KR20210112264A - Method for paying with contactless payment card based on decentralized identifier of blockchain network, and mobile device using them - Google Patents

Abstract

The present invention relates to a contactless card payment method based on the decentralized identifier (DID) of a blockchain network. The contactless card payment method includes the steps of: transmitting card information request information to a user mobile terminal; and approving payment by using decryption card information obtained from a decryption card information VC. An object of the present invention is to perform user authentication for use of a contactless card.

Description

Decentralized ID-based contactless card payment method of blockchain network and mobile terminal using the same

The present invention relates to a contactless payment method based on a decentralized ID of a blockchain network and a mobile terminal using the same.

Payment refers to the act of clearing the bond/debt relationship between the parties to the transaction, which occurs according to various economic activities such as real and financial transactions, through the transfer of monetary value. It is a service that provides the movement of money and money.

Currently, credit or debit cards are widely used as a means of payment and settlement.

These credit or debit cards support the magnetic stripe reader (MSR) method and the EMV protocol method IC card, and the card reader receives the card information built into the card by physical contact with the card and receives the VAN ( Value Added Network) through the network to the credit card company, payment is made.

Meanwhile, in recent years, a contactless card capable of performing payment and settlement without physical contact with a card reader has been used, and payment and settlement can be made simply by tagging with a card reader by wireless (NFC).

However, such a contactless card has a disadvantage in that payment is made only by using a card reader certified by a van or a card company.

In addition, the contactless card has a disadvantage in that illegal use cannot be checked because payment and settlement are made only by tagging.

In addition, there is a risk that card information is exposed in the payment and settlement process by the contactless card.

An object of the present invention is to solve all of the above problems.

Another object of the present invention is to enable user authentication for use of a contactless card.

Another object of the present invention is to prevent illegal use of a contactless card.

In addition, another object of the present invention is to authenticate the use of a contactless card using the decentralized ID of the blockchain network.

A representative configuration of the present invention for achieving the above object is as follows.

According to an embodiment of the present invention, in a contactless card payment method based on a decentralized identifier (DID) of a blockchain network, (a) when payment information is obtained from a service server that provides a service to a user, When the user mobile terminal requests the user to tag the user contactless card for payment and settlement, and the user contactless card is tagged, card identification information of the user contactless card and the encryption card through wireless communication with the user contactless card information is obtained, and the card identification information and the user DID are transmitted to a value added network (VAN) server to cause the payment proxy server to generate a signature verification value, and to provide card information request information including the signature verification value transmitting to the user mobile terminal; and (b) the user mobile terminal generates an encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, the user DID, the encryption card information VC, and transmits the user signature value, which signed the encryption card information VC with the user private key, to the payment proxy server, thereby causing the payment proxy server to (i) obtain the user public key from the blockchain network using the user DID, or resolver obtain the user public key from the blockchain network using the user DID through a server, and verify the user signature value and the encryption card information VC using the user public key, (ii) the encryption Decryption card information is obtained using the encryption card information obtained from card information VC, and decryption card information VC is generated using the decryption card information, payment proxy server DID, the decryption card information VC, and the decryption Send the payment proxy server signature value signed by the card information VC with the payment proxy server private key to the card company server, so that the card company server acquires the payment agency server public key from the block chain network using the payment agency server DID, or Have a resolver server obtain the payment proxy server public key from the block chain network using the payment proxy server DID, and use the payment proxy server public key to obtain the payment proxy server signature value and the decryption card information VC verifying and using the decryption card information obtained from the decryption card information VC to approve the payment; A method comprising:

In the above, before step (a), (a01) in a state in which the user DID and the user public key are registered in the blockchain network, the user mobile terminal sends the user VC and the user DID to the card company server transmits user DID registration request information including obtaining the user public key, verifying the user VC using the user public key, and registering the user DID in response to the verification of the user VC; (a02) the user mobile terminal obtains the card identification information and the encryption card information from the user contactless card, and obtains the user DID, a card registration VC generated using the card identification information, and the card registration VC The card registration request information including the user signature value signed by the user private key is transmitted to the card company server so that the card company server verifies the card registration VC using the user public key, and the card company server DID, signature verification transmitting, to the user mobile terminal, a card information request VC including a value and the card identification information, and a card company server signature value signed by the card company server private key with the card information request VC; and (a03) after verification of the card company server signature value, the user mobile terminal generates card information VC using the card identification information, the signature verification value, and the encryption card information, the user DID, and the card information VC, and a user signature value signed by the user private key of the card information VC is transmitted to the card company server so that the card company server verifies the card information VC using the user public key, and then provides the card identification information matching and storing the user DID; There is provided a method further comprising a.

In the above step (a03), the user mobile terminal obtains the card company server public key from the block chain network using the card company server DID or uses the card company server DID through the resolver server to obtain the block chain A method for obtaining the card company server public key from a network and verifying the card company server signature value using the card company server public key is provided.

In the above, (c) when the user mobile terminal obtains approval information of the card company server from the payment proxy server, it transmits the approval information to the service server so that the service server completes the payment for the payment to do; There is provided a method further comprising a.

In the above, the encryption card information includes first block data of encrypted card number and second block data of encrypted card validity period, and in step (a), the user mobile terminal is installed in the mobile terminal. The first block data is obtained from the user contactless card by using a purchase secure application module (PSAM) or a first authentication key obtained from the PSAM installed in the payment proxy server, and the PSAM or the payment proxy installed in the mobile terminal The second block data is obtained from the user contactless card using a second authentication key obtained from the PSAM installed in the server, and in the step (b), the user mobile terminal causes the payment proxy server to make the payment. A method of decoding the first block data and the second block data by using a system services provider SAM (SSAM) installed in a proxy server is provided.

In the above step (b), the user mobile terminal causes the payment proxy server to decrypt the decryption information and the decryption information obtained by the card company server using the payment proxy server public key to decrypt the payment proxy server signature value. There is provided a method of verifying the payment proxy server signature value and the decryption card information VC by comparing the card information VC.

In the above, in step (b), the decryption card information VC further includes the user signature value, and the user mobile terminal causes the payment proxy server to cause the card server to be included in the decryption card information VC. Obtain the user public key from the block chain network using the user DID or have the resolver server obtain the user public key from the block chain network using the user DID, using the user public key A method for verifying the user signature value is provided.

In the above, the user mobile terminal causes the payment proxy server to compare the information obtained by the card company server using the user public key to decrypt the user signature value with the information obtained by encrypting the decryption card information to sign the user A method is provided to allow validation of a value.

