KR20200134885A - The Method of Convenient and Safe Payment Order Processing utilizing Master password and etc. - Google Patents

Abstract

The present invention relates to a convenient and safe payment order processing method using a master password or the like. The method is executed in a predetermined user terminal capable of communicating with a predetermined payment server by using a predetermined communication network, and comprises the steps of: inputting a master password of a ″user who is the owner of the user terminal″; searching for an ″encrypted disposable seed, a payment account number, and an encrypted secret key″ in a predetermined DB; decrypting the ″encrypted secret key″ with the input master password; decrypting the ″encrypted disposable seed″ with the decrypted secret key; and calculating a predetermined OTP by using the decrypted disposable seed. According to the present invention, the inconvenience of a large amount of manual work can be reduced.

Description

The Method of Convenient and Safe Payment Order Processing utilizing Master password and etc.}

The present invention relates to a self-authentication technology and a billing technology.

In the process of processing a remittance that a user directs to a payment institution (e.g., a bank) in which his or her payment account is opened using the Internet or mobile phone (hereinafter, “Conventional Direct Order Electronic Transaction Personal Authentication Method”) Is composed of the following three processes. First,'electronic transaction login ID and electronic transaction login password, payment account number and payment account password' registered by the user at the payment institution are transmitted to the payment institution, corresponding to the'electronic transaction login ID and payment account number'. It is a recognition information verification process that verifies the'e-transaction login password and payment account password', which are estimated to be recognized only by the user who does. Second, it is a medium possession verification process in which the OTP calculated using the'OTP generation seed stored in the OTP generator estimated to be possessed by the user' is transmitted to a payment institution for verification. Third, the remittance instruction information transmitted by the user can be activated only by presenting a password presumed to be recognized by the user, and an electronic signature created using a public certificate presumed to be owned by the user is the remittance instruction information. A person who claims that the payment institution's burden of proof of the authenticity of the remittance order information is exempted from the payment institution's burden of proof of the authenticity of the remittance instruction information by matching it to the payment institution. It is the process of waiving the liability for legal verification.

The “conventional direct-instruction electronic transaction personal authentication method” satisfies the Two-Factors-Authentication idea because it composes both the identification information verification process and the identification information verification process. In addition, it is a safe method from the standpoint of payment institutions as the payment institution's burden of proving whether or not the remittance order information is authentic is exempted by the electronic signature method.

However, the "conventional direct-instruction electronic transaction personal authentication method" faces two problems.

First, it is “the risk of invalidation of the legally illegal prevention process”. Recently, amendments to the Digital Signature Act are being promoted toward abolishing the presumptive power of the public certificate.If the above amendment becomes a reality, the payment institution will bear the responsibility of proving the remittance application if the user denies the remittance application. Will occur.

Second, from the user's point of view, the'electronic transaction login ID, electronic transaction login password, payment account number, and payment account password' must be manually input, and the OTP generator is manually started, and'OTP output by the OTP generator' It is necessary to manually input and manually select the user's accredited certificate and manually enter the accredited certificate password, resulting in a lot of inconvenience (hereinafter referred to as "many manual labor").

As a method to reduce the inconvenience of large amounts of manual work, a method in which a user requests a payment ordering agency to act as a'payment order in front of their payment institution' using a simple remittance app issued by a payment ordering agency (hereinafter referred to as “conventional simple payment ordering agency. Method”) has been suggested.

The user authentication method in the conventional simple payment instruction agency method consists of the following two processes to simplify the user's experience. First, if the user selects the'app issued by the payment ordering agency' and manually enters the'payment ordering agency use password registered with the payment ordering agency', the user'pre-stored in the application' will enter the payment ordering agency. This is a process for verifying payment instruction agent recognition information by searching for'registered payment instruction agent login ID' and sending the payment instruction agent login ID and the payment instruction agent usage password to the payment instruction agent for verification. Second, for the payment order that has successfully completed the payment ordering agency recognition information verification process, the payment ordering agency will refer to the'payment bank matched with the payment ordering agency login ID' and'payment account matching the payment ordering agency login ID. It is a payment order agency guarantee process that transmits the'number', acts on behalf of the user's payment order, and says that he or she will be responsible for the payment order agency.

However, in the case of the above conventional simple payment ordering method, the payment ordering agency executives and staff intentionally falsified the user's instructions, or the payment ordering agency's system, which has a relatively small security investment than the settlement bank, was hacked, and the payment order is different from the user's intention. There is a risk that an agent may be acted on behalf of (hereinafter referred to as “agent forgery risk”).

In addition, since the risk of forgery and alteration of the agency cannot be ignored, the settlement bank limits the remittance limit that can be processed by the conventional simple payment instruction method to a small amount. Therefore, in the conventional simple payment order agency method, there is an inconvenience in which the remittance limit is limited to a small amount (hereinafter referred to as “remittance limit limitation inconvenience”).

Meanwhile, in the case of the conventional simple payment ordering method, the payment ordering agent provides at least one of the user's payment account number, phone number, e-mail address, and'CI given by matching one-on-one with an individual's real name by a credit rating company'. Keep it. However, the DB in which the personal information of the user is matched with the user's'payment account number, phone number, e-mail address, and CI' is scattered in many places besides the DB operated by the payment order agency. However, recently, regulatory reform is being promoted in the direction of expanding the scope of use in industries by pseudonymizing personal information (refer to the announcement of ``Introduction Plan for My Data Industry in Finance'' on July 19, 2018). If the use of the personal information DB matched with the'payment account number, phone number, e-mail address, and CI', which can be used as the user's pseudonym identification information, is permitted, the personal information DB If'at least one of payment account number, phone number, e-mail address, and CI' is used as a combination key, the payment order agency matches and accumulates the above'payment account number, phone number, e-mail address, and at least one of CI'. It can be combined with the transaction information DB of the user to be used, and through the combination of personal information as described above, it is possible to estimate who the individual matched with the'payment account number, phone number, e-mail address, and at least one of CI' There is a problem (hereinafter referred to as “the pseudonymized personal information recombination problem”).

The object of the present invention is the “risk of invalidation of the legal non-repudiation prevention process” and “a lot of money” and It is to suggest a way to reduce manual inconvenience, but also to reduce the “agent forgery risk”, “uncomfortable remittance limit” and “pseudonymized personal information recombination problem” faced by the “conventional simple mail payment method”. .

An embodiment of a method according to a feature of the present invention for solving this technical problem, the user inputs the remittance amount and the user's master password to a user terminal; In the confidential information DB, search for the payment institution identification information of the record in which “payment” is stored in the usage field, and the'electronic transaction of the record in which the above payment institution identification information and “login” are stored in the'use ID field and usage field', respectively. Search for'Login ID, Encrypted Electronic Transaction Login Password and Encrypted One-Time Seed', and'Payment Account Number and Encrypted Payment' of the record in which the payment institution identification information and "payment" are stored in the'Use ID field and the purpose field', respectively. Searching for'account password' and searching for'encrypted secret key' of the record in which the "digital signature" is stored in the usage field; Decrypting the'encrypted electronic transaction login password, encrypted payment account password and encrypted secret key' with a master password, respectively; Decrypting the'encrypted disposable seed' with the secret key; Calculating a fusion OTP by encrypting an electronic transaction login password with a disposable seed and a timestamp; Calculating a second hash value of the payment account password; Creating a remittance application message including the'electronic transaction login ID, payment account number, remittance amount, and secondary hash value of payment account password and fusion OTP' at the user terminal; Calculating a hash value of the remittance application message and creating an electronic signature by encrypting the hash value with a secret key; Transmitting'the remittance request message with the electronic signature attached' from the user terminal to the payment server; Searching the'password hash value, disposable seed and public key' matched with'electronic transaction login ID included in the remittance application message' in the customer DB of the payment server; Calculating an electronic transaction login password by decrypting the'fusion OTP included in the received remittance application message' using the'searched disposable seed' and the timestamp; Matching the hash value of the electronic transaction login password with the'searched, hash value of the password'; Search the'account password hash value' matched with the'payment account number included in the received remittance application message' in the account DB, and the hash value of the'account password hash value' is the second hash value of the account password Calculating as; Comparing the'second hash value of the payment account password included in the received remittance application message' with'the second hash value of the calculated account password'; Decrypting the'received electronic signature' with the'retrieved public key', calculating a hash value of the'received remittance application message' and comparing it with the'decrypted electronic signature'; Matching a predetermined transaction data serial number in the transaction data DB of the payment server and storing'received, remittance application message and electronic signature'; Randomly calculating a one-time seed to be used in the future, and updating the one-time seed matched with the “electronic transaction login ID included in the remittance application message” in the customer DB to the “one-time seed to be used in the future”; Encrypting the'disposable seed to be used in the future' with the public key; Transmitting a predetermined remittance completion response and an “encrypted disposable seed” to a user terminal; Search payment institution identification information of the record in which “payment” is stored in the usage field in the confidential information DB of the user terminal, and one-time seed of the record in which the payment institution identification information and “login” are stored in the'use ID field and usage field', respectively Updating a field value to'the received, encrypted disposable seed'; Extracting the remittance request message and the electronic signature from a payment server according to a predetermined block generation cycle, and calculating a root hash value with the'one or more other remittance request message and electronic signatures extracted together'; Creating a predetermined block header including the hash value of the'block header corresponding to the previous block generation cycle' and the root hash value in the payment server; Sharing, by a payment server, the block header to a blockchain network in a predetermined method; One of the nodes constituting the blockchain network calculates the root hash value of'information including the block header', and the'hash value of the public block header generated in the previous public block creation cycle' and the root Creating a predetermined public block header including a hash value; Transmitting, by the node, the public block header to'own peer nodes participating in the public block chain network' as'public block headers corresponding to the block generation cycle'; Includes.

