KR20180026432A - Payment by using Payment Identification Number Dynamic Mapped Payment Means - Google Patents

Abstract

According to the present invention, a payment using a payment identification number dynamically mapped with a payment means is executed by a method performed by a wireless terminal which has processors and storage resources as well as communication resources for being connected to a telecommunication network for exchanging messages or phone calls and a data network for internet connections through multiple connections. In the method, a designated application is downloaded and operated in the wireless terminal and then the operated application allows the telecommunication network and the data network to intervene through the communication resources in a multiple mode based on information allocated to the wireless terminal on the basis of the telecommunication network to be linked to a designated server so that a designated authentication process is performed to authenticate validity of the application in the wireless terminal. At least one information checked through the server or the wireless terminal in the authentication process is used to check a unique identification value automatically determined to uniquely identify the application of the wireless terminal without overlapping. When the validity of the application is authenticated through the authentication process of allowing the telecommunication network and the data network to intervene in a multiple mode, the authenticated application is processed to map and store payment means information of the user and the checked unique identification value to a storage medium designated through the server. The unique identification value is used as a medium for the payment identification number to be confirmed so that the payment identification number is set to be used as a means for extracting the payment means information of the user stored in the storage medium by using the one-time number wherein the one-time number is dynamically generated through an application identified through the unique identification value.

Description

Payment with Payment Identification Number Dynamic Mapped Payment Means with Payment Method [

The invention provides a method implemented by a wireless terminal having a processor and storage resources and having a communication network capable of multiple connections to a data network for a telephone network and Internet connection for telephone calls or message exchanges, The mobile terminal according to claim 1, wherein, after the application specified in the terminal is downloaded and installed, the driven application intervenes the telephone network and the data network through the communication resource based on the information allocated to the wireless terminal on the basis of the telephone network, The mobile terminal may perform an authentication process to authenticate the validity of an application installed in the mobile terminal while identifying the application of the mobile terminal using at least one information confirmed through the server or the mobile terminal during the authentication process, A unique identification value that is automatically determined is confirmed, and the telephone network and the data network are interlinked with each other When the validity of the app is authenticated through the authentication process, the authenticated app processes the payment information of the user and the unique identification value identified in the storage medium designated through the server so as to store the unique identification value, The payment identification number to be determined using the one-time number to be dynamically generated through the application identified through the application is used as a means for extracting the payment means information of the user stored in the storage medium by using the unique identification value as an intermediary And payment using payment identification numbers dynamically mapped to payment means.

Online payments use an online payment tool called so-called secure clicks or secure payments. The online payment tool is intended to prevent the user's card information from being exposed on the shopping mall side, and is complicated and inconvenient to use. If the online payment tool is used for payment of a certain amount (e.g., 300,000 won) The non-face authentication of the user is strengthened by using the authorized certificate or the one-time password at the designated transaction stage, and the use process is complicated and inconvenient.

One method for solving such inconveniences is to register a fixed number such as a telephone number of the mobile terminal and a credit card number in place of the online payment tool, to register the telephone number of the mobile terminal at the time of payment and authenticate the user through the mobile terminal (Japanese Patent Application Laid-Open No. 10-2004-0065432 (July 22, 2004)) can be alternatively used, but a fixed number such as a telephone number of a mobile terminal The method of making a payment by mapping with a credit card number is more convenient than a payment method using an online payment tool, but has a problem that a telephone number is easily taken at any time, or is forged or falsified by another telephone number.

It is an object of the present invention to provide a method implemented by a wireless terminal having a processor and a storage resource and having a communication network capable of multiple connections to a data network for a telephone network and Internet connection for telephone calls or message exchanges, Wherein the mobile terminal is connected to a designated server through a plurality of interworking between a telephone network and a data network through the communication resource based on the information allocated to the wireless terminal based on the telephone network, The wireless terminal may perform an authentication process to authenticate the validity of the application installed in the wireless terminal, and during the authentication process, using at least one information confirmed through the server or the wireless terminal, A first step of confirming a unique identification value that is automatically determined not to be valid, When the validity of the app is authenticated through an authentication process in which the authenticated app is mapped to the storage medium designated by the authenticated app via the server, And means for extracting payment means information of the user stored in the storage medium by using the unique identification value as an intermediary in the payment identification number to be determined using the one-time number to be dynamically generated through the application identified through the unique identification value And a second step of using the settlement ID to be used.

The settlement using the settlement identification number dynamically mapped to the settlement means according to the present invention includes a processor and a storage resource and is provided with a telephone network for telephone conversation or message exchange and a wireless A method executed by a terminal, the method comprising the steps of: after an application specified in the wireless terminal is downloaded and installed and operated, the operated app sends the communication resource on the basis of information allocated to the wireless terminal on the basis of the telephone network The wireless terminal may interwork with the designated network to interoperate with the designated server to authenticate the validity of the application installed in the wireless terminal and perform at least one of the information identified through the server or the wireless terminal during the authentication process And the unique identification of the mobile terminal is uniquely determined A first step of checking a star value, and a step of authenticating the validity of the app through an authentication process in which the phone network and the data network are interlinked, the authenticated app transmits the payment method information of the user to the storage medium designated through the server And a payment identification number to be determined by using a disposable number to be dynamically generated through an app identified through the unique identification value is used as a mediator to store the unique identification value, And setting up to be used as means for extracting the payment means information of the user stored in the medium.

In the payment using the payment identification number dynamically mapped to the payment means according to the present invention, the unique identification value includes a value that uniquely identifies a combination of the mobile terminal and the application actually subscribed to the communication company .

In the payment using the payment identification number dynamically mapped to the payment means according to the present invention, the second step may further include storing the unique identification value in the designated storage area of the storage resource by the application .

In the payment using the settlement identification number dynamically mapped to the payment means according to the present invention, when the payment is made using the application, the app generates N (N > = 1) disposable numbers according to the designated number generation rule, A third step of confirming the settlement identification number of the designated number system using the number and a third step of transmitting the unique settlement identification number identifying the settlement identification number and the app through the communication resource of the wireless terminal, The method comprising the steps of:

In the payment using the payment identification number dynamically mapped to the payment means according to the present invention, when the payment is made using the application, the app uses the unique identification value among I (I? 1) Further comprising the step of selecting an i < th > (1 < = i < i) service provider to provide the service, wherein the third step comprises generating a disposable number corresponding to the i & And establishing a payment identification number of the number system.

The present invention relates to a payment method using a billing identification number dynamically mapped to a payment means, the billing method comprising a processor and a storage resource, and a voice network for telephone conversation or message exchange and a wireless The method comprising the steps of: installing and downloading a designated application to the wireless terminal and then interposing the voice network and the data network on the basis of the communication resource, The mobile terminal is authenticated as a unique application actually installed in the wireless terminal that is actually subscribed to, and the payment identification number corresponding to the one-time use number to be dynamically generated at the time of payment using the wireless terminal is transmitted to the payment means Identifying the unique identification value to be used as the medium for mapping, When the wireless terminal installed with the application through the server is authenticated to the actual wireless terminal subscribed to the communication company and the application is authenticated as a unique application actually installed in the actual wireless terminal, A first step of storing the settlement identification number to be dynamically generated in a storage resource by setting the settlement identification number to be dynamically generated and a user's settlement means and storing the stored unique identification value as a medium for mapping the settlement identification number to be dynamically generated and the payment means of the user (N > = 1) number generated by substituting one or more seed values obtained through the resource of the wireless terminal into a number generation rule corresponding to a service provider providing a service for settlement, And a specified numbered settlement formula including the determined disposable number A third step of confirming a payment identification number obtained by identifying the star number or the determined number of the disposable number in the designated number system and transmitting the payment identification number and the unique identification value to the designated server through the communication resource of the wireless terminal And a control unit.

According to the present invention, an i < th > service providing apparatus for providing a payment service by using the stored unique identification value among I (I? 1) service providers as a medium for mapping a payment identification number (1? I? J) number generation rules corresponding to the i-th service provider among J (J? 1) number generation rules are determined The method comprising: obtaining k (1? K? K) seed values to be substituted into the j number generation rule among K (K? 1) seed values obtainable through at least one resource provided in the wireless terminal; and And determining a disposable number including N (N > = 1) numbers generated by substituting the k seed values into a j number generation rule.

According to the present invention, when the unique identification value is stored, the stored unique identification value among I (I? 1) service providers is used as a medium for mapping the payment identification number to be dynamically generated at the payment time point and the payment means of the user An interface for selecting an i-th service provider identification value corresponding to an i-th (i? I?) Service provider that provides a service for making a payment, and outputting an i-th service provider identification value selected through the interface The method comprising the steps of:

According to the present invention, there is provided a method for controlling a network, comprising the steps of: checking a number generation rule and a seed acquisition rule corresponding to the registered i-th service provider; and comparing the confirmed number generation rule and the seed acquisition rule with the i- And a number generation module to which the identified number generation rule and the seed acquisition rule are applied from the server connected through the communication resource is downloaded and mapped to the i-th service provider identification value.

According to the present invention, when the unique identification value is stored, a unique identification value for mapping the payment identification number to be generated at the time of payment with the payment means of the user, and payment means information corresponding to the payment means of the user, And transmitting the request to the server through the communication resource and requesting the server to register the communication resource on the server-side storage medium.

According to the present invention, the method may further include outputting settlement information to be settled through a settlement unit that is dynamically mapped to the settlement identification number.

According to the present invention, when the wireless terminal is provided with communication resources based on Near Field Communication (NFC), the method further includes processing the payment identification number and the unique identification value to be provided to a payment terminal close to the wireless terminal through the NFC .

According to the present invention, the unique identification value includes at least one of an identification value that uniquely identifies the wireless terminal actually subscribed to the communication company and an application identification value that uniquely identifies the application installed in the wireless terminal. do.