According to another embodiment of the present invention, in a contactless card payment and settlement method based on a decentralized identifier (DID) of a blockchain network, (a) a payment agent corresponding to a service server providing a service to a user The payer mobile terminal requests payment information for the service provided to the user from the service server, and when the payment information is obtained from the service server, provides the payment information to the user and provides payment to the user request tagging of a user contactless card for a user contactless card, and when the user contactless card is tagged, obtain card identification information and encryption card information of the user contactless card through wireless communication with the user contactless card, and pay with the card identification information Transmitting the user DID to a value added network (VAN) server so that the payment proxy server generates a signature verification value and transmits card information request information including the signature verification value to the payer mobile terminal ; and (b) the payer mobile terminal generates cryptographic card information VC (verifiable credential) using the signature verification value, the card identification information, and the cryptographic card information, the payer DID and the cryptographic card information By transmitting the VC and the signature value of the payer, which signed the encryption card information VC with the payer's private key, to the payment agency server, the payment agency server (i) uses the payer DID to make the payment public from the blockchain network Obtain a key or obtain the payer public key from the blockchain network using the payer DID through a resolver server, and use the payer public key to obtain the payer signature value and the encryption card information VC (ii) to obtain decryption card information using the encryption card information obtained from the encryption card information VC, to generate decryption card information VC using the decryption card information, and to create a payment proxy server DID , the decryption card information VC and the decryption card information VC are signed with the payment proxy server private key to transmit the payment proxy server signature value to the card company server, so that the card company server uses the payment proxy server DID to the block chain network Acquire the public key of the payment proxy server from the payment proxy server, or have the resolver server acquire the payment proxy server public key from the block chain network using the payment proxy server DID, and use the payment proxy server public key to make the payment proxy verifying a server signature value and the decryption card information VC, and allowing the payment and settlement to be approved using the decryption card information obtained from the decryption card information VC; A method comprising:

In the above step (b), the decryption card information VC further includes the payer signature value, and the user mobile terminal causes the payment proxy server to include the card server in the decryption card information VC Obtain the payer public key from the block chain network using the payer DID, or have the resolver server obtain the payer public key from the block chain network using the payer DID, There is provided a method for verifying the payer signature value using a child public key.

According to another embodiment of the present invention, in a user mobile terminal that performs contactless card payment and settlement based on a decentralized identifier (DID) of a blockchain network, a contactless card based on a decentralized ID of a blockchain network a memory in which instructions for performing payment are stored; and a processor for performing contactless card payment and settlement based on a decentralized ID of a blockchain network according to the instructions stored in the memory. Including, the processor, (I) when payment information is obtained from a service server that provides a service to a user, requests the user to tag a user contactless card for payment and settlement, and when the user contactless card is tagged, Obtains card identification information and encryption card information of the user contactless card through wireless communication with the user contactless card, and transmits the card identification information and user DID to a value added network (VAN) server to make the payment proxy a process for causing a server to generate a signature verification value and transmit card information request information including the signature verification value to the user mobile terminal, and (II) the signature verification value, the card identification information, and the encryption card information generates encryption card information VC (verifiable credential) using Have the proxy server (i) obtain the user public key from the block chain network using the user DID, or obtain the user public key from the block chain network using the user DID through a resolver server, and the user verify the user signature value and the encryption card information VC using a public key, (ii) obtain decryption card information using the encryption card information obtained from the encryption card information VC, and obtain the decryption card information The decryption card information VC is generated using The card company server obtains the payment proxy server public key from the block chain network using the payment proxy server DID or the resolver Have the server obtain the payment proxy server public key from the block chain network using the payment proxy server DID, and verify the payment proxy server signature value and the decryption card information VC using the payment proxy server public key and using the decryption card information obtained from the decryption card information VC to perform a process to approve the payment and settlement is provided.

In the above, before the (I) process, (I-1) the user DID and the user public key are registered in the blockchain network, and the user VC and the user DID are transmits user DID registration request information including a process of obtaining the user public key, verifying the user VC using the user public key, and registering the user DID in response to the verification of the user VC; (I-2) the user contactless card A card that obtains the card identification information and the encryption card information from the user DID, a card registration VC generated using the card identification information, and a user signature value in which the card registration VC is signed with the user private key Sending registration request information to the card company server so that the card company server verifies the card registration VC using the user public key, and a card information request VC including a card company server DID, a signature verification value and the card identification information; and a process of transmitting a card company server signature value, which signed the card information request VC with a card company server private key, to the user mobile terminal, and (I-3) after verifying the card company server signature value, the card identification information and the signature verification The card company generates card information VC using a value and the encryption card information, and transmits a user signature value signed by the user DID, the card information VC, and the card information VC with the user private key to the card company server. a process of causing the server to verify the card information VC using the user public key and then store the card identification information by matching it with the user DID. A user mobile terminal to perform further is provided.

In the above, in the process (I-3), the processor obtains the card company server public key from the block chain network using the card company server DID or uses the card company server DID through the resolver server to obtain the block chain A user mobile terminal that obtains the card company server public key from a network and verifies the card company server signature value using the card company server public key is provided.

In the above, the processor, (III) when the approval information of the card company server is obtained from the payment proxy server, transmits the approval information to the service server so that the service server completes the payment for the payment A user mobile terminal that further performs the process is provided.

In the above, the encryption card information includes first block data of encrypted card number and second block data of encrypted card validity period, and the processor, in the process (I), the PSAM installed in the mobile terminal ( purchase secure application module) or the first authentication key obtained from the PSAM installed in the payment proxy server to obtain the first block data from the user contactless card, and to the PSAM or the payment proxy server installed in the mobile terminal The second block data is obtained from the user contactless card by using the second authentication key obtained from the installed PSAM, and in the process (II), the payment proxy server causes the payment agency server to install SSAM (system services) installed in the payment agency server. A user mobile terminal for decoding the first block data and the second block data using a provider SAM) is provided.

In the above, the processor, in the process (II), causes the payment proxy server to decrypt information and the decryption card information obtained by the card company server using the payment proxy server public key to decode the payment proxy server signature value. There is provided a user mobile terminal that compares VCs to verify the payment proxy server signature value and the decryption card information VC.

In the above, the decryption card information VC further includes the user signature value, and in the process (II), the processor causes the payment proxy server to cause the card server to include the user included in the decryption card information VC. Obtain the user public key from the block chain network using DID or have the resolver server obtain the user public key from the block chain network using the user DID, and use the user public key to obtain the user public key A user mobile terminal for verifying a signature value is provided.

In the above, the processor allows the payment proxy server to compare the information obtained by the card company server using the user public key to decrypt the user signature value with the information obtained by encrypting the decryption card information to obtain the user signature value. A user mobile terminal for verification is provided.

According to another embodiment of the present invention, in a payer mobile terminal that performs contactless card payment and settlement based on a decentralized identifier (DID) of a blockchain network, a contactless method based on a decentralized ID of a blockchain network a memory in which instructions for performing card payment are stored; and a processor for performing contactless card payment and settlement based on a decentralized ID of a blockchain network according to the instructions stored in the memory. including, wherein the processor (I) requests payment information for the service provided to the user from the service server, and when the payment information is obtained from the service server, provides the payment information to the user, and Requesting a user to tag a user contactless card for payment and settlement, and when the user contactless card is tagged, obtains card identification information and encryption card information of the user contactless card through wireless communication with the user contactless card, the The card identification information and the payer DID are transmitted to a value added network (VAN) server to cause the payment proxy server to generate a signature verification value and send card information request information including the signature verification value to the payer mobile terminal and (II) generating an encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, and the payer DID and the encryption card information VC , and transmits the payer signature value, which signed the encryption card information VC with the payer private key, to the payment proxy server, thereby causing the payment proxy server to (i) use the payer DID to obtain the payer public key from the blockchain network. or to obtain the payer public key from the block chain network using the payer DID through a resolver server, and the payer signature value and the encryption card information VC using the payer public key (ii) to obtain decryption card information using the encryption card information obtained from the encryption card information VC, and to generate decryption card information VC using the decryption card information, a payment proxy server DID, The decryption card information VC and the decryption card information VC are signed with the payment proxy server private key to transmit the signature value of the payment proxy server to the card company server, so that the card company server determines the resolution. Acquire the payment proxy server public key from the block chain network using the proxy server DID or cause the resolver server to obtain the payment proxy server public key from the block chain network using the payment proxy server DID, Using the payment proxy server public key to verify the payment proxy server signature value and the decryption card information VC, and to approve the payment by using the decryption card information obtained from the decryption card information VC A payer mobile terminal is provided.