According to the above embodiment, first, it is convenient that the user's manual work range is the same as in the “conventional simple mail payment instruction agency method”. This is because the'electronic transaction login ID, e-transaction login password, payment account number, and payment account password' that were manually entered in the “Conventional Direct Instruction Electronic Transaction Personal Authentication Method” are automatically calculated. As a result, only one master password remains for the user's manual authentication information. The advantage is the same as that in the “Conventional Simple Mail Payment Order Agency Method”, the user's hand-input personal authentication information is one password for payment order agency use. In other words, the “many manual work inconvenience” faced by the “conventional direct-instruction electronic transaction personal authentication method” is reduced to the level that the “conventional simple payment order agency method” faces.

Second, while reducing the “risk of invalidation of the legal non-repudiation prevention process” faced by the “conventional direct-instruction electronic transaction personal authentication method”, the “agent forgery and alteration risk” and “remittance limit” faced by the “conventional simple payment ordering method” Restrictions and inconveniences” can be reduced.

In the embodiment of the present invention, the “electronic transaction login ID and payment account number” transmitted by the user, which was applied to the “conventional direct instruction electronic transaction personal authentication method”, is estimated to be recognized only by the user. The identification information verification process is applied to verify'password and payment account password'.

In addition, the embodiment of the present invention applies a medium possession verification process in which the fusion OTP, which is an OTP calculated using the'OTP generation seed estimated to be possessed by the user', is transmitted to a payment institution for verification. Of course, the method used by the “conventional direct-instruction electronic transaction personal authentication method” stores the OTP generation seed in a'device physically separated from the user's mobile phone and unable to communicate', whereas in the method of the present invention, the user's mobile Since it is stored on the phone, there is a question whether the risk of hacking the seeds for OTP generation increases compared to the “conventional direct-instructed electronic transaction personal authentication method”. However, in that the OTP generation seed used in the “conventional direct instruction electronic transaction person authentication method” is a constant, the OTP generation seed used in the present invention is disposable. The security is higher than the method used by the “personal authentication method”. In addition, since the'disposable seed, which is the OTP generation seed in the embodiment of the present invention', is always stored encrypted with the user's public key, it is not exposed without knowing the user's private key. In addition, the secret key is encrypted and stored as'the user's master password that is only memorized by the user and is not exposed anywhere in the world'. Therefore, even if a hacker hacks the'encrypted disposable seed' stored in the user's mobile phone, it is safe. Even if you take a lot of time to find out by chance, then the useful disposable seed will already have been changed to a different value.

Meanwhile, the root hash value is calculated with information including the'remittance request message and the electronic signature written with the user's secret key' transmitted by the user, and includes the'block header including the root hash value'. Since the public block including the root hash value of the block headers is distributed and stored in the public blockchain network, if the'remittance request message or electronic signature transmitted by the user is altered', the public block stored in the public blockchain network is distributed. It conflicts with the'root hash value of block headers' included in the block. Therefore, if the'remittance application message and electronic signature' stored by the payment institution does not conflict with the'root hash value of block headers included in the public block', the remittance application message and electronic signature It is technically proven that the signature has not been tampered with. If'the hash value of the remittance application message that has not been tampered with' and the'digital signature that has not been tampered with' are matched by comparing the decrypted value with the user's public key,'the above has not been altered' This proven remittance application message' is technically proven to be written by the above user. If it is proved as described above, it is assumed that the remittance application message is written by the user unless the user separately proves that there is an error in the verification. In other words, the same effect as the legal verification liability exemption effect of the accredited certificate that was guaranteed by the Digital Signature Act occurs.

As described above, if the effect of exemption from legal verification liability enjoyed by the “conventional method of personal authentication for electronic transactions in direct order” while applying the recognition information verification process and the media possession verification process applied by the “conventional direct instruction electronic transaction personal authentication method”, the above The “agent forgery and alteration risk” faced by the embodiments of the present invention is reduced to the level encountered by the “conventional direct-instruction electronic transaction personal authentication method”.

In this case, it is possible to allow the remittance limit to the level allowed by the “conventional direct-instructed electronic transaction personal authentication method”. Therefore, second, the “convenient remittance limit restrictions” faced by the “conventional simple mail payment ordering method” is also reduced to the level that the “conventional direct order electronic transaction personal authentication method” faces.

Third, reduce the “pseudonymized personal information recombination problem” faced by the “conventional simple mail payment order agency method”. According to the embodiment of the present invention, the "inconvenient large amount of manual work" faced by the "conventional direct-instruction electronic transaction personal authentication method" is reduced to the level encountered by the "conventional simple payment ordering method". Therefore, there is no need to ask the payment order agency to act as a payment order agent, and you can directly order payment to the payment institution.

And for any purpose, even if it is necessary to request a payment order agency to act as a payment order agent, as illustrated in FIG. 5, the payment order agency has a specific user,'a specific payment order agency that the user transacts,' and'the user If the specific payment ordering agency identifies the user with a dedicated shared pseudonym ID, which is'the user identification information of the pseudonym' that is shared only between the payment institution registered as its own payment institution, the “conventional simple mail payment ordering agency method” is encountered. The “pseudonymized personal information recombination problem” is also reduced. Since the exclusive shared pseudonym ID is information used as identification information of the user only between the user, the payment institution and the payment requesting agency, the payment requesting agency matches the user's exclusive shared pseudonym ID and accumulates This is because the transaction information DB and the personal information of the user stored by a subject other than the payment ordering agency cannot be combined. Therefore, the “pseudonymized personal information recombination problem”, which is a problem in which it is possible to estimate who the individual matched with the dedicated shared pseudonym ID, is reduced.

1 is a block diagram of an apparatus for implementing a simple and safe payment instruction processing method using a master password or the like according to an embodiment of the present invention.
Figure 2 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., an operation in which a user of the present invention processes a remittance ordered directly to a payment institution in which his or her payment account is opened. It is a figure explaining.
3 is a diagram illustrating an operation of processing a remittance requested by a user of the present invention to a payment instruction agency used by a user of the present invention in a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc. to be.
Figure 4 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., an operation in which a user of the present invention directly instructs a payment institution in which his or her payment account is opened is performed. It is a figure explaining an example.
5 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., explaining an embodiment of an operation of processing a payment requested by a user of the present invention to a payment instruction agency used by the user of the present invention It is a drawing.
6 is a diagram illustrating an operation of distributing and storing a message required to prevent non-repudiation received by each subject in a blockchain network in a preferred embodiment of a method for processing a simple and safe payment instruction using a master password of the present invention. .

Hereinafter, the present invention will be described in detail through preferred embodiments described with reference to the accompanying drawings.

The embodiments of the present invention may be variously changed without departing from the spirit and scope of the present invention. The detailed description to be described below is not intended to limit the present invention, and terms used in the detailed description are selected for readability or convenience of description.

In addition, the term "affiliated store server" referred to in this specification collectively refers to a computing device used by the affiliated store to process the Daegeum-jeong industrial affairs regardless of server payment. Accordingly, both a large-capacity settlement system operated by a large affiliated store and a POS terminal operated by a small affiliated store may be exemplary embodiments of the affiliated store server.

