the card company and a user's smartphone 200, The present invention is not limited thereto.

Referring to FIG. 1, the card settlement system includes a verification function for verifying an assignment key value contained in a program provided to a user's smartphone 200 (or an assignment key value dynamically generated based on a key generation rule embedded in the program) A verification key holding unit 103 for holding a key value (or a key generation rule for dynamically generating the verification key value); and a verification key holding unit 103 for holding the verification key value (Or an assignment key value dynamically generated based on the key generation rule) embedded in the program through a dynamically generated verification key value based on the key generation rule.

The operator terminal creates a program mounted on the smart phone 200 of the user and inserts the assignment key value for verifying the program into the program (or the key generation rule for dynamically generating the assignment key value) Or key generation rule) is registered in the program distribution server 181 and processed to be provided to the smartphone 200 of the user.

Before the program is registered in the program distribution server 181, the verification key storage unit 103 stores the allocation key value (or the key generation rule for dynamically generating the allocation key value) and the allocation key value And a verification key value (or a key generation rule for dynamically generating the verification key value) for verifying a generated key value (i.e., an assignment key value dynamically generated based on the embedded key generation rule). Here, the allocation key value and the verification key value or a key generation rule for dynamically generating the allocation key value and the verification key value may be determined by the operator terminal, or may be determined through the verification key holding unit 103. [

According to an embodiment of the present invention, the allocation key value and the verification key value may include a service private key and a service public key generated according to a public key infrastructure, the service private key is determined as the verification key value, Key holding unit 103, and the service public key can be determined as the assigned key value and embedded in the program.

According to another embodiment of the present invention, the allocation key value and the verification key value may include the same key value as the symmetric key.

According to another embodiment of the present invention, the assignment key value and the verification key value may include a one-time key value dynamically generated using one or more seed values fixed or dynamically determined at the time of verifying the program, Wherein the key generation rule includes a key generation algorithm for dynamically generating the disposable key value, and at least one fixed seed value to be substituted into the key generation algorithm, a seed determination rule for determining at least one dynamic seed value, Or more. The dynamic seed value may be a terminal identification value assigned to the smartphone 200 so that the smartphone 200 and the program verification unit 100 can simultaneously confirm the dynamic seed value Number, a device serial number, a USIM 212 serial number (UICC ID), a MAC address (Media Access Control Address), etc.) and a network identification value (e.g., (E.g., a subscriber number, a contract number) and a location identification value (e.g., location information located through the GPS module of the smartphone 200 is matched with location information using the base station of the wireless communication company to which the smartphone 200 is subscribed) (Or a code value generated by substituting the identification value into the seed determination rule) among one or more identification values (e.g., one position value). Alternatively, the dynamic seed value may include a time value at which the program verification unit 100 verifies the program (or a code value generated by substituting a time value into the seed determination rule).

When the program is activated in the smartphone 200, the program may include program information (e.g., program ID information, version information, date and time when the program is registered in the program distribution server 181, The program verification data including at least one of the network identification value and the location identification value is encrypted (for example, AES (for example, AES A packet data serving node (PDSN), a gateway GPRS support node (GGSN), and a SGSN (mobile communication network) connected to a base station of a wireless communication network to which the smart phone 200 is connected, (Wireless LAN) through a wireless LAN communication module 208 provided in a smart phone 200, a data communication network connected through a wireless LAN (Wireless LAN), a Support GPRS Serving Node To the program verification unit 100 through the data communication network to which the program verification unit 100 is connected.

The program verifying unit 100 receives the encrypted program verification data from the smartphone 200 through the data communication network and verifies the verification key value held by the verification key holding unit 103 And decrypts the program verification data through a verification key value dynamically generated based on the rule.

When the program verification data includes the program information according to an embodiment of the present invention, the program verification unit 100 checks the program information of the program registered in the program distribution server 181 by the business entity terminal, And compares the program information included in the decrypted program verification data with the verified program information to verify that the program is a valid program registered in the program distribution server 181 by the business entity terminal.

According to another embodiment of the present invention, when at least one of the terminal identification value, the communication network identification value, and the location identification value is included in the program verification data, the program verification unit 100 checks whether the smart- The mobile communication terminal checks at least one of the terminal identification value, the communication network identification value, and the location identification value of the smart phone 200 in association with the communication company server included in the connected wireless communication company, The communication network identification value, and the location identification value, and an identification value confirmed through the communication company server, and transmits the comparison result to the smart phone 200, which is connected to the actual data communication network of the smart phone 200, Verify the program. That is, when the program is extracted from the smart phone 200 in an unauthorized manner and is driven through a smart phone 200 emulator installed in the PC, the program verification data can not include a valid identification value. In this case, The unit 100 can determine the program as an incorrect program. For example, if the terminal identification value includes at least one of a device serial number, a USIM 212 serial number, and a MAC address of the smartphone 200, the terminal identification value may be stored in only the corresponding smart phone 200 And can not be identified through the smartphone 200 emulator. Or if the communication network identification value includes at least one of a network identification value of the smartphone 200, an exchange assignment value, a subscriber number, and a contract number, the communication network identification value may be set such that the smart phone 200 is connected to the wireless communication network And can not be identified through the smartphone 200 emulator. Or the location identification value is changed every time the smartphone 200 moves, and the location identification value can not be identified through the emulator of the smartphone 200 because the location identification value is changed on the wireless communication network.

After performing the program verification, the program verification unit 100 transmits a program verification result obtained by verifying the program to the smartphone 200 through the data communication network. The program verification result may be transmitted to the smartphone 200 in an unencrypted state or may be provided to the smartphone 200 by being encrypted using the verification key value. When the program verification result is encrypted, (200) can decode the program verification result through the assigned key value.

On the other hand, if the program is verified, the program verification unit 100 determines a session key value or a key exchange value (e.g., a random number value) for exchanging a session key value, The program verification result may be encrypted with the verification key value to prevent the session key value (or the key exchange value) from being exposed. In this case, .

1, the card payment system includes a user information receiving unit 106 for receiving encrypted user information from the smartphone 200 through a data communication network of the smartphone 200, And a user real name authentication unit 109 for authenticating the real name of the user after decrypting the user name.

When the program is authenticated, the program outputs an interface for inputting user information, encrypts user information input through the interface, and transmits the encrypted user information to the user information receiver 106 through the data communication network. Here, the user information may include at least one of a user name, a resident registration number (or a part of a resident registration number), and a telephone number, and the configuration of the user information may be variously modified according to the intention of a person skilled in the art.

According to an embodiment of the present invention, the program may encrypt the user information through the assigned key value and transmit the encrypted user information to the user information receiving unit 106 through the data communication network. On the other hand, if the user information is encrypted using the assigned key value, the program determines the session key value or a key exchange value for exchanging the session key value, and then stores the session key value (or key exchange value) in the user information And can be provided to the smartphone 200.

According to another embodiment of the present invention, when the program authentication unit provides the session key value together with the program authentication result to the program, the program encrypts the user information through the session key value, To the information receiving unit 106.

According to still another embodiment of the present invention, when the program authentication unit provides the key exchange value together with the program authentication result to the program, the program determines the session key value through the key exchange value and then encrypts the user information To the user information receiving unit 106 through the data communication network. If the session key value can not be determined based only on the key exchange value provided from the program authentication unit, the program encrypts the user information using the assigned key value, and stores the key exchange value for determining the session key value in the encrypted user information To the user information receiving unit 106 through the data communication network.

The user information receiving unit 106 receives the encrypted user information through the data communication network, and the user real name authentication unit 109 receives the user information through the decryption key value corresponding to the key value, .

If the user information is encrypted using the assigned key value according to an embodiment of the present invention, the user real name authentication unit 109 decrypts the encrypted user information through the verification key value, Extract the session key value.

According to another embodiment of the present invention, when the user information is encrypted using the session key value provided by the program authentication unit, the user real name authentication unit 109 transmits the session key value provided by the smartphone 200, The user information can be decrypted.

According to another embodiment of the present invention, when the user information is encrypted using the session key value generated based on the key exchange value provided by the program authentication unit, the user real name authentication unit 109 authenticates the smart phone 200 ), And then decrypt the encrypted user information through the generated session key value.

When the user information is decrypted, the user real name authentication unit 109 authenticates the real name of the user using the user name and the resident registration number included in the user information. Here, the user's real name may be authenticated through a user's real name server (not shown). According to the embodiment of the present invention, the user's real name authentication unit 109 stores the real name authenticated user information in the storage medium 178. [

After the user's real name is authenticated, the user's real name authentication unit 109 can transmit the real name authentication result authenticated by the user's real name to the smart phone 200 through the data communication network. The real name authentication result may be transmitted to the smartphone 200 in an unencrypted state or may be provided to the smartphone 200 by being encrypted with the verification key value, If the key value is determined, the real name authentication result may be encrypted through the session key value and provided to the smart phone 200. If the real name authentication result is encrypted, the smart phone 200 can decrypt the real name authentication result through the assigned key value (or session key value).