According to the present invention, the seed value includes NULL or M (M? 1) values obtained through at least one resource provided in the wireless terminal, and when the seed value includes M values, the storage resources and the timer from the at least one resource of the resources m _{1 (1} 1≤m ≤M) of the seed value is extracted or, through the communication network ₂ m ₍₂ 1≤m ≤M) of the seed value is received, or the through a communication network m _{3 (3} 1≤m ≤M) of some seed configuration values for the seed value is received by the m ₃ of seed remaining configuration values from the storage resource is extracted or a combination of each seed value, said storage resources yi m _{4 (4} 1≤m ≤M) of the seed value corresponding to the index value of the received two or more seed value sets held through the communication network selected or in, a medium reader for reading the user possessing the mobile terminal When resources are provided, M ₅ ( _1? M _5? M) seed values are formed through medium information read through a reader resource, or when the wireless terminal is provided with a recognition resource for recognizing the user's body, M ₆ ( _1? M _6? M) seed values are formed through the biometric information of the recognized user, or when positioning resources for positioning the wireless terminal are provided, through the position information m ₇ (1≤m ≤M ₇₎ of the seed value is configured or, ₈ m from the pattern information read out from the pattern image captured by the camera when the camera resources on a resource included in the wireless terminal (1? M _8? M) seed values are formed, or m ₉ (1? M _9? M) seed values are constituted through the random number value included in the random number card paid to the user by the financial institution The M seed values are determined .

According to the present invention, the disposable number is a dynamically generated number of N (N &gt; = 1) digits, which is generated as the N digits through the seed value, or two or more Number of N digits generated after the seed value is generated, or two or more digits are generated through the seed value, and then a part of each number is combined for each N digits, or n ₁ ( ₁ ? N ₁ < N), and the number of the (Nn ₁ ) digits is received through the communication resource and is combined with the N digits, or n ₂ (n ₂ ≥ 1) position is transmitted through the communication resource, the N-digit number generated by using the n _2- digit number as a seed is received, or n ₃ (1? N ₃ &Lt; N) digit, and then (Nn ₃ ) fixed number , Or may be generated through at least one of receiving the N digits through the communication resource when the seed value is NULL.

According to the present invention, the settlement identification number may be either the disposable number or a disposable number generated by the number system of the payment means, or a part of the disposable number excluding the fixed number area of the number system of the payment means may be used as the disposable number It may contain an alternate number.

According to the present invention, a payment identification number to be dynamically determined through an application provided in a user wireless terminal at a user's payment time, not a fixed number, is mapped to payment means issued to each user in each financial institution, The validity of the payment with the user is confirmed through the payment identification number dynamically determined through the application at the time of payment, and at the same time, the payment means of the specific financial institution dynamically mapped with the authenticated payment identification number is confirmed, There is an advantage in that it provides a simple and convenient non-face-to-face transaction without complicated information input or non-face authentication.

1 is a diagram showing a system configuration of the present invention.
2 is a diagram showing the configuration of a wireless terminal and an application function of the present invention.
FIG. 3 and FIG. 4 are diagrams illustrating an application loading and authentication process according to an embodiment of the present invention.
5 and 6 are diagrams illustrating a process of mapping a payment identification number to be dynamically determined through an application and a payment means of a user according to an embodiment of the present invention.
FIG. 7 illustrates a process of dynamically determining a payment identification number through an application according to an embodiment of the present invention.
FIG. 8 and FIG. 9 are views illustrating a process for performing a payment approval procedure through a payment means mapped with a payment identification number according to an embodiment of the present invention.

The operation principle of the preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings and description. It should be understood, however, that the drawings and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention, and are not to be construed as limiting the present invention. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The terms used below are defined in consideration of the functions of the present invention, which may vary depending on the user, intention or custom of the operator. Therefore, the definition should be based on the contents throughout the present invention.

As a result, the technical idea of the present invention is determined by the claims, and the following embodiments are merely means for effectively explaining the technical idea of the present invention to a person having ordinary skill in the art to which the present invention belongs Only.

1 is a diagram showing a system configuration of the present invention.

The system of the present invention includes an application operating module 100, a payment control module 130 and a storage medium 120. The modules and the storage medium 120 may be implemented in any one server, It may be implemented by being distributed to two or more servers, and in some cases, the functional components constituting each module may be distributed and implemented in different servers. That is, it is evident that the invention is not limited by the location on the network in which the storage medium 120 is implemented, and each module implementing the system of the present invention.

The application operating module 100 of the present invention is a program module that is implemented on at least one server for operating an application 215 provided in the wireless terminal 200 and includes user payment means to be mapped with the payment identification number Or a server provided in a representative organization representative of a plurality of financial institutions or an affiliated organization affiliated with at least one financial institution of a card issuing company, a bank, a securities company, or an insurance company, The authentication information may be implemented in a server provided in a certification authority that certifies a disposable number that establishes a number, a partner organization that is affiliated with, or a representative organization that represents a plurality of certification authorities.

The application operating module 100 provides the application 215 having the program function configuration shown in FIG. 2 to the user's wireless terminal 200 through the program providing server 175 (e.g., Apple's App Store, etc.) . The application operating module 100 registers and authenticates the user of the mobile terminal 200 before or after the application 215 provided to the mobile terminal 200 is provided. If the application 215 provided to the wireless terminal 200 is activated, the application operating module 100 authenticates the application 215 and transmits the payment identification number to be dynamically determined through the application 215, The means processes the user's unique identification value to be mapped on the network via the storage medium 120 as an intermediary.

Referring to FIG. 1, the application operating module 100 includes a membership subscription / authentication unit 102 for authenticating a registered user, and a subscription / authentication unit 102 for identifying the user's mobile terminal 200, A wireless terminal authentication unit (106) that authenticates at least one of a user subscription state and a user occupation state of the wireless terminal (200); an application authentication unit (225) 108, and an identification value determination unit (104) for determining a unique identification value to be mapped to a disposable number generated by the application (215), wherein the unique identification value is input from a user or automatically . &Lt; / RTI &gt;

According to an embodiment of the present invention, before or after the application 215 is downloaded to the user's wireless terminal 200, the user terminal 150 used by the user may access the application operating module 100 through a communication network (E.g., a name, a resident registration number, and the like) and a membership account through an interface provided by the server, and transmits the user account information to the membership server / After authenticating the user's real name, he registers the member account and registers the user as a member. Here, the user terminal 150 may include at least one of a computer, a notebook PC, a tablet PC, and a smart phone used by a user.

According to another embodiment of the present invention, after the application 215 is downloaded to the user's wireless terminal 200, the application 215 receives and transmits user information and a member account, The authentication unit 102 authenticates the user's real name based on the user information, registers the member account, and registers the user as a member. Here, the user's wireless terminal 200 may include at least one smart phone and a tablet PC that can be connected to at least one communication network while the user is carrying it.

After the membership of the user is processed, the member subscription / authentication unit 102 authenticates the user who accesses through the registered member account as the user.

The user information registered by the registered user may include a telephone number assigned to the wireless terminal 200 used by the user. Therefore, the wireless terminal authentication unit 106 confirms the information of the user's wireless terminal 200 based on at least one of the user information and the unique identification value, and the wireless terminal 200 authenticates the communication terminal You can check the server. If the subscription or authentication is requested from the user's wireless terminal 200, the wireless terminal authentication unit 106 automatically checks the wireless terminal 200 of the user with the application 215 and the communication company server .

The wireless terminal authentication unit 106 provides user information corresponding to a member authenticated through the member subscription / authentication unit 102 and information of the wireless terminal 200 to the communication company server, So that the subscriber of the wireless terminal 200 is authenticated as the user. Alternatively, the wireless terminal authentication unit 106 generates an authentication number that can authenticate whether the user occupies the wireless terminal 200, and transmits the authentication number to the wireless terminal 200 through a message exchange protocol of a voice network to which the wireless terminal 200 is connectable. The wireless terminal 200 receives the authentication number input from the wireless terminal 200 through the data network to which the wireless terminal 200 is connectable and transmits the authentication number to the wireless terminal 200 through the voice network 200. [ Or by receiving an authentication number input from the user terminal 150 and comparing the authentication number with the authentication number sent to the wireless terminal 200 through the voice network, ) Of the user.

The application authentication unit 225 may include a list of wireless terminals 200 that downloaded the application 215 through the program providing server 175. In this case, the application authentication unit 225 Confirms that the application 215 is authenticated to the user's wireless terminal 200 by verifying that the information of the wireless terminal 200 authenticated by at least one of the user subscription state and the user occupation state is included in the list of the wireless terminal 200. [ Can be mounted.

If the application 215 is not installed in the wireless terminal 200 of the user, the application authentication unit 225 transmits the application 210 to the user terminal 150 via the application authentication unit 225, By providing an application mounting request message requesting the mobile terminal 200 to load the mobile terminal 200 or by providing an application loading request message to the user's mobile terminal 200 according to the message exchange protocol of the voice network to which the mobile terminal 200 is connectable , And requests the user's wireless terminal (200) to load the application (215). If the application 215 is installed in the user's wireless terminal 200, the application authentication unit 225 includes information on the user's wireless terminal 200 in the list of the wireless terminal 200 Can be updated.

When it is confirmed that the application 215 is installed in the user's wireless terminal 200, the application authentication unit 225 confirms whether the application 215 is being driven to the user's wireless terminal 200 do. When the application 215 is activated in the wireless terminal 200 of the user, the application 215 transmits the application operation module 210, in response to a periodic or designated communication event through the data network to which the wireless terminal 200 is connectable, (Or signal) with the application 215, and the application authentication unit 225 (108) exchanges the message (or signal) with the application 215 or exchanges the message (Or signal) of the application 215 to determine whether the application 215 is being operated on the wireless terminal 200 of the user.

If the application 215 is not running in the wireless terminal 200 of the user, the application authentication unit 225 may transmit the authentication information to the user terminal 150, Or provides an application activation request message to the user's wireless terminal 200 in accordance with the message exchange protocol of the voice network to which the wireless terminal 200 is connectable Thereby requesting the application 215 loaded in the user's wireless terminal 200 to operate. Meanwhile, when a program having a function of driving the application 215 is being driven to the user's wireless terminal 200, the application authentication unit 225 (108) The mobile terminal 200 may transmit the application driving command to the mobile terminal 200 to request the application 215 loaded in the user's wireless terminal 200 to operate.