In addition, the "payment institution" cited in this specification means an institution that has opened a payment account to a user. Accordingly, under the Banking Act, a bank or a business operator who runs the'Comprehensive Payment and Settlement Business (tentative name) specified in a press release jointly released by relevant ministries such as the Financial Services Commission on February 25, 2019' can be an example of the payment institution. have.

In addition, the "payment server" referred to in this specification means a computer system operated by a payment institution to process'withdrawal directed by the user' in the'payment account opened by the user'.

In addition, the "payment account" referred to in the present specification means a predetermined account characterized in that one or more of a remittance payment and a commercial transaction payment can be withdrawn and settled. Accordingly, the bank request deposit account may be an embodiment of the payment account.

In addition, the "root hash value" as referred to herein refers to a hash value in which hash values of a plurality of pieces of information are compressed into a Merkle tree structure or other predetermined structure.

In addition, the term "my data business operator" cited in this specification means a person who conducts the business of "inquiring his or her information" on behalf of the user. Accordingly, a person who runs'my data industry specified in the press release released by the Financial Services Commission on July 18, 2018' may be an embodiment of the my data business.

In addition, the term “my data server” cited in this specification refers to a computer system operated by a my data service provider to process “a task provided to a user by inquiring the user's information from an organization that the user deals with”.

In addition, the term “exclusive shared pseudonym ID” cited in this specification is shared only between a specific user and a'specific payment order agency that the user transacts with' and'a payment institution registered by the user as his or her payment institution with the specific payment order agency'. It means'the user identification information with a pseudonym'. Therefore, if the user serial number assigned by the specific payment instruction agency to identify the user is shared by the user and the payment institution as information for identifying the user, the serial number can be an embodiment of the exclusive shared pseudonym ID. have. On the other hand, pseudonym identification information that can be used by not only the three subjects but also other subjects to identify the user (e.g., the real name payment account number opened by the user in the payment account, the user's e-mail address, the user's A phone number, a CI that is matched 1:1 with the user's resident number by a specific credit rating agency, cannot be the exclusive shared pseudonym ID.)

In addition, “e-transaction login” as referred to in this specification means that a user accesses a payment server, a payment instruction server, and one or more of the servers that provide services using a mobile phone or internet terminal. Means to do.

In addition, the "payment instructions" cited in this specification means the instructions in front of the "payment institution" regarding the user's "payment before remittance or commercial transaction".

In addition, the term "payment ordering agency" cited in this specification means a person who conducts a business of "payment ordering" on behalf of a user. Therefore, a business operator running the'payment instruction service business (tentative name) specified in the press release announced jointly by related ministries such as the Financial Services Commission on February 25, 2019' may be an example of the payment instruction agency.

In addition, the "payment order agency server" cited in this specification refers to a computer system operated by a payment ordering agency to handle the work of acting on behalf of a'payment order requested by a user'.

In addition, the term "certification agency" as cited in this specification means an agency that proves that users and businesses have registered a predetermined public key. The payment institution may also serve as the above certification authority.

In addition, the term "public blockchain network" cited in this specification means a blockchain network that can participate without limitation if only a predetermined system is provided.

In addition, the term “peer node” cited in this specification refers to a specific node, from the point of view of a specific node, in order to propagate the'blocks created by itself' in a predetermined block chain network to which it belongs, among nodes constituting the block chain network. It means the other node that is being saved.

In addition, the “OO box” cited in the present specification is an area in which information indicating “OO” is displayed among the screen areas output to the output unit of the trader terminal of the present invention, and is referred to as'an operation such as touching or clicking the area'. Refers to the area configured to input information for selecting “OO Box”. Therefore, an icon area configured to input information for selecting an OO app, a menu area configured to input information for selecting “OO”, a box area, a button area, etc. are examples of the “OO box”. I can.

In addition, in the present specification, “selecting OO” means that the user inputs information for selecting the “OO” by touching or clicking the area in which “OO” is displayed among the areas displayed on the output unit of the trader terminal. Means to do.

The term “input OO” referred to in the specification collectively refers to an operation of entering “OO” in a predetermined input box and an operation of selecting an “OO box” from among predetermined boxes.

Hereinafter, a simple and safe payment instruction processing method using a master password will be described.

1 is a block diagram of an apparatus for implementing a simple and safe payment instruction processing method using a master password or the like according to an embodiment of the present invention.

The authentication server 100 communicates with at least one of the payment server 300, the payment instruction agent server 400, and the user terminal 200 using a predetermined communication network, and the operator public key DB 130 and a block header It includes the DB 140 and the public distributed ledger 150 as components.

The operator public key DB 130 includes an operator identification information field and a public key field. According to an additional aspect of the present invention,'a plurality of business identification information including one or more payment institution identification information and one or more payment instruction agency identification information' is stored and updated in the business identification information field, and the business identification information is In the public key field of the stored record, the'public key of the operator corresponding to the operator identification information' is stored and updated.

In the block header DB 140, one or more'block header creator identification information and block header serial number' are stored by matching predetermined block generation period identification information, and each of the'block header creator identification information and block header serial number' is stored. By matching,'a block header created by the subject corresponding to the block header creator identification information by matching with the block generation period identification information','the electronic signature written by the subject for the block header' and'the subject's public key' Is saved.

In the public distributed ledger 150, a'public block including a public block header' is stored in accordance with predetermined block generation period identification information. According to an additional aspect of the present invention, the block generation period identification information is a predetermined serial number, and successive public blocks according to the serial number form a continuous chain form.

The user terminal 200 uses at least one of the authentication server 100, the payment server 300, the payment instruction agent server 400, the affiliated store server 500, and the my data server 600 using a predetermined communication network. In communication, an input unit (not shown) and an output unit (not shown) are configured, and an authentication app 210 is installed.

The authentication app 210 includes a secret information DB 211, a friend DB 212, and a business public key DB 213 as components.

The secret information DB 211 includes a destination ID field, a usage field, a user ID field, a password field, and a one-time seed field. According to an additional aspect of the present invention, the authentication app 210 in a state in which'information identifying the purpose of the digital signature' (hereinafter referred to as "digital signature") is stored in the usage field of a specific record (eg, the first record). It is installed in this user terminal 200.

The friend DB 212 includes a friend alias field, a recipient financial institution identification information field, a recipient account number field, a recipient country identification information field, an English name field, an English address field, a telephone number field, and a remittance reason identification information field.

The operator public key DB 213 includes an operator identification information field and a public key field. According to an additional aspect of the present invention,'a plurality of business identification information including one or more payment institution identification information and one or more payment instruction agency identification information' is stored in the business identification information field of the business public key DB 213, and , The authentication app 210 is installed in the user terminal 200 while the'public key of the operator corresponding to the operator identification information' is stored in the public key field matched with the respective operator identification information.

Payment server 300 is one or more of the authentication server 100, one or more user terminals 200, payment instruction agent server 400, affiliated store server 500, and my data server 600 by using a predetermined communication network. It communicates with, and includes a customer DB 310, a transaction data DB 320, an account DB 330, a block header DB 340, and an affiliate store DB 350 as components.

The customer DB 310 includes an electronic transaction login ID field, an electronic transaction login password field, a disposable seed field, a public key field, and'dedicated shared alias ID fields each matched to one or more payment instruction agency identification information'. According to an additional aspect of the present invention, in the electronic transaction login password field, a hash value of'the electronic transaction login password registered by each user with a payment institution' is stored.

The transaction data DB 320 is matched with a predetermined transaction data serial number, and'remittance request message received by the payment server 300, requiring non-repudiation,' and'electronic signature matched to the remittance request message' and block verification are completed. Can store identification information.

The account DB 330 includes an account number field and an account password field. According to an additional aspect of the present invention, a hash value of'account password registered by each user with a payment institution' is stored in the account password field.

The block header DB 340 includes predetermined block generation cycle identification information by matching a block header serial number,'a block header created by the payment server 300 by matching the block generation cycle identification information' and'included in the block header. A list of transaction data serial numbers corresponding to the remittance application message and electronic signature used for calculating the root hash value is stored.

The affiliate store DB 350 includes an affiliate store ID field, a payment institution identification information field, and a settlement account number field.

The payment instruction agency server 400 communicates with at least one of the authentication server 100 and the user terminal (2000 and payment server 300, affiliated store server 500) and my data server 600 using a predetermined communication network. , A customer DB 410, a transaction data DB 420, a business public key DB 430, a block header DB 440, and a transaction DB 450 as components.