On the other hand, if the real name is not authenticated and the session key value is not finally exchanged, the user real name authentication unit 109 determines a session key value or a key exchange value (for example, a random number value (Or a key exchange value) in the real name authentication result, and provides the real key authentication result to the smartphone 200. In this case, in order to prevent the session key value (or the key exchange value) from being exposed The real name authentication result is preferably encrypted with the verification key value.

Or if the session key value is finally exchanged in a state where the real name is authenticated, the user real name authentication unit 109 may omit the transfer of the real name authentication result to the smart phone 200. In this case, As a result of the authentication, the smartphone 200 is provided with an app identification key value that uniquely identifies the program.

Referring to FIG. 1, the card settlement system includes an application identification key determination unit 112 for determining an application identification key value that uniquely identifies the program, and an application identification key determination unit 112 for determining, using the session key value exchanged with the smart phone 200, And an app identification key assigning unit (115) for encrypting the identification key value and providing the encrypted identification key value to the smart phone (200) through the data communication network.

When the real name of the user is authenticated by the user's real name authentication unit 109, the application identification key determiner 112 determines whether the user's real name is identical to the user's real name (App. Identity Key) that is not yet registered. Here, the app identification key value is a unique program ID that identifies a user (or a payment) in the payment process using the program of the smartphone 200, and in any case, does not duplicate an app identification key value assigned to another program Do not. For example, even when the same smartphone 200 is changed, the app identification key value is reassigned to another value that is not duplicated every time the program is changed or the telephone number of the smartphone 200 is changed, It is preferable that the app identification key value is reassigned to another value that is not duplicated even if the number is assigned to the smartphone 200.

When the token value is included in the user information, the app identification key value may include the token value as it is, or a value generated by substituting the token value into the key generation algorithm for the key generation algorithm.

According to an embodiment of the present invention, it is preferable that the app identification key value is determined according to a data structure of a key generation value of a Secure Remote Password (SRP) protocol or a data structure that can be transformed into a key generation value of the SRP protocol Do.

The application identification key assigning unit 115 identifies the session key value exchanged with the smartphone 200 during the program verification and the user's real name authentication process and encrypts the determined application identification key value through the session key value, To the smartphone (200). The app identification key value may be provided to the smart phone 200 as a result of authenticating the user's real name, or may be provided to the smart phone 200 separately from the real name authentication result.

The program of the smartphone 200 that received the app identification key value receives the encrypted app identification key value and decodes it using the exchanged session key value, and processes the program to maintain the app identification key value.

According to one embodiment of the present invention, after the program deactivates (or deletes) the allocated key value, the program stores the security key value (or the temporary security key value) with the security key agreement unit 139 (temporary security key agreement unit 124) The application identification key value may be stored in the memory of the smartphone 200 or may be stored in the USIM 212 or the IC chip of the smartphone 200 in the process of agreeing the application identification key value. According to the intention of the person skilled in the art, the app identification key value may be encrypted and stored in a designated encryption scheme.

According to another embodiment of the present invention, the program may replace the assignment key value with the application identification key value. For example, when the assigned key value is included in a specific file among one or more configuration files constituting the program, the app identification key assigning unit 115 constructs an update file in which the assigned key value is replaced with the app identification key value The program may be provided to the smartphone 200 according to the encryption procedure. In this case, the program may replace the assigned key value with the app identification key value by updating the specific file with an update file. On the other hand, when the assigned key value is maintained on the specific program code constituting the program, the app identification key assigning unit 115 debugs the program code and stores the program code area in which the assigned key value is held as the app identification key value The change destination file, the change destination address, and the application identification key value to the smart phone 200 according to the encryption procedure. In this case, The key value can be changed to the appidentification key value.

1, the card payment system includes an authentication number determination unit 118 for determining an authentication number value for authenticating the program through a voice communication network of the smartphone 200, And an authentication number sending unit 121 for sending a message including the authentication number value to the smartphone 200 through the phone number assigned to the voice communication network of the voice communication network.

After the user's real name is authenticated or the app identification key value is assigned to the program of the smart phone 200 through the data communication network, the authentication number determination unit 118 determines the authentication number of the heterogeneous network, And determines an authentication number value for authenticating the program through the voice communication network of the phone 200. [ Here, the authentication number value includes a number of a predetermined number of digits that can be keyed in the smartphone 200, and may further include characters and symbols that can be keyed according to the intention of a person skilled in the art.

The authentication number sending unit 121 transmits a text message (for example, a text message) to the smartphone 200 through the voice communication network of the smartphone 200 based on the user information authenticated through the user's real name authentication unit 109, (E.g., SMS, EMS, MMS, etc.). If the user information includes the phone number of the smartphone 200, the authentication number sending unit 121 can confirm the phone number of the smart phone 200 from the user information. Or if the telephone number of the smartphone 200 is stored in a database (not shown) in connection with the user information, the authentication number sending unit 121 transmits the authentication information to the smart phone 200 from the database based on the real name authentication result, The telephone number of the user can be confirmed.

When the telephone number of the smartphone 200 is confirmed, the authentication number sending unit 121 includes the telephone number of the smartphone 200 as the telephone number of the message receiving side, and transmits the authentication number value to the message body And transmits the message including the authentication number to the message center on the wireless communication network connected to the smartphone 200. The message including the authentication number is transmitted to the smart phone 200 through the voice communication network of the smart phone 200, ).

The smartphone 200 receiving the message may output an authentication number value included in the received message, output an interface for key inputting the authentication number value, and may output the authentication number value according to the intention of a person skilled in the art The key input process may be omitted.

When the authentication number value is received (or key input), the smartphone 200 transmits an app identification key value received through the data communication network through a specified key agreement protocol (e.g., SRP protocol) (Or key input) authentication key value as a key generation value, thereby agreeing with the card settlement system and the temporary security key value of the one-time encryption key type.

Referring to FIG. 1, the card settlement system includes an application identification key value provided to the smartphone 200 through a data communication network of the smartphone 200, A temporary security key agreement unit 124 for negotiating a temporary security key value with the smartphone 200 by using an authentication number value sent to the smart phone 200 as a key generation value, A personal identification number receiver 130 for receiving an authentication number value and a personal identification number encrypted through a key value, a temporary security key decryption unit 130 for decrypting the encrypted authentication number value and the personal identification number through the agreed temporary security key value, An authentication number authentication unit 133 for comparing the decrypted authentication number value with the transmitted authentication number value and authenticating the stored authentication number value and storing the decrypted authentication number value in a storage medium 178 in association with the personal identification number and the app identification key value; doing And a recognized identification number register 136. The

The app identification key value is provided to the smart phone 200 through the data communication network of the smart phone 200 and the authentication number value is transmitted to the smart phone 200 through the voice communication network of the smart phone 200 The provisional security key agreement unit 124 uses the application identification key value and the authentication number value as a key generation value through a specified key agreement protocol (for example, SRP protocol) to transmit the program of the smart phone 200 and the disposable encryption It agrees the temporary security key value of the key type. According to an embodiment of the present invention, the temporary security key value can be agreed with the temporary security key value without exposing the app identification key value and the authentication number value on the communication network according to the SRP protocol.

Meanwhile, at some point in time before / during / after the temporary security key value is agreed, the smart phone 200 uniquely identifies the user and registers a personal identification number to be mapped with card information of a user to process the payment of the user (For example, Advanced Encryption Standard (AES) encryption) through the agreed-upon temporary security key value, and transmits the personal identification number through the data communication network. Here, since the authentication number value is used as a key generation value in the process of agreeing the temporary security key value, the program may encrypt the personal identification number without including the authentication number value according to the intention of a person skilled in the art. If the smartphone 200 is an Apple iPhone series, the program may encrypt the token value allocated to the program according to the Apple's APNS standard, together with the personal identification number, and transmit the encrypted token value. It is not limited.

The personal identification number receiving unit 130 receives the encrypted authentication number value and the personal identification number from the smart phone 200 through the data communication network using the agreed temporary security key value, 200, the authentication number value may be omitted or the token value may be added to the received personal identification number.

