WO2013141456A1 - Système, appareil, terminal et procédé destinés à l'inscription d'un membre à un système de paiement électronique - Google Patents

Système, appareil, terminal et procédé destinés à l'inscription d'un membre à un système de paiement électronique Download PDF

Info

Publication number
WO2013141456A1
WO2013141456A1 PCT/KR2012/008565 KR2012008565W WO2013141456A1 WO 2013141456 A1 WO2013141456 A1 WO 2013141456A1 KR 2012008565 W KR2012008565 W KR 2012008565W WO 2013141456 A1 WO2013141456 A1 WO 2013141456A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic payment
terminal
password
application
payment application
Prior art date
Application number
PCT/KR2012/008565
Other languages
English (en)
Korean (ko)
Inventor
이원준
임동필
강형문
김세현
고영덕
김필성
Original Assignee
에스케이플래닛 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에스케이플래닛 주식회사 filed Critical 에스케이플래닛 주식회사
Publication of WO2013141456A1 publication Critical patent/WO2013141456A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates to an electronic payment service subscription, and more particularly, to an electronic payment service subscription system, an apparatus, a terminal, and a method in which security can be enhanced during electronic payment.
  • An object of the present invention is to provide an electronic payment service subscription system, apparatus, terminal, and method that can enhance security during electronic payment.
  • Electronic payment service member subscription system for achieving the above object provides an electronic payment application ID for identifying the electronic payment application and the electronic payment application to the terminal, and receives the electronic payment application ID
  • a service device for mapping and storing the electronic payment application ID provided to the terminal and the password received from the terminal when receiving the password from the terminal;
  • the electronic payment application received from the service device is installed, requesting the electronic payment application ID from the service device, guiding the password input in response to receiving the electronic payment application ID, and entering the password as the member identification information to the service device. It includes a terminal for requesting to register by mapping the password to the application ID.
  • the service device for achieving the above object is an application providing unit for providing an electronic payment application to the terminal;
  • When receiving a password from the terminal includes a password registration unit for mapping and storing the electronic payment application ID provided to the terminal and the password received from the terminal as member identification information.
  • the application ID providing unit may check the carrier member status of the terminal owner, and if it is determined that the terminal owner is a normal carrier member, it may allocate an electronic payment application ID and provide the allocated electronic payment application ID to the terminal.
  • the apparatus may further include a member verification unit that performs member verification using the electronic payment application ID and password.
  • the service apparatus when the member verification unit receives the payment verification number request from the terminal determined to be owned by the member verification unit using the electronic payment application ID and password during electronic payment, providing the payment verification number generated in response to the payment verification number request to the terminal Authentication number provider; And a payment processing unit which relays the electronic payment between the terminal and the card company using the payment authentication number.
  • the payment authentication number may be generated by the authentication number provider or by the card company device in response to the request of the authentication number provider in response to the request for payment verification number.
  • the electronic payment application received from the service device when the electronic payment application received from the service device is installed, request the electronic payment application ID to the service device, and receives the electronic payment application ID from the service device An application ID request unit; And a password registration request unit for guiding the password input in response to receiving the electronic payment application ID and requesting the service apparatus to register the password by mapping the password to the application ID as the member identification information when the password is input.
  • the electronic device may further include a member verification request unit for requesting member verification by guiding only input of a password during electronic payment and automatically transmitting an electronic payment application ID to the service device when the password is input.
  • a method for registering an electronic payment service member including: providing, by a service device, an electronic payment application to a terminal; Providing, by the service apparatus, an electronic payment application ID for identifying the electronic payment application to the terminal; And when the service device receives the password from the terminal, mapping and storing the electronic payment application ID provided to the terminal as the member identification information and the password received from the terminal.
  • Electronic payment service member registration method for achieving the above object is the step of requesting the electronic payment application ID to the service device, when the terminal is installed the electronic payment application received from the service device; ; Receiving, by the terminal, the electronic payment application ID from the service device; And in response to the terminal receiving the electronic payment application ID, guiding the password input, and if the password is input, requesting the service device to register the password by mapping the password as the application identification information to the application ID.
  • the present invention can enhance security during electronic payment by registering a password and an electronic payment application ID when registering an electronic payment member and relaying the payment procedure only when the service device is recognized as a member using the password and the electronic payment application ID.
  • the password is not stored in the terminal and managed only by the service apparatus, so that there is no fear of leaking the password even when the terminal is lost.
  • the present invention is not a method in which the user inputs the electronic payment application ID, but is automatically transmitted when the password is transmitted and is not exposed to the outside. As a result, there is no fear that the electronic payment application ID is leaked to the outside.
  • the electronic payment application ID is unique information assigned to the electronic payment application, even if a person who has obtained the password of the member steals the password, the electronic payment application driven in the terminal is different from the user. Do not. This is because the present invention performs member authentication using the electronic payment application ID and password. That is, when changing and using the terminal, by not providing an electronic payment service, security can be greatly improved.
  • security can be further improved by registering a member only when the user who intends to join the member and the terminal owner coincide by checking the service provider member status when registering.
  • the virtual card is generated when the member is registered and the virtual card is used for the electronic payment, the real card number is managed only by the card company, thereby greatly improving security.
  • FIG. 1 shows an electronic payment system according to a preferred embodiment of the present invention.
  • FIG. 2 is a functional block diagram of a terminal of FIG. 1.
  • FIG. 3 is a functional block diagram of the service apparatus of FIG. 1.
  • FIG. 4 illustrates a data structure stored in the member database of FIG. 3.
  • FIG. 5 is a flowchart schematically illustrating a method for registering an electronic payment service member according to an exemplary embodiment of the present invention.
  • FIG. 6 is a flowchart illustrating an electronic payment service providing method according to an exemplary embodiment of the present invention.
  • FIG. 7 is a flowchart illustrating an application example of an electronic payment service member registration method according to an exemplary embodiment of the present invention.