The customer DB 410 includes a dedicated shared alias ID field and a password field. According to an additional aspect of the present invention, in the password field, a hash value of'the password registered by each user with the payment requesting agency' is stored.

The transaction data DB 420 is matched with a predetermined transaction data serial number, and received by matching the'remittance completion notification message received by the payment order agent server 400 and requiring non-repudiation' and'the remittance completion notification message. Signature' and block verification completion identification information can be saved.

The operator public key DB 430 includes an operator identification information field and a public key field. According to an additional aspect of the present invention,'a plurality of business identification information including one or more payment institution identification information and one or more payment instruction agency identification information' is stored and updated in the business identification information field, and the business identification information is In the public key field of the stored record, the'public key of the operator corresponding to the operator identification information' is stored and updated.

In the block header DB 440, a predetermined block generation cycle identification information is matched with a block header serial number, and a block header created by the payment instruction agent server 400 matching the block generation cycle identification information and the block header A list of transaction data serial numbers corresponding to the remittance completion notification message and electronic signature used to calculate the included root hash value is stored.

The transaction DB 450 includes a transaction ID field and a dedicated shared alias ID field.

The affiliated store server 500 communicates with one or more user terminals 200 using a predetermined communication network, communicates with one or more of the'payment server 300 and the payment order agency server 400', and the sales DB 510 It includes as a component.

The settlement DB 510 includes a transaction ID field, a settlement amount field, a deposit schedule date field, a deposit amount field, a predetermined sales history information field, and a payment completion identification information field. According to an additional aspect of the present invention, the sales detail information field includes a product identification information field, a quantity field, a unit price field, a shipping cost field, and a delivery address field.

The My Data Server 600 matches the ID of the affiliated store that has entered into a contract for a predetermined information collection and processing service with the My Data Server operator in a predetermined payment server, and matches the'payment institution identification information, settlement account identification information, and deposit date. Upon receiving the'taste identification information, deposit amount and summary', the'payment institution identification information, settlement account number, deposit date and time identification information and deposit amount and brief' are transmitted to the affiliate store server 500 matching the affiliate store ID.

Figure 2 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., an operation in which a user of the present invention processes a remittance ordered directly to a payment institution in which his or her payment account is opened. It is a figure explaining.

In step 201, the user selects his or her authentication app 210 for a simple remittance transaction.

In step 202, a friend alias list is output to the user terminal 200.

In step 203, the user selects a specific friend alias from the “printed friend alias list” as a recipient alias using an input unit (not shown) of the user terminal 200.

In the friend DB 212 configured in the authentication app 210 in step 204, the'recipient financial institution identification information field value and the recipient account number field value and recipient country identification information field value' matched with the'friend alias selected in step 203' Search by'receiving financial institution identification information, recipient account number and recipient country identification information', respectively.

According to an additional aspect of the present invention, when the retrieved recipient country identification information field value is blank or the country identification information of the country where the target bank is located, the domestic remittance process is applied, and in case of other country identification information, the overseas remittance process is applied. If the overseas remittance process is applied, the'recipient's, English name field value, English address field value, phone number field value, and remittance reason identification matched with'friend alias selected in step 203' in the friend DB 212 in step 204 Search more for'information field value'.

According to an additional aspect of the present invention, if the information to be searched for in step 204 is blank, the step 204 includes: outputting an input box for inputting the searched information; Inputting necessary information in each of the input fields by a user; And storing the input information in a corresponding field matched with'the friend alias selected in step 203' in the friend DB 212. Includes.

In step 205, the remittance amount input field and the master password input field are output to the output unit (not shown) of the user terminal 200.

In step 206, the user inputs the remittance amount and the user's master password in each of the input fields using an input unit (not shown) of the user terminal 200.

In step 217, in the secret information DB 211, the'use ID field value' of the record in which information identifying the payment purpose (hereinafter referred to as "payment") is stored in the usage field is searched as payment institution identification information, and the'use ID The'User ID field value, password field value, and one-time seed field value' of the record in which'the payment institution identification information and login purpose identification information (hereinafter referred to as "login") are stored, respectively, in the'field and use field'. Search as'e-transaction login ID and encrypted e-transaction login password and encrypted one-time seed' to be used, and the'user ID field of the record in which the payment institution identification information and'payment' are stored in the'use ID field and usage field', respectively. Search the value and password field value' as the'payment account number and encrypted payment account password' to be used by the payment institution, respectively, and the password field value of the record where the “digital signature” is stored in the usage field as'encrypted secret key' do.

In step 219, the'encrypted electronic transaction login password, the encrypted payment account password and the encrypted secret key' retrieved in step 217 are decrypted respectively with the'master password entered in step 206 (or step 406 in FIG. 4)'.

In step 221, the'encrypted disposable seed retrieved in step 217' is decrypted with the'secret key decrypted in step 219'.

In step 222, a fusion OTP is calculated by encrypting the'e-transaction login password decrypted in step 219' with the'disposable seed decrypted in step 221' and the timestamp.

In step 223, the hash value of the hash value of'the payment account password decrypted in step 219' is calculated as the secondary hash value of the payment account password.

In step 225, in the user terminal 200,'recipient financial institution identification information and account number retrieved in step 204','electronic transaction login ID and payment account number retrieved in step 217' and'remittance amount entered in step 206' And'Secondary hash value of the payment account password calculated in step 223' and'Convergence OTP calculated in step 222'.

According to another aspect of the present invention, steps 223-1 and 225-1 below are operated by replacing steps 223 to 225.

In step 223-1, the business public key DB 213 searches for a public key matching'the payment institution identification information retrieved in step 217', and encrypts the'payment account password decrypted in step 219' with the public key.

In step 225-1,'recipient financial institution identification information and account number retrieved in step 204','electronic transaction login ID and payment account number retrieved in step 217','remittance amount entered in step 206' and'step Write a remittance application message including'the payment account password encrypted in step 223-1' and'Converged OTP calculated in step 222'

Meanwhile, according to an additional aspect in step 204, the recipient country identification information is searched in step 204, and the recipient country identification information is not Korea identification information, so the friend DB 212 matches the'friend alias selected in step 203'. If the'English name field value, English address field value, phone number field value, and remittance reason identification information field value' are further searched as'recipient's, English name and English address and phone number and remittance reason identification information', The'recipient's, English name and English address, telephone number, and remittance reason identification information' are further included in the remittance application message created in step 225 (or step 225-1).

In step 226'step 225 (or step 225-1 or step 325 or step 325-1 in Fig. 3 or step 425 or step 425-1 in Fig. 4, or step 525 or step 525-1 in Fig. 5) The hash value of the remittance request message is calculated, and the hash value is encrypted with the'secret key decrypted in step 219 (or step 320 of FIG. 3)' to create an electronic signature of the user for the remittance request message.

In step 227, the authentication app 210 attaches the electronic signature to the remittance request message, and the user terminal 200 sends the payment server 300 matching the'payment institution identification information searched in step 217' to'the electronic signature. Send this attached'Songan Remittance Application Message'.

Upon receiving the'remittance request message and electronic signature' transmitted in step 227 from the payment server 300 in step 229, the customer DB 310'e-transaction login ID and payment account number included in the remittance request message Search for'password hash value, disposable seed and public key' that match one or more of'.

In step 230, the payment server 300 decrypts the "fusion OTP included in the remittance request message received in step 229" with the "disposable seed retrieved in step 229" and the timestamp to calculate the electronic transaction login password.

In step 231, the payment server 300 calculates a hash value of'the electronic transaction login password decrypted in step 230'.

In step 232, the payment server 300 collates the'hash value calculated in step 231' with'the hash value of the password retrieved in step 229'.

If the matching result of step 232 matches, step 233 is operated.

In step 233, the account DB 330 of the payment server 300 searches for the'account password hash value' matched with the'payment account number included in the remittance request message received in step 229', and the'account password' The hash value of'hash value' is calculated as the second hash value of the account password.

In step 234, the payment server 300 compares the "second hash value of the payment account password included in the remittance application message received in step 229" with the "second hash value of the calculated account password".

According to another aspect of the present invention in which steps 223-1 and 225-1 are operated by replacing steps 223 to 225, steps 233-1 and 234-1 below are replaced with steps 233 to 234. It works.

In step 233-1, the payment server 300 decrypts the'encrypted payment account password included in the remittance request message received in step 229' with the secret key of the payment institution, and calculates a hash value of the decrypted payment account password.