In the above, the decryption card information VC further includes the payer signature value, and in the process (II), the processor causes the payment proxy server to cause the card server to include the decryption card information VC in the decryption card information VC. Obtain the payer public key from the block chain network using the payer DID or have the resolver server obtain the payer public key from the block chain network using the payer DID, and the payer public key A payer mobile terminal for verifying the payer signature value using a key is provided.

In addition to this, a computer-readable recording medium for recording a computer program for executing the method of the present invention is further provided.

According to the present invention, the following effects are obtained.

The present invention makes it possible to perform user authentication for use of a contactless card.

The present invention makes it possible to prevent illegal use of the contactless card.

The present invention makes it possible to authenticate the use of a contactless card using the decentralized ID of the blockchain network.

The present invention makes it possible to prevent card information from being transmitted in the payment and settlement process by a contactless card by using the decentralized ID of the blockchain network.

1 schematically shows a system for performing a contactless card payment based on a decentralized ID of a blockchain network according to an embodiment of the present invention;
2 schematically illustrates a process of registering a contactless card in a contactless card payment and settlement method based on a decentralized ID of a blockchain network according to an embodiment of the present invention;
3 schematically illustrates a contactless card payment and settlement method based on a decentralized ID of a blockchain network according to an embodiment of the present invention;
4 schematically illustrates a contactless card payment and settlement method based on a decentralized ID of a blockchain network according to another embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0010] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0010] DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0023] Reference is made to the accompanying drawings, which show by way of illustration specific embodiments in which the present invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the present invention. It should be understood that the various embodiments of the present invention are different but need not be mutually exclusive. For example, certain shapes, structures, and characteristics described herein with respect to one embodiment may be embodied in other embodiments without departing from the spirit and scope of the invention. In addition, it should be understood that the location or arrangement of individual components within each disclosed embodiment may be changed without departing from the spirit and scope of the present invention. Accordingly, the detailed description set forth below is not intended to be taken in a limiting sense, and the scope of the invention, if properly described, is limited only by the appended claims, along with all scope equivalents to those claimed. Like reference numerals in the drawings refer to the same or similar functions throughout the various aspects.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings in order to enable those of ordinary skill in the art to easily practice the present invention.

1 schematically shows a system for performing a contactless card payment based on a decentralized identifier (DID) of a blockchain network according to an embodiment of the present invention. Referring to FIG. 1, the system is It may include a mobile terminal 100 , a VAN server 200 , a card company server 300 , and a block chain network 400 .

First, the mobile terminal 100 receives contactless card information for payment and settlement of the contactless card through the payment and settlement app, and transmits the received information using DID, mobile computer, PDA/EDA, mobile phone , smartphones, tablets, and the like. In addition, the mobile terminal 100 is not limited thereto, and may include any mobile device such as a portable game machine having a wired/wireless communication function, a digital camera personal navigation device, and the like. In addition, the mobile terminal 100 may include a memory in which instructions for payment of a contactless card are stored based on the DID of the block chain network and a process of performing payment and settlement of the contactless card according to the instructions stored in the memory. In this case, the mobile terminal 100 may be a user mobile terminal corresponding to a user for performing payment and settlement or a payer mobile terminal of a payer corresponding to a service subject providing a service to the user.

Specifically, mobile terminal 100 is typically a computing device (eg, a device that may include computer processes, memory, storage, input and output devices, other components of conventional computing devices; electronic devices such as routers, switches, etc.) A desired system using a combination of communication devices; electronic information storage systems such as network attached storage (NAS) and storage area networks (SANs)) and computer software (ie, instructions that cause the computing device to function in a particular way). performance may be achieved.

The communication unit of such a computing device may transmit/receive a request and a response to/from another computing device that is interlocked. As an example, such a request and a response may be made by the same TCP session, but is not limited thereto, for example, UDP data. It may be transmitted and received as a gram.

In addition, the processor of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. In addition, the computing device may further include an operating system and a software configuration of an application for performing a specific purpose.

Next, the VAN server 200 , that is, the payment proxy server, performs a function related to the approval of the contactless card use using the DID, and the payment related instructions are stored in the memory and the instructions stored in the memory are paid. It may include a process for performing an operation related to payment.

Specifically, the VAN server 200 is typically a computing device (eg, a computer processor, memory, storage, input device and output device, a device that may include other components of a conventional computing device; electronic devices such as routers, switches, etc.) A desired system using a combination of communication devices; electronic information storage systems such as network attached storage (NAS) and storage area networks (SANs)) and computer software (ie, instructions that cause the computing device to function in a particular way). performance may be achieved.

The communication unit of such a computing device may transmit/receive a request and a response to/from another computing device that is interlocked. As an example, such a request and a response may be made by the same TCP session, but is not limited thereto, for example, UDP data. It may be transmitted and received as a gram.

In addition, the processor of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. In addition, it may further include an operating system, a software configuration of an application for performing a specific purpose.

Next, the card company server 300 performs the approval of the contactless card using the DID, and performs the approval operation related to the payment according to the instructions stored in the memory and the instructions related to the approval for payment are stored in the memory. It may include a process to make it happen.

Specifically, the card company server 300 is typically a computing device (eg, a device that may include a computer processor, memory, storage, input device and output device, other components of an existing computing device; electronic devices such as routers, switches, etc.) A desired system using a combination of communication devices; electronic information storage systems such as network attached storage (NAS) and storage area networks (SANs)) and computer software (ie, instructions that cause the computing device to function in a particular way). performance may be achieved.

The communication unit of such a computing device may transmit/receive a request and a response to/from another computing device that is interlocked. As an example, such a request and a response may be made by the same TCP session, but is not limited thereto, for example, UDP data. It may be transmitted and received as a gram.

In addition, the processor of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. In addition, it may further include an operating system, a software configuration of an application for performing a specific purpose.

Next, the block chain network 400 is composed of a plurality of block chain nodes to provide a DID service, and each block chain node stores instructions for providing the DID service. It may include a process for performing an operation for providing a DID service.

Specifically, each blockchain node of a blockchain network is typically a computing device (e.g., a device that may include computer processes, memory, storage, input and output devices, and other components of existing computing devices; routers; electronic communication devices such as switches; electronic information storage systems such as network attached storage (NAS) and storage area networks (SANs)) and computer software (i.e., instructions that cause the computing device to function in a particular way). may be used to achieve the desired system performance.

The communication unit of such a computing device may transmit/receive a request and a response to/from another computing device that is interlocked. As an example, such a request and a response may be made by the same TCP session, but is not limited thereto, for example, UDP data. It may be transmitted and received as a gram.