If at least one of the user subscription state and the user occupation state is confirmed that the application 215 is being driven to the authenticated wireless terminal 200, the application authentication unit 225 (108) And verifies the validity of an application loaded in the authenticated wireless terminal 200 through at least one communication network of the connectable data network and the voice network. The validity of the application is determined by the application 215 The application is at least one of being activated in the user's wireless terminal 200 and being authenticated as an application that dynamically generates a one-time number to establish the payment identification number and confirms the payment identification number via the generated one-time number do.

According to the first application authentication method of the present invention, the application 215 can be downloaded in a state in which a unique key value capable of identifying that the application is operated by the application operating module 100 is allocated, (225) 108 receives and reads a unique key value assigned to the application 215 from the wireless terminal 200 to determine whether the application 215 is an application operated by the application operating module 100 You can authenticate.

Alternatively, the application 215 may encrypt and transmit automatically identifiable information through the communication company server among the information allocated to the wireless terminal 200 and at least one communication network through the unique key value In this case, the application authentication unit 225 (108) receives the encrypted information, decrypts the encrypted information through the decryption key corresponding to the unique key value, and compares the decrypted information with the information identified through the communication company server By authenticating, the application 215 may authenticate that it is running on the user's wireless terminal 200 as an application operated by the application operating module 100. Here, the unique key value may be a public key, the decryption key may be a private key associated with the public key, or may be a symmetric key. Meanwhile, the information to be encrypted may include information (e.g., a telephone number, a network ID, a system ID, a base station ID, an exchange ID, etc.) allocated to the wireless terminal 200 based on a voice network to which the wireless terminal 200 can access (E.g., chip serial number, USIM information, MAC address, and the like) allocated to the physical configuration unit mounted on the wireless terminal 200. [

According to the second application authentication method of the present invention, the application 215 can be assigned a token value that uniquely identifies the application 215 on the communication network, and the application authentication unit 225 (108) The mobile terminal 200 can authenticate the validity of the application by receiving the token value from the mobile terminal 215 or by receiving and decrypting and comparing and authenticating the encrypted mobile terminal 200 allocation information through the token value.

According to the third application authentication method of the present invention, the application 215 can be installed with a certificate, and the application authentication unit 225 can access the key value or key exchange protocol included in the certificate or the encryption / The validity of the application can be authenticated according to the rule. Meanwhile, at least one identification key value can be exchanged in the process of authenticating the application 215 through the certificate, and the application authentication unit 225 (108) ) Of the application can be authenticated by receiving and decrypting and comparing and authenticating.

According to the fourth application authentication method of the present invention, the application authentication unit 225 generates an authentication number and transmits the authentication number to the wireless terminal 200 through a message exchange protocol of a voice network to which the wireless terminal 200 is connectable. And authenticates the validity of the application by receiving the authentication number input through the application 215 and performing comparison and authentication.

According to the fifth application authentication method of the present invention, the application authentication units 225 and 108 can verify the validity of the application by combining the first to fourth application authentication methods.

The application authentication unit 225 and the application authentication unit 225 form an application identification value for identifying the application 215 while authenticating the validity of the application and allocate the application identification value to the application 215, And assigns at least one unique value to the application identification value.

According to an embodiment of the present invention, if the unique identification value is a value input from the user, the identification value determination unit 104 may receive the unique identification value input by the user from the user terminal 150. [

According to another embodiment of the present invention, the identification value determination unit 104 may receive a unique identification value input through the application 215 from the wireless terminal 200 of the user. If the unique identification value includes a value to be automatically determined, the identification value determination unit 104 may automatically determine the unique identification value based on the information identified in the process of authenticating the application validity.

If the unique identification value is a value input from the user, the unique identification value may include at least one of the user's account ID, the user's mail address, and the user identification value assigned to the user by the authorized organization . On the other hand, if the unique identification value is a value to be automatically determined, the unique identification value may be a telephone number assigned to a voice network to which the wireless terminal 200 can access, a communication address assigned to a data network to which the wireless terminal 200 is connectable A device component identification value uniquely assigned to a physical device configuration of the wireless terminal 200, a device configuration identification value uniquely identifying an application 215 mounted on the wireless terminal 200 for dynamically generating the disposable number An application identification value, a number generation rule identification value uniquely identifying the number generation rule of the application 215 mounted on the wireless terminal 200 to dynamically generate the disposable number, And may include one or more of the unique identification values that are not assigned.

The unique identification value determined may be any one of the above-mentioned values or a combination of two or more. For example, the unique identification value may be the account or mail address of the user identified at the time of user registration / authentication. Or the unique identification value may be a combined value of the application identification value identified in the application validity authentication process in the user's account or mail address. If the number generation rule for the disposable number generated through the application 215 is identified, the unique identification value may further include the number generation rule identification value.

The identification value determination unit 104 maps the determined unique identification value to the application 215 of the wireless terminal 200 and stores the same. For example, when the phone number or the application identification value of the user wireless terminal 200 is included in the unique identification value, the identification value determination unit 104 stores the determined unique identification value. On the other hand, if the unique identification value does not include the telephone number or the application identification value of the user wireless terminal 200, the identification value determination unit 104 determines that the unique identification value and the telephone number of the user wireless terminal 200 Or an application identification value can be concatenated and stored.

1, the application operating module 100 includes a service provider recognizing unit (not shown) for recognizing an I (I? 1) service provider registered in an application 215 provided in the user's wireless terminal 200 And a seed agreement rule corresponding to the first service provider and a seed acquisition rule are mapped to a first service provider identification value corresponding to the first service provider so as to be maintained in the wireless terminal 200, (118) for determining the number authentication rule corresponding to the number generation rule agreed by the rule consensus unit (116) and the seed acquisition rule and assigning the number authentication rule to the unique identification value (116) Respectively. According to another embodiment of the present invention, the service provider recognition unit 114 and the rule settlement unit 116 may be provided in the financial institution server 160 or the number authentication server 155 corresponding to the I-th service provider , Whereby the present invention is not limited thereto.

The service provider recognition unit 114 receives a first service provider identification value that identifies a first service provider registered in the application 215 via a communication network and the rule consensus unit 116 receives the service provider identification value from the first service provider Identify the corresponding number generation and seed acquisition rules.

When the application 215 of the wireless terminal 200 according to the first rule agreement method of the present invention is provided with a number generation rule corresponding to the I-th service provider and a program code corresponding to the seed acquisition rule, The number authentication rule assignment unit 118 determines the number authentication rule corresponding to the number generation rule and the seed acquisition rule, and assigns the determined number authentication rule to the unique identification value.

According to the second rule agreement method of the present invention, a program code corresponding to at least one rule among a number generation rule and a seed acquisition rule corresponding to the I-th service provider is stored in an application 215 provided in the wireless terminal 200 The rule consensus unit 116 may provide the number generation module 299 of the program type to which the at least one rule of the number generation rule and the seed acquisition rule is applied to the wireless terminal 200, The number generating module 299 may be provided to the wireless terminal 200 via the server 175 or may be provided through the financial institution server 160 or the number authentication server 155 corresponding to the I- The number authentication rule provision unit 118 determines that the number authentication rule corresponding to the number generation rule and the seed acquisition rule is to be provided to the wireless terminal 200, It gives a unique identification number, the value of the certification rules.

In case of authenticating the disposable number contained in the payment identification number according to the first payment identification number authentication method of the present invention, the number authentication rule may be used to authenticate the seed value agreed with the application 215, And generating a number to be compared with the disposable number included in the payment identification number by substituting the seed value and the seed value.

When the one-time number included in the payment identification number is authenticated through the affiliated number authentication server 155 according to the second payment identification number authentication method of the present invention, the number authentication rule is a disposable number included in the payment identification number (For example, a seed value registered in the number authentication server 155) to be used for authenticating the disposable number on the number authentication server 155 &Lt; / RTI &gt;

Meanwhile, the rule consensus unit 116 may exchange at least one seed value, which should be agreed in advance among the seed values necessary for dynamically generating the disposable number, to the application 215, and the agreed seed value May be included in the number authentication rule or may be maintained in the number authentication server 155.

Referring to FIG. 1, the application operating module 100 receives payment means information input by the user, and determines whether payment means corresponding to the received payment means information is a payment means issued to the user A payment identification number mapping unit (112) having a means authentication unit (110) that uses the unique identification value as an intermediary and maps the payment identification number to be dynamically determined at the time when the payment of the user is processed, Respectively.

When the recognized service provider is the financial institution, the payment unit authentication unit 110 receives the payment means information corresponding to the payment means issued (or opened) to the user by the financial institution through the communication network.

According to an embodiment of the present invention, the payment unit authentication unit 110 receives the payment means information input by the user from the user terminal 150. [ If the unique identification value corresponding to the mediator for mapping the payment means and the payment identification information is a value input from the user, the payment means authenticating unit 110 notifies the user terminal 150 of the unique identification value Lt; / RTI &gt;

According to another embodiment of the present invention, the payment unit authentication unit 110 receives the payment means information of the user inputted through the application 215 from the user's wireless terminal 200, And can receive a unique identification value input from the terminal 200 through the application 215. [ If the unique identification value includes a value that is automatically determined, the payment unit authentication unit 110 identifies the communication company to which the wireless terminal 200 is connected, maps the payment identification information to the payment unit through the communication company server It is possible to automatically determine a unique identification value corresponding to the mediator.

The payment unit authentication unit 110 confirms the financial institution server 160 operating the payment means corresponding to the received payment means information and transmits the registration request to the financial institution server 160 via the membership / The payment server can provide the user information corresponding to the authenticated member and the payment means information so that the payment means can authenticate that the payment means is the payment means issued to the user through the financial institution server 160. [

When the payment means is authenticated as the payment means issued to the user, the payment identification number mapping unit 112 connects the payment means information and the unique identification value to the storage medium 120 To map the payment identification number to be dynamically determined at the time of processing the payment of the user and the authorized payment means using the unique identification value as an intermediary.