  • FIG. 8 is a flowchart illustrating an application example of an electronic payment service providing method according to an exemplary embodiment of the present invention.
  • 1 shows an electronic payment system according to a preferred embodiment of the present invention.
  • 2 is a functional block diagram of a terminal of FIG. 1.
  • 3 is a functional block diagram of the service apparatus of FIG. 1.
  • 4 illustrates a data structure stored in the member database of FIG. 3.
  • the electronic payment system 1 may include a terminal 100, a service device 200, a merchant device 300, and a card company device 400 connected through a communication network 500.
  • the operating entities of the terminal 100, the service device 200, the affiliated store device 300 and the card company device 400 may be different or the same.
  • the terminal 100 refers to a terminal capable of transmitting and receiving various data via the communication network 500 according to a user's key operation.
  • the terminal 100 may be a tablet PC, a laptop, a personal computer. , A smart phone, a personal digital assistant (PDA), a mobile communication terminal, or the like.
  • the terminal 100 may be a cloud computing terminal that supports cloud computing (Cloud Computing) that can use services such as data reading and writing and storing, network, and content use through the communication network 500.
  • Cloud Computing cloud computing
  • the terminal 100 is a terminal for performing voice or data communication using the communication network 500, a memory for storing a browser, a program, and a protocol for communicating with the service apparatus 200 via the communication network 500; Means a terminal having a microprocessor for operating and controlling various programs. That is, the terminal 100 may be any terminal as long as the service apparatus 200 and the server-client communication are possible, and the terminal 100 may include all communication computing devices such as a notebook computer, a mobile communication terminal, and a PDA. Meanwhile, the terminal 100 is preferably manufactured in a form having a touch screen, but is not necessarily limited thereto.
  • the terminal 100 is described as being implemented as a separate device from the service device 200, but in the actual implementation of the invention, the terminal 100 is a stand-alone type of including all the service device 200 (Stand Alone) can be implemented as a device.
  • the electronic payment application 100a may be installed in the terminal 100.
  • the electronic payment application 100a may be obtained from the service device 200 when registering as a member in the electronic payment service provided by the service device 200.
  • the electronic payment application 100a may be an application installed after being downloaded through an application store when the terminal 100 is a smart phone, and when the terminal 100 is a feature phone, a VM downloaded through a communication company device ( It may be an application running on a virtual machine.
  • the electronic payment application 100a may be implemented or manufactured in accordance with various operating system (OS) environments such as iOS, Android, and Windows Phone 7. Details of membership in the electronic payment service and the specific operation of the electronic payment application 100a will be described later.
  • OS operating system
  • the service apparatus 200 has the same configuration as a conventional web server or network server in hardware.
  • software includes program modules implemented through languages such as C, C ++, Java, Visual Basic, Visual C, and the like.
  • the service device 200 may be implemented in the form of a web server or a network server, which is generally connected to an unspecified number of clients and / or other servers via an open computer network such as the Internet, and is a client or other web server. It refers to a computer system that accepts a request to perform a work and derives and provides a work result thereof, and a computer software (web server program) installed therefor.
  • the service device 200 uses a web server program that is variously provided according to operating systems such as DOS, Windows, Linux, UNIX, Macintosh, and the like for general server hardware.
  • a typical example may be a website used in a Windows environment, a website used in a Windows environment, an Internet Information Server (IIS), a CERN used in a UNIX environment, an NCSA, an APPACH, or the like.
  • IIS Internet Information Server
  • CERN used in a UNIX environment
  • NCSA Net Control Access Control
  • APPACH or the like.
  • the service device 200 classifies membership information, stores it in a member database, and manages it.
  • Such a database may be implemented inside or outside the service device 200.
  • a database refers to a general data structure implemented in a storage system (hard disk or memory) of a computer system using a database management program (DBMS), and can freely search (extract) data, delete data, edit data, and add data.
  • It is a data storage type that can be used, such as relational database management systems (RDBMS) such as Oracle, Infomix, Sybase, DB2, Gemston, Orion, Object-oriented database management system (OODBMS) such as O2 and XML Native Database such as Excelon, Tamino, Sekaiju, etc. can be implemented for the purpose of this embodiment. And may have appropriate fields or elements to achieve its function.
  • RDBMS relational database management systems
  • ODBMS Object-oriented database management system
  • XML Native Database such as Excelon, Tamino, Sekaiju, etc.
  • the affiliated store device 300 may be a server operated by a person who sells a product through a communication network such as online home shopping.
  • the service device 200 and the affiliated device device 300 have negotiated that the service device 200 provides a payment for a transaction through the affiliated device device 300.
  • the affiliated store apparatus 300 may be a terminal (POS terminal) provided in the affiliated store during offline payment.
  • the affiliated store device 300 may be an electronic tag. And, by tagging the electronic tag, the terminal reads the payment information and the electronic payment application providing address, and the user may download the application using the address and then perform the electronic payment. That is, the present invention can be applied not only to online but also to payment of offline transactions.
  • the card company device 400 may be a server operated by the card company, and may be a device for performing actual payment based on credit card information (real card number).
  • the communication network 500 refers to a network capable of transmitting and receiving data using an internet protocol using various wired and wireless communication technologies such as an internet network, an intranet network, a mobile communication network, and a satellite communication network.
  • the communication network 500 may include a cloud computing network coupled with the service device 200 to store computing resources such as hardware and software, and provide computing resources required by the client to the terminal 100.
  • cloud computing refers to a computer environment in which information is permanently stored on a server on the Internet and temporarily stored in client terminals such as desktops, tablet computers, laptops, netbooks, and smartphones. It refers to a computer environment access network that stores a server on the Internet and makes this information available anytime, anywhere through various IT devices.
  • Such a communication network 500 may include a closed network such as a local area network (LAN), a wide area network (WAN), an open network such as the Internet, and a code division multiple access (CDMA) and wideband code division (WCDMA). It is a concept that collectively refers to networks such as Multiple Access (GSM), Global System for Mobile Communications (GSM), Long Term Evolution (LTE), and Evolved Packet Core (EPC), as well as next-generation networks and cloud computing networks.
  • GSM Multiple Access
  • GSM Global System for Mobile Communications
  • LTE Long Term Evolution
  • EPC Evolved Packet Core
  • the terminal 100 and the card company device 400 may transmit and receive information in an E2E (End to End) manner.
  • E2E End to End
  • the RSA method which is an asymmetric encryption method
  • the card information and payment authentication number are encrypted and transmitted between the electronic payment application and the card company device, and the service device 200 cannot decrypt the asymmetric encryption value.
  • the service device 200 may provide an electronic payment service in association with the electronic payment application 100a mounted on the terminal 100.