In addition, the processor of the computing device may include a hardware configuration such as a micro processing unit (MPU) or a central processing unit (CPU), a cache memory, and a data bus. In addition, the computing device may further include an operating system and a software configuration of an application for performing a specific purpose.

A process of registering a user for performing a DID-based contactless card payment and settlement of a blockchain network according to an embodiment of the present invention configured as described above will be described with reference to FIG. 2 .

First, when a user installs a payment and settlement app in the mobile terminal 100, the payment and settlement app performs user authentication (S1). In this case, user authentication may be performed by various methods such as a mobile phone identity confirmation service and an email identity confirmation service, and user information capable of specifying a user may be obtained through user authentication for user information.

Thereafter, the mobile terminal 100 requests (S2) creation of the user DID to the blockchain network 400 through the payment app.

Then, the blockchain network 400 generates a user DID, registers it in the distributed ledger, and transmits the user DID and the user public key associated with the user DID to the mobile terminal 100 (S3).

At this time, the user public key is generated by the blockchain network 400 that provides the DID service and transmitted to the mobile terminal 100, but unlike this, the user private key and the public key are generated in the mobile terminal 100, The user's public key may be registered in the blockchain network 400 by using the user DID. In addition, the mobile terminal 100 may generate various user verifiable credentials (VC) for user authentication by using the user DID and store it in the mobile terminal 100 .

Meanwhile, in the above, the generation of the user DID through the mobile terminal 100 has been described. In addition, the service server that provides a service to the user, the card company server, and the payer mobile terminal corresponding to the service server are performed in the same way. You can create and give each DID. Then, the mobile terminal 100 requests (S4) registration of the user DID to the card company server 300 .

At this time, the mobile terminal 100 generates a user VC (verifiable credential) using user information for user authentication through the payment and settlement app, and sends user DID request information including the user DID and the user VC to the card company server 300 can be sent to In addition, the user DID request information may further include a user signature value in which the user VC is signed with the user private key. In addition, the user VC may include various information related to the user DID in addition to the user DID, the user VC, and the user signature value.

After that, the card company server 300 that has received the user DID registration request obtains the user public key from the blockchain network 400 using the user DID (S5, S6) or uses the user DID through the resolver server to the blockchain network to obtain a user public key from 400 .

Then, the card company server 300 verifies the user VC using the user public key obtained from the block chain network 400 (S7), and when the user VC is verified, the user DID, the user public key, and the user information are stored in the database and transmits the user DID registration result to the mobile terminal 100 (S8).

In this case, the user VC verification may be performed by decrypting the user signature using the user public key and confirming whether the decrypted information matches information included in the user VC.

When the user DID is registered in the card server 300 by the above method, the contactless card is registered by the following method.

That is, the mobile terminal 100 requests physical tagging of the contactless card from the user through the payment and settlement app (S9), and tags the contactless card 10 that the user wants to register to the mobile terminal 100, the mobile terminal ( The payment and settlement app of 100) obtains card information, for example, card identification information and encryption card information, from the contactless card 10 (S10).

For example, when the user tags the contactless card 10 to the mobile terminal 100 in response to a tagging request from the mobile terminal 100 , the contactless card 10 performs wireless communication, for example, near field communication (NFC). The card identification information is transmitted to the mobile terminal 100 through After acquiring from PSAM (purchase secure application module) stored in or PSAM stored in SE (secure element) of the mobile terminal 100, it is transferred to the contactless card 10 in the NFC method and the first block from the contactless card 10 Acquire data. Then, the payment and settlement app of the mobile terminal 100 obtains the second authentication key for reading the second block data among the card information stored in the card from the PSAM of the card company server 300 or the PSAM of the mobile terminal 100, The second block data is obtained from the contactless card 10 by transferring this to the contactless card 10 in the NFC method. In this case, the first block data and the second block data may be information stored by encrypting a card number and an effective period of card information, respectively.

Next, the payment app of the mobile terminal 100 requests card registration to the card company server 300 (S11).

At this time, the mobile terminal 100 transmits card registration request information including the user DID, the card registration VC generated using the card identification information, and the user signature value in which the card registration VC is signed with the user private key to the card company server 300 . can send it to you. Also, unlike generating a user signature value using the card registration VC, the mobile terminal 100 may generate a user signature value by signing the hash value of the card registration VC with the user's private key.

Then, the card company server 300 verifies the card registration VC (S12).

In this case, the card registration VC verification may be performed by decrypting the user signature value using the user public key and confirming whether the decrypted information matches information included in the card registration VC. Also, the card registration VC may be verified by decrypting the user signature value using the user public key and checking whether the decrypted information matches the hash value of the card registration VC.

Meanwhile, the user public key may be confirmed by the card company server 300 using the user DID from the database. In addition, the card company server 300 obtains the user public key from the block chain network 400 using the user DID, or obtains the user public key from the block chain network 400 using the user DID through the resolver server. may be At this time, when the user public key is obtained through the block chain network 400, the process takes longer, but a more secure response can be made, and in particular, it is possible to quickly respond to the destruction of the DID certificate.

Then, the card company server 300 requests card information from the mobile terminal 100 when the card registration VC is verified (S13).

For example, when the card registration VC is verified, the card company server 300 may generate a signature verification value such as a nonce, and store the signature verification value, user DID, and card identification information in a storage device. And, the card company server 300 is the card company server DID, the card information request VC including the signature verification value and card identification information, and the card information request VC or a hash value thereof signed with the card company server private key the card company server signature value to the mobile terminal It can be transmitted to (100).

Then, the mobile terminal 100 receiving the card information request VC from the card company server 300 may verify the card information request VC, that is, the card company server signature value.

In this case, the mobile terminal 100 decrypts the card company server signature value using the card company server public key, and verifies the card information request VC by checking whether the decrypted information matches the card information request VC or a hash value thereof.

Meanwhile, the card company server public key may be obtained from the card company server 300 . In addition, it can be obtained from the block chain network 400 using the card company server DID, or obtained from the block chain network 400 using the card company server DID through a resolver server. In this case, when the card company server public key is obtained through the block chain network 400, the process takes longer, but a more secure response can be made, and in particular, it is possible to quickly respond to the destruction of the DID certificate.

Then, when the card request information VC is verified, the mobile terminal 100 transmits the card information VC to the card company server 300 (S14).

For example, when the card company VC is verified, the mobile terminal 100 may generate the card information VC by using the card identification information, the signature verification value, and the encryption card information. In addition, the mobile terminal 100 may generate the card information VC by using the card identification information, the signature verification value, and the hash value of the encryption card information. In addition, the mobile terminal 100 may transmit a user signature value obtained by signing the user DID, card information VC, and card information VC or a hash value thereof with the user private key to the card company server 300 . At this time, the first block data and the second block data that are encrypted data are hashed to generate a hash value to improve security by not directly transmitting the first block data and the second block data that are encrypted data in the network. It is possible to prevent a replay attack by performing a hash operation with the signature verification value.

Next, the card company server 300 verifies the card information VC transmitted from the mobile terminal 100 (S15).

In this case, the card company server 300 may verify the card information VC by decrypting the user's signature using the user's public key and checking whether the decrypted information matches the card information VC or a hash value thereof. In addition, the card company server 300 generates a comparison hash value by performing a hash operation on the card information stored in response to the signature verification value and the card identification information, and confirms whether the generated comparison hash value matches the hash value included in the card information VC to verify the card information VC.