The payment control module 130 of the present invention is a program module implemented on at least one server and includes a payment request server 165 (e.g., a shopping mall server and a content providing server connected to the user terminal 150) When the user's payment is recognized through the settlement terminal 170 (e.g., CAT, POS terminal, etc.) provided in the mobile terminal 200, The payment identification number of the user is confirmed to be a number dynamically mapped to the payment means of the user and then the payment means of the user is confirmed based on the authentication result of the payment identification number, And controls the approval procedure to be performed.

According to an embodiment of the present invention, the payment control module 130 may be a partner organization or a plurality of affiliated organizations that are affiliated with at least one financial institution such as a card company, a bank, a securities company, or an insurance company that issued user payment means to be mapped with the payment identification number Or a partner organization or a plurality of certification bodies that are affiliated with a certification authority that authenticates a one-time use number that establishes a payment identification number determined by the application 215, And can be implemented in a server provided in representative organizations.

According to another embodiment of the present invention, the settlement control module 130 implements the settlement control method in a server provided in at least one of a card company, a bank, a securities company, and an insurance company issuing user payment means to be mapped with the settlement identification number .

Referring to FIG. 1, the payment control module 130 includes a settlement recognition unit 132 for recognizing settlement using a dynamically determined settlement identification number of an application 215 provided in the user's wireless terminal 200 do.

In a state in which the user's payment means and payment identification number are dynamically mapped using the unique identification value as an intermediary, the user accesses the payment request server 165 corresponding to the online store through the user terminal 150, The settlement recognition unit 132 requests at least one of the user terminal 150, the settlement request server 165, and the settlement terminal 170 to request settlement through the settlement terminal 170 of the offline store, Recognize the payment requested from one. Here, the recognized payment includes payment requested to use the payment identification number dynamically determined through the application 215 provided in the user wireless terminal 200, in addition to the payment method information of the user.

According to the method of the present invention, the settlement recognizing unit 132 recognizes the settlement amount information and the merchant information corresponding to the store requesting settlement in the process of recognizing the settlement, and the merchant information includes the settlement identification number And includes the merchant information of the dynamically mapped payment means. If there are a plurality of types of payment means that can be dynamically mapped to the payment identification number, the recognized merchant information may include merchant information for each payment means.

If payment using the payment identification number is recognized, the payment recognition unit 132 identifies the user's wireless terminal 200 having the application 215 for determining the payment identification number to be used for the recognized payment.

1, when the application 215 obtains the seed value through the communication network or when the payment identification number is received from the user's wireless terminal 200, And a secure channel forming unit (134) for forming a secure channel for receiving the payment identification number on the data network through at least one communication network. The secure channel forming unit 134 may be provided in the application operating module 100 according to the intention of those skilled in the art. In this case, the secure channel may be used in the process of registering the payment method information of the user.

The secure channel forming unit 134 may include a disposable security key for establishing a secure channel with the application 215 on the data network through at least one communication network between a data network and a voice network to which the wireless terminal 200 can connect, Of the Agreement.

The application operating module 100 may mutually recognize one or more values by exchanging one or more values with the application 215 during a membership subscription / authentication process, an application validity authentication process, and a mapping process between a payment means and a payment identification number. According to the first security channel forming method, the secure channel forming unit 134 may use a predetermined key agreement protocol (e.g., SRP (Secure Remote Password) protocol, etc.) using one or more values among the mutually recognized values as a key generation value ), A disposable security key for forming a secure channel with the application 215 can be agreed upon. Herein, the mutually recognized values for agreeing the disposable security key include: the user information registered in the member subscription / authentication process; a member account; a unique key value and a token value used in the application validity authentication process; Value, and a value included in the unique identification value input or determined in the mapping process of the payment means and the payment identification number.

According to the second security channel forming method of the present invention, the secure channel forming unit 134 may transmit information (e.g., a telephone number) assigned to the wireless terminal 200 corresponding to the voice network to which the wireless terminal 200 is connectable (E.g., a chip serial number, a USIM information, a MAC address, and the like) allocated to a physical component mounted on the wireless terminal 200, A disposable security key for forming a secure channel with the application 215 can be agreed by using information as a key generation value and assigning it to a predetermined key agreement protocol (e.g., SRP protocol, etc.).

Meanwhile, according to the third secure channel forming method of the present invention, the secure channel forming unit 134 may associate a key value and a key included in the certificate, An exchange protocol may be used to negotiate a disposable security key for forming a secure channel with the application 215.

According to the fourth security channel forming method of the present invention, the secure channel forming unit 134 combines the first through third secure channel forming methods to form a one-time use security key for forming a secure channel with the application 215 You can agree.

Referring to FIG. 1, the payment control module 130 determines whether the number of J (1) number generation rules available for the application 215 included in the user's wireless terminal 200 And a seed value processing unit 136 for processing at least one seed value obtainable through a communication network among the one or more seed values that can be assigned to the number generation rule selected by the application 215, by the application 215.

The seed value processor 136 determines whether the application 215 selecting the payment identification number to be used for the payment recognized by the payment recognition unit 132 is selected by the application 215 among the J number generation rules available to the application 215 The application 215 configures at least one seed value to be acquired through the communication network among the one or more seed values that can be substituted into the number generation rule and provides the generated seed value to the application 215. If the secure channel formation unit 134 The seed value may be encrypted through the secure channel and provided to the application 215 when a secure channel is established with the application 215 via the secure channel.

Or when the application 215 acquires the seed value assigned to the communication network, the seed value processing unit 136 may grant the application 215 the right to acquire the seed value assigned to the communication network .

1, the payment control module 130 receives a payment identification number dynamically determined through the user's wireless terminal 200 through a communication network, and receives a payment identification number A settlement identification number authentication unit 140 for authenticating the received settlement identification number using a number authentication rule corresponding to the unique identification value, A payment means confirmation unit 142 for confirming the payment means of the dynamic mapped user and a payment procedure execution unit 144 for processing the approval process of the recognized payment through the payment means of the user.

The payment identification number receiving unit 138 receives the payment identification number dynamically determined through the application 215 provided in the user's wireless terminal 200 via the communication network. The payment identification number may be dynamically determined through the application 215 and then input to a separate user terminal 150 and received via the communication network. Alternatively, the payment identification number may be received from the user's wireless terminal 200 through the NFC to the payment terminal 170 and then received via the communication network. Or the payment identification number may be received from the wireless terminal 200 of the user.

According to an embodiment of the present invention, when the unique identification value is input from a user, the payment identification number receiver 138 may receive a unique identification value input from a user through the communication network.

According to another embodiment of the present invention, if the payment identification number is received from the user's wireless terminal 200 and the unique identification value is automatically determined, the payment identification number receiver 138 receives the payment identification number Or may automatically determine the unique identification value through the communication company server connected to the wireless terminal 200. [

When the unique identification value is received or determined, the payment identification number authentication unit 140 identifies the number authentication rule corresponding to the unique identification value, and transmits the disposable number corresponding to the payment identification number .

When the seed authentication rule and the number generation algorithm for dynamically determining the seed value and the seed value are included in the number authentication rule according to the first payment identification number authentication method of the present invention, 140 generates a verification number by substituting the seed value that is agreed or dynamically determined into the number generation algorithm, and then compares the generated verification number with the disposable number corresponding to the payment identification number, You can authenticate.

When the address of the number authentication server 155 and at least one parameter value are included in the number authentication rule according to the second payment identification number authentication method of the present invention, the payment identification number authentication unit 140 calculates the address and the parameter And provides the one-time number corresponding to the payment identification number to the number authentication server 155 to authenticate the payment identification number.

When the payment identification number is authenticated, the payment confirmation unit 142 checks the payment means of the user dynamically mapped to the payment identification number using the unique identification value as an intermediary, In response to the confirmed payment means, a payment approval procedure for approving the recognized payment through the payment means in connection with the financial institution server 160. [ The payment approval procedure follows the payment approval procedure of the payment means that is dynamically mapped with the payment identification number. For example, if the payment means is a credit card, the payment procedure performing unit 144 may receive the credit card information corresponding to the confirmed payment means, the payment amount information confirmed at the payment recognition process, And may be configured to be transmitted to the financial institution server 160 of the credit card according to a credit card payment approval procedure.

2 is a diagram showing a functional configuration of a wireless terminal 200 and an application 215 of the present invention.

In more detail, FIG. 2 is provided in a wireless terminal 200 having a processor, a storage resource, and communication resources connectable to at least one communication network. The wireless terminal 200 is dynamically mapped with a payment means of a user The application 215 determines the payment identification number and outputs the settlement identification number to the application 215. The application 215 is configured to determine a payment identification number based on a plurality of number generation rules and any one of the seed acquisition rules corresponding to a specific service provider selected by the user And a disposable number for confirming the settlement identification number is determined through the number generation rule and the seed acquisition rule, and the disposable number is output.

2, the wireless terminal 200 includes a control unit 201, a memory unit 211, a screen output unit 202, a key input unit 203, a sound output unit 204, a sound input unit 205, A wireless LAN communication module 208, a short range wireless communication module 207, a USIM reader 210, a USIM, a proximity communication module 209, and a battery 206 for power supply.

The control unit 201 is a general term for controlling the operation of the wireless terminal 200. The control unit 201 includes at least one processor and an execution memory, BUS). The control unit 201 loads at least one program code into the execution memory through the processor and calculates the result of the calculation, and transfers the result to at least one component through the bus to control the operation of the wireless terminal 200 . Hereinafter, the function unit implemented in the form of program code in the application 215 of the present invention will be described in the control unit 201 of FIG. 2 for convenience.