The temporary security key decryption unit 127 decrypts the encrypted authentication number value and the personal identification number through the provisional security key value agreed with the smartphone 200 through the provisional security key agreement unit 124, The authentication number value may be omitted from the decryption object or the token value may be added according to the intention or the type of the smart phone 200. [

When the personal identification number is decrypted through the temporary security key decryption unit 127, the personal identification number registration unit 136 determines the decrypted personal identification number and the app identification key deciding unit 112, The application identification key value provided to the smartphone 200 is connected to the application identification key assignment unit 115 and stored in the storage medium 178. [

Meanwhile, when the authentication number value is decrypted through the temporary security key decryption unit 127, the authentication number authentication unit 133 transmits the decrypted authentication number value to the authentication number sending unit 121 through the voice call In this case, the personal identification number registration unit 136 may store and store the personal identification number and the app identification key value when the authentication number value is authenticated. If the token value allocated to the program is decrypted through the temporary security key decryption unit 127, the personal identification number registration unit 136 can authenticate the token value by a token authentication unit (not shown) In this case, when the token value is authenticated, the personal identification number and the app identification key value may be stored in association with each other. The personal identification number may be stored in connection with the real name authenticated user information.

1, the card settlement system includes a security key agreement unit 139 for agreeing a security key value with the smart phone 200 using the app identification key value and the personal identification number as key generation values, A card information receiving unit 142 for receiving the card information and the personal identification number of the user encrypted through the agreed security key value from the security key storage unit 200 and for decrypting the encrypted card information and the personal identification number through the agreed security key value A personal identification number authentication unit 148 for comparing the decrypted personal identification number with the stored personal identification number to authenticate the stored personal identification number; And a card information mapping unit 151 for storing the card information.

The security key agreement unit 139 uses the application identification key value and the personal identification number as a key generation value through a specified key agreement protocol (for example, the SRP protocol) to transmit the program of the smart phone 200 and the one- The key values are agreed.

Meanwhile, the security key agreement unit 139 may include a number replacement module for replacing the personal identification number with a value that can be used for the key agreement protocol. In this case, the security key agreement unit 139 A substitute identification number usable in the key agreement protocol is generated to replace the personal identification number, and the program of the smart phone 200 and the disposable The security key value in the form of an encryption key can be agreed.

Meanwhile, the smartphone 200 outputs an interface for uniquely identifying the user and registering the card information of the user to process the payment of the user, at any time before, during, or after the security key value is agreed upon, (For example, AES (Advanced Encryption Standard) encryption) through the agreed security key value and transmits the encrypted card information through the data communication network. Here, since the personal identification number is used as a key generation value in the process of agreeing the security key value, the program may encrypt the card information without transmitting the personal identification number according to the intention of the person skilled in the art. If the smartphone 200 is an Apple iPhone series, the program may encrypt the token value allocated to the program together with the card information, and transmit the encrypted token value together with the card information. Accordingly, the present invention is not limited thereto.

The card information receiving unit 142 receives the personal identification number and the card information encrypted through the agreed security key value from the smart phone 200 through the data communication network, The personal identification number may be omitted in the received card information according to the kind, or the personal identification number may be replaced with the substitute identification number, and the token value assigned to the program may be added according to the method. Here, the card information includes at least one of a card number, a CVC / CVV, an expiration date, and a card password.

The security key decryption unit 145 decrypts the encrypted personal identification number and the card information through the security key agreed with the smart phone 200 through the security key agreement unit 139, The personal identification number may be omitted from the decryption object or the token value may be added according to the type of the phone 200. [

When the card information is decrypted through the security key decryption unit 145, the card information mapping unit 151 concatenates the decrypted card information with the personal identification number and stores the decrypted card information in the storage medium 178.

Meanwhile, when the personal identification number is decrypted through the security key decryption unit 145, the personal identification number authentication unit 148 compares the decrypted personal identification number with the stored personal identification number and verifies whether or not they match. According to another embodiment of the present invention, the security key decryption unit 145 may decrypt the substitute identification number replacing the personal identification number. In this case, the personal identification number authentication unit 148 may include a number substitution module After generating the substitute identification number, the generated substitute identification number and the decrypted personal identification number may be compared and verified to be identical. When the personal identification number (or the substitute identification number) is authenticated, the card information mapping unit 151 stores the card information and the app identification key value in association with each other. If the token value allocated to the program is decrypted through the security key decryption unit 145, the card information mapping unit 151 can authenticate the token value by a token authentication unit (not shown) In this case, when the token value is authenticated, the card information and the app identification key value may be stored in association with each other.

According to an embodiment of the present invention, the card settlement system further includes a card information authentication unit (not shown) for transmitting the user information and the card information to the server of the card company to authenticate whether the card is normally issued to the user The present invention is not limited thereto.

1, the card settlement system includes a bill receiving unit 154 that receives bill information to be charged to a user from a terminal or a server on a payment request side, a bill registering unit 157 that stores the received bill information, A bill notifying unit 160 for notifying the user of the smart phone 200 of an invoice and an invoice notification unit 160 for requesting N (N? 1) pieces of bill information from the smart phone 200 according to the bill notification, The security key consensus unit 139 may transmit the application identification key value and the personal identification number to the smart phone 200 by using the app identification key value and the personal identification number as key generation values, The billing request receiving unit 163 receives the encrypted billing request information from the smartphone 200 through the agreed security key value, The security key decryption unit 145 decrypts the encrypted invoice request information through the agreed security key value.

The bill receiving unit 154 receives a biller identification value and a payment amount identifying the user from a terminal or server of a payment requesting side (for example, an offline merchant, an online merchant, various billing institutions) requesting payment or payment to the user, And billing information including payment request side information (for example, merchant information and billing institution information). The payer identification value includes at least one of configuration information (e.g., name, resident registration number, and telephone number) constituting the user information stored in the storage medium 178, And an assigned app identification key value. Alternatively, the payer identification value may include an eigenvalue (e.g., a member ID, a payer number) agreed to identify a payment between the card payment system and the payment requester based on the user information, The present invention is not limited by the kind of value.

When one or more billing information is received from the payment requesting terminal or server through the billing receiver 154, the bill registering unit 157 checks user information matched with the biller identification value corresponding to the received billing information , The billing information is connected to the user information (or the app identification key value matched with the user information) and stored in the bill of the user. The bill registering unit 157 allocates and stores an bill identification value uniquely identifying each bill to each bill information stored in the bill.

After one or more billing information is stored in the billing box of the user, the billing notification unit 160 may receive the billing information from the smartphone 200 (Or the program) corresponding to the target device to be pushed. Here, the device identification value may include a token value assigned to the program, or may include at least one of a terminal identification value and a communication network identification value including a telephone number assigned to the smartphone 200 have. For example, if the smartphone 200 is an Apple iPhone, the device identification value may include a token value assigned to the program according to the APNS standard of the Apple company. Alternatively, when the smart phone 200 is a smart phone 200 equipped with an Android system, the device identification value may include a terminal identification value such as a phone number of the smart phone 200 or a communication network identification value.

When the device identification value for identifying the device to be pushed is confirmed, the bill notification unit 160 notifies the smart phone 200 of one or more pieces of bill information to the user's bill through the data communication network of the smart phone 200 And transmits a push message informing that it is registered. For example, if the smartphone 200 is an Apple iPhone, the push message may be pushed to the smartphone 200 according to the APNS standard of the Apple company. Or when the smart phone 200 is a smart phone 200 equipped with an Android system, the push message may be transmitted to the smart phone 200 according to a protocol that the program provided to the smart phone 200 periodically collects the push data. (Not shown). According to another embodiment of the present invention, the bill notification unit 160 notifies, to the smartphone 200 through the voice communication network of the smartphone 200, a character indicating that one or more billing information is registered in the bill of the user So that the message can be processed so that the present invention is not limited thereto.

The program of the smart phone 200 that has received the bill notification notifies the smart phone 200 of the security key value by using the app identification key value and the personal identification number as key generation values in accordance with the bill notification, The security key agreement unit 139 encrypts the request information requesting N (N > = 1) pieces of billing information among the registered one or more pieces of billing information through the agreed security key value, and transmits the security key agreement request The smart phone 200 consults the security key value using the app identification key value and the personal identification number as key generation values in association with the smart phone 200. The bill request receiving unit 163 receives the smart key, The security key decryption unit 145 receives the encrypted request information from the secure key value storage unit 200 through the agreed security key value, It decrypts the billing request information. Here, the billing request information may include a bill extraction condition for extracting billing information of at least one of the billing information registered in the billing request. The bill extraction condition may include at least one of a billing time condition, a payment request side identification condition, and a payment amount condition. According to the intention of those skilled in the art, the billing request information may further include a personal identification number (or an alternative identification number) input to generate the security key value, or may further include a token value, thereby not limiting the present invention . Meanwhile, when the billing request information includes the personal identification number (or alternate identification number), the personal identification number authentication unit 148 may authenticate the personal identification number (or alternate identification number) included in the billing request information have.