In step 234-1, the account DB 330 searches for the'account password hash value' matched with the'payment account number included in the remittance application message received in step 229', and'the payment account calculated in step 233-1. The hash value of the password' and the searched'hash value of the account password' are compared.

In step 235, the payment server 300 decrypts the "digital signature received in step 229" with the "public key retrieved in step 229".

In step 236, the payment server 300 calculates the hash value of the "remittance request message received in step 229" and compares it with the "digital signature decrypted in step 235".

Step 237 is activated if both of the contrasts in steps 232 and 234 (or step 234-1) and 236 are positive.

In step 237, the payment server 300 matches a predetermined transaction data serial number in the transaction data DB 320 to store the'remittance request message and electronic signature received in step 229', and'remittance received in step 229' Withdraw the'remittance amount included in the remittance application message' from the account corresponding to the'payment account number included in the remittance application' and send the'remittance above' to a financial institution corresponding to the'recipient financial institution identification information included in the remittance application message' In front of the'receivable account number included in the application message', the necessary operation is performed to apply for the payment of the remittance amount.

According to an additional aspect of the present invention, the recipient financial institution identification information is the identification information of the overseas financial institution, and the remittance request message includes'recipient's, English name and English address, telephone number, and remittance reason identification information'. If there is, in step 237, the'recipient's, English name, English address and phone number' is transmitted to the recipient financial institution, and an operation of requesting'payment of the remittance amount in front of the recipient account number' is performed.

.

In step 238, the payment server 300 randomly calculates a one-time seed to be used in the future, and the one-time seed matched with the'e-transaction login ID included in the remittance request message received in step 229' in the customer DB 310 is said. It is updated to'disposable seeds for future use'.

In step 239, the payment server 300 encrypts the'disposable seed updated in step 238, to be used in the future' with the'public key retrieved in step 229'.

In step 240, the payment server 300 transmits a predetermined remittance completion response and a "disposable seed encrypted in step 239" to the user terminal 200 as a response to "reception in step 229".

When the user terminal 200 receives the'transfer completion response and the encrypted disposable seed' in step 241, in the'use field' in the secret information DB 211 of the authentication app 210 installed in the user terminal 200, “ The payment institution identification information of the record in which “payment” is stored is searched, and the one-time seed field value of the record in which the payment institution identification information and the “login” are stored in the'use ID field and use field', respectively, is'received, encrypted one-time use. Seed'.

3 is a diagram illustrating an operation of processing a remittance requested by a user of the present invention to a payment instruction agency used by a user of the present invention in a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc. to be.

Steps 201 to 217 in FIG. 2 are operated.

In step 318, the'use ID field value, user ID field value, and password field of the record in which'information identifying the payment order agency' (hereinafter referred to as "payment order agent") is stored in the usage field in the secret information DB 211 Value' is searched as'payment ordering agent identification information, exclusive shared alias ID and encrypted payment ordering agent password', and the public key matched with the payment ordering agent identification information in the business public key DB (213) is sent to the payment ordering agency. Search by public key.

Step 219 in FIG. 2 is operated.

In step 320, the "encrypted password for payment instruction agent searched in step 318" with "the master password input in step 206 (or step 406 in FIG. 4)" is decrypted.

Steps 221 to 223 in FIG. 2 are operated.

In step 324, the hash value of the hash value of the'password for payment instruction agent decrypted in step 320' is calculated as the secondary hash value of the password for the payment instruction agent.

In step 325, a transaction ID is generated in the user terminal 200, and the'dedicated shared pseudonym ID retrieved in step 318' is encrypted with the'payment order agency public key retrieved in step 318', and the transaction ID and'the encryption 'Recipient financial institution identification information and account number searched in step 204','remittance amount entered in step 206' and'remittance amount entered in step 206' and'payment ordering agency identification information searched in step 318' , Create a remittance application message including'e-transaction login ID and payment account number','second hash value of the payment account password calculated in step 223' and'fusion OTP calculated in step 222', and the'transaction ID A full text of the application for payment instruction, including the recipient financial institution identification information and recipient account number, the payment institution identification information retrieved in step 217, and the second hash value of the payment instruction agent password calculated in step 324. do.

According to another aspect of the present invention,'step 223-1 of FIG. 2'and step 325-1 below are operated by replacing steps 223 to 325.

In step 325-1, a transaction ID is generated in the user terminal 200, and the'dedicated shared alias ID retrieved in step 318' is encrypted with the'payment order agency public key retrieved in step 318', and the transaction ID and ' The encrypted dedicated shared pseudonym ID','payment ordering agency identification information retrieved in step 318','receiving financial institution identification information and recipient account number retrieved in step 204','remittance amount entered in step 206' and'step 217 Create a remittance application message including the'electronic transaction login ID and payment account number','the payment account password encrypted in step 223-1' and the'fusion OTP calculated in step 222', and Fill out a full payment instruction request message including'receiving financial institution identification information and receiving account number','payment institution identification information retrieved in step 217' and'second hash value of the payment instruction agency password calculated in step 324' .

According to an additional aspect of the present invention, each time step 325 (or step 325-1) is operated, the'payment order agent transaction last serial number of the corresponding date' is retrieved from the payment order agent transaction last serial number storage unit (not shown). Search and create a transaction ID by combining the date on which step 325 (or step 325-1) is operated and the next serial number of the searched'final serial number of the payment order agency transaction of the date', and the payment order agency transaction The last serial number storage unit (not shown) is updated to the'next serial number'.

According to an additional aspect in step 204, the recipient country identification information is searched in step 204, and the recipient country identification information is not Korea identification information, so that the friend DB 212 matches the'friend alias selected in step 203'. If the'English name field value, English address field value, phone number field value, and remittance reason identification information field value' are further searched as'Recipient's, English name and English address and phone number and remittance reason identification information', step 325 (or step 325-1), the remittance request message further includes the'recipient's name, address in English, address, telephone number and reason for remittance identification'.

Steps 226 and 227 in FIG. 2 are operated.

In step 328,'the payment instruction agent request message completed in step 325 (or step 325-1)' is transmitted to the payment instruction agent server 400 matching'the payment instruction agent identification information retrieved in step 318'.

Steps 229 to 241 in FIG. 2 operate.

In step 342, after the'step 240 in FIG. 2'in the payment server 300,'the public key of the payment institution as the creator identification information' and'the payment instruction agency identification information as the recipient identification information, included in the remittance application message' And'transaction ID, recipient financial institution identification information, recipient account number and amount of remittance included in the remittance application message', and a predetermined remittance completion notice message including predetermined remittance completion identification information.

In step 343, a hash value of'the remittance completion notification message created in step 342 (or step 542 in Fig. 5)' is calculated, and the hash value is encrypted with the'payment institution's secret key', and the payment institution for the remittance completion notification message Write an electronic signature of

In step 344, the remittance completion notification message and the electronic signature are transmitted to the payment instruction agent server 400.

In step 345, when the payment instruction agent server 400 receives the'transmitted in step 328, the payment instruction agent application message', the transaction DB 450 matches the'transaction ID included in the payment instruction agent request message'. Search for the dedicated shared pseudonym ID, search for the'hash value of the payment order agency password' matched with the private shared pseudonym ID in the customer DB 410, and the hash value of the searched payment order agency password. The hash value is calculated and compared with the'second hash value of the password used for the payment instruction agent included in the full text of the payment instruction agent application.'

In step 346, when the payment instruction agent server 400 receives the'remittance completion notification message and electronic signature transmitted in step 344', the electronic signature matched with the remittance completion notification message is matched to the'remittance completion notification message. It is decrypted with'included author identification information', and the hash value and the decrypted digital signature are compared.

If both of the contrasts in step 345 and step 346 are positive, step 347 is operated.

In step 347, the payment instruction agent server 400 matches the transaction data serial number in the transaction data DB 420 to store the'remittance completion notification message and electronic signature received in step 346', and'step 345 ( Alternatively, extract the'transfer completion notification message in which the matching result is positive in step 346' including the transaction ID included in the payment order proxy application message received in step 545) of FIG. 5, and the extracted remittance completion message Extracting the included author identification information, searching the operator identification information matched with the author identification information (public key) in the operator public key DB 430, and requesting the payment instruction agency received in step 345 Contrast with the'payment institution identification information included in the full text'.

In step 348, the payment instruction agency server 400 receives the'transaction ID, recipient financial institution identification information, recipient account number and remittance amount' included in the remittance completion notification message extracted in step 347, respectively, in the'payment instruction received in step 345. The transaction ID, the recipient financial institution identification information and the recipient account number and remittance amount included in the proxy application message are compared.