  • the terminal 100 may receive an electronic payment application used to perform the electronic payment from the service device 200.
  • the terminal 100 may transmit the password to the service apparatus 200.
  • the service device 200 may map the password to the electronic payment application ID and store the password.
  • the electronic payment application ID is unique information of the electronic payment application provided to the terminal 100.
  • the service apparatus 200 registers the user of the terminal 100 by registering the payment means by mapping it to the electronic payment application ID.
  • the registration of the payment means may be any one of the registration of the virtual card number and the registration of the real card number. Details of the membership registration process will be described later.
  • the electronic payment application is driven on the terminal 100 and a password may be input by the user.
  • This password is the information registered at the membership registration stage as described above.
  • the terminal 100 may transmit the password and the electronic payment application ID issued at the time of membership registration to the service apparatus 200.
  • the service device 200 may perform member verification using a password and an electronic payment application ID. If it is determined that the password and the electronic payment application ID are registered, the service device 200 may provide an electronic payment service. Details of the electronic payment service will be described later.
  • the terminal 100 includes an application ID request unit 110, a password registration request unit 120, a payment method registration request unit 130, a member verification request unit 140, and a member status check request unit ( 150, an authentication number request unit 160 and a payment request unit 170 may be included.
  • the terminal 100 may download the electronic payment application 100a from the service device 200 through a web browser (not shown).
  • the application ID request unit 110, password registration request unit 120, payment method registration request unit 130, member verification request unit 140, member status check The request unit 150, the authentication number request unit 160, and the payment request unit 170 may be implemented on the terminal 100.
  • the application ID requesting unit 110, password registration requesting unit 120, payment means registration requesting unit 130 may be an element that operates in the membership registration step.
  • the member verification request unit 140, the member status check request unit 150, the authentication number request unit 160, and the payment request unit 170 may be elements operating in the electronic payment step.
  • Application ID request unit 110, password registration request unit 120, payment method registration request unit 130 and member verification request unit 140, member status check request unit 150, authentication number request unit 160 and The payment request unit 170 may be implemented as a separate application.
  • the application ID requesting unit 110 may request the electronic payment application ID by transmitting personal identification information such as a name, a social security number, and a social security number to the service device 200.
  • the personal identification information may be at least one of information for identifying an individual in each country, information for identifying an individual online, terminal specific information, for example, a serial number.
  • the personal identification information includes at least one of information for identifying an individual in each country, information for identifying an individual on-line, and terminal-specific information.
  • the service device 200 may check the carrier status.
  • the service provider member status check is a procedure for checking whether the person requesting the membership is normally subscribed to the service provider.
  • the service device 200 may check the member status of the service provider through an affiliated communication company or a credit institution using the personal identification information. In addition, when it is determined that the service provider member status is normal, the service device 200 may issue an electronic payment application ID. In addition, the service device 200 may transmit the issued electronic payment application ID to the application ID requesting unit 110.
  • the electronic payment application ID may be unique information for identifying the electronic payment application provided to the terminal 100.
  • the password registration requesting unit 120 may output a screen for guiding a password input on the terminal 100.
  • the password registration request unit 120 may receive a password input by the user.
  • the password may be a predetermined number of numbers, letters, or a combination thereof.
  • the password registration request unit 120 may request password registration by transmitting the password to the service apparatus 200.
  • the service device 200 may register a password in the member database and transmit the registration result to the terminal 100.
  • the password may be mapped and stored with the electronic payment application ID. In this case, the password may not be stored on the terminal 100, but may be stored and managed only by the service device 200. As a result, even when the terminal 100 is lost, there is no fear that the password may leak out.
  • the payment method registration request unit 130 may request a payment method registration by transmitting credit card information to the service device 200.
  • the credit card information includes at least one of a credit card number (silicone number), a credit card password, an expiration date, a card validation code (CVC), a card verification value (CVV), and a confidence identifier number or card identification number (CID). Can be one.
  • the service device 200 receiving the credit card information may generate a virtual card number and register the virtual card number by mapping it to an electronic payment application ID and a password.
  • the service device 200 may transmit a credit card number, a virtual card number, a social security number, a name, and the like to the card company device 400.
  • the service device 200 When the service device 200 receives a result of being registered in the payment service using the corresponding virtual card number from the card company device, the service device 200 completes the member registration process and transmits the registration result to the payment method registration request unit 130. have. By completing the member registration process, the user of the terminal 100 can become a full member of the electronic payment service provided by the service device 200.
  • the card company device 200 may store the actual card number mapped with the virtual card number.
  • the service device 200 receives the payment method registration request from the payment method registration request unit 130, the service device 200 generates a virtual card number and converts the virtual card number into an electronic payment application ID and password. You can register by mapping to.
  • the service device 200 may store the real card number by mapping the virtual card number to the virtual card number.
  • the service device 200 may store the virtual card number by mapping it to the electronic payment application ID and password without generating the virtual card number. In this case, the service device 200 may relay the electronic payment using the seal card information.
  • the member verification requester 140 may guide the password input when the electronic payment application 100a is driven by the service device 200 in a push manner. For example, the member verification requester 140 may output a window for inputting a password.
  • the member verification request unit 140 may request membership verification by transmitting the electronic payment application ID and the password to the service apparatus 200.
  • the electronic payment application ID is provided to the terminal 100 at the time of membership registration and is not output to the outside.
  • the member verification request unit 140 automatically transmits the electronic payment application ID to the service apparatus together with the password.
  • the member status check requesting unit 150 transmits personal identification information to the service device 200, thereby transmitting the member status.
  • the member status check is a procedure for checking whether the person requesting the membership is normally subscribed to the communication company.