The memory unit 211 is a nonvolatile memory type storage resource included in the wireless terminal 200 and includes at least one program code executed through the control unit 201 and at least one data set And the program code and data set corresponding to the application 215 of the present invention are also held in the memory unit 211. [

The USIM is an IC chip type storage resource included in the wireless terminal 200 and stores and maintains at least one data set to be used by at least one program code executed through the control unit 201. [ The USIM reader 210 interlocks the USIM with the program code based on the ISO / IEC 7816 standard, and the data set stored in the IC chip memory of the USIM is transmitted through an APDU (Application Protocol Data Unit) Exchange.

The screen output unit 202 is a screen output resource included in the wireless terminal 200, and includes a display interlocked with the control unit 201, and the display can support touch screen input. The sound output unit 204 includes a speaker coupled to the control unit 201 as a sound output resource included in the wireless terminal 200.

The key input unit 203 is a key input resource included in the wireless terminal 200 and includes a key button or a touch screen interlocked with the control unit 201. The sound input unit 205 is a sound input resource included in the wireless terminal 200 and includes a microphone interlocked with the control unit 201.

The wireless network communication module 208 is a communication resource for connecting the wireless terminal 200 to a wireless communication network through a base station, and includes an antenna, an RF module, a baseband module, a signal processing module As shown in FIG. The wireless network communication module 208 connects the wireless terminal 200 to a voice network via an exchange provided in the wireless communication network or connects the wireless terminal 200 to a data network not passing through the exchange .

The short-range wireless communication module 207 is a communication resource for communicating with an access point (AP) within a predetermined distance and connecting the wireless terminal 200 to an open data network (e.g., the Internet) And wireless communication.

The near field communication module 209 is a communication module for transmitting data between terminals at a proximity distance of about 10 cm according to a Near Field Communication (NFC) standard using a frequency band of 13.56 Mz among the wireless communication standards of the ISO 18000 series standard, Wireless communication module 207, or may be implemented as a separate communication module. The proximity communication module 209 may be included in the communication resources provided in the wireless terminal 200 according to an object to which the proximity communication module 209 is communicating.

The application 215 is downloaded from the program providing server 175 via the data network to which the communication resource is connectable and is stored in the memory unit 211. [ The downloaded application 215 is manually or automatically activated. A separate program may be running in advance for automatically driving the application 215, and thus the present invention is not limited thereto.

Referring to FIG. 2, an application 215 of the wireless terminal 200 accesses a server provided with the application operating module 100 through a data network to which the communication resource is connectable, An application authentication unit 225 for authenticating the validity of the application through at least one communication network to which the communication resource is connectable.

The application 215 has communication connection macro information to connect to a server provided with the application operating module 100 through a data network to which the communication resource is connectable, and the membership subscription / And outputs an interface for inputting user information (e.g., name, resident registration number, etc.) for joining the user as a member through the output unit 202 and a member account, and transmits the interface to the application operating module 100 via the data network And transmits the inputted user information and the member account to join the user as a member. If the user is already registered as a member or is registered as a member through a separate user terminal 150 other than the mobile terminal 200, the member registration / authentication unit 220 registers the user's membership account And transmits the member account input through the interface to the application operating module 100 through the data network to authenticate the user as a member. According to another embodiment of the present invention, the membership of the user can be processed through a separate user terminal 150 in addition to the wireless terminal 200, and thus the present invention is not limited thereto.

Before or after the subscription / authentication of the user, the application authentication unit 225 accesses the application operating module 100 through the at least one communication network between the data network and the voice network to which the communication resource is connectable, The validity of the application being such that the application 215 is an application operated by the application operating module 100 that is running on the user's wireless terminal 200 and is a disposable number And authenticating the payment identification number to be mapped to the payment means of the user through the generated one-time number.

According to the first application authentication method of the present invention, the application 215 can be downloaded in a state in which a unique key value capable of identifying that the application is operated by the application operating module 100 is allocated, Unit 225 may send the unique key value to the application operating module 100 where the application operating module 100 reads the inherent key value so that the application 215 can access the application operating module 100, (Not shown).

Alternatively, the application authentication unit 225 may encrypt information that can be automatically identified by the application operating module 100 among the information allocated to the wireless terminal 200 and at least one communication network through the inherent key value In this case, the application operating module 100 receives the encrypted information, decrypts the encrypted information through the decryption key corresponding to the unique key value, and compares the decrypted information with the information identified through the communication company server, The application 215 may authenticate that it is running on the user's wireless terminal 200 as an application operated by the application operating module 100.

According to the second application authentication method of the present invention, the application 215 may be assigned a token value that uniquely identifies the application 215 on the communication network, and the application authentication unit 225 may transmit the token value It is possible to authenticate the validity of the application by transmitting it to the application operating module 100 or encrypting the information allocated to the mobile terminal 200 through the token value and transmitting the encrypted information to the application operating module 100. [

According to the third application authentication method of the present invention, the application 215 can be installed with a certificate, and the application authentication unit 225 can authenticate the application according to the key value or the key exchange protocol and the encryption / The application 215 may authenticate that it is an application operated by the application operating module 100. [ Meanwhile, at least one identification key value may be exchanged in the process of authenticating the application 215 through the certificate, and the application authentication unit 225 may transmit the information allocated to the wireless terminal 200 And transmits the encrypted data to the application operating module 100, thereby validating the validity of the application.

According to the fourth application authentication method of the present invention, the wireless terminal 200 receives the authentication number from the application operating module 100 through the message exchange protocol of the voice network, and transmits the received authentication number to the application 215 And transmits the data to the application operating module 100 through the data network, thereby validating the validity of the application.

According to the fifth application authentication method of the present invention, the application authentication unit 225 can authenticate the validity of the application by combining the first to fourth application authentication methods.

The application authentication unit 225 receives and maintains an application identification value that uniquely identifies the application 215 from the application operating module 100 while authenticating the validity of the application, At least one unique value among the values exchanged with the application 100 may be determined and maintained as the application identification value.

The application authentication unit 225 may exchange at least one seed value that is to be agreed in advance among the seed values necessary for dynamically generating the disposable number to the application operating module 100, The value is stored in the storage resource. Meanwhile, when the number generation rule is agreed, the application authentication unit 225 may receive and maintain a number generation rule identification value that uniquely identifies the agreed number generation rule. Meanwhile, if at least one seed value is not obtained from the storage resource at the time of generating the disposable number, the number generation rule may not be agreed in advance.

Referring to FIG. 2, an application 215 of the wireless terminal 200 may use at least one service providing service using a payment identification number to be dynamically mapped with a user's payment means, using a unique identification value of a user as an intermediary A rule mapping unit 235 for mapping a number generation rule and a seed acquisition rule corresponding to the registered service provider among the plurality of number generation rules and the seed acquisition rules to the service provider, .

The service provider registration unit 230 outputs an interface for selecting at least one service provider capable of providing a service using the payment identification number among the plurality of service providers through the screen output unit 202. [ Here, the service provider may include at least one financial institution, such as a card company, a bank, a securities company, and an insurance company, who issued user payment means to be mapped with the settlement identification number, or may include at least one disposable number And a certification authority that operates a number authentication server 155 that authenticates the user.

If the service provider is selected through the interface, the service provider registration unit 230 registers the service provider identification value identifying the selected service provider in the service provider holding area allocated to the stored resource.

The rule mapping unit 235 identifies a number generation rule and a seed acquisition rule corresponding to the registered service provider.

According to the first rule checking method of the present invention, the rule mapping unit 235 can maintain a rule list including a number generation rule for each service provider and a seed acquisition rule. In this case, It is possible to confirm the number generation rule and the seed acquisition rule corresponding to the service provider.

According to the second rule checking method of the present invention, the rule mapping unit 235 may use a communication resource (e.g., a financial institution server 160, a number authentication server 155, etc.) corresponding to the service provider, Or can access a server provided with the application operating module 100 to confirm a number generation rule and a seed acquisition rule corresponding to the registered service provider.

When the number generation rule and the seed acquisition rule corresponding to the registered service provider are confirmed, the rule mapping unit 235 generates a number generation rule identification value for identifying the service provider identification value and the identified number generation rule, A seed acquisition rule identification value for identifying the acquisition rule is connected and registered in the service provider maintenance area allocated to the storage resource.

According to the first rule mapping method of the present invention, a program code corresponding to J (J? 1) number generation rules available in the application 215 is included in the application 215, A program code for obtaining K seed values corresponding to K (K? 1) seed acquisition rules is included in the application 215, and any one of the J number generation rules and K seed acquisition rules The rule mapping unit 235 links the number generation rule identification value or the seed acquisition rule identification value matched with the service provider identification value to the service acquisition unit 235, Can be registered in the provider holding area.

According to the second rule mapping method of the present invention, if the application code corresponding to the number generation rule corresponding to the service provider is not included in the application 215, the rule mapping unit 235 may correspond to the service provider (For example, a program providing server 175, a server provided with the application operating module 100, a financial institution server 160, a number authentication server) provided with a number generation module 299 of a program module type, Server 155 and the like) to download the number generation module 299 and set the application 215 to use the downloaded number generation module 299. Then, the service provider identification value, The number generation rule identification value corresponding to the downloaded number generation module 299 may be connected and registered in the service provider holding area.

According to the third rule mapping method of the present invention, when the program code corresponding to the seed acquisition rule corresponding to the service provider is not included in the application 215, the rule mapping unit 235 maps (For example, a program providing server 175, a server provided with the application operating module 100, a financial institution server 160, a number authentication server) that provides a number generation module 299 of a program module type in which a seed acquisition rule is applied Server 155 and the like) to download the number generation module 299 and set the application 215 to use the downloaded number generation module 299. Then, the service provider identification value, The seed acquisition rule identification value corresponding to the downloaded number generation module 299 may be connected and registered in the service provider holding area.

According to the fourth rule mapping method of the present invention, the number generation module 299 and the number generation module 299 can be realized in the form of one program module. If the number generation rule corresponding to the service provider and the seed acquisition rule If the application code corresponding to at least one rule is not included in the application 215, the rule mapping unit 235 may include a number generation module 299 corresponding to the service provider and a number generation module (For example, a program providing server 175, a server provided with the application operating module 100, a financial institution server 160, a number authentication server 155, etc.) (299), and after the application (215) is set to use the downloaded number generation module (299), the service provider identification value and the downloaded A number generation rule ID value corresponding to the number generation module 299 and a seed acquisition rule ID value may be connected and registered in the service provider holding area.

