WO2016153159A1 - 암호화된 결제 정보를 이용한 결제 처리 시스템 및 그 방법 - Google Patents
암호화된 결제 정보를 이용한 결제 처리 시스템 및 그 방법 Download PDFInfo
- Publication number
- WO2016153159A1 WO2016153159A1 PCT/KR2016/000145 KR2016000145W WO2016153159A1 WO 2016153159 A1 WO2016153159 A1 WO 2016153159A1 KR 2016000145 W KR2016000145 W KR 2016000145W WO 2016153159 A1 WO2016153159 A1 WO 2016153159A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- card
- information
- payment
- personal
- mobile terminal
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0609—Buyer or seller confidence or verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3226—Use of secure elements separate from M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/326—Payment applications installed on the mobile devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0613—Third-party assisted
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q2220/00—Business processing using cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
Definitions
- the card payment is performed by a consumer who purchases a product by credit card at a designated merchant, and reads the buyer's credit card number by the merchant's card reader, and stores merchant information and payments through a communication network, such as offline stores, online shopping malls, and online services.
- a communication network such as offline stores, online shopping malls, and online services.
- the payment is approved.
- An object of the present invention is to provide a payment processing system and method using a personal ID card integrating card information and personal information in order to improve the weakness of payment security.
- the payment processing system of the present invention provides a personal ID card integrating card information and personal information, and a card reader processes user authentication during payment processing using a personal ID card. have.
- a payment processing system of the present invention can improve the vulnerability of payment security when using a card payment.
- the card reader If the card information and the personal information are encrypted and stored in the personal IC card, a password is provided to the personal IC card to authenticate the user to decrypt the encrypted card information.
- a payment processing system of the present invention includes a personal IC card storing card information and personal information; A card reader that reads the card information from the personal IC card, authenticates a user, encrypts at least a portion of the card information, and transmits the encrypted card information and its reader identification information; A mobile terminal for receiving the encrypted card information and the reader identification information from the card reader and requesting payment approval by generating payment request information including service requester identification information and a payment amount and terminal identification information; The card information, the personal information, the reader identification information and the terminal identification information are registered and stored, and when a payment approval is requested from the mobile terminal, the payment information provided from the mobile terminal is received and encrypted from the mobile terminal. And an agent for decoding the card information and the payment information and requesting a payment to a bank server or a card company server corresponding to the personal IC card to pay the payment amount to a seller.
- the card reader If the card information and the personal information are encrypted and stored in the personal IC card, a password for decrypting the encrypted card information is provided to the personal IC card to authenticate the user, and the user is authenticated to the mobile terminal. The encrypted card information is received and decrypted.
- the card reader Receive the password from the mobile terminal and provide the password to the personal IC card to authenticate the user.
- the agent Receiving the payment information from the mobile terminal, using the service requester identification information and the reader identification information to verify whether a service requester is a licensed requester, if the service requester is a licensed requester, encrypting and encrypting the payment information, A payment key for decrypting the received payment information is transmitted together with the bank server or the card company server to request payment approval.
- a payment processing method of the payment processing system is provided.
- the reading step comprises: If the card information and the personal information are encrypted on the personal IC card, the card reader is provided to authenticate the user by providing a password to the personal IC card to decrypt the encrypted card information and the personal information. .
- the reading step comprises;
- the password is input directly from the card reader or the card reader requests a password from the mobile terminal, and the card reader receives the password entered and transmitted from the mobile terminal again and provides the password to the personal IC card. Authenticate the user.
- the step of transmitting to the mobile terminal further includes a decryption key for decrypting the encrypted card information in the mobile terminal together with the encrypted card information and the reader identification information and transmits the decryption key to the mobile terminal.
- the step of requesting the payment approval The mobile terminal further includes a decryption key to decrypt the encrypted card information included in the payment information and transmits the decryption key to the agent.
- the payment processing system of the present invention authenticates the user through wireless communication between the card reader and the mobile terminals, and the user information and the card through a process of decrypting the encrypted card information and payment information from the card reader by the agent. You can stop leaks of information and payment information, and provide financial payment services at a lower cost.
- the present invention can activate the need product for the consumer's payment by solving the payment security problem that may occur in accordance with the payment processing using the card.