If both the check in step 347 and the check in step 348 match, steps 349 and below are operated.

In step 349, the payment instruction agency server 400 searches the transaction DB 450 for a dedicated shared pseudonym ID matched with the transaction ID, matches the transaction ID, and stores a predetermined transaction completion code.

In step 350, the payment instruction agency server 400 relays the'remittance completion notification message extracted in step 347' and a predetermined payment institution digital signature verification code to the user terminal 200 matched with the dedicated shared pseudonym ID. .

In step 351, when the user terminal 200 receives the “transfer completion notification message and payment institution electronic signature verification code”, the authentication app 210 outputs the transfer completion notification message to the user terminal 200.

Figure 4 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., an operation in which a user of the present invention directly instructs a payment institution in which his or her payment account is opened is performed. It is a figure explaining an example.

In step 401, the user terminal 200 transmits'information indicating an intention to purchase a specific product at a specific quantity at a specific price' to the affiliated store server 500.

According to an additional aspect of the present invention, step 401 includes: connecting the user terminal 200 to the affiliated store server 500; And inputting'information indicating an intention to purchase a specific product at a specific quantity at a specific price' using an input unit (not shown) of the user terminal 200; Includes.

In step 402, the affiliated store server 500 matches the settlement DB 510 with a predetermined transaction ID and calculates the'a predetermined payment amount calculated using the quantity and price transmitted in step 401', a predetermined deposit schedule, and the'the payment amount. A predetermined deposit amount calculated by using' and predetermined sales details information are stored.

According to an additional aspect of the present invention, step 402 may include determining product identification information, quantity, and unit price using'information transmitted in step 401'; Calculating a payment amount by multiplying the quantity by the unit price; Calculating an expected deposit date by adding a predetermined number of business days to'the date on which step 402 is operated'; Calculating a predetermined fee by substituting the payment amount into a predetermined fee calculation formula; And calculating the deposit amount by deducting the fee from the payment amount. Includes.

According to another additional aspect of the present invention, the sales history information includes at least one of the product identification information, the quantity, the unit price, a predetermined shipping cost, and a'delivery address designated by the user' identified by a predetermined method. do.

In step 403,'information of selecting remittance as a payment means' is transmitted from the user terminal 200 to the affiliated store server 500.

According to an additional aspect of the present invention, step 403 includes: outputting a payment box to the user terminal 200; Selecting the payment box by the user using an input unit (not shown) of the user terminal 200; In the user terminal 200, there is a'box in which information identifying payment using a credit card is output','a box in which information identifying payment using a mobile phone fee is output', and'information identifying payment using remittance. Outputting payment method identification boxes including'output boxes'; And selecting, by a user, a'box in which information identifying the payment using remittance is output' using an input unit (not shown) of the user terminal 200; Includes.

According to another aspect of the present invention, the affiliate store server 500 operating step 403 is an independent server from the affiliate store server 500 operating step 402 and is a server operated by a representative affiliate store. Hereinafter, the affiliated store server 500 will be collectively referred to as including the case of the server operated by the representative affiliated store.

Meanwhile, according to an additional aspect of the other aspect, the payment instruction agency server 400 may also serve as a server operated by the representative affiliate store.

In step 404, the affiliated store server 500 transmits the'transaction ID and payment amount stored in step 402' and the predetermined affiliated store ID and affiliated store name to the user terminal 200.

In step 405, when the user terminal 200 receives the'transmitted in step 404, the transaction ID, the affiliated store ID, the affiliated store name and payment amount', the'transaction ID, the affiliated store name and payment amount' and the master password input fields are output.

In step 406, the user inputs the user's master password in the'output master password input field' using an input unit (not shown) of the user terminal 200.

Steps 217 to 223 in FIG. 2 are operated.

In step 425, in the user terminal 200,'the transaction ID and the merchant ID and payment amount received in step 405','the electronic transaction login ID and payment account number, retrieved in step 217', and'the payment account password calculated in step 223. Prepare a remittance application message including'second hash value of','Converged OTP calculated in step 222' and'information identifying the fact that the user has confirmed the payment' (hereinafter referred to as "payment confirmation code") do.

According to another aspect of the present invention,'step 223-1 of FIG. 2'and step 425-1 below are operated by replacing steps 223 to 425.

In step 425-1, the user terminal 200 receives'transaction ID and affiliated store ID and payment amount received in step 405','e-transaction login ID and payment account number retrieved in step 217' and'encryption in step 223-1. Fill out a full remittance application including'the payment account password','Convergence OTP calculated in step 222' and'information identifying the fact that the user has confirmed the payment' (hereinafter referred to as "payment verification code"). .

Steps 226 to 236 in FIG. 2 are operated.

Step 437 is activated if both of the contrasts in step 232 and step 234 (or step 234-1) and step 236 are positive.

In step 437, the payment server 300 matches a predetermined transaction data serial number in the transaction data DB 320 to store the'remittance request message and electronic signature received in step 229', and'included in the remittance request message. The'payment amount included in the remittance application message' is withdrawn from the account corresponding to the'preferred payment account number', and a predetermined fee is calculated by substituting the payment amount into a predetermined formula, and'at step 229' Search for'payment institution identification information and settlement account number' matching the merchant ID included in the received remittance application message, and deduct the fee from the payment amount to the payment institution corresponding to the payment institution identification information. Deposit to the opened settlement account number, but perform the necessary operation to'record the transaction ID as a brief'.

In an embodiment in which the other aspect in step 403 is applied, the'settlement account number and payment institution identification information' are'settlement account number in the name of the representative affiliated store cited in the other aspect of step 403' and'the above. The settlement account number in the name of the representative affiliated store becomes'identification information of the opened payment institution'.

Steps 238 to 241 in FIG. 2 are operated.

In step 452, the payment server 300 sends the merchant server 500 corresponding to the merchant ID included in the remittance request message received in step 229, and the transaction ID included in the remittance request message and the above in step 437. A predetermined remittance including'the amount of payment deducted from the account corresponding to the payment account number' and'the amount of deposit that is the target of the operation required for depositing to the settlement account number searched for as the settlement account number matching the affiliated store ID in step 437' Send the completion notice message.

If another aspect in step 403 is applied, the affiliated store server 500 cited in step 452 is a server operated by a representative affiliated store.

In step 453, when the affiliated store server 500 matching the affiliated store ID receives the'remittance completion notification message sent in step 452', the settlement DB 510 matches'transaction ID included in the transfer completion notification message'. And store payment completion identification information.

In step 454, the payment institution identification information from the payment server (not shown) of the payment institution in which the merchant's settlement account was opened, the merchant server 500, and'identification information of the settlement account opened by the merchant' and the operation of step 437. As a result, the deposit date and time identification information and the deposit amount and summary recorded in the deposit and withdrawal transaction ledger (not shown) of the settlement account are transmitted.

According to an additional aspect of the present invention, step 454 matches the affiliate store ID to the my data server 600 in the payment server (not shown) of the payment institution in which the merchant's settlement account is opened, and the'payment institution identification information and settlement Transmitting'account identification information, deposit date and time identification information, deposit amount and summary'; And transmitting the'payment agency identification information, settlement account number, deposit date and time identification information, deposit amount and summary' from the my data server 600 to the affiliate store server 500 matching the affiliate store ID.

In step 455, when the affiliated store server 500 receives the'payment institution identification information, settlement account identification information, deposit date and time identification information, deposit amount and summary' transmitted in step 454, the settlement DB 510 displays the'transaction ID field'. A record in which information including all or part of the brief is stored is extracted, and the'deposit date field value and the deposit amount field value' of the record are compared with the received'deposit date and time identification information and deposit amount', respectively.

5 is a preferred embodiment of a simple and safe payment instruction processing method using a master password of the present invention, etc., explaining an embodiment of an operation of processing a payment requested by a user of the present invention to a payment instruction agency used by the user of the present invention It is a drawing.

Steps 401 to 217 in FIG. 4 are operated.

Step 318 in FIG. 3 is operated.

Step 219 in FIG. 2 is operated.

Step 320 in FIG. 3 is operated.

Steps 221 to 223 in FIG. 2 are operated.

Step 324 in FIG. 3 is operated.