Referring to FIG. 1, the card settlement system includes an invoice providing unit 166 for providing N (N > = 1) bill information to the smartphone 200, The security key agreement unit 139 may use the app identification key value and the personal identification number as a key generation value to agree with the security key value with the smart phone 200, The billing service provider 166 encrypts the N billing information through the security key value and transmits the encrypted billing information to the smartphone 200. [

When the billing request information requesting the N pieces of billing information is received and decoded through the billing request receiving unit 163, the billing service providing unit 166 receives N billing requests corresponding to the billing request information from the user, Information is extracted. The security key agreement unit 139 consults the security key value with the smart phone 200 using the app identification key value and the personal identification number as a key generation value or confirms the pre-agreed security key value, 166 encrypts the extracted N bill information through the agreed security key value and transmits the encrypted N bill information to the smart phone 200. [

1, the card payment system includes a payment request receiving unit 169 for receiving n (1? N? N) billing object identification values and a personal identification number from the smartphone 200, And a payment processing unit (175) for processing the bill corresponding to the n number of bill identification values through the card information mapped with the identification number. When receiving the bill identification value and the personal identification number, The key agreement unit 139 consults the security key value with the smart phone 200 using the app identification key value and the personal identification number input by the user as a key generation value or confirms a pre-agreed security key value, The settlement request receiving unit 169 receives n (1? N? N) settlement bill identification values and a personal identification number encrypted with the agreed security key value from the smartphone 200, The key decryption unit 145 decrypts the encrypted n number of bill identification values and the personal identification number through the agreed security key value, and the personal identification number authentication unit 148 identifies the personal identification number And the payment processing unit 175 compares the decoded personal identification number with the decoded personal identification number, and the payment processing unit 175 compares the personal identification number with the decoded personal identification number, Make sure the bill is approved for payment.

The program of the smartphone 200 that has received and decoded the N pieces of bill information may include n billing items for identifying n settlement bill items to be settled through the card information of the user mapped with the personal identification number among the N pieces of bill information Determines an identification value, agrees a security key value with the smart phone 200 using the app identification key value and the personal identification number input by the user as a key generation value, or confirms a pre-determined security key value, The n number of bill identification values and the personal identification number input by the user (or pre-entered in the bill request process) are encrypted through the security key value and transmitted through the data communication network, In association with the smartphone 200 according to the request for the security key agreement of the program, uses the app identification key value and the personal identification number as key generation values The settlement request receiving unit 169 confirms the security key value with the smartphone 200 or agrees with the security key value, and the settlement request receiving unit 169 receives the security key value from the smart phone 200, And receives the target bill identification value and the personal identification number.

The security key decryption unit 145 decrypts the encrypted n bill identification values and the personal identification number through the agreed security key value, and the personal identification number authentication unit 148 encrypts the decrypted personal identification number, Compare the stored personal identification numbers and verify that they match. According to another embodiment of the present invention, the security key decryption unit 145 may decrypt the substitute identification number replacing the personal identification number. In this case, the personal identification number authentication unit 148 may include a number substitution module After generating the substitute identification number, the generated substitute identification number and the decrypted personal identification number may be compared and verified to be identical.

If the encrypted personal identification number is authenticated through the agreed security key value using the app identification key value and the user's personal identification number in the program of the smartphone 200, In order to prevent the non-repudiation of the user, the authentication result of the personal identification number and the payment request authentication history including that the payment for the n bills are requested from the program may be configured and stored in the storage medium 178 (not shown).

When the encrypted personal identification number is authenticated by using the app identification key value of the program, the payment processing unit 175 updates the n bill identification values through the card information mapped to the personal identification number based on the authentication result And the payment of the corresponding bill is approved.

If the card information can be directly extracted from the storage medium 178 according to an embodiment of the present invention, the payment processing unit 175 extracts the card information mapped with the personal identification number from the storage medium 178 , Payment approval request information including the card information and payment information corresponding to the n bill identification values (for example, payment amount and merchant information) may be configured and transmitted to the payment approval server 184 corresponding to the card information have.

If the card information can not be directly extracted from the storage medium 178 according to another embodiment of the present invention, the settlement processing unit 175 transmits the card identification information (E.g., a unique ID agreed with the approval server 184) and payment information corresponding to the n bill identification values (e.g., payment amount and merchant information) To the server 184.

Meanwhile, the authentication number determination unit 118 determines a payment authorization number for user authentication through heterogeneous network connection, and the authentication number sending unit 121 transmits the authentication number to the payment terminal 100 through the voice communication network of the smartphone 200 A text message including the authentication number can be sent.

According to an embodiment of the present invention, the payment authorization number is inputted through a program of the smartphone 200 and is transmitted to the secure channel (= app identification key value and personal identification number Or a data communication channel that is encrypted and decrypted through the agreed upon security key value), or may be received over a separate secure channel.

According to another embodiment of the present invention, when the payment request side server outputs a payment page to a user terminal located in the same space as the user's smart phone 200, When the n bill identification values and the personal identification number are received through the payment page, the payment authentication number may be input through the payment page and received from the payment request side server.

When the payment authorization number is received, the authorization number authentication unit 133 compares the payment authorization number with the payment authorization number sent to the smartphone 200 through the voice communication network, In this case, when the personal identification number and the payment authentication number are both authenticated, the payment processing unit 175 may process payment through the card information mapped with the personal identification number.

On the other hand, the personal identification number (or the card information) can be mapped to the disposable settlement number dynamically generated through the number generating device of the user or the number generating module provided in the smart phone 200. In this case, The reception unit 169 encrypts the one-time payment number dynamically generated through the user number generation apparatus mapped with the personal identification number (or the card information) or the number generation module provided in the smart phone 200 through the security key value Can be received further. When the personal identification number (or the card information) is mapped to the disposable payment number, the card payment system may further include a disposable payment number authentication unit (not shown) for authenticating the disposable payment number, If the received disposable payment number is decrypted through the key decryption unit 145, the disposable payment number authentication unit may generate a device identification value for identifying the number generation apparatus mapped with the personal identification number (or card information) Decrypted disposable settlement number to the disposable number authentication server and may be authenticated. The payment processing unit 175 may be configured to authenticate the individual identification number and the disposable payment number When the numbers are all authenticated, payment can be processed through the card information mapped with the personal identification number.

1, the card settlement system further includes a settlement result providing unit 172 for providing a settlement processing result of an invoice using the card information to the smartphone 200, and the security key agreement unit 139 Uses the app identification key value and the personal identification number as a key generation value to confirm the security key value with the smart phone 200 or confirm the security key value, And provides the processing result to the smart phone 200 by encrypting the processing result with the agreed security key value.

The settlement result providing unit 172 receives a settlement processing result for n invoices using the card information from the settlement approval server 184. If payment of the n bills is approved as a result of the payment process, the payment result providing unit 172 may store the payment processing result in the storage medium 178 have.

When the settlement processing result is received from the payment approval server 184, the security key agreement unit 139 uses the APP identification key value and the personal identification number as a key generation value to agree with the smart phone 200 and the security key value And the settlement result providing unit 172 encrypts the settlement processing result with the agreed security key value and provides the encrypted settlement result to the smartphone 200. [ The program of the smart phone 200 decrypts the settlement processing result through the agreed security key value and outputs the result.

According to the embodiment of the present invention, the settlement result providing unit 172 can provide the settlement processing result to the terminal or the server of the settlement request side, and the settlement processing result may be transmitted to the smartphone 200 may be provided to the terminal or server of the payment request side.

2 is a diagram illustrating a functional configuration of a smartphone 200 according to an embodiment of the present invention.

In more detail, FIG. 2 illustrates an example of a method of assigning an application identification key value unique to the program based on a result of authenticating the validity and the user's real name of the program through an assigned key value included in the program at the time of program distribution, 200, and a voice communication network, and maps the application identification key value and the application identification key value assigned to the program to a user identification number FIG. 2 illustrates a configuration of a program function for a smartphone 200 that maps the card information of the user to a personal identification number through a secure channel configured through a personal identification number input by the user. It is possible to refer to and / or modify Figure 2 to illustrate various implementations of the smart phone 200 functionality However, the present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG. In particular, the configuration of the smart phone 200 shown in FIG. 2 may further include a configuration of a smart phone 200 that is currently / in the future, and thus the present invention is not limited thereto.