Thereafter, when the card information VC is verified, the card company server 300 registers the card (S16), and transmits the card registration result to the mobile terminal 100 (S17) to complete the card registration.

In this case, the card registration stores the link information between the user DID and the card identification information in the database so that the user DID and the card can be linked and used.

A method of performing payment and settlement using a contactless card in a state in which the contactless card is registered by this method will be described with reference to FIG. 3 as follows. In the following description, detailed description of parts that can be easily understood from the description with reference to FIG. 2 will be omitted.

The service server 20 transmits payment information for payment for a service or product provided to the user to the user mobile terminal 100 (S21).

In this case, the service server 20 may provide payment information for an order through a method such as a URL scheme or a QR code in a service providing app or a service providing web, and the payment information includes payment application call information, order ID, order It may include information, etc., but is not limited thereto, and may include various information related to the user's service use.

Then, the payment app of the user mobile terminal 100 informs the user of payment information, and requests tagging of the user contactless card 10 for payment and settlement of the payment information.

And, when the user tags the user contactless card 10 to the user mobile terminal 100, the payment application of the mobile terminal 100 is the user contactless card 10 wireless communication, for example, the card information through NFC Request (S22) to obtain card identification information and encryption card information from the user contactless card 10 (S23).

At this time, the user contactless card 10 transmits card identification information to the user mobile terminal 100 through NFC, and the payment and payment app of the user mobile terminal 100 is the first block data of card information stored in the user contactless card. After obtaining the first authentication key for reading from the SE of the VAN server 200 or the user mobile terminal 100, it is transferred to the user contactless card 10 in the NFC method, and the first block from the user contactless card 10 Acquire data. And, after the payment app of the mobile terminal 100 obtains the second authentication key for reading the second block data among the card information stored in the user contactless card from the SE of the VAN server 200 or the mobile terminal 100, The second block data is obtained from the user contactless card 10 by transferring this to the user contactless card 10 in the NFC method. In this case, the first block data and the second block data may be information stored by encrypting the card number and the validity period of the card information, respectively. In this case, the first authentication key and the second authentication key for reading block data of card information may be obtained from a purchase secure application module (PSAM) installed in the user mobile terminal 100 or the VAN server 200 .

Thereafter, the user mobile terminal 100 transmits the payment request information to the VAN server 200 (S24).

In this case, the payment request information may include card identification information of the user contactless card 10 and the user DID.

In addition, the payment request information may include a user VC for user authentication, and the VAN server 200 obtains a user public key from the blockchain network 400 using the user DID, or obtains the user DID through a resolver server. It is used to obtain a user public key from the blockchain network 400, and the user can be authenticated by verifying the user VC using the user public key.

Thereafter, the VAN server 200 may generate a signature verification value and transmit card information request information including the signature verification value to the user mobile terminal 100 ( S25 ). In this case, the signature verification value may include a nonce, a timestamp, and the like, and may be a one-time encryption to prevent duplication of transactions and hacking.

Then, the user mobile terminal 100 generates encryption card information VC (verifiable credential) using the signature verification value, card identification information, and encryption card information, and the user DID, encryption card information VC, and encryption card information VC or A user signature value signed by the hash value of the user private key may be transmitted to the VAN server 200 (S26).

Then, the VAN server 200 obtains the user public key from the block chain network 400 using the user DID (S27, S28), or the user public key from the block chain network 400 using the user DID through the resolver server. The key may be obtained, and the user signature value and encryption card information VC may be verified using the user public key (S29).

In this case, the VAN server 200 may verify the encryption card information VC by checking whether the decryption information obtained by decrypting the user signature value using the user public key and the encryption card information VC or a hash value thereof match.

In addition, the encryption card information VC verification checks whether the decrypted information obtained by decrypting the user signature value using the user public key matches the encrypted card information VC or a hash value thereof, and the decrypted signature verification value is the user mobile It can be performed by checking whether it matches the signature verification value transmitted to the terminal 100 .

Then, the VAN server 200 may obtain decryption card information by using the encryption card information obtained from the encryption card information VC (S30).

In this case, the VAN server 200 may decrypt the first block data and the second block data using a system services provider SAM (SSAM) installed in the VAN server to obtain the card number and validity period, which are decrypted card information.

Thereafter, the VAN server 200 generates the decryption card information VC using the decryption card information, and the VAN server DID, the decryption card information VC, and the decryption card information VC or the hash value thereof are signed with the VAN server private key. By transmitting the signature value to the card company server 300 (S31), it is possible to request approval for payment.

Then, the card company server 300 obtains the VAN server public key from the block chain network 400 using the VAN server DID (S32, S33) or causes the resolver server to use the VAN server DID from the block chain network 400 It is possible to obtain the VAN server public key.

Thereafter, the card company server 300 verifies the VAN server signature value and the decryption card information VC using the VAN server public key (S34), and uses the decryption card information obtained from the decryption card information VC to approve the payment. have.

At this time, the card company server 300 compares the decrypted information obtained by decrypting the VAN server signature value using the VAN server public key with the decrypted card information VC or a hash value thereof to verify the VAN server signature value and the decrypted card information VC. can Then, the card company server 300 may verify the decryption card information by checking whether the decryption card information matches information registered in the database.

Meanwhile, the decryption card information VC may further include a user signature value.

At this time, the card server 300 obtains the user public key from the block chain network 400 using the user DID included in the decryption card information VC, or causes the resolver server to obtain the user from the block chain network 400 using the user DID. A public key is obtained, and a user signature value can be verified using the user public key. That is, the card company server 300 may verify the user signature value by comparing information obtained by decrypting the user signature value using the user public key with information obtained by encrypting the decryption card information.

Then, the user mobile terminal 100, when the approval information of the card company server 300 is obtained from the VAN server 200 (S35, S36), transmits the approval information to the service server 20 to make the service server pay It can be made to complete the payment for (S38).

For example, when the decryption card information VC is verified, the card company server 300 transmits ( S35 ) approval information for payment to the VAN server 200 .

Then, the VAN server 200 transmits the approval information to the user mobile terminal 100 (S36), and the user mobile terminal 100 transmits the approval information to the service server 20 (S37).

Then, the service server 20 completes the payment by the user contactless card 10 in response to the received approval information, and transmits the payment completion information to the user mobile terminal 100 to the user contactless card 10 Complete the payment settlement process by

Meanwhile, in FIG. 3 , a method in which the user performs payment and settlement using his or her contactless card through his or her mobile terminal has been described. can be performed, and an operation process thereof will be described with reference to FIG. 4 as follows. In the following description, detailed description of parts that can be easily understood from the description of FIG. 3 will be omitted.

The payer mobile terminal 110 may be a payer's mobile terminal associated with the service server 20 , and the payer DID may be registered by the method as in FIG. 2 .

For example, the service server 20 may be an online shopping mall, and the payer may be a delivery person who delivers the product purchased by the consumer.

Then, when the payer executes the payment app of the payer mobile terminal 110 in order to request payment from the consumer, the payer mobile terminal 110 requests payment information from the service server 20 (S51).

On the other hand, unlike this, by requesting tagging of the user contactless card 10 of the consumer, that is, the user in the state that the payment application of the payer mobile terminal 110 is running, the payer mobile terminal 110 is the service server 20 ) to request payment information, or by inputting purchase service or product information into the payer mobile terminal 110 to request payment information from the service server 20 .