In step 525, the user terminal 200 receives the transaction ID and the merchant ID and the payment amount received in step 405, the electronic transaction login ID and payment account number retrieved in step 217, and the payment account password calculated in step 223. Fill out the remittance application message including the'second hash value of' and'fusion OTP calculated in step 222' and a predetermined payment confirmation code, and the'transaction ID and merchant ID and payment amount' and'the payment searched in step 217' Fill out the full text of the request for payment request including the name of the institution and the exclusive shared pseudonym ID' and the'second hash value of the password to use the payment instruction agent calculated in step 324'.

According to another aspect of the present invention,'step 223-1 in FIG. 2'and step 525-1 below are operated by replacing steps 223 to 525.

In step 525-1, in the user terminal 200,'transaction ID, merchant ID and payment amount received in step 405','electronic transaction login ID and payment account number, retrieved in step 217' and'encryption in step 223-1. Write a remittance application message including'the payment account password','fusion OTP calculated in step 222' and a predetermined payment confirmation code, and the'transaction ID and merchant ID and payment amount' and'the payment institution name retrieved in step 217. And the exclusive shared pseudonym ID' and the'second hash value of the payment instruction agency password calculated in step 324'.

Steps 226 to 227 in FIG. 2 are operated.

In step 528, the user terminal 200 sends'the payment order agency application message written in step 525 (or step 525-1) to the payment command agency server 400 that matches the'payment command agency identification information retrieved in step 318'. send.

Steps 229 to 236 in FIG. 2 are operated.

Step 437 of FIG. 4 is operated if both of the contrasts in step 232 and step 234 (or step 234-1) and step 236 are positive.

Steps 238 to 241 in FIG. 2 are operated.

In step 542, the payment server 300 included in the remittance request message received in step 229, as the'public key of the payment institution, as author identification information,' after the'step 240 in FIG. 2', Payment order agency identification information, transaction ID, merchant ID and payment amount','payment institution identification information and settlement account number, searched by matching the merchant ID in step 437', and'deposit amount deposited to the settlement account number in step 437 Prepare a prescribed message of the completion of remittance including'.

Steps 343 to 344 of FIG. 3 are operated.

In step 545, when the payment order proxy server 400 receives the'payment order proxy application message transmitted in step 528', the customer DB 410 matches the'dedicated shared pseudonym ID included in the payment order proxy application message' Search the'hash value of the payment order agency password', and calculate the hash value of the'hash value of the payment order agency password searched above' to calculate the'payment order agency password included in the payment order agency application Contrast with'second hash value'.

Step 346 of Fig. 3 is operated.

If both of the contrasts in steps 545 and 346 are positive, step 347 in FIG. 3 is operated.

In step 548, the payment instruction agent server 400 includes'transaction ID, affiliated store ID and payment amount' included in the remittance completion notification message extracted in step 347, respectively, in the payment instruction agent application message received in step 545, The transaction ID, merchant ID, and payment amount are matched.

When both the check of step 347 and the check of step 548 match, steps 349 to 351 of FIG. 3 are operated.

Steps 452 to 455 in FIG. 4 are operated.

According to an additional aspect of the present invention, before step 201 in FIG. 2 or step 401 in FIG. 4, the authentication app 210 is installed in the user terminal 200; Randomly calculating a disposable seed, a private key, and a public key in the authentication app 210; Outputting a destination ID input field, a usage input field, a user ID input field, a password input field, and a master password input field on an output unit (not shown) of the user terminal 200; The user uses the input unit (not shown) of the user terminal 200 to enter the'payment institution identification information and'login', and the electronic transaction login ID registered by the user with the payment institution, and the electronic transaction login password and master password. Inputting 'respectively; Encrypting'the input electronic transaction login password' and'the calculated secret key' with the input master password, respectively; Encrypting the calculated disposable seed with the calculated public key; In the secret information DB 211 configured in the authentication app 210, the public key and the encrypted secret key are stored in the user ID field and the password field of the record stored in the “use field” step; In the'use ID field, usage field, user ID field, password field, and disposable seed field' of a specific record of the secret information DB 211 configured in the authentication app 210,'the input payment institution identification information' and the ' Storing “login” and “the entered electronic transaction login ID”, “the encrypted electronic transaction login password” and “the encrypted one-time seed”; Outputting an exit box and an additional registration box to an output unit of the user terminal 200; Selecting an additional registration box by a user using an input unit (not shown) of the user terminal 200; Outputting a destination ID input field, a usage input field, a user ID input field, a password input field, and a master password input field on an output unit (not shown) of the user terminal 200; The user uses the input unit (not shown) of the user terminal 200 to enter the'payment institution identification information and'payment', the user's payment account number opened at the payment institution, and the payment account password and master password. Inputting 'respectively; Encrypting'the input payment account password' with the input master password; In the'use ID field, usage field, user ID field, and password field' of the specific record of the secret information DB 211,'the input payment institution identification information', the'payment' and'the entered payment account number, respectively. Storing'and'the encrypted payment account password'; A step in which the user terminal 200 accesses the service application site of the payment instruction agent server 400 and outputs a predetermined service application screen on the output unit (not shown) of the user terminal 200; Inputting'identification information of the payment institution in which his or her payment account is opened' in the'payment institution identification information input field included in the service application screen' by using the input unit of the user terminal 200; The payment instruction agency server 400 redirects the connected user terminal 200 to the'payment server 300 matching the payment institution identification information' and transmits the agency identification information at the time of payment to the payment server 300 Step to do; The user terminal 200 is redirected to the payment server 300 and the payment server 300 transmits the payment institution identification information and the information on a predetermined payment order agency registration screen to the user terminal 200; Receiving, by the user terminal 200, the information and outputting a master password input field to an output unit (not shown); Inputting a master password by a user using an input unit of the user terminal 200; In the secret information DB 211, the records in which the'received payment institution identification information' and'login' are stored respectively in the'use ID field and usage field' are extracted, and the'user ID field value and password field value and one-time use Retrieving the seed field value' as'e-transaction login ID for payment institution, encrypted electronic transaction log-in password for payment institution, and encrypted disposable seed', respectively; Retrieving the password field value of the record stored in the “digital signature” in the use field in the secret information DB 211 as a “encrypted secret key”; Decrypting the'encrypted electronic transaction login password for payment institution and the encrypted secret key' using the input password, respectively; Decrypting the'encrypted disposable seed' with the decrypted secret key; Encrypting'the decrypted electronic transaction login password for payment institution' using the decrypted one-time seed and timestamp as an encryption key to calculate a fusion OTP; Transmitting'the searched electronic transaction login ID for payment institution' and'the calculated fusion OTP' to the payment server 300; The hash value and disposable seed of the'electronic transaction login password' matched with the electronic transaction login ID for the payment institution in the customer DB 310 after receiving the transmitted'electronic transaction login ID and fusion OTP' from the payment server 300 Searching for'; Calculating an electronic transaction login password by decrypting the received fusion OTP by using the'searched disposable seed' and the timestamp with a decryption key; Calculating a hash value of'the calculated electronic transaction login password for payment institutions'; Comparing the calculated hash value with the searched hash value of the electronic transaction login password; If the matching result is matched, a predetermined exclusive shared pseudonym ID is assigned and stored in the'dedicated shared pseudonym ID field matched with the electronic transaction login ID in the customer DB 310', Returning the dedicated shared pseudonym ID to the user terminal 200; Upon receiving the dedicated shared pseudonym ID from the user terminal 200, randomly generating a predetermined payment instruction agency password'; Encrypting the payment instruction agency password using the input master password; In the'use ID field, usage field, user ID field, and password field' of a specific record of the secret information DB 211,'the payment order agency identification information' and the exclusive shared alias ID and'the encrypted payment order agency use Storing'password'; Transmitting the dedicated shared pseudonym ID and the payment instruction agent use password from the user terminal 200 to the payment instruction agent server 400; And upon receiving the transmitted information from the payment order agency server 400, calculate the hash value of the payment order agency use password, and match the dedicated shared alias ID in the customer DB 410 to use the'payment order agency Storing the password hash value and creating a new record; Is operated.

6 is a diagram illustrating an operation of distributing and storing a message required to prevent non-repudiation received by each subject in a blockchain network in a preferred embodiment of a method for processing a simple and safe payment instruction using a master password of the present invention. .

In step 601, according to a predetermined block generation cycle, the'transaction data serial number and electronic message' in which the predetermined block verification completion identification information is not matched in the transaction data DB 320 in the payment server 300 are matched. The signature' is matched and extracted, the root hash value of the extracted'remittance application messages and electronic signatures' is calculated, and a block header corresponding to the immediately previous block generation cycle is extracted from the block header DB 340, A predetermined block header including a hash value of the extracted block header and the calculated root hash value is created, and the created block header is stored by matching a predetermined block header serial number in the block header DB 340. .