2, the smartphone 200 includes a control unit 201, a memory unit 213, a screen output unit 202, a key input unit 203, a sound output unit 204, a sound input unit 205, A camera module 206, a wireless network communication module 209, a short range wireless communication module 208, a positioning module 210, a USIM reader 211 and a USIM 212 and a battery 207 for power supply, Respectively.

The control unit 201 is a collective term for controlling the operation of the smart phone 200 and includes at least one processor and an execution memory. BUS). According to the present invention, the control unit 201 loads at least one program code provided in the smartphone 200 into the execution memory through the processor, and outputs the result through at least one configuration And controls the operation of the smart phone 200. [ Hereinafter, a function configuration unit implemented in the form of program code for implementing the present invention will be described in the control unit 201 of FIG. 2 for convenience.

The memory unit 213 is a general term of the nonvolatile memory included in the smartphone 200 and includes at least one program code executed through the control unit 201 and at least one data set used by the program code And stores it. The memory unit 213 basically includes a system program code and a system data set corresponding to the operating system of the smartphone 200, a communication program code and communication data set for processing a wireless communication connection of the smartphone 200, One application program code and application data set are stored, and the program code and data set for implementing the present invention are also stored in the memory unit 213. [

The screen output unit 202 is composed of a screen output device (for example, an LCD (Liquid Crystal Display) device) and an output module for driving the screen output device 202. The screen output unit 202 is connected to the control unit 201 via a bus, And outputs an operation result corresponding to the screen output to the screen output device.

The key input unit 203 comprises a key input device having at least one key button (or a touch screen device interlocked with the screen output unit 202) and an input module for driving the key input unit. The control unit 201, And inputs a command for commanding various operations of the control unit 201 or data necessary for the operation of the control unit 201. [

The sound output unit 204 is composed of a speaker for outputting a sound signal and a sound module for driving the speaker. The sound output unit 204 is connected to the control unit 201 through a bus, And outputs the result of the operation through the speaker. The sound module decodes sound data to be output through the speaker and converts the sound data into a sound signal.

The sound input unit 205 includes a microphone for receiving a sound signal and a sound module for driving the microphone, and transmits the sound data input through the microphone to the control unit 201. The sound module encodes and encodes a sound signal input through the microphone.

The camera unit 206 includes the optical unit, a CCD (Charge Coupled Device) and a camera module for driving the CCD unit, and obtains bitmap data input to the CCD through the optical unit. The bitmap data may include both still image data and moving image data.

The wireless network communication module 209 is a collective term for communicating wireless communication and includes at least one antenna, an RF module, a baseband module, and a signal processing module for transmitting and receiving a radio frequency signal of a specific frequency band. The control unit 201 is connected to the control unit 201 via a bus and transmits the calculation result corresponding to the wireless communication among the various calculation results of the control unit 201 through wireless communication or receives data through wireless communication and transmits the calculation result to the control unit 201 And simultaneously maintains the procedure of connection, registration, communication, and handoff of the wireless communication. According to the present invention, the wireless network communication module 209 connects the smart phone 200 to the voice communication network, and may connect the smart phone 200 to the data communication network in some cases.

According to an embodiment of the present invention, the wireless network communication module 209 is a mobile communication module that performs at least one of connection to a mobile communication network, location registration, call processing, call connection, data communication, and handoff according to a CDMA / WCDMA standard And text messages such as SMS, EMS, and MMS are transmitted and received through the voice call network.

The short-range wireless communication module 208 is composed of a short-range communication module for connecting a communication session using a radio frequency signal as a communication medium within a predetermined distance. Preferably, the short-range wireless communication module 208 is an RFID communication module, a Bluetooth communication module, , And public wireless communications. According to an embodiment of the present invention, the short range wireless communication module 208 may be integrated with the wireless network communication module 209. According to the present invention, the short-range wireless communication module 208 connects the smart phone 200 to a data communication network.

The USIM reader 211 is a generic term of a configuration for exchanging at least one data set with a universal subscriber identity module that is mounted or detached from the smart phone 200 based on the ISO / IEC 7816 standard , And the data set is exchanged in a half duplex communication manner through an APDU (Application Protocol Data Unit).

The USIM 212 is an SIM type card provided with an IC chip according to the ISO / IEC 7816 standard, and includes an input / output interface including at least one contact connected to the USIM reader 211, An IC chip memory for storing a program code for a chip and a data set; and a memory for storing the program code for the IC chip or extracting the data set in accordance with at least one command transmitted from the smartphone (200) And transmitting the processed data to the input / output interface.

The input / output interface includes at least one of a power supply (VCC), a reset signal (RST), a clock signal (CLK), a ground (GND), a programming power supply (VPP), and an input / output , The processor interfaces with the USIM reader 211 via the contact. The IC chip memory stores system program codes and system parameters corresponding to the operating system of the IC chip and at least one security module, and stores at least one communication required for connection to the wireless communication network of the smartphone (200) (Subscriber Identity Module) information including parameters. According to an embodiment of the present invention, the IC chip memory includes at least one storage area for each applet issuer (for example, SD (Security Domain)) storing program codes (= applets) and data sets produced by at least one applet issuer )).

The positioning module 210 includes a GPS positioning module for positioning a moving position of the smartphone 200. The positioning module 210 receives a satellite signal transmitted from at least three GPS satellites orbiting the earth orbit, 200 are calculated.

According to another embodiment of the present invention, the position location module 210 is connected between the smartphone 200 and a base station (or an access point) in cooperation with a positioning device on a communication network associated with at least two base stations And a terrestrial positioning module for positioning the position of the smartphone 200 using a frequency arrival time (or an arrival angle) in a terrestrial positioning system.

According to the present invention, the smart phone 200 downloads and installs a program including an assigned key value associated with a verification key value registered in the card payment system at the time of program distribution. Here, the assigned key value assigned to the program at the time of downloading or installing the program can verify the validity of the program, but can not uniquely identify the program with other programs of the same type.

Referring to FIG. 2, the program includes an assignment key holding unit 220 for holding an assignment key value allocated to the program, a verification data forming unit 224 for composing program verification data for verifying the program, And a program verification request unit (228) for encrypting the program verification data through the assigned key value and transmitting the encrypted program verification data through the data communication network of the smartphone (200).

The assignment key value is a key value assigned to the program at the time of program distribution, and is paired with a verification key value registered in the card payment system. The allocation key storage unit 220 may store the allocation key value allocated to the program in the memory of the memory unit 213 or the USIM 212 at the time of downloading the program. Alternatively, the allocation key storage unit 220 may store the allocation key value in a specific file included in the program. Alternatively, the allocation key holding unit 220 may maintain the allocation key value on the specific program code constituting the program.

The verification data construction unit 224 identifies program information including at least one of program ID information, version information, and registration date / time information for the program. When the program verification data includes a terminal identification value, the verification data configuration unit 224 includes at least one of a phone number, a device serial number, a USIM 212 serial number, and a MAC address of the smartphone 200 The terminal identification value can be checked. Or if the program verification data includes a communication network identification value, the verification data configuration unit 224 includes at least one of a telephone number, a network identification value, an exchange assignment value, a subscriber number, and a contract number of the smartphone 200 It is possible to confirm the communication network identification value. Or if the program verification data includes a location identification value, the verification data construction unit 224 confirms the GPS location information of the smartphone 200 using the location location module 210, And derives a position identification value obtained by processing the GPS position information so that GPS position information can be matched with the terrestrial position information calculated through the base station of the wireless communication company to which the smartphone 200 subscribes.

The verification data creation unit 224 configures the program verification data including the program information and one or more identification values, and the program verification request unit 228 registers the allocation key value allocated to the allocation key storage unit 220 as And transmits the encrypted program verification data to the card settlement system through the data communication network of the smartphone 200. [ According to the embodiment of the present invention, in the program verification process, the card payment system and the program can exchange a session key value (or a key exchange value for generating a session key value).

The card payment system receiving the encrypted program verification data decrypts the program verification data through a verification key value paired with the assigned key value, and then reads the program information to authenticate the validity of the program. If at least one of the terminal identification value, the communication network identification value, and the location identification value is included in the program verification data, the card payment system stores the identification value identified through the communication company connected to the smartphone 200 And compares the identification value of the program verification data to verify that the terminal equipped with the program is actually the smartphone 200 of the user.

Referring to FIG. 2, the program includes a user information input unit 232 for inputting user information for authenticating a user's real name, and a user information input / And a user information transmission unit 236 for encrypting the information and transmitting the information through the data communication network.