Then, the service server 20 transmits the payment information to the payer mobile terminal 110 (S52).

In this case, the payment information may include a purchase ID purchased by the consumer, purchase information, payment amount, etc., but is not limited thereto, and may include various information related to the consumer's purchase.

Next, the payment app of the payer mobile terminal 110 informs the user of payment information, and requests tagging of the user's contactless card 10 for payment and settlement of the payment information.

And, when the user tags the user contactless card 10 to the payer mobile terminal 110, the payment app of the payer mobile terminal 110 wirelessly communicates with the user contactless card 10, for example, through NFC. The card information is requested (S53) to obtain card identification information and encryption card information from the user contactless card 10 (S54).

At this time, the user contactless card 10 transmits the card identification information to the payer mobile terminal 110 through NFC, and the payment and settlement app of the payer mobile terminal 110 is the first of the card information stored in the user contactless card. After acquiring the first authentication key for reading the block data from the VAN server 200 or SE of the payer mobile terminal 110, it is transferred to the user contactless card 10 by the NFC method and from the user contactless card 10 Acquire first block data. And, the payment app of the payer mobile terminal 110 obtains a second authentication key for reading the second block data among the card information stored in the user contactless card from the SE of the VAN server 200 or the payer terminal 110 After that, the second block data is obtained from the user contactless card 10 by transferring it to the user contactless card 10 in the NFC method. In this case, the first block data and the second block data may be information stored by encrypting the card number and the validity period of the card information, respectively. In this case, the first authentication key and the second authentication key for reading the block data of the card information may be obtained from a purchase secure application module (PSAM) installed in the payer mobile terminal 110 or the VAN server 200 .

Thereafter, the payer mobile terminal 110 transmits the payment request information to the VAN server 200 (S55).

In this case, the payment request information may include card identification information of the user contactless card 10 and a payer DID.

In addition, the payment request information may further include a payer VC created by a payment app user, that is, a service provider that can prove that the payer is a legitimate owner, for higher stability, for example, if the payer is an employee of the service provider It may further include a VC to prove that . Then, the VAN server 200 obtains the payer public key from the block chain network 400 using the payer DID, or the payer public key from the block chain network 400 using the payer DID through the resolver server. , and by verifying the payer VC using the payer public key, the payer can be authenticated.

Thereafter, the VAN server 200 may generate a signature verification value and transmit card information request information including the signature verification value to the payer mobile terminal 110 ( S56 ). In this case, the signature verification value may include a nonce, a timestamp, and the like, and may be a one-time encryption to prevent duplication of transactions and hacking.

Then, the payer mobile terminal 110 generates the encrypted card information VC using the signature verification value, the card identification information, and the encrypted card information, and the payer DID, the encrypted card information VC, and the encrypted card information VC or a hash value thereof. The payer signature value signed with the payer private key may be transmitted to the VAN server 200 (S57).

Then, the VAN server 200 obtains the payer public key from the blockchain network 400 by using the payer DID (S58, S59), or by using the payer DID through the resolver server, the blockchain network ( 400), the payer public key may be obtained, and the payer signature value and the encryption card information VC may be verified (S60) using the payer public key.

At this time, the VAN server 200 may verify the encryption card information VC by checking whether the decryption information obtained by decrypting the payer signature value using the payer public key matches the encryption card information VC or a hash value thereof.

In addition, the encryption card information VC verification checks whether the decrypted information obtained by decrypting the payer signature value using the payer public key matches the encrypted card information VC or a hash value thereof, and the decrypted signature confirmation value is It can be performed by checking whether it matches the signature verification value transmitted to the payer mobile terminal 110 .

Then, the VAN server 200 may obtain decryption card information by using the encryption card information obtained from the encryption card information VC (S61).

In this case, the VAN server 200 may decrypt the first block data and the second block data using a system services provider SAM (SSAM) installed in the VAN server to obtain the card number and validity period, which are decrypted card information.

Thereafter, the VAN server 200 generates decryption card information VC by using the decryption card information, and the VAN server signature by signing the VAN server DID, decryption card information VC, and decryption card information VC or a hash value thereof with the VAN server private key By transmitting the value to the card company server 300 (S62), it is possible to request approval for payment.

Then, the card company server 300 obtains the VAN server public key from the block chain network 400 using the VAN server DID (S63, S64) or causes the resolver server to use the VAN server DID from the block chain network 400 It is possible to obtain the VAN server public key.

Thereafter, the card company server 300 verifies the VAN server signature value and the decryption card information VC using the VAN server public key (S65), and uses the decryption card information obtained from the decryption card information VC to approve the payment. have.

At this time, the card company server 300 compares the decrypted information obtained by decrypting the VAN server signature value using the VAN server public key with the decrypted card information VC or a hash value thereof to verify the VAN server signature value and the decrypted card information VC. can Then, the card company server 300 may verify the decryption card information by checking whether the decryption card information matches information registered in the database.

Meanwhile, the decryption card information VC may further include a payer signature value.

At this time, the card server 300 obtains the payer public key from the block chain network 400 using the payer DID included in the decryption card information VC, or causes the resolver server to use the payer DID to obtain the block chain network 400 ) to obtain the payer public key, and the payer signature value can be verified using the payer public key. That is, the card company server 300 may verify the payer signature value by comparing information obtained by decrypting the payer signature value using the payer public key with information obtained by encrypting the decrypted card information.

Thereafter, the payer mobile terminal 110, when the approval information of the card company server 300 is obtained from the VAN server 200 (S66, S67), transmits the approval information to the service server 20 to have the service server pay It is possible to complete the payment for the payment (S69).

For example, when the decryption card information VC is verified, the card company server 300 transmits (S66) approval information for payment to the VAN server 200 .

Then, the VAN server 200 transmits the approval information to the payer mobile terminal 110 (S67), and the payer mobile terminal 110 transmits the approval confirmation request information to the service server 20 (S68). .

Then, the service server 20 completes the payment by the user contactless card 10 in response to the received approval information, and transmits the payment completion information, that is, the approval confirmation result information to the payer mobile terminal 110 ( S69) to complete the payment and settlement process by the user contactless card 10 by giving.

On the other hand, in the above embodiments, card information was obtained by tagging the contactless card, but unlike this, the card number and expiration date can be obtained by photographing the contactless card through the mobile terminal, and it is transmitted to the DID-based VC. can give In addition, unlike photographing a contactless card, card information such as a card number and expiration date can be obtained by allowing a user or a payer to directly input card information. In addition, the card identification information may be information obtained by encrypting unique information obtained from a contactless card such as a card number by an encryption method such as a hash operation.

In addition, the present invention may perform user authentication using a contactless card in addition to the payment and settlement described above. That is, it is possible to conveniently perform identity verification using the DID using one's own contactless card and mobile terminal.

In addition, the embodiments according to the present invention described above may be implemented in the form of program instructions that can be executed through various computer components and recorded in a computer-readable recording medium. The computer-readable recording medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the computer-readable recording medium may be specially designed and configured for the present invention, or may be known and available to those skilled in the art of computer software. Examples of the computer-readable recording medium include a hard disk, a magnetic medium such as a floppy disk and a magnetic tape, an optical recording medium such as a CD-ROM, a DVD, and a magneto-optical medium such as a floppy disk. media), and hardware devices specially configured to store and execute program instructions such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like. The hardware device may be configured to operate as one or more software modules to perform processing according to the present invention, and vice versa.