- FIG. 2 is a block diagram showing the configuration of the agent shown in FIG. 1;
- FIG. 2 is a block diagram showing the configuration of the agent shown in FIG. 1;
- the payment processing system 2 of the present invention comprises a personal IC card 600, a card reader 200, a mobile terminal 300, an agent 100, a bank server 400 and a card company server 500 ).
- the payment processing system 2 may further include a VAN system or a PG system between the agent 100 and the bank server 400 or the agent 100 and the card company server 500.
- the card reader 200 reads card information and personal information from the personal IC card 600 at the time of card payment.
- the card reader 200 may request card information and personal information from the personal IC card 600, or both, depending on circumstances.
- the card reader 200 encrypts the card information read from the personal IC card 600 and transmits it to the mobile terminal 300 along with its reader identification information (ie, card reader ID). At this time, the card reader 200 may transmit an encryption key together to decrypt the encrypted card information. Of course, the mobile terminal 300 may be provided with an encryption key and may be decrypted using the encryption key. In this embodiment, the card reader 200 transmits a password to the personal IC card 600 to read the encrypted card information from the personal IC card 600 to determine whether the user who requested the payment is an authorized user. An authentication module 202 and an encryption module 204 for encrypting card information when the user is authenticated and transmitting the card information to the mobile terminal 300 together with the reader identification information. At this time, the card information is encrypted except for the bank ID or the card company ID.
- the mobile terminal 300 is a terminal provided by a payment service requester requesting a payment service.
- the mobile terminal 300 adds its own terminal identification information, that is, a service requester ID and a payment amount, and requests the payment approval from the agent 100.
- the payment service requester may be a seller or a consumer. For example, if the payment service requester is a seller, the mobile terminal 300 is further provided with a card reader 200, the delivery person may be provided with the mobile terminal 300, and request the payment service in the field.
- the mobile terminal 300 downloads the payment processing app 310 from the agent 100 and installs it therein, and uses the same to process user authentication or to request a payment service.
- the consumer receives the seller, that is, the service requester ID and the sales information (for example, the sales product name, the selling price, etc.) from the card reader 200, and confirms this.
- the seller that is, the service requester ID and the sales information (for example, the sales product name, the selling price, etc.) from the card reader 200, and confirms this.
- a payment request is made to be made to the seller's designated bank or electronic wallet.
- the agent 100 verifies whether the payment service requester is an authorized requester using the service requester ID and the reader identification information of the card reader 200. If the payment service requester is a licensed requester, the agent 100 encrypts payment information, for example, card information, a service requester ID, and a payment amount, and transmits the encrypted information to the bank server 400 or the card company server 500 to request payment approval. do.
- the agent 100 transmits a decryption key for decrypting encrypted payment information to the bank server 400 or the card company server 500 when the payment approval request is made.
- the agent 100 is defined as a system and / or process for mediating payment between different devices using a network in the payment processing system 2, and information and resources with different agents through a communication network. Exchange or the like.
- the agent 100 may request the decryption to the agent 100 and process the decryption in the agent 100.
- the agent 100 may transmit appropriate data at the request of the bank server 400 or the card company server 500.
- the communication unit 104 is connected to the mobile terminal 200, the bank server 400, and the card company server 500 through a communication network, and mutually interacts with the mobile terminal 200, the bank server 400, and the card company server 500. It is provided to enable data communication.
- the controller 102 controls and processes various operations of the agent 100.
- the controller 102 may include, for example, hardware such as a central processing unit, a memory, or a web server, as well as software such as an operating system program and a control program.
- the controller 102 registers the personal IC card 600, the card reader 200, and the mobile terminal 300 as a customer using the payment processing application 110, and requests payment approval from the mobile terminal 300.
- the encryption or decryption is provided to the bank server 400 or the card company server 500 to process the payment request.
- the payment processing application 110 is stored in a storage unit (not shown) of the agent 100, is processed under the control of the controller 102, and reads various information from the database 120 or is generated according to a processing process. Various information is processed to be stored in the database 120.
- the payment processing application 110 is provided in the form of a web browser and an application, and is installed in the mobile terminal 300.
- the database 120 stores various information according to the processing of the payment processing application 110 under the control of the controller 102.
- the database 120 is provided inside the agent 100, but may be provided as a separate database server.
- the database 120 of this embodiment includes the consumer information 122 including personal information about the user of the mobile terminal 300 when the user of the personal IC card 600, the user of the mobile terminal 300 is a consumer, and the card.