  • the service device 200 may check the member status of the service provider through an affiliated communication company or a credit institution using the personal identification information.
  • the confirmation result may be transmitted to the terminal 100.
  • the service device 200 may check the service provider member state using previously stored personal identification information.
  • the procedure for requesting the member status confirmation request by the member status confirmation request unit 150 may be omitted.
  • the service device 200 may transmit a communication service member status check result to the member status check requesting unit 150.
  • the authentication number request unit 160 may request a payment verification number from the service device 200.
  • the service device 200 may request a payment verification number from the card company device 400.
  • the service device 200 may receive payment authentication information generated by the card company device 400 from the card company device 400, and transmit the same to the authentication number requester 160.
  • the service device 200 receives the payment verification number request, the service device 200 directly generates the payment verification number in response to the request, and the generated payment verification number is the authentication number request unit 160. Can be provided to
  • the payment request unit 170 may request payment verification by transmitting the payment verification number, the terminal phone number, and the like to the service device 200 when the authentication number request unit 160 receives the payment verification number.
  • the virtual card number may be transmitted to the service device 200.
  • the service device 200 may make a payment request by transmitting the payment authentication number, the terminal phone number, and the virtual card number to the card company device 400.
  • the service device 200 that the card company device 400 receives the payment authentication result using the real card number mapped to the virtual card may transmit the payment authentication result to the terminal 100.
  • the payment request unit 170 may display the payment authentication result on the terminal 100.
  • the service device 200 may make a payment request by transmitting the real card number to the card company device 400.
  • the service device 200 stores the real card number by mapping with the virtual card number, and when receiving the virtual card number from the terminal 100, performs a payment procedure using the real card number matching the virtual card number. You can relay.
  • the virtual keyboard can be executed when the social security number, card information and password are input.
  • a social security number, card information, a password, and the like may be input.
  • the service apparatus 200 includes a member inquiry unit 201, an application provider 202, an application ID provider 203, a password register 204, a payment means register 205, and a member register. 206, an application driver 207, a member verification unit 208, a member status checking unit 209, an authentication number providing unit 210, a payment processing unit 211, and a member database 212 may be included.
  • the member inquiry unit 201, the application provider 202, the application ID provider 203, the password register 204, the payment method register 205 and the member register 206 may operate in the member registration process.
  • the member inquiry unit 201, the application driver 207, the member verification unit 208, the member status confirmation unit 209, the authentication number providing unit 210, and the payment processing unit 211 may operate in the electronic payment step. .
  • Each element may be implemented as the same or separate server.
  • the member inquiry unit 201 uses the member database 212 to determine whether there is a member matching the terminal phone number or the electronic payment application ID and the password, and the result of the determination is provided by the application provider 202 and the application driver. 207 and the member verification unit 208.
  • the application provider 202 may provide an electronic payment application to a terminal of a user who is newly registering in a member registration procedure.
  • the application providing unit 202 may provide the electronic payment application providing site address (URL) to the terminal by SMS, and when the terminal requests the electronic payment application using the URL, the application payment unit may provide the electronic payment application.
  • the application providing unit 202 may be implemented by downloading an electronic payment application.
  • the application ID providing unit 203 may check the service provider member status.
  • the member status check is a procedure for confirming whether the person requesting the electronic payment application ID is normally subscribed to the telecommunication company.
  • the application ID providing unit 203 may check the service provider member status through an affiliated communication company or a credit institution using the personal identification information received from the application ID requesting unit 110.
  • the electronic payment application ID for the electronic payment application provided to the terminal 100 may be allocated, and the application ID may be transmitted to the terminal 100.
  • the password registration unit 204 may map the received password to an electronic payment application ID corresponding to the electronic payment application transmitted to the terminal and store the received password in the member database 212. have.
  • the registration result may be transmitted to the password registration request unit 120.
  • the payment method registration unit 205 When the payment method registration unit 205 receives the payment method registration request from the payment method registration request unit 130, it may generate a virtual card number. As shown in FIG. 4, the virtual card number may be mapped to an electronic payment application ID and a password and stored in the member database 212. The number system of FIG. 4 is merely an example, and the electronic payment application ID, password, and virtual card number may be formed in another number system.
  • the payment means registration unit 205 may request a payment service registration by transmitting credit card information, virtual card number, social security number, and name to the card company device 400. At this time, the card company device 400 may perform card identity verification using credit card information, social security number and name, and if the result of the execution is normal, the user of the terminal may register as a member of the payment service.
  • the card company device 400 may map and store the virtual card number and the virtual card number.
  • the card company device 400 may transmit the registration result to the payment method registration unit 205.
  • the payment method registration unit 205 receives the payment method registration request from the payment method registration request unit 130, it generates a virtual card number and maps the virtual card number and the real card number to the electronic payment application ID and password. Can be stored in the member database (212).
  • the member registration unit 206 may complete the registration procedure by registering the user of the terminal as a member. In addition, the member registration unit 206 may provide a result of registering a member to the terminal 100.
  • the application driver 206 may drive the electronic payment application installed in the terminal 100 in a push method when the member inquiry unit determines that the user of the terminal that has transmitted the terminal phone number is a member in the payment step.
  • the member verification unit 208 may perform member verification using the password and the electronic payment application ID transmitted by the member verification request unit 140. When the member verification unit 208 is recognized as a member verification result member, the member verification unit 208 may transmit the member verification result to the member verification request unit 140. When the member verification unit 208 receives the password and the electronic payment application ID, the member verification unit 201 requests the member inquiry unit 201 to check whether there is a member matching the password and the electronic payment application ID. It can be received from the inquiry unit 201.
  • the member status confirmation unit 209 may receive a carrier member status confirmation request from the member status confirmation request unit 150 and perform a carrier member status check.
  • the member status check is a procedure for checking whether the person requesting the membership is normally subscribed to the communication company.