If the program is verified, the user information input unit 232 outputs an interface for inputting user information, and processes the input user information. If the user information is input through the interface, the user information transmitter 236 encrypts the user information and transmits the encrypted user information to the card settlement system through the data communication network. If the exchanged session key value exists in the process of verifying the program, the user information transmitting unit 236 may transmit the encrypted session key value to the user information transmitting unit 236, And encrypt and transmit the user information through the exchanged session key value. If the token value is allocated to the program, the user information transmitter 236 may further include the token value in the user information, and transmit the encrypted token value to the card settlement system. According to the embodiment of the present invention, in the program verification process, the card payment system and the program can exchange a session key value (or a key exchange value for generating a session key value).

Upon receiving the encrypted user information, the card payment system decrypts the user information through the assigned key value (or session key value), and authenticates the user's real name according to a designated user's real name authentication procedure.

Referring to FIG. 2, the program includes an application identification key receiving unit 240 for receiving an application identification key value encrypted through the exchanged session key value through the data communication network in the program verification process or the user real name authentication process, And an app identification key registration unit 244 for decrypting the app identification key value through the key value and registering the app identification key value in the program or replacing the assignment key value with the app identification key value.

If the user's real name is authenticated based on the user information, the application identification key receiving unit 240 receives the encrypted application identification key value from the card payment system through the session key value exchanged during the program verification process or the user's real name authentication process , The app identification key registration unit 244 decodes the app identification key value through the session key value exchanged with the card settlement system. When the app identification key value is decoded, the app identification key registration unit 244 registers the app identification key value in the program or replaces the assignment key value with the app identification key value.

According to an embodiment of the present invention, the app identification key registration unit 244 may deactivate (or delete) the assigned key value and store the same in the memory unit 213, or the USIM 212 of the smart phone 200 ) Or an IC chip. According to the intention of the person skilled in the art, the app identification key value can be encrypted and decrypted with a designated encryption method.

According to another embodiment of the present invention, when the assigned key value is contained in a specific configuration file constituting the program, the appidentification key receiving unit 240 receives a form of a renewal file for updating the specific configuration file from the card payment system The application identification key registration unit 244 can update the specific configuration file with the update file.

According to another embodiment of the present invention, when the allocated key value is included in the program code constituting the program, the app identification key receiving unit 240 debugs the program code from the card payment system, The application identification key registration unit 244 receives the change target file, the change destination address, and the application identification key value for changing the maintained program code area to the app identification key value, To the app identification key value.

Referring to FIG. 2, the program includes a personal identification number input unit 248 for inputting a personal identification number of the user, an authentication number value received through the voice communication network of the smart phone 200, A temporary security channel negotiation unit 252 for negotiating a temporary security key value for connecting a temporary secure channel using a key value as a key generation value, and a temporary security channel negotiation unit 252 for encrypting the personal identification number through the temporary security key value, The personal identification number input unit 248 inputs an authentication number value received through the voice communication network, and the personal identification number transmission unit 256 transmits the temporary security key value And encrypts the authentication number value together with the personal identification number.

After the application identification key value is allocated to the program, the card payment system sends a message including an authentication number value for authenticating the program through the voice communication network of the smartphone 200, The authentication unit 248 outputs an interface for inputting the personal identification number of the user at any time before / during / after the authentication number value is received. If the interface is output after the message including the authentication number value is received, the personal identification number input unit 248 may output an interface for inputting the authentication number value together with the personal identification number.

The temporary security channel consensus unit 252 receives the application identification key value received through the data communication network of the smartphone 200 and allocated to the program and the authentication number value included in the message received through the voice call network, To settle the temporary security key value with the card settlement system.

If the personal identification number is input via the interface, the personal identification number transmitter 256 encrypts the personal identification number using the agreed-upon temporary security key value and transmits the personal identification number to the card payment system via the data communication network. If the personal identification number and the authentication number value are inputted through the interface, the personal identification number transmitter 256 encrypts the personal identification number and the authentication number value through the agreed provisional security key value, To the card settlement system. If the token value is allocated to the program, the personal identification number transmitter 256 may further include the token value in the personal identification number, and transmit the encrypted personal identification number to the card payment system.

Referring to FIG. 2, the program includes a card information input unit 260 for inputting card information of a user to be mapped with the personal identification number, a personal identification number input by the user, And a card information registering unit (268) for encrypting the card information through the secure key value and transmitting the encrypted card information through the data communication network, wherein the secure channel reconciliation unit (264) The card information registration unit 268 may encrypt the personal identification number together with the card information through the security key value and transmit the encrypted personal identification number.

When the personal identification number and the app identification key value are registered in the card payment system, the card information input unit 260 outputs the interface for inputting the personal identification number and inputting the card information of the user to be mapped with the personal identification number . If the personal identification number entered in the personal identification number registration process is maintained, it is not necessary to double-input the personal identification number.

The secure channel consensus unit 264 receives the application identification key value received through the data communication network of the smartphone 200 and allocated to the program and the personal identification number input by the user, And the security key value. Meanwhile, the secure channel consensus unit 264 may consent to the security key value by replacing the personal identification number with the substitute identification number through the number replacement module. In the present invention, the security key value is directly used by using the personal identification number Or consensus of the security key value using the substitute identification number is regarded as belonging to the same technical category of agreeing the security key value through the personal identification number.

When the card information is input through the interface, the card information registration unit 268 encrypts the card information through the agreed security key value and transmits the card information to the card settlement system through the data communication network. If the card information and the personal identification number are inputted through the interface, the card information registration unit 268 encrypts the card information and the personal identification number through the agreed security key value, and transmits the card information and the personal identification number to the card payment system via the data communication network Lt; / RTI > If the token value is allocated to the program, the card information registering unit 268 may further include the token value in the card information, transmit the token value to the card settlement system.

Referring to FIG. 2, the program includes an invoice checking unit 272 for confirming that an invoice to be charged to the user is registered in the card payment system, and an invoice checking unit 272 for requesting N (N? 1) invoices And a billing request unit 276 configured to form billing request information and transmit the billing request information to the card settlement system. When transmitting the billing request information, the secure channel agreement unit 264 compares the personal identification number input by the user The security key value for connecting the card settlement system and the secure channel is confirmed by using the app identification key value as a key generation value or a pre-agreed security key value is confirmed. The bill request unit 276 transmits the bill request information And transmits the encrypted data to the card settlement system through the data communication network.

The bill validation unit 272 receives a push message from the card payment system via the data communication network that one or more billing information has been registered in the bill of the user. According to the embodiment of the present invention, the bill validation unit 272 can confirm whether a text message for confirming the bill registration is received through the voice communication network.

When the invoice registration is confirmed, the invoice request unit 276 constitutes invoice request information requesting N of the registered one or more invoices. According to an embodiment of the present invention, the billing request unit 276 may output an interface for inputting a bill extraction condition for extracting N bill among the registered one or more billings. In this case, Includes the entered invoice extraction condition.

When transmitting the billing request information, the secure channel agreement unit 264 uses the personal identification number (or alternate identification number) input by the user and the app identification key value as a key generation value, Channel or a pre-agreed security key value, and the billing request unit 276 encrypts the billing request information through the security key value and transmits the encrypted billing request information to the card settlement system through the data communication network .

2, the program includes an invoice information receiver 280 for receiving N (N > = 1) bill information from the card settlement system, and when receiving the bill information, the secure channel consensus unit 264) confirms a security key value that agrees with the security key value connecting the card payment system and the secure channel using the personal identification number input by the user and the app identification key value as a key generation value, The bill receiving unit 154 may decrypt the received N bill information through the security key value.

After the billing request information is transmitted, the secure channel consensus unit 264 uses the personal identification number (or alternate identification number) input by the user and the app identification key value as a key generation value, The billing information receiving unit 280 receives N pieces of billing information encrypted with the security key value from the card payment system, and the security key value And decrypts the encrypted N pieces of billing information.

Referring to FIG. 2, the program includes a settlement determination unit 284 for determining n (1? N? N) settlement bill identification values among the N bill information, A secure channel reconciliation unit 264 for negotiating a security key value for connecting the card settlement system and the secure channel using the number and the app identification key value as a key generation value or confirming a pre-agreed security key value, And a payment request unit 288 for encrypting the password and the personal identification number through the security key value and transmitting the encrypted personal identification number to the card settlement system through the data communication network.

The settlement determination unit 284 includes an interface for selecting n settlement billing items among the N pieces of billing information in the N pieces of billing information and outputs n pieces of billing information corresponding to n pieces of billing information selected through the interface Determine the billing identification value.

The secure channel consensus unit 264 consults the security key value connecting the card settlement system and the secure channel by using the personal identification number (or alternate identification number) input by the user and the app identification key value as key generation values Or the pre-agreed security key value, and the payment request unit 288 encrypts the n bill identification values and the personal identification number through the agreed security key value, and transmits the n bill identification value and the personal identification number to the card payment system through the data communication network . Here, the personal identification number is input through the personal identification number input unit 248.