- the reader 200 and the mobile terminal 300 are sellers
- seller information 124 including personal information about the user of the mobile terminal 300
- bank information 126 for requesting payment approval or requesting payment
- the payment information 128 including the payment amount to be paid from the personal IC card 600, the card reader 200 and the mobile terminal 300 is stored.
- the payment processing system 2 of the present invention when the personal IC card 600 registered in the agent 100 is read from the card reader 200, for the user authentication from the card reader 200 or the mobile terminal 300 Providing a password, in the case of user authenticated payment, the card information and payment information read from the personal IC card 600 is encrypted by the card reader 200 and transmitted to the mobile terminal 300, which is then transferred to the mobile terminal 300. ) Is transmitted to the agent 100 so that payment processing is performed through a process of decrypting the agent 100.
- FIG. 3 is a flowchart illustrating a processing procedure of a payment processing system using a card reader and an agent according to the present invention. This procedure is processed by the card reader 200, the mobile terminal 300, the agent 100 and the server (ie, a bank server or a card company server) 400, 500 interwork with each other using the payment processing application 110. .
- the server ie, a bank server or a card company server
- step S150 card information and personal information are stored in the personal IC card 600.
- the card information and personal information is pre-registered in the agent 100.
- the personal IC card 600 is issued from a bank or a card company, card information and personal information may be pre-registered in the agent 100 to use the payment service of the present invention.
- the personal IC card 600 may be stored by encrypting card information and personal information.
- step S152 the card reader 200 reads card information and personal information.
- the card reader 200 can read the personal IC card 600 in a contactless or contact manner. If the card reader 200 encrypts the card information and the personal information of the personal IC card 600, the card reader 200 inputs a password to the personal IC card 600 so as to decrypt the user. Validate.
- the mobile terminal 300 generates payment information in which the mobile terminal identification information, payment service requester identification information, and payment amount are added to the card information encrypted by the agent 100, and the generated payment information is stored in the agent 100. Request payment approval.
- step S160 the agent 100 receives payment information from the mobile terminal 300 and determines whether the user who requested payment approval is an authorized user. That is, the air agent 100 determines whether the service requester identification information transmitted from the mobile terminal 300 is a user registered in advance with the agent 100.
- the agent 100 when the payment approval request is transmitted, the agent 100 notifies the bank or card company server 400 or 500 that the payment approval request has been received, and receives the request of the bank server 400 or the card company server 500 and encrypts the payment information.
- the bank or card company may decrypt only data of a desired item and transmit the data to the bank server 400 or the card company server 500.
- step S166 the bank server 400 or the card company server 500 receives payment information according to the payment approval request from the agent 100, for example, a service requester ID, a mobile terminal ID, a bank ID (or a card company ID), and a payment amount. Receive the payment and approve the payment, and transfer the payment to the seller's account or electronic wallet.
- FIG. 4 is a flowchart illustrating a processing procedure of a card reader according to an embodiment of the present invention. This procedure shows the processing procedure of the card reader 200 when the encrypted card information and the personal information are stored in the personal IC card 600.
- step S210 the card reader 200 reads card information and personal information from the personal IC card 600 in a contactless or contact manner. It is determined whether the card information and the personal information read in step S212 are encrypted.
- step S216 it is determined whether the password matches the password registered in the personal IC card 600. If the two passwords match, the procedure proceeds to step S218 to decrypt the encrypted card information and the personal information, and If the passwords do not match, the procedure proceeds to step S222 where reading of the card information fails.
- step S220 the card reader 200 acquires the decrypted card information and personal information, and in step S224 encrypts the card information using the encryption key inside, and identifies the encrypted card information and the reader of the card reader 200.
- the information is sent to the mobile terminal 300 together with the request for payment approval.
- FIG. 5 is a flowchart illustrating a processing procedure of an agent according to an embodiment of the present invention. This procedure indicates that the agent 100 receives payment information from the mobile terminal 300 and verifies and processes whether the user who requested payment approval is an authorized user.
- step S170 when the personal IC card 600 is issued, the agent 100 registers customer information including card information and personal information of a user of the personal IC card 600 in advance.
- the agent 100 registers identification information (eg, seller ID, reader ID, terminal ID, etc.) for the seller, the card reader 200 of the seller, and the mobile terminal 300 of the seller in the customer information.