  • the member status checking unit 209 may check the member status of the carrier through the affiliated carrier or credit institution using the personal identification information.
  • the confirmation result may be transmitted to the member status check request unit 150.
  • the member verification unit 209 determines that the member verification unit 208 is a member
  • the member status checking unit 209 may automatically check the service provider member state by using the personal identification information previously stored. At this time, the member status confirmation request unit 150 may not make a request for a carrier member status check.
  • the authentication number providing unit 210 may receive a payment authentication number request from the authentication number requesting unit 160. Then, the card company device 400 may request generation of a payment authentication number.
  • the payment verification number request may include a virtual card number. At this time, the card company device 400 may generate a payment authentication number for the virtual card number.
  • Payment authentication number may be a one-time authentication number, authentication number of limited use time.
  • an authentication number generation module may be provided in the card company device 400 for generating an authentication number.
  • the authentication number providing unit 210 may receive a payment authentication number from the card company device 400 and provide it to the terminal 100. On the contrary, when the authentication number providing unit 210 receives the payment verification number request, the authentication number providing unit 210 directly generates the payment verification number in response to the request, and requests the verification number to generate the payment verification number. It may be provided to the unit 160.
  • the payment processor 211 may receive a payment request from the payment request unit 170.
  • the payment processing unit 211 may make a payment request by transmitting a payment authentication number, a terminal phone number, a virtual card number, etc. to the card company device 400.
  • the card company may perform the payment verification number verification. If the card number generated by the card company device 400 and the payment authentication number transmitted from the payment request unit 170 match, the card company device 400 may proceed with a payment approval procedure.
  • the payment approval procedure may be performed by approving the payment using the real card number matching the virtual card.
  • the card company device 400 may transmit the approval result to the payment processing unit 211 when the payment approval is completed.
  • the payment processing unit 211 may transmit the approval result to the payment requesting unit 170.
  • the payment processing unit 211 first verifies the payment authentication number when receiving the payment request, and the payment verification number is If it is determined to be valid, the payment request received from the terminal may be transmitted to the card company device 400. At this time, the card company device 400 may omit the payment verification number verification procedure and may immediately proceed with the payment approval procedure.
  • the service device 200 manages the real card number
  • the payment processing unit 211 receives the payment request from the payment request unit 170, by transmitting the real card number to the card company device 400 You can make a payment request. At this time, the card company device 400 may proceed with the payment approval process using the real card number.
  • the payment processing unit 211 adopts a method of relaying a payment procedure using a real card number
  • the payment authentication number may be generated by the service device 200 or by the card company device 400. .
  • the member database 212 may separately store member information as shown in FIG. 4.
  • member information an electronic payment application ID, a password, a virtual card number, and a phone number registered at the time of member registration may be stored.
  • the virtual card number may be mapped to the virtual card number and stored.
  • FIG. 5 is a flow chart schematically showing the electronic payment service subscription according to an embodiment of the present invention.
  • the application providing unit 202 may provide an electronic payment application to the terminal 100 (S501). At this time, the electronic payment application may be installed on the terminal 100 (S502).
  • the application ID requesting unit 110 may request the electronic payment application ID from the application ID providing unit 203 (S503).
  • the electronic payment application ID may be unique information for identifying an application provided to the terminal 100.
  • the application ID provider 203 may provide the electronic payment application ID to the application ID requester 110 (S504).
  • the application ID providing unit 203 checks the carrier member status of the owner of the terminal 100, and assigns an electronic payment application ID only when it is determined that the member status is confirmed to be a normal carrier member, and the assigned electronics.
  • the payment application ID may be provided to the terminal 100.
  • the password registration request unit 120 may guide the input of the password and receive the password (S505). At this time, the password registration request unit 120 may only guide the input of the password and may not express the electronic payment application ID to the outside. That is, the electronic payment application ID may not be known to the outside at any time during the membership registration step and the electronic payment performance step. As a result, the electronic payment application ID may be strictly maintained as information for identifying the electronic payment application ID installed in the specific terminal 100.
  • the password registration can be requested by transmitting the input password and the electronic payment application ID to the password registration unit 204 (S506).
  • the password registration unit 204 may register the received electronic payment application ID and password as the member identification information for the terminal 100 (S506).
  • the electronic payment application ID and password may be stored mapped to the telephone number.
  • the electronic payment application ID and password stored as described above may be used as member authentication information during electronic payment.
  • the method of FIG. 5 may be implemented by itself or in addition to other steps. In this case, another step, for example, a security authentication step, may be added between any of steps S501 to S506. This will be described later in detail with reference to FIG. 7.
  • the service device 200 provides the electronic payment application and the electronic payment application ID to the terminal 100 at the time of membership registration, receives a password from the terminal 100, and identifies the member. Any technology for mapping and storing the electronic payment application ID and the password as information may fall within the scope of the present invention.
  • FIG. 6 is a flowchart illustrating an electronic payment service providing method according to an exemplary embodiment of the present invention.
  • the member verification request unit 140 may make a member verification request to the member verification unit 208 (S601). At this time, the password entered by the user and the electronic payment application ID may be transmitted to the member verification unit 208.
  • the member verification unit 208 may verify the member by using the password and the electronic payment application ID, and transmit the member verification result to the member verification request unit 140 (S602 and S603).
  • the authentication number requesting unit 160 may request the payment verification number from the authentication number providing unit 210 (S604).
  • the authentication number providing unit 210 may request the card company device 400 to generate a payment authentication number, and receive the payment authentication number generated by the card company device 400 from the card company device 400 according to the request. (S605, S606). Then, the received payment authentication number may be provided to the authentication number request unit 160 (S607).
  • the authentication number providing unit 210 receives the payment verification number request, the authentication number providing unit 210 directly generates the payment verification number in response to the request, and requests the verification number to generate the payment verification number. It may be provided to the unit 160.