Referring to FIG. 2, the application 215 of the wireless terminal 200 includes a medium identification unit 240 for receiving or determining a unique identification value corresponding to a medium for dynamic mapping of a payment identification number with the payment means of the user A settlement means input unit 245 for inputting payment means information of a user to be dynamically mapped with the payment identification number using the unique identification value as an intermediary; And a mapping request unit 250 for transmitting the obtained unique identification value and payment means information to the server having the server 100.

The unique identification value can be input from the user or automatically determined. If the unique identification value is input from the user, the only identification value used as the medium is the user's account ID, the user's mail address, a user identification value (e.g., a resident registration number, A driver's license number, etc.). Or if the unique identification value is automatically determined, the only identification value used as the medium is the telephone number assigned to the voice network to which the wireless terminal 200 is connectable, the data network to which the wireless terminal 200 is connectable An assigned device address, an assigned communication address, a device configuration identification value uniquely assigned to the physical device configuration of the wireless terminal 200, an application 215 loaded on the wireless terminal 200 to dynamically generate the disposable number A number generation rule identification value that uniquely identifies the number generation rule of the application 215 loaded on the wireless terminal 200 to dynamically generate the disposable number, And a unique identification value that is not redundantly assigned to the value.

If the unique identification value is input from the user, the medium identification unit 240 outputs an interface for receiving a unique identification value corresponding to a medium for dynamic mapping of the payment identification number with the payment means of the user, And receives the unique identification value.

Or if the unique identification value is automatically determined, the medium identification unit 240 determines at least one value to be used as the unique identification value through the communication resource and the storage resource included in the wireless terminal 200. [

The payment means input unit 245 outputs an interface for receiving payment means information of a user to be dynamically mapped with the payment identification number using the obtained unique identification value as an intermediary, . The payment means of the user may include at least one of a credit card, a check card, a cash card, a debit card, a prepaid card, a free deposit and withdrawal account, an electronic gift certificate, and a point issued to the user, (For example, a card number, an account number, a gift certificate number, and the like) for identifying the payment means. Therefore, it is preferable that the inputted payment means information includes a set of information that can uniquely identify each payment means including the payment means number. For example, if the payment means is a credit card, the payment means information may include a card number and a validity period CVC / CVV. Or if the payment means is a free deposit and withdrawal account, the payment means information may include an account number and a bank code.

The mapping request unit 250 transmits the obtained unique identification value and payment means information to the application operating module 100 through the data network to which the communication resource is connectable, and the application operating module 100 transmits the unique identification value And uses the identification value as an intermediary to map the payment identification number and the payment means to be dynamically determined by the application 215. [ According to another embodiment of the present invention, it is possible to acquire a unique identification value through user input among the unique identification values, to receive the payment means information, and to transmit the unique identification value and payment means information to the application operating module 100 Transmission and mapping can be processed through a separate user terminal 150 in addition to the wireless terminal 200, and thus the present invention is not limited thereto.

Referring to FIG. 2, the application 215 of the wireless terminal 200 may use a unique identification value of a user among I (I? 1) service providers as an intermediary, A service provider selection unit 260 for selecting an i-th (i? I?) Service provider that provides a service using the i (j? 1) A number generation rule determination unit 265 for determining a j-th (1? J? J) number generation rule corresponding to the i-th service provider; A seed value obtaining unit 270 for obtaining k (1? K? K) seed values to be substituted into the j number generating rule among seed values of K? 1 (k? 1) Number of N (N &gt; = 1) digits generated by substituting seed values of And a number output unit 280 for outputting a disposable number for establishing a payment identification number that is dynamically mapped to the payment means. The screen output unit 202 displays the payment identification And a payment information output unit 255 for outputting payment information to be paid through the payment means which is dynamically mapped to the number.

The payment information output unit 255 receives payment information (e.g., amount, shop, commodity, date and time) to be paid through the payment means that is dynamically mapped to the payment identification number through the communication resource, 202). If the settlement is a face-to-face settlement, the settlement information may not be output.

The service provider selection unit 260 provides a service using the payment identification number among I (I? 1) service providers registered by the service provider registration unit 230 through the screen output unit 202 An interface for selecting a service provider is output and an i-th service provider for providing a service using a payment identification number to be dynamically mapped with the payment means of the user is selected using the user's unique identification value as an intermediary through the interface.

The application 215 includes program codes corresponding to the J number generation rules available or the number generation module 299 to which the J number generation rules are applied is interlocked or a part of the J number generation rules May be included in the program code and a part of the program code may be interlocked in the form of a number generation module 299. The number generation rule determination unit 265 determines the number of the service provider identification value and the number generation rule identification value The application 215 determines a j number generation rule corresponding to the selected i th service provider among the available J number generation rules.

The J number generation rule is mapped to at least one seed acquisition rule. The seed value acquisition unit 270 identifies seed acquisition rules mapped to the j number generation rule, And acquires k seed values to be substituted into the j number generation rule among the K seed values obtainable through at least one resource included in the wireless terminal 200. If the seed value acquisition unit 270 is associated with the number generation module 299 to which the seed acquisition rule mapped and the j number generation rule are applied, the seed value acquisition unit 270 generates the seed value using the number generation module 299 ) To obtain the k seed values.

The obtained k seed values may include NULL or M (M? 1) values obtained through at least one resource provided in the wireless terminal 200.

When the seed value includes M values, the seed value obtaining unit 270 obtains seed values m ₁ ( _1? M _1? M) seeds of the M seed values from at least one of the storage resource and the timer resource The value can be extracted. The seed value acquisition unit 270 may receive m ₂ ( _1? M _2? M) seed values among the M seed values through the communication resource. The seed value acquisition unit 270 receives the seed part configuration values for the m _{3 (3} 1≤m ≤M) of the seed value of the M number of seed values over the communication resources of the m ₃ from the storage resources after the rest of the seed by combining the configuration values extracted for each seed value can be configured to _three seed value m. It said storage resource, of the M ₄ seed value m (1≤m ≤M ₄₎ and of the seed values is more than one seed value set configured to be held, in which case the acquisition unit 270 has the communication resources wherein the seed value An index value that identifies a seed value set of any one of two or more seed value sets held in the storage resource and selects m ₄ seed values corresponding to the received index value from the stored resource . If the wireless terminal 200 is provided with a reader resource for reading the medium held by the user, the seed value acquisition unit 270 reads the medium information from the medium owned by the user through the reader resource, And m ₅ ( _1? M _5? M) seed values among the M seed values can be constructed by processing the read media information. Alternatively, when the wireless terminal 200 is provided with a recognition resource for recognizing the user's biometrics, the seed value acquisition unit 270 recognizes the biometrics information of the user through the recognition resource, M ₆ ( _1? M _6? M) seed values among the M seed values. Or when the positioning resource for positioning the wireless terminal 200 is provided, the seed value obtaining unit 270 positions the position information of the wireless terminal 200 positioned through the positioning resource, And m ₇ ( _1? M _7? M) seed values among the M seed values can be constructed by processing the position information. The seed value acquisition unit 270 reads the pattern image photographed through the camera resource and processes the read pattern information to generate the M seed values The seed value of m ₈ (1? M _8? M) can be constituted. The seed value acquisition unit 270 may construct m ₉ (1? M _9? M) seed values among the M seed values through the random number value included in the random number card that is provided to the user by the financial institution.

If M seed values are determined through at least one seed value determination method among the seed value determination methods described above, the number generator 275 substitutes the seed value into the j number generation rule and outputs N (N &amp;ge; 1 ) Dynamically generates a one-time number of the place. If the number generator 275 and the number generator 299 to which the j number generating rule is applied are associated with each other, the seed value acquiring unit 270 acquires seed values of the N digits Disposable numbers can be dynamically generated. If the number of digits of the generated number is larger than the number N, the number generator 275 generates the number N of digits generated through the j number generating rule, N numbers corresponding to the specified number of digits may be determined as the disposable number.

According to the method of the present invention, the number generator 275 may dynamically generate the N-number disposable number by substituting the M seed values into the j number generating rule. The number generator 275 generates M number of seed values by assigning the M number of seed values to one or more j number generating rules and dynamically generating two or more numbers smaller than the N digits, You can dynamically generate an N-digit, one-time number. The number generator 275 dynamically generates n ₁ ( ₁ ? N ₁ <N) digits by substituting the M seed values into the j number generating rule, and generates a (N n ₁ ) The N number of disposable numbers can be dynamically generated by combining the generated / received numbers with N number of digits. The number generator 275 generates N number of (n _2? 1) digits generated by transmitting the first generated n ₂ (n _2? 1) number through the communication resource by substituting M (or NULL) seed values into the j number generating rule And then receives the secondarily generated N-digit disposable number using the n _2- digit number as a seed through the communication resource. The number generator 275 dynamically generates n ₃ ( ₁ ? N ₃ <N) digits by substituting the M seed values into the j-th number generator rule, and generates a fixed number of N ₃ It is possible to combine the numbers of n ₃ and generate N-digit disposable numbers. Here, the fixed number of the (Nn ₃ ) digits may include a fixed number (for example, BIN of the card number) constituting the payment means number. Meanwhile, when the seed value is NULL, the number generator 275 can receive the N digits through the communication resource.

When the N-digit disposable number is dynamically generated, the number output unit 280 outputs a disposable number for fixing the payment identification number of the number system to be dynamically mapped with the payment means. Here, the settlement identification number is determined by including the N-digit disposable number as it is, or, when the N-digit disposable number is generated by the number system of the payment means, the disposable number of the number system of the payment means is used Or a number obtained by replacing a part of the area excluding the fixed number area of the number system of the payment means with the disposable number. If the wireless terminal 200 does not transmit the payment identification number, the payment identification number is input to the separate terminal requesting payment. On the other hand, when the user terminal 150 or the payment terminal 170 transmits the payment identification number, the number output unit 280 outputs the payment identification number including the disposable number as it is, The payment identification number to be dynamically mapped may be finally determined by the user terminal 150 or the payment terminal 170.