Referring to FIG. 2, the program includes a settlement result processing unit 290 for receiving and outputting a settlement processing result from the card settlement system. When receiving the settlement processing result, the secure channel settlement unit 264 A security key value for connecting the card settlement system and the secure channel by using the personal identification number input by the user and the app identification key value as a key generation value, or confirms a pre-agreed security key value, (290) can decrypt the received payment processing result through the security key value and output it.

The secure channel consensus unit 264 consults the security key values connecting the card settlement system and the secure channel by using the personal identification number and the app identification key value input by the user as key generation values, The settlement result processing unit 290 receives the settlement processing result encrypted using the security key value from the card settlement system and decrypts the received settlement processing result through the secure key value and outputs the decrypted result.

FIG. 3 is a diagram illustrating a program verification process according to an embodiment of the present invention.

In more detail, FIG. 3 is a flow chart illustrating a process of distributing a program including the allocation key value through a program distribution server 181 after determining an allocation key value and a verification key value in the card payment system, storing the verification key value, The validity of the program and the validity of the smartphone 200 loaded with the program are verified through the program verification data when the program verification data encrypted with the assigned key value is provided. Those skilled in the art will be able to refer to and / or modify Figure 3 to infer various implementations of the program verify process (e.g., omitting some of the steps or configurations, or altering the order) However, the present invention includes all of the above-mentioned embodiments, And the technical features thereof are not limited only by the illustrated method.

Referring to FIG. 3, the card settlement system determines 300 an allocation key value to be embedded in the program and a verification key value to verify the allocation key value in the process of generating the program (300), and then, (305), registers the key value in the program, and registers the value in the program distribution server (181) (310).

The smartphone 200 downloads a program containing the assigned key value from the program distribution server 181, installs and runs the program, and the program initializes the program according to the defined program initialization procedure. For example, if the smartphone 200 is an iPhone-based system, a push token value may be assigned to the program according to Apple's APNS protocol.

The program identifies at least one information or value defined to be included in the program verification data among the program information, the terminal identification value, the communication network identification value, and the location identification value, and the program verification data including the verified information or value (320), encrypts the program verification data using the assigned key value embedded in the program (325), and transmits the encrypted program verification data to the card settlement system (330).

The card settlement system decrypts the program verification data through the verification key value after receiving the encrypted program verification data (335), compares the program information included in the program verification data with the stored program information, The validity is verified (340). If the program is verified, the card payment system authenticates (345) whether at least one of the terminal identification value, the communication network identification value, and the location identification value contained in the program verification data is valid (345) (350) to the smartphone (200), and the program outputs the received program verification result (355). Here, the program verification result may be encrypted with the verification key value and transmitted. In this case, the program may decrypt the encrypted program verification result through the assigned key value. According to the present embodiment, the program verification result may further include a session key value (or a key exchange value).

4 is a diagram illustrating a process of assigning a user authentication and an app identification key according to an embodiment of the present invention.

4, when the program of the smartphone 200 is verified through the process shown in FIG. 3, after authenticating the user's real name, an app identification key value that uniquely identifies the program is determined and assigned to the program The present invention is not limited to the above-described embodiments, and various changes and modifications may be made without departing from the scope of the present invention. The present invention may be embodied in all of the above-described modes of practicing the invention, and it is to be understood that the technical features of the present invention are not limited thereto Or more.

Referring to FIG. 4, if the program of the smartphone 200 is verified through the process shown in FIG. 3, the program receives (400) user information and encrypts the user information through the assigned key value (405) to the card payment system (410). The user information may further include a token value, or may further include a session key value (or a key exchange value) for session key exchange.

The card payment system decrypts the user information through the verification key value after receiving the encrypted user information (415). When the token value is further included in the user information, the card payment system stores the token value Can be authenticated.

The card payment system authenticates the user's real name through the decrypted user information (420) and stores the real name authorized user information (425).

The card payment system determines 430 an app identification key value that uniquely identifies the program, determines a session key value based on the key exchange result associated with the program verification and the user's real name authentication process 435, Encrypts the APP identification key value through a key value (440), and transmits the encrypted APP identification key value to the smart phone (445).

The program decides a session key value based on a key exchange result with the card settlement system, decrypts the app identification key value through the session key value (455), and assigns the app identification key value to the program (460).

5 is a diagram illustrating a personal identification number registration process according to an embodiment of the present invention.

5, after determining the authentication number value to be transmitted through the voice communication network in the card payment system, the authentication number value is sent to the smartphone 200 through the voice communication network of the smartphone 200 The program identifies a user identification number to be mapped to the card information of the user in the program. The identification number of the user to be mapped to the card identification information is used as the key generation value, using the authentication number value and the app identification key value allocated to the program, The card payment system consults the temporary security key value, and when the program encrypts and transmits the personal identification number through the agreed temporary security key value, the card payment system authenticates the authentication number value, And mapping and storing the personal identification number and the app identification key value. In the technology of the present invention, It is possible to refer to and / or modify the FIG. 5 to infer various embodiments of the personal identification number registration procedure (e.g., omitting some steps or configurations, or changing the order) The present invention is not limited to the above-described embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 5, the card settlement system determines 500 an authentication number value to be transmitted to a smart phone 200 to which an app identification key value is allocated through a voice communication network through a voice communication network, Phone number of the phone 200 as the telephone number of the message receiving side and configures a text message including the authentication number value in the message body so as to be sent to the smart phone 200 through the voice communication network 505 ).

The smartphone 200 receives the message through the voice communication network and outputs an authentication number value 510. The program inputs the authentication number value and a personal identification number to be mapped with the card information of the user And outputs the input interface to the user so that the authentication number value and the personal identification number are input (515).

If the authentication number value and the personal identification number are input, the program uses the authentication number value and the app identification key value allocated to the program through the process shown in FIG. 4 as a key generation value, The temporary security key value corresponding to the one-time encryption key for the personal identification number registration is agreed (520). According to an embodiment of the present invention, the temporary security key value is a disposable encryption key in which the program and the card settlement system dynamically agree with each other without exposing the authentication number value and the application identification key value to the network according to the SRP protocol, The key agreement protocol can be selected by selecting any one of the key agreement protocols other than the SRP protocol.

If the temporary security key value is agreed, the program encrypts the entered personal identification number and the authentication number value through the agreed temporary security key value (525) and transmits the encrypted personal identification number and the authentication number value to the card payment system (530) May further include a token value assigned to the program. Meanwhile, according to the embodiment of the present invention, when the authentication number value is used only for the purpose of agreeing the temporary security key value in the personal identification number registration process, the authentication number value may be omitted from the encryption target. The invention is not limited.

After receiving the encrypted personal identification number and the authentication number value, the card payment system decrypts the personal identification number and the authentication number value through the agreed temporary security key value (535), adds the token value It is possible to authenticate the token value according to a designated token authentication procedure.

Meanwhile, when the authentication number value is decrypted together with the personal identification number, the card payment system compares the decrypted authentication number value with the authentication number value sent to the smartphone 200 through the voice call network, (Step 540). The personal identification number and the application identification key value allocated to the program are connected to each other through the process shown in FIG. 4 and stored in the storage medium 178 (step 545).

FIG. 6 is a diagram illustrating a process of mapping a personal identification number and a card information according to an embodiment of the present invention.

6 is a flowchart illustrating a process of inputting a user's card identification information to a user after a user's personal identification number is mapped to an app identification key value that uniquely identifies the program through the process shown in FIG. When the personal identification number and the app identification key value assigned to the program are used as a key generation value, the card settlement system and the security key value are agreed, and the personal identification number is encrypted using the agreed security key value, The payment system authenticates the personal identification number, maps the personal identification number and the card information of the user based on the personal identification number, and stores the mapped card information. As a person skilled in the art to which the present invention pertains, Referring to and / or modifying FIG. 6, various implementations of the personal identification number and card information mapping process (For example, an operation method in which some steps or configurations are omitted or the order is changed), but the present invention includes all of the above-mentioned embodiments, Technical features are not limited.

Referring to FIG. 6, after the user's personal identification number is mapped to an application identification key value that uniquely identifies the program, the program inputs user's card information and personal identification number (600) so that the card information and the personal identification number are input by the user. However, when the registered personal identification number can be referred to through the process shown in FIG. 5, it is optional to input the personal identification number. According to an embodiment of the present invention, the program may replace the personal identification number with an alternative identification number for agreeing the security key value through a number replacement module (605).