In the above, the present invention has been described with specific matters such as specific components and limited embodiments and drawings, but these are provided to help a more general understanding of the present invention, and the present invention is not limited to the above embodiments. , those of ordinary skill in the art to which the present invention pertains can make various modifications and variations from these descriptions.

Therefore, the spirit of the present invention should not be limited to the above-described embodiments, and not only the claims described below but also all modifications equivalently or equivalently to the claims described below belong to the scope of the spirit of the present invention. will do it

100: user mobile terminal;
110: payer mobile terminal
200: VAN server,
300: card company server,
400: Blockchain Network

Claims (20)

In a contactless card payment method based on a decentralized identifier (DID) of a blockchain network,
(a) when payment information is obtained from the service server that provided the service to the user, the user mobile terminal requests the user to tag the user contactless card for payment and settlement, and when the user contactless card is tagged, the user contactless Obtains card identification information and encryption card information of the user contactless card through wireless communication with a card, and transmits the card identification information and user DID to a value added network (VAN) server to cause the payment proxy server to generating a signature verification value and transmitting card information request information including the signature verification value to the user mobile terminal; and
(b) the user mobile terminal generates an encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, the user DID, the encryption card information VC, and By transmitting the user signature value, which signed the encryption card information VC with the user private key, to the payment proxy server, the payment proxy server (i) obtains the user public key from the blockchain network using the user DID, or a resolver server to obtain the user public key from the blockchain network using the user DID through To obtain decryption card information by using the encryption card information obtained from the information VC, to generate decryption card information VC using the decryption card information, a payment proxy server DID, the decryption card information VC, and the decryption card Send the payment agency server signature value signed by the payment agency server private key to the information VC to the card company server, so that the card company server acquires the payment agency server public key from the block chain network using the payment agency server DID or the resolver Have the server obtain the payment proxy server public key from the block chain network using the payment proxy server DID, and verify the payment proxy server signature value and the decryption card information VC using the payment proxy server public key and allowing the payment and settlement to be approved using the decryption card information obtained from the decryption card information VC;
How to include. According to claim 1,
Before step (a),
(a01) In a state in which the user DID and the user public key are registered in the blockchain network, the user mobile terminal transmits the user DID registration request information including the user VC and the user DID to the card company server. cause the card company server to obtain the user public key from the block chain network using the user DID or obtain the user public key from the block chain network using the user DID through the resolver server, and the user verifying the user VC using a public key, and registering the user DID in response to the verification of the user VC;
(a02) the user mobile terminal obtains the card identification information and the encryption card information from the user contactless card, and obtains the user DID, a card registration VC generated using the card identification information, and the card registration VC The card registration request information including the user signature value signed by the user private key is transmitted to the card company server so that the card company server verifies the card registration VC using the user public key, and the card company server DID, signature verification transmitting, to the user mobile terminal, a card information request VC including a value and the card identification information, and a card company server signature value signed by the card company server private key with the card information request VC; and
(a03) After verification of the card company server signature value, the user mobile terminal generates card information VC using the card identification information, the signature verification value, and the encryption card information, and the user DID and the card information VC and transmits a user signature value that signed the card information VC with the user private key to the card company server so that the card company server verifies the card information VC using the user public key, and then sends the card identification information to the user matching and storing the DID;
How to include more. 3. The method of claim 2,
In step (a03),
The user mobile terminal obtains the card company server public key from the block chain network using the card company server DID or obtains the card company server public key from the block chain network using the card company server DID through the resolver server. and verifying the card company server signature value using the card company server public key. According to claim 1,
(c) when the user mobile terminal obtains approval information of the card company server from the payment proxy server, transmitting the approval information to the service server so that the service server completes the payment for the payment ;
How to include more. According to claim 1,
The encryption card information includes first block data in which the card number is encrypted and second block data in which the card validity period is encrypted,
In step (a),
The user mobile terminal obtains the first block data from the user contactless card by using a purchase secure application module (PSAM) installed in the mobile terminal or a first authentication key obtained from the PSAM installed in the payment proxy server, , acquiring the second block data from the user contactless card by using a second authentication key obtained from the PSAM installed in the mobile terminal or the PSAM installed in the payment proxy server,
In step (b),
The user mobile terminal causes the payment proxy server to decrypt the first block data and the second block data using a system services provider SAM (SSAM) installed in the payment proxy server. According to claim 1,
In step (b),
The user mobile terminal causes the payment proxy server to compare the decryption information obtained by the card company server using the payment proxy server public key to decrypt the payment proxy server signature value with the decryption card information VC, and the payment proxy server A method for verifying a signature value and the decryption card information VC. According to claim 1,
In step (b),
The decryption card information VC further includes the user signature value,
The user mobile terminal causes the payment proxy server to obtain the user public key from the block chain network using the user DID included in the decryption card information VC or the resolver server to cause the card server to obtain the user public key A method of obtaining the user public key from the blockchain network using a DID and verifying the user signature value using the user public key. 8. The method of claim 7,
The user mobile terminal allows the payment proxy server to verify the user signature value by comparing the information obtained by the card company server using the user public key to decrypt the user signature value with information obtained by encrypting the decryption card information. how to do it. In a contactless card payment method based on a decentralized identifier (DID) of a blockchain network,
(a) the payer mobile terminal of the payment agent corresponding to the service server that provided the service to the user requests payment information for the service provided to the user from the service server, and the payment information is obtained from the service server When the user contactless card is tagged, the payment information is provided to the user and the user requests tagging of the user contactless card for payment and settlement. When the user contactless card is tagged, the user contactless card Acquires card identification information and encryption card information, and transmits the card identification information and payer DID to a value added network (VAN) server to cause the payment proxy server to generate a signature verification value and send the signature verification value transmitting the card information request information including the information to the payer mobile terminal; and
(b) the payer mobile terminal generates an encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, and the payer DID and the encryption card information VC , and transmits the payer signature value, which signed the encryption card information VC with the payer private key, to the payment proxy server, thereby causing the payment proxy server to (i) use the payer DID to obtain the payer public key from the blockchain network. or to obtain the payer public key from the block chain network using the payer DID through a resolver server, and the payer signature value and the encryption card information VC using the payer public key (ii) to obtain decryption card information using the encryption card information obtained from the encryption card information VC, and to generate decryption card information VC using the decryption card information, a payment proxy server DID, The decryption card information VC and the decryption card information VC are signed with the payment proxy server private key to transmit the signature value of the payment proxy server to the card company server, so that the card company server uses the payment proxy server DID from the block chain network Obtain a payment proxy server public key or have the resolver server acquire the payment proxy server public key from the block chain network using the payment proxy server DID, and use the payment proxy server public key to obtain the payment proxy server verifying a signature value and the decryption card information VC, and allowing the payment and settlement to be approved using the decryption card information obtained from the decryption card information VC;
How to include. 10. The method of claim 9,
In step (b),
The decryption card information VC further includes the payer signature value,
The user mobile terminal causes the payment proxy server to obtain the payer public key from the block chain network using the payer DID included in the decryption card information VC or the resolver server to cause the card server to obtain the payer public key A method of obtaining the payer public key from the block chain network using the payer DID, and verifying the payer signature value using the payer public key. In a user mobile terminal that performs contactless card payment and settlement based on a decentralized identifier (DID) of a blockchain network,