In step 602, according to the block generation cycle, the'transaction data serial number' in which the remittance completion notification messages for which the predetermined block verification completion identification information is not matched in the transaction data DB 420 in the payment instruction agent server 400 are matched. And the'electronic signature' is matched and extracted, the root hash value of the extracted'remittance completion notification messages and electronic signatures' is calculated, and a block header corresponding to the immediately previous block generation cycle in the block header DB 440 is A predetermined block header including the hash value of the extracted block header and the calculated root hash value is created, and the created block header by matching a predetermined block header serial number in the block header DB 440 Is saved

In step 603, the payment server 300 and the payment instruction agent server 400 each share the block headers they have created in'Steps 601 and 602' to the blockchain network in a predetermined manner.

According to an additional aspect of the present invention, step 603 includes: calculating, by the payment server 300, a hash value of the'block header created in step 601'; Generating, by the payment server 300, the hash value with the secret key of the payment institution to create an electronic signature of the payment institution for the'block header created in step 601'; The payment server 300 matches the payment institution identification information and stores the block header in'block header created in step 601' and'block header DB 340 in step 601' and the matched block header serial number' and the digital signature And transmitting the public key of the payment institution to the authentication server 100; Calculating a hash value of the'block header created in step 602' by the payment instruction agency server 400; Generating, by the payment instruction agent server 400, an electronic signature of the payment instruction agent for the'block header created in step 602' by encrypting the hash value with the secret key of the payment instruction agent; And'the block header created in step 602' and'the block header in the block header DB 440 in step 602 is stored and matched block header serial number' by matching the payment order agent identification information And transmitting the digital signature and the public key of the payment requesting agency to the authentication server 100; Includes.

In step 604, one of the nodes constituting the blockchain network calculates a root hash value of information including'the block header written in step 601 and the block header written in step 602', and'at the previous public block generation cycle. A predetermined public block header including'the hash value of the generated public block header' and the root hash value is created.

According to an additional aspect in an embodiment to which the additional aspect in step 603 is applied, in step 604, a block header matched with each block header creator identification information transmitted in step 603 by the authentication server 100 And receiving an electronic signature, a public key, and a block header serial number'; The authentication server 100 searches for the public key matched with the'each block header creator identification information as the business identification information' in the business public key DB 130, and matches the searched public key with the'block header creator identification information' Matching the received public key'; If the matching result is matched, decrypting the'digital signature received by matching the public key' with the matched public key; Calculating a hash value of the'block header received by matching the public key'; Comparing the decrypted digital signature with the calculated hash value; Extracting'a block header corresponding to a previous block generation period from among block headers matched with the received block header creator identification information' from the block header DB 140 when the matching result is matched; Comparing'the hash value of the extracted block header' with'the hash value of the immediately preceding block header included in the received block header'; Matching the block header DB 140 with the block generation period identification information when the matching result is matched, and storing the'block header creator identification information, block header serial number, block header, electronic signature, and public key'; Calculating a root hash value of'block headers, electronic signatures and public keys' stored by matching the block generation period identification information in the block header DB 140 after being received and verified by the authentication server 100; Extracting the public block header of the previous period from the public distributed ledger 150 by the authentication server 100, and creating a predetermined public block header including the hash value and the root hash value of the public block header; Creating a predetermined public block including the created public block header and'block headers and electronic signatures included in calculating the root hash value'; Includes.

In step 605, the'node that created the public block header in step 604' transmits the public block header to the'own peer nodes participating in the public blockchain network' as'public block headers corresponding to the block generation cycle'. .

According to an additional aspect in an embodiment in which the additional aspect in step 604 is applied, in step 605, the authentication server 100 writes a'public block created as in the additional aspect in step 604'. Transmitting to'own peer nodes participating in the blockchain network'; Verifying the received public block by the peer nodes and transmitting each of the peer nodes as a public block corresponding to a corresponding block generation period; Includes.

Peer nodes that have received the'public block header transmitted in step 605' in step 606 each verify the public block header and then write'public block header corresponding to the block generation cycle' in their public distributed ledger (not shown). It stores the'received public block header' as'the received public block header', and transmits the received public block header to its own peer nodes as'public block headers corresponding to the corresponding block generation period'.

According to an additional aspect in an embodiment in which the additional aspect in step 605 is applied, in step 606, peer nodes that have received the'public block transmitted in step 605' each verify the received public block. And then storing each of them in their own public distributed ledger (not shown), and transmitting the public block to their peer nodes as a'verified public block corresponding to the block generation cycle'; Includes.

If the'public block header created in step 604' is verified in the public blockchain network in step 607,'each block header created in steps 601 and 602' used to calculate the'root hash value included in the public block header' The root hash value included in the block header created by the user in'Step 601 (or Step 602)' in each transaction data DB (320, 420) in the'Payment Server 300 and the Payment Order Agency Server 400' 'The predetermined block verification completion identification information is stored by matching the'each remittance request message and remittance completion notice message' used in the calculation.

According to an additional aspect in an embodiment in which the additional aspect in step 604 is applied, step 607 is a schedule following the'public block transmitted to its peer nodes in step 605 by the authentication server 100'. Determining whether public blocks corresponding to the number (eg, 5) of subsequent block generation cycles form a chain; If the determination is positive, the block header DB 140 from the authentication server 100 indicates'block headers included in calculating the root hash value included in the public block transmitted to its peer nodes in step 605'. Matching and storing predetermined block verification completion identification information, and extracting'block header author identification information and block header serial number' matched to the block headers from the block header DB 140; Each server corresponding to the extracted block header creator identification information (i.e., payment server 300 and payment instruction agent server 400) is used to match'block header serial number extracted by matching with the block header creator identification information' and a predetermined value. Transmitting the block verification completion identification information; When the payment server 300 and the payment instruction agent server 400 each receive the transmitted'block header serial number and block verification completion identification information', the received block header from their own block header DBs (340, 440) Storing block verification completion identification information by matching the serial number; Retrieving a list of transaction data serial numbers matched with the block header serial number in the block header DBs 340 and 440; Storing predetermined block verification completion identification information by matching'transaction data serial number included in the list' in each of the transaction data DBs 320 and 420; Includes.

100: authentication server
130: Business public key DB
140: block header DB
150: Director of the Public Distribution Center
200: user terminal
210: authentication app
211: confidential information DB
212: Friend DB
213: Business Public Key DB
300: payment server
310: Customer DB
320: transaction data DB
330: Account DB
340: block header DB
350: Affiliate DB
400: Payment order agency server
410: customer DB
420: transaction data DB
430: Business public key DB
440: block header DB
450: Transaction DB
500: affiliated store server
510: Sales DB
600: my data server

Claims (2)

In a predetermined user terminal that can communicate with a predetermined payment server using a predetermined communication network,
Inputting the master password of the'user who is the owner of the user terminal';
Retrieving'encrypted disposable seed, payment account number and encrypted secret key' from a predetermined DB;
Decrypting the'encrypted secret key' with the input master password;
Decrypting the'encrypted disposable seed' with the decrypted secret key;
Calculating a predetermined OTP using the decrypted disposable seed;
Transmitting information including the'payment account number and OTP' from a user terminal to a payment server, characterized in that the payment account number is opened;
Receiving a one-time seed encrypted with a'public key characterized by matching the secret key' from the payment server; And
Updating the'encrypted disposable seed' stored in the DB with the received'encrypted disposable seed'; Simple and safe payment instruction processing method using a master password, etc., comprising a
In a predetermined payment server that can communicate with one or more user terminals using a predetermined communication network,
Receiving a'remittance application message including a predetermined payment account number' attached with a predetermined electronic signature;
Searching for a public key that can match the payment account number from a predetermined DB;
Calculating a hash value of the remittance application message;
Decrypting the electronic signature with the public key;
Comparing the decrypted electronic signature with the'hash value of the remittance request message';
Calculating a root hash value of information including at least one remittance request message including the remittance request message in a predetermined block generation cycle;
Creating a predetermined block header including a hash value of a block header corresponding to the block generation period immediately before the block generation period and the root hash value; And
Sharing the created block header to a blockchain network in a predetermined method; Simple and safe payment instruction processing method using a master password, etc., comprising a

Images