- the seller additionally registers the account or electronic wallet information of the bank that can receive the payment, that is, the payment amount, in the agent 100.
- the customer registration process is a card reader 200
- the mobile terminal 300 is connected to the agent 100 to download the payment processing application 110, installed inside, and installed the installed payment processing app (application) 310 Is processed using.
Abstract
Description
Claims (6)
- 결제 처리 시스템에 있어서:카드 정보와 개인 정보가 저장된 개인 IC 카드와;상기 개인 IC 카드로부터 상기 카드 정보를 읽어서, 사용자를 인증하고, 적어도 상기 카드 정보의 일부를 암호화하고, 암호화된 상기 카드 정보와 자신의 리더기 식별 정보를 전송하는 카드 리더기와;상기 카드 리더기로부터 암호화된 상기 카드 정보와 상기 리더기 식별 정보를 받아서 결제 서비스를 요청한 서비스 요청자 식별 정보와 결제 금액 및 단말기 식별 정보가 추가된 결제 정보를 생성하여 결제 승인을 요청하는 모바일 단말기 및;상기 카드 정보와 상기 개인 정보, 상기 리더기 식별 정보 및 상기 단말기 식별 정보를 등록 저장하고, 상기 모바일 단말기로부터 결제 승인이 요청되면, 상기 모바일 단말기로부터 제공되는 상기 결제 정보를 받아서, 상기 모바일 단말기로부터 암호화된 상기 카드 정보를 복호화하여 상기 개인 IC 카드에 대응되는 은행 서버 또는 카드사 서버로 결제를 요청하여 상기 결제 금액을 판매자에게 지급하도록 처리하는 에이전트를 포함하되;상기 카드 리더기는;상기 개인 IC 카드에 적어도 상기 카드 정보가 암호화하여 저장되어 있으면, 상기 암호화된 카드 정보를 복호화하기 위한 비밀번호를 상기 개인 IC 카드로 제공하여 사용자를 인증하고, 사용자가 인증되면 상기 모바일 단말기로 암호화된 상기 카드 정보를 받아서 복호화하고, 상기 모바일 단말기로부터 상기 비밀번호를 받아서 상기 개인 IC 카드로 상기 비밀번호를 제공하여 사용자를 인증하며, 복호화된 상기 카드 정보를 상기 모바일 단말기에서 복호화 가능하도록 암호화하고, 암호화된 상기 카드 정보에 상기 리더기 식별 정보를 추가하여 상기 모바일 단말기로 전송하고;상기 에이전트는;상기 모바일 단말기로부터 상기 결제 정보를 받아서 상기 서비스 요청자 식별 정보와 상기 리더기 식별 정보를 이용하여 서비스 요청자가 사용 허가된 요청자인지를 검증하고, 서비스 요청자가 사용 허가된 요청자이면, 상기 결제 정보를 암호화하고, 암호화된 상기 결제 정보를 복호화하는 복호화키를 함께 상기 은행 서버 또는 상기 카드사 서버로 전송하여 결제 승인을 요청하는 것을 특징으로 하는 결제 처리 시스템.
- 제 1 항에 있어서,상기 카드 리더기는;상기 개인 IC 카드로부터 암호화된 상기 카드 정보를 판독하기 위하여, 상기 비밀번호를 상기 개인 IC 카드로 전송하여 결제 요청한 사용자가 허가된 사용자인지를 판별하는 사용자 인증 모듈과;사용자가 인증되면, 상기 카드 정보를 암호화하고, 상기 리더기 식별 정보와 함께 상기 모바일 단말기로 전송하는 암호화 모듈을 구비하는 것을 특징으로 하는 결제 처리 시스템.
- 제 1 항에 있어서,상기 모바일 단말기는;상기 서비스 요청자가 판매자인 경우, 상기 카드 리더기를 더 구비하는 것을 특징으로 하는 결제 처리 시스템.