a memory in which instructions for performing contactless card payment based on a decentralized ID of a blockchain network are stored; and
a processor for performing contactless card payment and settlement based on a decentralized ID of a blockchain network according to the instructions stored in the memory;
includes,
The processor is
(I) When payment information is obtained from a service server providing a service to a user, the user is requested to tag a user contactless card for payment and settlement, and when the user contactless card is tagged, wireless communication with the user contactless card obtains card identification information and encryption card information of the user contactless card through and transmitting card information request information including the signature verification value to the user mobile terminal, and
(II) generate encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, and obtain the user DID, the encryption card information VC, and the encryption card information VC By transmitting the user signature value signed with the user private key to the payment proxy server, the payment proxy server (i) obtains the user public key from the blockchain network using the user DID, or obtains the user DID through a resolver server to obtain the user public key from the block chain network using the user public key, and to verify the user signature value and the encryption card information VC using the user public key, Obtain decryption card information using card information, generate decryption card information VC using the decryption card information, and transfer payment proxy server DID, the decryption card information VC, and the decryption card information VC to a payment proxy server Send the payment proxy server signature value signed with the private key to the card company server, so that the card company server acquires the payment proxy server public key from the block chain network using the payment agency server DID or causes the resolver server to make the payment proxy Obtain the payment proxy server public key from the block chain network using a server DID, and verify the payment proxy server signature value and the decryption card information VC using the payment proxy server public key, and the decryption card information VC A user mobile terminal that performs a process of approving the payment by using the decryption card information obtained from 12. The method of claim 11,
The processor is
Prior to the (I) process,
(I-1) In a state in which the user DID and the user public key are registered in the block chain network, the card company server transmits user DID registration request information including the user VC and the user DID to the card company server to obtain the user public key from the block chain network using the user DID or obtain the user public key from the block chain network using the user DID through the resolver server, and use the user public key to verify the user VC, and to register the user DID in response to the verification of the user VC;
(I-2) obtain the card identification information and the encryption card information from the user contactless card, and use the user DID, the card registration VC generated using the card identification information, and the card registration VC as the user private key The card registration request information including the signed user signature value is transmitted to the card company server so that the card company server verifies the card registration VC using the user public key, and the card company server DID, the signature verification value and the card identification a process of transmitting a card information request VC including information, and a card company server signature value, which signed the card information request VC with a card company server private key, to the user mobile terminal; and
(I-3) After verification of the card company server signature value, the card information VC is generated using the card identification information, the signature confirmation value, and the encryption card information, and the user DID, the card information VC, and the card By sending the user signature value, which signed the information VC with the user private key, to the card company server, the card company server verifies the card information VC using the user public key, and then matches the card identification information to the user DID. User mobile terminal that further performs a process to store. 13. The method of claim 12,
The processor is
In the process (I-3) above,
Obtain the card company server public key from the block chain network using the card company server DID or obtain the card company server public key from the block chain network using the card company server DID through the resolver server, and the card company server public key A user mobile terminal that verifies the signature value of the card company server using a key. 12. The method of claim 11,
The processor is
(III) When the approval information of the card company server is obtained from the payment proxy server, the user mobile further performs a process of transmitting the approval information to the service server so that the service server completes the payment for the payment terminal. 12. The method of claim 11,
The encryption card information includes first block data in which the card number is encrypted and second block data in which the card validity period is encrypted,
The processor is
In the (I) process, the first block data is obtained from the user contactless card by using a purchase secure application module (PSAM) installed in the mobile terminal or a first authentication key obtained from the PSAM installed in the payment proxy server and acquiring the second block data from the user contactless card by using a second authentication key obtained from the PSAM installed in the mobile terminal or the PSAM installed in the payment proxy server,
In the process (II), a user mobile terminal in which the payment proxy server decrypts the first block data and the second block data using a system services provider SAM (SSAM) installed in the payment agency server. 12. The method of claim 11,
The processor is
In the process (II), the payment proxy server compares the decryption information obtained by the card company server using the payment proxy server public key to decrypt the payment proxy server signature value with the decryption card information VC to make the payment proxy A user mobile terminal that verifies the server signature value and the decryption card information VC. 12. The method of claim 11,
The decryption card information VC further includes the user signature value,
The processor is
In the process (II), the payment proxy server causes the card server to obtain the user public key from the blockchain network using the user DID included in the decryption card information VC, or cause the resolver server to A user mobile terminal that obtains the user public key from the block chain network using a user DID, and verifies the user signature value using the user public key. 18. The method of claim 17,
The processor allows the payment proxy server to verify the user signature value by comparing information obtained by the card company server using the user public key to decrypt the user signature value with information obtained by encrypting the decrypted card information User mobile terminal. In a payer mobile terminal that performs contactless card payment based on a decentralized identifier (DID) of a blockchain network,
a memory in which instructions for performing contactless card payment based on a decentralized ID of a blockchain network are stored; and
a processor for performing contactless card payment and settlement based on a decentralized ID of a blockchain network according to the instructions stored in the memory;
includes,
The processor is
(I) request payment information for the service provided to the user from the service server, and when the payment information is obtained from the service server, provide the payment information to the user and provide a user contactless method for payment to the user Request card tagging, and when the user contactless card is tagged, obtain card identification information and encryption card information of the user contactless card through wireless communication with the user contactless card, and obtain the card identification information and payer DID A process of sending to a value added network (VAN) server so that the payment proxy server generates a signature verification value and transmits card information request information including the signature verification value to the payer mobile terminal, and
(II) generate encryption card information VC (verifiable credential) using the signature verification value, the card identification information, and the encryption card information, and the payer DID, the encryption card information VC, and the encryption card information VC transmits the payer signature value signed with the payer private key to the payment proxy server, thereby causing the payment proxy server to (i) obtain the payer public key from the blockchain network using the payer DID, or use a resolver server to obtain the payer public key from the block chain network using the payer DID through the payer public key to verify the payer signature value and the encryption card information VC using the payer public key; (ii) Decryption card information is obtained using the encryption card information obtained from the encryption card information VC, and decryption card information VC is generated using the decryption card information, a payment proxy server DID, the decryption card information VC, and Send the payment proxy server signature value, which signed the decryption card information VC with the payment agency server private key, to the card company server, so that the card company server uses the payment agency server DID to obtain the payment agency server public key from the block chain network or have the resolver server obtain the payment proxy server public key from the block chain network using the payment proxy server DID, and use the payment proxy server public key to obtain the payment proxy server signature value and the decryption card information A payer mobile terminal that verifies a VC and performs a process to approve the payment using the decryption card information obtained from the decryption card information VC. 20. The method of claim 19,
The decryption card information VC further includes the payer signature value,
The processor is
In the process (II), the payment proxy server causes the card server to obtain the payer public key from the blockchain network using the payer DID included in the decryption card information VC or to the resolver server A payer mobile terminal for causing the payer to obtain the payer public key from the block chain network using the payer DID, and to verify the payer signature value using the payer public key.

Images