  • the payment request unit 170 may make a payment request using the payment verification number (S608).
  • a payment authentication number, a virtual card number, etc. may be transmitted to the service device 200.
  • the payment processing unit 211 may relay the electronic payment between the terminal 100 and the service device 200 using the payment authentication number.
  • the method of FIG. 6 may be implemented by itself or in addition to other steps.
  • another step for example, a security authentication step, may be added between any of steps S601 to S609. This will be described later in detail with reference to FIG. 8.
  • the order of the steps is somewhat different, as described above, when providing the electronic payment service, the member verification is performed using the password and the electronic payment application ID, and the electronic payment service using the payment verification number is provided to the verified member.
  • the payment authentication number may belong to the scope of the present invention if the technology is a one-time number generated by the card company device for each electronic payment.
  • FIG. 7 is a flowchart illustrating an application example of an electronic payment service member registration method according to an exemplary embodiment of the present invention.
  • the terminal 100 may select a product and an electronic payment service on a web page provided by the affiliated store device 300 (S701).
  • the affiliated store device 300 may provide a payment window (S702).
  • the terminal telephone number may be transmitted to the service device (S703).
  • the member inquiry unit 201 may determine whether or not a member is registered using the terminal phone number (S704). As a result of the determination, if it is determined that the member is a registered member, a message of a registered member may be transmitted to the terminal (S705). Actions for cases determined to be membership can be easily changed by the service operator.
  • the electronic payment application providing site address may be provided to the terminal 100 (S706). Then, by the user's operation, the terminal 100 may request the electronic payment application from the application providing site (S707). In this case, the application providing unit 202 may provide an electronic payment application to the terminal 100 (S708). In addition, the electronic payment application may be installed in the terminal 100 (S709).
  • S701 to S708, which are processes for providing an application, are merely examples, and a method of directly accessing the application providing unit 202 and downloading an electronic payment application without using SMS transmission may be used.
  • the application ID request unit 110 may request an application ID from the application ID provider 203 (S710).
  • the personal identification information may be transmitted to the application ID provider 203.
  • the application ID providing unit 203 checks the carrier member status using the personal identification information (S711), if it is determined that the carrier member status check result is normal, the electronic payment for the electronic payment application provided to the terminal 100 An application ID may be assigned and the electronic payment application ID may be transmitted to the application ID provider 203 (S712).
  • the password registration requesting unit 120 When the application ID requesting unit 110 receives the electronic payment application ID, the password registration requesting unit 120 outputs a screen for guiding password input on the terminal 100 and a password may be input by the user. There is (S713).
  • the password registration request unit 120 may request a password registration by transmitting the password to the service device 200 (S714).
  • the password registration unit 204 may map the received password to an electronic payment application ID corresponding to the electronic payment application transmitted to the terminal and store the received password in the member database 212. (S715).
  • the registration result may be transmitted to the password registration request unit 120 (S716).
  • the payment method registration request unit 130 may request the payment method registration by transmitting the credit card information to the service apparatus 200.
  • the credit card information may be at least one of a credit card number (real card number), credit card password, expiration date, CVC, CVV, CID.
  • the payment method registration unit 205 When the payment method registration unit 205 receives the payment method registration request from the payment method registration request unit 130, it may generate a virtual card number (S718).
  • the payment method registration unit 205 may make a payment service registration request by transmitting the credit card information, the virtual card number, and the personal identification information to the card company device 400 (S719).
  • the card company device 400 performs card identity verification using credit card information and personal identification information (S720), and if the result of the operation is normal, the user of the terminal may register as a member of the payment service (S721). .
  • the card company device 400 may map and store the virtual card number and the virtual card number.
  • the card company device 400 may transmit the registration result to the payment method registration unit 205 (S722).
  • the service device 200 manages the real card number
  • the process of mapping and storing the virtual card number and the real card number by the card company device 400 may be omitted.
  • the member registration unit 206 may complete the registration process by registering the user of the terminal as a member (S723). In addition, the member registration unit 206 may provide the member registration result to the payment method registration request unit 130 (S724).
  • the procedure of FIG. 7 may be implemented in whole or in part.
  • the member status check request and the carrier member status check procedures S710 and S711 may be omitted.
  • an electronic payment application ID may be issued simultaneously with the application.
  • FIGS. 1 to 8. 8 is a flowchart illustrating an application example of an electronic payment service providing method according to an exemplary embodiment of the present invention.
  • the configuration of the above-described electronic payment system can be clearer. Descriptions of overlapping descriptions will be omitted or simplified.
  • the terminal 100 may select a product and an electronic payment service on a web page provided by the affiliated store device 300 (S801).
  • the affiliated store device 300 may provide a payment window (S802).
  • the terminal telephone number may be transmitted to the service device (S803).
  • the member inquiry unit 201 may determine whether to register as a member using the terminal phone number (S804).
  • the subscription may be guided (S805).
  • the application driver 206 may drive the electronic payment application 100a installed in the terminal 100 in a push manner (S806).
  • the member verification request unit 140 may guide the password input (S807).
  • the member verification request unit 140 may request membership verification by transmitting the electronic payment application ID and password to the member verification unit 208 (S809).
  • the member verification unit 208 may perform member verification using the password and the electronic payment application ID transmitted by the member verification request unit 140 (S810).
  • the member verification unit 208 may transmit the member verification result to the member verification request unit 140 (S811).
  • the member state confirming unit 209 may receive a communication company member state confirmation request from the member state confirmation request unit 150 (S812), and perform a carrier member state confirmation (S813). In addition, the member status confirmation unit 209 may transmit the confirmation result to the member status confirmation request unit 150 (S814). On the contrary, when the member verification unit 209 recognizes that the member verification unit 208 is a member, the member status verification unit 209 may automatically check the communication member status using personally stored personal identification information. In this case, S812 can be omitted.