According to an embodiment of the present invention, the number output unit 280 outputs a disposable number for confirming the payment identification number through the screen output unit 202. [ If the proximity communication module 209 is provided in the wireless terminal 200, the proximity communication module 209 outputs the disposable number to the proximate payment terminal 170 or outputs the payment identification number In this case, the payment terminal 170 may transmit the payment identification number to the payment control module 130.

2, when the wireless terminal 200 transmits a payment identification number, the application 215 of the wireless terminal 200 transmits a payment identification number to the data network 200 through at least one communication network to which the communication resource can be connected, A number input unit 290 for receiving a payment identification number determined by the disposable number or receiving a disposable number for confirming the payment identification number, And a number transfer unit 295 for encrypting the determined settlement identification number through the secure channel and transmitting the encrypted settlement identification number to the server provided with the settlement control module 130.

When the wireless terminal 200 transmits the settlement identification number, the secure channel forming unit 285 transmits the settlement control number to the secure channel forming unit 285 through the at least one communication network between the data network and the voice network, Module 130 and a disposable security key for forming a secure channel.

The application 215 can recognize one another by exchanging one or more values with the application operating module 100 during the membership subscription / authentication process, the application validity authentication process, and the mapping process between the settlement means and the settlement identification number. The secure channel forming unit 285 may use a predetermined key agreement protocol (e.g., SRP (Secure Remote Password) protocol) using one or more values of the mutually recognized values as a key generation value, Etc.), a disposable security key for forming a secure channel with the payment control module 130 can be agreed upon.

According to the second security channel forming method of the present invention, the secure channel forming unit 285 may transmit information allocated to the wireless terminal 200 (for example, a telephone number (E.g., a chip serial number, a USIM information, a MAC address, and the like) allocated to a physical component mounted on the wireless terminal 200, A disposable security key for forming a secure channel with the payment control module 130 can be agreed by using the information as a key generation value and assigning it to a predetermined key agreement protocol (e.g., SRP protocol or the like).

Meanwhile, according to the third secure channel forming method of the present invention, the secure channel forming unit 285 may include a key value and a key included in the certificate, The settlement control module 130 can agree with the disposable security key for forming a secure channel.

According to the fourth security channel forming method of the present invention, the secure channel forming unit 285 combines the first through third secure channel forming methods to form a disconnection security for forming a secure channel with the settlement control module 130 Keys can be agreed upon.

The number input unit 290 outputs an interface for receiving the payment identification number through the screen output unit 202 and receives the payment identification number determined by the disposable number. For example, when the payment identification number is the disposable number, the number input unit 290 can receive the disposable number. Alternatively, when the payment identification number is a disposable number generated by the number system of the payment means, the number input unit 290 may receive the disposable number of the number system of the payment means. Or if the settlement identification number is a number obtained by replacing a part of the area excluding the fixed number area of the number system of the settlement means by the disposable number, the number input unit 290 receives the settlement identification number of the number system of the payment means .

Alternatively, the number input unit 290 outputs an interface for inputting a disposable number for establishing the payment identification number through the screen output unit 202, and receives a disposable number for confirming the payment identification number through the interface . For example, when the payment identification number is the disposable number, the number input unit 290 can receive the disposable number. Alternatively, when the payment identification number is a disposable number generated by the number system of the payment means, the number input unit 290 may receive the disposable number of the number system of the payment means. Or if the settlement identification number is a number obtained by replacing a part of the area excluding the fixed number area of the number system of the settlement means by the disposable number, the number input unit 290 may receive the disposable number of the replaced number area .

The number transmission unit 295 encrypts the payment identification number through the disposable security key agreed by the secure channel formation unit 285 and transmits the encrypted payment identification number to the payment control module 130. The number transfer unit 295 may include the unique identification value in the process of transmitting the payment identification number to the payment control module 130 or the payment control module 130 may extract the unique identification value Information may be included.

FIG. 3 is a diagram illustrating an application 215 mounting and authentication process according to an embodiment of the present invention.

3 illustrates a process of loading and authenticating an application 215 having the functional configuration shown in FIG. 2 to a user's wireless terminal 200 in combination with membership / authentication through a user terminal 150 Referring to FIG. 3, when the user terminal 150 inputs user information and a member account to the application operating module 100 (300), the application operating module 100 transmits the user information The real name of the user is authenticated (305), and if the real name of the user is authenticated, the member account and user information are connected and stored (310). The user terminal 150 receives the member account from the user and logs in (315).

The application operating module 100 identifies the user's wireless terminal 200 based on the information confirmed in the membership registration / authentication process and transmits the functional configuration shown in FIG. 2 to the user's wireless terminal 200 And confirms whether the application 215 is loaded and being driven (320).

If the application 215 is not installed in the user's wireless terminal 200, the wireless terminal 200 downloads the application 215 from the program providing server 175 through the data network (325). If the downloaded application 215 is not running, the wireless terminal 200 drives the application 215 (325).

Meanwhile, if the application 215 is loaded and operated in the user's wireless terminal 200, the application operating module 100 can access the wireless terminal 200 through at least one communication network, And the wireless terminal 200 interlocks with the application operating module 100 to process at least one of the user subscription state and the user occupancy state of the wireless terminal 200 to be authenticated ).

If at least one of the user subscription state and the user occupation state of the mobile terminal 200 is authenticated, the application operating module 100 may access the mobile terminal 200 through the at least one communication network, And the wireless terminal 200 processes the validity of the application to be authenticated in association with the application operating module 100 (335).

If the validity of the application is authenticated, the application operating module 100 may perform a unique authentication based on the information input from the user or the information identified in the application validity authentication process in the membership registration / authentication process and the application validity authentication process And maps it to the application 215 (340).

FIG. 4 is a diagram illustrating an application 215 loading and authentication process according to another embodiment of the present invention.

In more detail, FIG. 4 shows an example in which an application 215 having the functional configuration shown in FIG. 2 is mounted and authenticated to the wireless terminal 200 in combination with membership / authentication through the user's wireless terminal 200 Referring to FIG. 4, the user's wireless terminal 200 downloads an application 215 from a program providing server 175 via a data network and drives the application 215 (400). If the user is not a member, the application 215 receives user information and a member account and transmits the user information and the member account to the application operating module 100 (405). The application operating module 100 authenticates the user information with the user's real name (410), and if the user's real name is authenticated, the application operating module (100) connects and stores the member account with user information (415). The user terminal 150 receives a member account from a user and logs in (420).

The application operating module 100 authenticates at least one of a user subscription state and a user occupation state of the mobile terminal 200 through at least one communication network, (425) so that at least one of the user subscription state and the user occupation state of the wireless terminal 200 is authenticated.

If at least one of the user subscription state and the user occupation state of the mobile terminal 200 is authenticated, the application operating module 100 may access the mobile terminal 200 through the at least one communication network, And the wireless terminal 200 processes the application so that the validity of the application is authenticated in conjunction with the application operating module 100 (430).

If the validity of the application is authenticated, the application operating module 100 may perform a unique authentication based on the information input from the user or the information identified in the application validity authentication process in the membership registration / authentication process and the application validity authentication process And maps it to the application 215 (435).

FIG. 5 is a diagram illustrating a process of mapping a payment identification number to be dynamically determined through an application 215 and a payment means of a user according to an embodiment of the present invention.

In more detail, FIG. 5 identifies a first service provider selected through a user terminal 150 and transmits the selected application to the application selected by the payment means issued by the financial institution corresponding to the first service provider to the user Referring to FIG. 5, the user terminal 150 outputs (500) an interface for selecting an I-th service provider (500), and the interface I service provider is selected and registered 505. The application operating module 100 recognizes 510 the first service provider registered in the application 215 and transmits the number corresponding to the recognized first service provider After confirming the generation rule and the seed acquisition rule (510), the control unit 400 determines whether the I-service identification value corresponding to the I-th service provider, The wireless terminal 200 processes the acquisition rule to be mapped 515 on the application 215 of the wireless terminal 200 and the wireless terminal 200 associates the acquisition rule with the application service module 100 And the seed acquisition rule (520), and downloads the number generation module (299) to which one or more rules of the number generation rule and the seed acquisition rule are applied according to the execution method, and interworks with the application (215).

If the user payment means information issued by the financial institution corresponding to the I-th service provider is input by the wireless terminal 200 (525a) according to an embodiment of the present invention, the user wireless terminal 200 transmits at least one (530) a one-time security key for forming a secure channel with the application operating module (100) through the communication network of the application operating module (100), encrypts and transmits the inputted user's payment means information through the secure channel (535a) The application operating module 100 receives and decrypts the encrypted payment means information from the wireless terminal 200 and confirms a unique identification value corresponding to a medium that maps the payment identification number and the user payment means information 540). The unique identification value may be input (or determined) together with the payment means information and received from the wireless terminal 200, or may be automatically determined.

If the user payment unit information issued by the financial institution corresponding to the service provider is input and transmitted by the user terminal 150 according to another embodiment of the present invention x25b) Receives the payment means information from the user terminal 150, and confirms the unique identification value corresponding to the medium for mapping the payment identification number and the user payment means information (540). The unique identification value may be input together with the payment means information to be received from the user terminal 150 or may be automatically determined by identifying the user wireless terminal 200.

The application operating module 100 authenticates 545 the payment means issued by the payment means to the authenticated user through the user information corresponding to the identified unique identification value and the payment means information. If the issuer of the payment means is authenticated, the application operating module 100 assigns the number authentication rule for authenticating the disposable number that determines the payment identification number determined through the application 215 to the unique identification value (550 ) And maps the payment identification number to be dynamically determined 555 to the user's payment means and the application 215 using the unique identification value given with the number authentication rule as an intermediary.