The program uses the personal identification number (or alternate identification number) and the app identification key value assigned to the program as a key generation value to agree the security key value corresponding to the one-time encryption key for card information mapping with the card payment system (610). According to an embodiment of the present invention, the security key value is a disposable encryption key in which the program is dynamically agreed with the card settlement system without exposing the personal identification number (or alternate identification number) , Which may be agreed upon by any of the key agreement protocols other than the SRP protocol according to the intention of those skilled in the art.

When the security key values are agreed, the program encrypts the inputted card information and the personal identification number through the agreed security key value (615) and transmits the encrypted card information and the personal identification number to the card payment system (620) And may further include an assigned token value. Meanwhile, in the card information mapping process according to the embodiment of the present invention, when the personal identification number is used only for the purpose of agreeing the security key value, the personal identification number may be omitted from the encryption target, Or more.

After receiving the encrypted card information and the personal identification number, the card payment system decrypts the card information and the personal identification number through the agreed security key value (625), and the card information includes the token value The token value can be authenticated according to the designated token authentication procedure.

Meanwhile, when the personal identification number is decrypted together with the card information, the card payment system compares the decrypted personal identification number with the personal identification number registered through the process shown in FIG. 5, , The card information and the personal identification number are connected and stored in the storage medium 178 (635), and then the smart phone 200 is notified that the card information and the personal identification number are completely mapped.

7 is a diagram illustrating a process of registering and providing an invoice according to an embodiment of the present invention.

In more detail, FIG. 7 shows a process of receiving billing information to be charged to a user from a payment requesting side and registering the billing information to the smart phone 200, and in the technology field of the present invention, It is possible to refer to and / or modify the FIG. 7 to infer various implementations of the invoice registration and provision process (e.g., omitting some steps or configurations, or changing the order) However, the present invention includes all of the above-mentioned embodiments, and the technical features of the present invention are not limited only by the method shown in FIG.

Referring to FIG. 7, the card payment system includes biller identification values for identifying the user, billing information including billing amount and billing request side information from the terminal or server on the payment request side requesting payment or payment to the user, (700), checks user information matched with the payer identification value corresponding to the received bill information, and associates the bill information with the user information (or an app identification key value matched with the user information) (705).

The card payment system may push a push message including that the at least one bill is registered in the bill of the user through the data communication network to the smartphone 200 or send a text message including the bill registration through the voice call network (710).

In response to the bill registration notification, the program is activated to input a user's personal identification number (715) and replace the personal identification number with the replacement identification number through the number replacement module (720). The program agrees (725) the security key value with the card settlement system using the personal identification number (or alternate identification number) and the app identification key value as a key generation value, and transmits an invoice After configuring the request information, the billing request information is encrypted through the agreed security key value (730) and transmitted to the card settlement system (735).

The card payment system receives the encrypted request information and decrypts the encrypted information by using the agreed security key value (740). If the card information further includes the token value, the card payment system decrypts the token value according to a designated token authentication procedure You can authenticate.

The card payment system extracts N pieces of bill information corresponding to the billing request information, encrypts the bill information through the agreed security key value (745), and transmits the encrypted bill information to the smart phone 200 (750) And decrypts the decrypted security key value using the agreed security key value (step 755).

8 is a diagram illustrating a payment process using an app identification key and a personal identification number according to an embodiment of the present invention.

FIG. 8 is a flowchart illustrating a process of authenticating an application identification key value uniquely assigned to a program of the smart phone 200 and a personal identification number input by a user, and then, based on the card information of the user mapped with the personal identification number, And the process of making the payment of the bill provided through the process shown in FIG. 7 is approved. If the person skilled in the art is in the process of referring to and / or modifying FIG. 8, It is to be understood that the invention may be practiced otherwise than as specifically described herein, but it is to be understood that the invention may be practiced otherwise than as specifically described herein, The technical features thereof are not limited by the implementation method alone.

Referring to FIG. 8, a program receiving N bill information through the process shown in FIG. 7 determines (n) 800 billable bills out of the N bill information (800) inputting a personal identification number for payment approval of n settlement billing bills (this may be omitted in the case of using the personal identification number input through the process shown in Fig. 7) 805, The personal identification number may be replaced with an alternative identification number (810). The program consults the security key value with the card payment system using the personal identification number (or alternate identification number) and the app identification key value as a key generation value, or confirms the pre-agreed security key value (815) Encrypts n bill identification values and the personal identification number identifying the bill subject to billing, encrypts the bill identification value using the security key value (820), and transmits it to the card payment system (825).

The card settlement system decrypts the received n number of bill identification values and the personal identification number by using the agreed security key value (830). If the card information further includes the token value, The token value may be authenticated according to the token authentication procedure.

Meanwhile, when the personal identification number is decrypted together with the card information, the card payment system compares the decrypted personal identification number with the registered personal identification number and verifies whether they match or not (835). If the personal identification number is authenticated (Step 840), the settlement of the bill corresponding to the n settlement bill identification values is approved through the card information of the user mapped with the personal identification number.

The card payment system checks the processing result of the payment, encrypts the confirmed payment processing result through the security key value (845), and transmits it to the smartphone 200 (850) And outputs the decrypted result through the security key value (step 855).

100: program verification unit 103: verification key holding unit
106: user information receiving unit 109: user real name authentication unit
112: App identification key determination unit 115: App identification key assignment unit
118: Authentication number determination unit 121: Authentication number sending unit
124: Temporary security key agreement unit 127: Temporary security key decryption unit
130: Personal identification number receiver 133: Authentication number authentication unit
146: personal identification number registration unit 139: security key agreement unit
142: card information reception unit 145: security key decryption unit
148: personal identification number authentication unit 151: card information mapping unit
154: Invoice Receiving Section 157: Invoice Registration Section
160: bill notification section 163: bill request receiving section
166: Invoice providing unit 169: Payment request receiving unit
172: Payment result providing unit 175: Payment processing unit
178: Storage medium 200: Smart phone

Claims (4)

A system that is implemented through a server that communicates with a program installed and run on a user smartphone,
The program is uniquely assigned to the program of the user smartphone so as to uniquely identify the program installed in the user smart phone as a result of user real name authentication using the user smart phone after the program specific to the user smart phone is installed, A personal identification number registration unit for checking an app identification key value stored in a designated storage area of a smart phone, storing a program of the user smart phone by associating a personal identification number of the registered user with the app identification key value;
A card information mapping unit for mapping and managing the card information of the user registered through the program of the user smart phone and the personal identification number;
A key exchange procedure for assigning the app identification key value and the personal identification number to a key generation value of a designated key exchange protocol to be performed by communicating with the program of the user smartphone when the personal identification number is inputted through the program of the user smart phone, A security key agreement unit for negotiating a security key value for connecting a secure channel of the user smartphone with a program of the smartphone;
The application identification key value and the personal identification number are substituted into the key generation value of the key exchange protocol, and the security key is set based on the security key value agreed with the program of the user smart phone, A payment request receiving unit for receiving a user's personal identification number for extracting card information and requesting payment;
Wherein the received personal identification number is mapped to an app identification key value uniquely assigned to a program of a user smartphone on which the secure channel is formed and a status mapped with the card information of the user is authenticated; And
And a payment processor for processing the personal identification number to authenticate the payment through the card information mapped to the personal identification number when the personal identification number is authenticated.
The method according to claim 1,
(Or a key generation rule for dynamically generating the verification key value) for verifying an assignment key value contained in a program provided by a user smart phone (or an assignment key value dynamically generated based on a key generation rule embedded in the program) A verification key holding unit;
When the program installed in the user smart phone is activated, an assignment key value embedded in the program (or a dynamically generated key value based on the key generation rule) through the verification key value (or a verification key value dynamically generated based on the key generation rule) A program verification unit for verifying the assigned key value;
A user information receiver for receiving encrypted user information from the user smartphone through a data network of the smartphone;
A user real name authentication unit for decrypting the encrypted user information and authenticating a user's real name for the user;
An app identification key determination unit that determines an app identification key value that uniquely identifies a program of the user smart phone as a result of the user real name authentication; And
An app identification key assigning unit which encrypts the app identification key value through the session key value exchanged with the user smart phone and provides the app identification key value to the user smart phone through the data network and stores the encrypted app identification key value in a designated storage area of the user smart phone Wherein the card identification information includes at least one of identification information and identification information.
The method according to claim 1,
Further comprising an invoice providing unit for providing N (N > = 1) invoice information requested by the user as a program of the user smartphone.
The method of claim 1, wherein the payment request receiver comprises:
Wherein when the N (N? 1) pieces of billing information are provided to the user smartphone program, n (1? N? N) billing target identification values of the N pieces of billing information are received through the secure channel Card payment system through program identification.

Images