  • the authentication number request unit 160 may request a payment verification number to the authentication number provider 210 when the member status check request unit 150 receives a communication member status check result (S815). Then, the card company device 400 may request generation of a payment authentication number (S816). At this time, the virtual card number is transmitted to the card company device 400, the card company device may generate a payment authentication number for the virtual card number (S817). In this case, the virtual card number and the payment authentication number may be mapped and stored in the card company device 400. In addition, the authentication number providing unit 210 may receive a payment authentication number from the card company device 400 and transmit it to the authentication number requesting unit 160 (S818 and S819). On the contrary, when the authentication number providing unit 210 receives the payment verification number request, the authentication number providing unit 210 directly generates the payment verification number in response to the request, and requests the verification number to generate the payment verification number. It may be provided to the unit 160.
  • the payment request unit 170 when the authentication number request unit 160 receives the payment verification number, by transmitting the payment verification number, terminal phone number, virtual card number, etc. to the payment processing unit 211, payment authentication Can be requested (S820).
  • the payment processing unit 211 may make a payment request by transmitting a payment authentication number, a terminal phone number, a virtual card number, etc. to the card company device 400 (S821).
  • the card company can perform the payment verification number verification using the virtual card number and payment verification number (S822).
  • the card company device 400 uses the virtual card number.
  • the card number can be inquired (S823).
  • the payment can be authenticated using the real card number (S824).
  • the card company device 400 may transmit the approval result to the payment processing unit 211 (S825).
  • the payment processing unit 211 may transmit the approval result to the payment request unit 170 (S826).
  • the authentication number providing unit 210 directly generates payment authentication information
  • the payment processing unit 211 receives the payment request, first verifying the payment authentication number and determining that the payment authentication number is valid.
  • the payment request received from the terminal may be transferred to the card company device 400.
  • the card company device 400 may omit the payment verification number verification procedure and may immediately proceed with the payment approval procedure.
  • the service device 200 manages a real card number
  • the card company device Sim card number matching the virtual card number included in the payment request
  • a payment request may be made.
  • verification of the payment authentication number may be made in the service device 200 or the card company device 400.
  • the process of FIG. 8 may be implemented in whole or in part. For example, S812 to S814 may be omitted, and the payment verification number request step S815 may be immediately performed after member verification.
  • payment information or product purchase information may be transmitted to the card company device at any stage in the processor of FIG. 8. Payment information or product purchase information may be transmitted from the merchant device directly to the card company device or via at least one of the terminal and the service device.
  • the present invention as described above registers a password and an electronic payment application ID at the time of electronic payment membership registration, and relays the payment procedure only when the service device is recognized as a member using the password and the electronic payment application ID, thereby enhancing security during electronic payment. have.
  • the password is not stored in the terminal and managed only by the service apparatus, so that there is no fear of leaking the password even when the terminal is lost.
  • the present invention is not a method in which the user inputs the electronic payment application ID, but is automatically transmitted when the password is transmitted and is not exposed to the outside. As a result, there is no fear that the electronic payment application ID is leaked to the outside.
  • the electronic payment application ID is unique information assigned to the electronic payment application, even if a person who has obtained the password of the member steals the password, the electronic payment application driven in the terminal is different from the user. Do not. This is because the present invention performs member authentication using the electronic payment application ID and password. That is, when changing and using the terminal, by not providing an electronic payment service, security can be greatly improved.
  • security can be further improved by registering a member only when the user who intends to join the member and the terminal owner coincide by checking the service provider member status when registering.
  • the virtual card is generated when the member is registered and the virtual card is used for the electronic payment, the real card number is managed only by the card company, thereby greatly improving security.
  • the electronic payment service subscription method or the electronic payment method according to the present invention may be implemented in a software form readable through various computer means and recorded on a computer readable recording medium.
  • the recording medium may include a program command, a data file, a data structure, etc. alone or in combination.
  • Program instructions recorded on the recording medium may be those specially designed and constructed for the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts.
  • the recording media may be magnetic media such as hard disks, floppy disks, and magnetic tapes, optical disks such as compact disk read only memory (CD-ROM), digital video disks (DVD), Magnetic-Optical Media, such as floppy disks, and hardware devices specially configured to store and execute program instructions, such as ROM, random access memory (RAM), flash memory, and the like. do.
  • program instructions may include high-level language code that can be executed by a computer using an interpreter as well as machine code such as produced by a compiler.
  • Such hardware devices may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.
  • the present invention relates to an electronic payment service subscription system, an apparatus, a terminal, and a method in which security can be enhanced during electronic payment.
  • the present invention can enhance security during electronic payment by registering a password and an electronic payment application ID when registering an electronic payment member and relaying the payment procedure only when the service device is recognized as a member using the password and the electronic payment application ID.
  • the present invention is a useful invention that is applied to the field of electronic payment using credit card information, thereby generating an effect of performing electronic payment more safely, thereby contributing to the development of the service industry.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention se rapporte à un système, un appareil, un terminal et un procédé destinés à l'inscription de membres à un système de paiement électronique. Le système de paiement électronique se compose d'un appareil de service et d'un terminal. L'appareil de service fournit, au terminal, une demande de paiement électronique et un identifiant de demande de paiement électronique destiné à identifier la demande de paiement électronique et lorsqu'un mot de passe est reçu du terminal qui a reçu l'identificateur de demande de paiement, l'appareil de service fait correspondre l'identificateur de demande de paiement électronique fourni au terminal, comme informations d'identification du membre, et le mot de passe reçu du terminal et les stocke. Lorsque la demande de paiement électronique reçue de l'appareil de service est installée sur le terminal, le terminal demande un identificateur de demande de paiement électronique à l'appareil de service, guide la saisie d'un mot de passe en réponse à la réception de l'identificateur de demande de paiement électronique et lorsque le mot de passe est saisi, demande la mise en correspondance du mot de passe, comme informations d'identification du membre, à l'identificateur de demande et les enregistre.
PCT/KR2012/008565 2012-03-20 2012-10-18 Système, appareil, terminal et procédé destinés à l'inscription d'un membre à un système de paiement électronique WO2013141456A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020120028222A KR20130106576A (ko) 2012-03-20 2012-03-20 전자 결제 서비스 회원 가입 시스템, 이를 위한 방법 및 장치
KR10-2012-0028222 2012-03-20