FIG. 6 is a diagram illustrating a process of mapping a settlement identification number to be dynamically determined through an application 215 and a payment means of a user according to another embodiment of the present invention.

In more detail, FIG. 6 illustrates a payment unit that is issued by a financial institution corresponding to the first service provider, recognizing a first service provider selected through an application 215 provided in a user's wireless terminal 200, Referring to FIG. 6, an application 215 included in a user's wireless terminal 200 interfaces with an interface 215 for selecting a service provider of the first service provider The application operating module 100 recognizes the I-service provider registered in the application 215 and registers 610 in the application 215. In step 610, (610) a number generation rule and a seed acquisition rule corresponding to the recognized I-service provider, (Step 615) the wireless terminal 200 to map the value, the identified number generation rule, and the seed acquisition rule to the application 215 of the wireless terminal 200, (620) and downloads the number generation module 299 to which one or more of the number generation rules and the seed acquisition rules are applied according to the execution method, (Step 625).

If the user payment means information issued by the financial institution corresponding to the I-th service provider is input (630) to the application 215 of the wireless terminal 200, the user wireless terminal 200 intervenes in at least one communication network (S625), and transmits the encrypted user payment information to the application operating module 100. The user operation module 100 encrypts and transmits the input user payment method information through the secure channel (640) after agreeing a one-time security key for forming a secure channel (100) receives and decrypts the encrypted payment means information from the wireless terminal (200), and confirms a unique identification value corresponding to a medium that maps the payment identification number and the user payment means information (645). The unique identification value may be input (or determined) together with the payment means information and received from the wireless terminal 200, or may be automatically determined.

The application operating module 100 authenticates (650) whether the payment means is a payment means issued to the authenticated user through the user information corresponding to the identified unique identification value and the payment means information. If the issuer of the payment means is authenticated, the application operating module 100 assigns the number authentication rule for authenticating the disposable number that determines the payment identification number determined through the application 215 to the unique identification value (655 ) And maps the settlement identification number to be dynamically determined through the application 215 to the user's payment means using the unique identification value given with the number authentication rule as an intermediary (660).

FIG. 7 illustrates a process of dynamically determining a payment identification number through an application 215 according to an embodiment of the present invention.

In more detail, FIG. 7 shows an example of a case where an i-th service provider among I service providers is selected through an application 215 included in the user wireless terminal 200, After the j number generation rule is determined, k seed values to be substituted in the j number generation rule among the K seed values obtainable through the at least one resource provided in the wireless terminal 200 are acquired, 7, a payment request server 165 or a payment terminal 170 receives a payment request from an application (not shown) of the mobile terminal 200, The payment control module 130 requests payment using the settlement identification number dynamically determined through the settlement control module 215 or provides payment information 705 to the settlement control module 130 The mobile terminal 200 recognizes the settlement using the settlement identification number from the mobile terminal 200 in step 710 and confirms the mobile terminal 200 of the user on which the application 215 is installed in step 715. Then, (720). If the application 215 is not running, the payment control module 130 processes the application 215 to be driven (725).

The application 215 of the wireless terminal 200 receives and outputs the payment information from at least one of the payment control information, the payment request server 165 and the payment terminal 170 (730).

The application 215 of the wireless terminal 200 outputs (735) an interface for selecting an i-th service provider among I service providers, and when a first I service provider among the I service providers is selected through the interface (745) determining a j number generation rule corresponding to the i &lt; th &gt; service provider among the J number generation rules, In step 750, k seed values to be substituted into the j number generation rule are obtained (750), and some of the seed values can be obtained through the communication resources of the wireless terminal 200 (750).

If the k seed values are acquired through at least one resource included in the wireless terminal 200, the application 215 of the wireless terminal 200 generates a j-th number corresponding to the selected i-th service provider (755) an N-digit disposable number by substituting the acquired k seed values into the rule, and outputs the disposable number to determine a payment identification number to be dynamically mapped with the payment means (760).

FIG. 8 is a flowchart illustrating a process for performing a payment approval procedure through a payment means mapped with a payment identification number according to an embodiment of the present invention.

FIG. 8 shows a process for allowing a payment approval procedure to be performed through a payment means dynamically mapped to a payment identification number received from a user wireless terminal 200 that has determined the payment identification number. Referring to FIG. 8 The application 215 of the wireless terminal 200 determines the payment identification number through the disposable number generated through the process shown in FIG. 7 (800) and transmits the payment identification number to the payment control module (805) a security key for forming a secure channel for securely transmitting and receiving a settlement identification number with the settlement identification number (130), encrypts the settlement identification number through the agreed disposable security key, To module 130 (810).

The payment control module 130 receives the encrypted payment identification number through the secure channel, and decrypts the payment identification number using the agreed-upon one-time security key (815). The application 215 receives the unique identification value corresponding to the medium for mapping the payment identification number and the user payment means, encrypts the same with the payment identification number, and transmits the encrypted identification number to the payment control module 130. In this case, The decrypted unique identification value is checked (820). Meanwhile, the unique identification value may be automatically determined by identifying the wireless terminal 200 that transmitted the payment identification number. In this case, the payment control module 130 checks the automatically determined unique identification value (820).

The payment control module 130 generates a verification number matching the disposable number corresponding to the payment identification number through the number authentication rule assigned to the unique identification value and then compares the generated verification number with the disposable number And the payment identification number is authenticated (825). Alternatively, the payment control module 130 may provide the disposable number to the number authentication server 155 through the number authentication rule to authenticate the payment identification number (825).

If the payment identification number is not authenticated, the payment control module 130 outputs the payment method error information to the application 215 (830). Here, the payment method error information is not a payment approval error, but error information indicating that the payment means mapped with the payment identification number can not be identified. On the other hand, if the payment identification number is authenticated, the payment control module 130 identifies the user payment means mapped with the authenticated payment identification number using the unique identification value as an intermediary (835) (840) so that the payment approval procedure is performed through the means.

FIG. 9 is a flowchart illustrating a process for performing a payment approval procedure through a payment means mapped with a payment identification number according to another embodiment of the present invention.

9 is a flowchart illustrating a payment approval process performed through a payment means dynamically mapped with a payment identification number received from the user terminal 150 or the payment terminal 170 in addition to the user wireless terminal 200 determining the payment identification number Referring to FIG. 9, the user terminal 150 or the payment terminal 170 receives the payment identification number output through the process shown in FIG. 7 or receives the payment identification And receives a unique identification value corresponding to a medium for dynamic mapping between the payment identification number and the user payment means 900 and transmits the unique identification value to the payment control module 130 in operation 905.

The payment control module 130 receives the payment identification number and the unique identification value (910). Generates a verification number matching the disposable number corresponding to the payment identification number through the number authentication rule assigned to the unique identification value, and then verifies the payment identification number by comparing the generated verification number with the disposable number (915). Alternatively, the payment control module 130 may provide the disposable number to the number authentication server 155 through the number authentication rule to authenticate the payment identification number (915).

If the payment identification number is not authenticated, the payment control module 130 outputs payment method error information to the application 215 (920). On the other hand, if the payment identification number is authenticated, the payment control module 130 identifies the user payment means mapped with the authenticated payment identification number using the unique identification value as an intermediary (925) (930) so that the payment approval process is performed.

100: application operating module 102: member registration / authentication unit
104: identification value determination unit 106: wireless terminal authentication unit
108: application authentication unit 110:
112: payment identification number mapping unit 114: service provider identification unit
116: Rule agreement section 118: No number authentication rule provision
120: storage medium 130: payment control module
132: settlement recognition unit 143: secure channel formation unit
136: Seed value processor 138: Payment identification number receiver
140: payment identification number authentication unit 142:
144: settlement procedure performing unit 150:
155: number authentication server 160: financial institution server
165: payment request server 170: payment terminal
175: program providing server 200: wireless terminal
215: application 220: member registration / authentication unit
225: application authentication unit 230: service provider registration unit
235: rule mapping unit 240:
245: payment means input unit 250: mapping request unit
255: payment information output unit 260: service provider selection unit
265: number generation rule determination unit 270: seed value acquisition unit
275: number generating unit 280: number output unit
285: Secure channel forming unit 290: Number input unit
295: number transmission unit 299: number generation module

Claims (5)

CLAIMS What is claimed is: 1. A method implemented by a wireless terminal having a processor and storage resources and having a communication network capable of multiple connections to a data network for a telephone network and Internet connection for telephone calls or message exchanges,
The method comprises:
Wherein the mobile terminal is connected to a designated server through a plurality of interworking between a telephone network and a data network through the communication resource based on the information allocated to the wireless terminal based on the telephone network, The wireless terminal may perform an authentication process to authenticate the validity of the application installed in the wireless terminal, and during the authentication process, using at least one information confirmed through the server or the wireless terminal, A first step of identifying a unique identification value automatically determined not to be valid; And
When the validity of the application is authenticated through an authentication process in which the phone network and the data network are interlinked, the authenticated app maps and stores the payment method information of the user and the identified unique identification value in a storage medium designated by the server The settlement identification number to be determined by using the one-time use number to be dynamically generated through the application identified through the unique identification value is used as the mediator for the unique identification value and the payment means information of the user stored in the storage medium To be used as a means for extracting the data.
2. The method of claim 1,
And a value for uniquely identifying a combination of the mobile terminal and the app actually joined to the communication company.
2. The method according to claim 1,
Further comprising the step of the application storing the unique identification value in a designated storage area of the storage resource.
The method according to claim 1,
Upon payment using the app,
A third step of causing the app to generate N (N &gt; = 1) disposable numbers according to a designated number generation rule and to determine a payment identification number of the designated number system using the disposable number;
And transmitting the determined payment identification number and a unique identification value that uniquely identifies the app through the communication resource of the wireless terminal, by the app.
5. The method of claim 4,
Upon payment using the app,
Further comprising the step of the i-th service provider providing the payment service using the unique identification value among the I (I? 1) service providers as the medium,
Wherein the third step comprises generating a disposable number corresponding to the i-th service provider and determining a payment identification number of the designated number system using the disposable number.

Images