Publications (1)

Publication Number Publication Date
WO2013141456A1 true WO2013141456A1 (fr) 2013-09-26

Family

ID=49222884

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2012/008565 WO2013141456A1 (fr) 2012-03-20 2012-10-18 Système, appareil, terminal et procédé destinés à l'inscription d'un membre à un système de paiement électronique

Country Status (2)

Country Link
KR (1) KR20130106576A (fr)
WO (1) WO2013141456A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210326903A1 (en) * 2018-02-09 2021-10-21 Fresenius Vial Sas Method for registering a user in a medical software application

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020003084A (ko) * 2001-06-08 2002-01-10 김종화 클라이언트 결제 애플리케이션을 이용한 인터넷 기반 전자 상거래의 결제 서비스 제공 방법
KR20030033199A (ko) * 2001-10-19 2003-05-01 (주)페이몬 전자 결제 보안 시스템 및 그 방법
KR20040042522A (ko) * 2002-11-14 2004-05-20 주식회사 인텔리먼트 이동통신 단말기를 이용한 모바일 멤버십 카드 발행 및인증 시스템과 그 방법 및 그 방법에 대한 컴퓨터프로그램 소스를 저장한 기록매체
KR20120010756A (ko) * 2010-07-27 2012-02-06 주식회사 케이티 Otp 서명을 이용한 id 기반의 소액 결제 시스템 및 그 방법
KR20120019964A (ko) * 2010-08-27 2012-03-07 주식회사 모빌리언스 바코드 생성 알고리즘을 이용하는 휴대폰 결제 시스템 및 휴대폰 결제 방법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020003084A (ko) * 2001-06-08 2002-01-10 김종화 클라이언트 결제 애플리케이션을 이용한 인터넷 기반 전자 상거래의 결제 서비스 제공 방법
KR20030033199A (ko) * 2001-10-19 2003-05-01 (주)페이몬 전자 결제 보안 시스템 및 그 방법
KR20040042522A (ko) * 2002-11-14 2004-05-20 주식회사 인텔리먼트 이동통신 단말기를 이용한 모바일 멤버십 카드 발행 및인증 시스템과 그 방법 및 그 방법에 대한 컴퓨터프로그램 소스를 저장한 기록매체
KR20120010756A (ko) * 2010-07-27 2012-02-06 주식회사 케이티 Otp 서명을 이용한 id 기반의 소액 결제 시스템 및 그 방법
KR20120019964A (ko) * 2010-08-27 2012-03-07 주식회사 모빌리언스 바코드 생성 알고리즘을 이용하는 휴대폰 결제 시스템 및 휴대폰 결제 방법

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210326903A1 (en) * 2018-02-09 2021-10-21 Fresenius Vial Sas Method for registering a user in a medical software application

Also Published As

Publication number Publication date
KR20130106576A (ko) 2013-09-30

Similar Documents

Publication Publication Date Title
WO2013137528A1 (fr) Système de règlement de transaction hors-ligne, et procédé et dispositif à cet effet
US9125059B2 (en) Password-free, token-based wireless access
WO2018030707A1 (fr) Système et procédé d'authentification, et équipement d'utilisateur, serveur d'authentification, et serveur de service pour exécuter ledit procédé
WO2018194378A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identifiant de jeton basé sur une chaîne de blocs et serveur l'utilisant
WO2013055113A1 (fr) Dispositif, système et procédé de paiement mobile utilisant les achats à domicile
WO2018194379A1 (fr) Procédé d'approbation de l'utilisation d'une carte à l'aide d'un identificateur de jeton sur la base d'une chaîne de blocs et structure en arbre de merkle associée à celui-ci, et serveur l'utilisant
WO2016129929A1 (fr) Système d'authentification de sécurité pour la connexion d'un membre d'un site web en ligne, et procédé associé
WO2015141934A1 (fr) Procédé de paiement fractionné, dispositif et système associés
WO2012042300A1 (fr) Procédés et appareils de fourniture de justificatifs d'accès
WO2014092286A1 (fr) Procédé pour prendre en charge un paiement pour un commerce hors ligne, et système et dispositif associés
US20140095863A1 (en) Internet based security information interaction apparatus and method
WO2013141457A1 (fr) Système, terminal, appareil et procédé destiné à un système de paiement électronique
WO2013055114A1 (fr) Procédé, système et dispositif de paiement électronique
CN108734005B (zh) 一种安全/身份验证方法、移动设备及存储装置
WO2013039304A1 (fr) Procédé d'enregistrement d'une adhésion pour un paiement électronique, système associé, et appareil et terminal associés
WO2016085079A1 (fr) Appareil et procédé d'assistance au paiement facile pour terminal mobile
WO2013187557A1 (fr) Système de paiement hors ligne, dispositif de paiement hors ligne et procédé de paiement hors ligne
CN113852639A (zh) 数据处理方法、装置、电子设备和计算机可读存储介质
WO2013141456A1 (fr) Système, appareil, terminal et procédé destinés à l'inscription d'un membre à un système de paiement électronique
KR101407955B1 (ko) 결제 수단 등록 방법과 그를 위한 시스템, 장치 및 단말기
KR101771546B1 (ko) 모바일 핀테크 기술을 이용한 간편결제 방법
WO2022145677A1 (fr) Système intégré d'authentification d'identité et de paiement simplifié au moyen d'un code qr à usage unique, et procédé de commande associé
WO2020197160A1 (fr) Dispositif et procédé d'accès à un service à l'aide de l'anthentification d'un dispositif électronique
WO2012015099A1 (fr) Appareil et procédé pour la fourniture de service web au moyen d'un jeton sécurisé à usage unique
WO2011155775A2 (fr) Procédé de service de carte mobile et terminal mobile pour mettre en œuvre le procédé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12871692

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 26/11/2014)

122 Ep: pct application non-entry in european phase

Ref document number: 12871692

Country of ref document: EP

Kind code of ref document: A1