- 제 1 항 또는 제 2 항에 있어서,상기 에이전트는;상기 개인 IC 카드, 상기 카드 리더기 및 상기 모바일 단말기들의 사용자를 회원 등록하고, 결제 승인 요청 시, 허여된 사용자인지를 검증하는 고객 등록 모듈과, 상기 모바일 단말기로부터 전송되는 암호화된 상기 결제 정보를 복호화하거나, 상기 결제 정보를 암호화하여 상기 은행 서버 또는 상기 카드사 서버로 전송하는 암호화/복호화 모듈 및, 상기 은행 서버 또는 상기 카드사 서버로 상기 결제 정보를 전송하여 결제를 요청하는 결제 요청 모듈로 구성된 결제 처리 어플리케이션을 제어하여, 상기 에이전트의 제반 동작을 처리하도록 하는 제어부와;통신망을 통해 상기 모바일 단말기와 상기 은행 서버 또는 상기 카드사 서버들과 연결되어, 상기 모바일 단말기와 상기 은행 서버 또는 상기 카드사 서버들과 상호 데이터 통신이 가능하도록 제공되는 통신부와;상기 결제 처리 어플리케이션을 저장하는 저장부 및;상기 제어부의 제어를 받아서 상기 결제 처리 어플리케이션의 처리 과정에 따라 상기 개인 정보, 상기 카드 리더기 식별 정보, 상기 단말기 식별 정보, 상기 서비스 요청자 식별 정보, 상기 결제 정보, 상기 은행 서버 또는 상기 카드사 서버에 대한 정보를 적어도 저장하는 데이터베이스를 포함하는 것을 특징으로 하는 결제 처리 시스템.
- 결제 처리 시스템의 결제 처리 방법에 있어서:상기 결제 처리 시스템의 에이전트에 결제 가능한 개인 IC 카드에 대한 카드 정보와 개인 정보를 등록, 저장되고, 상기 결제 처리 시스템의 카드 리더기가 상기 개인 IC 카드로부터 상기 카드 정보와 상기 개인 정보를 판독하는 단계와;상기 카드 리더기가 판독한 상기 카드 정보를 암호화하고, 암호화된 상기 카드 정보와 상기 카드 리더기 자신의 리더기 식별 정보를 함께 상기 결제 처리 시스템의 모바일 단말기로 전송하는 단계와;상기 모바일 단말기가 암호화된 상기 카드 정보에 상기 모바일 단말기 자신의 단말기 식별 정보와 서비스 요청자 식별 정보 및 결제 금액을 추가하여 생성한 결제 정보를 상기 에이전트로 전송하여 결제 승인을 요청하는 단계와;상기 에이전트가 상기 모바일 단말기로부터 상기 결제 정보를 받아서 결제 승인을 요청한 사용자가 허가된 사용자인지를 판별하는 단계와;판별 결과, 결제 승인을 요청한 사용자가 허가된 사용자이면, 상기 결제 정보를 허가된 사용자의 은행 서버 또는 카드사 서버로 전송하여 결제를 요청하는 단계 및;상기 은행 서버 또는 상기 카드사 서버가 상기 에이전트로부터 상기 결제 정보를 받아서 결제를 승인하여 판매자에게 지급하도록 처리하는 단계를 포함하되;상기 판독하는 단계는;상기 개인 IC 카드에 상기 카드 정보와 상기 개인 정보가 암호화되어 있으면, 상기 카드 리더기가 암호화된 상기 카드 정보를 복호화하기 위해 상기 개인 IC 카드로 비밀 번호를 제공하여 사용자를 인증하도록 처리하고, 상기 비밀 번호가 상기 카드 리더기에서 직접 입력되거나, 상기 카드 리더기에서 상기 모바일 단말기로 비밀 번호를 요청하여, 상기 모바일 단말기로부터 입력, 전송된 비밀 번호를 다시 상기 카드 리더기가 받아서 상기 개인 IC 카드로 제공하여 사용자를 인증하고;상기 모바일 단말기로 전송하는 단계는;상기 카드 리더기가 암호화된 상기 카드 정보와 상기 리더기 식별 정보와 함께 상기 모바일 단말기에서 암호화된 상기 카드 정보를 복호화할 수 있도록 하는 복호화키를 더 포함시켜서 상기 모바일 단말기로 전송하고;상기 결제 승인을 요청하는 단계는;상기 모바일 단말기가 상기 결제 정보에 포함된 암호화된 상기 카드 정보를 복호화할 수 있도록 복호화키를 더 포함시켜서 상기 에이전트로 전송하며;상기 결제를 요청하는 단계는;상기 에이전트가 암호화된 상기 결제 정보를 복호화하고, 상기 은행 서버 또는 상기 카드사 서버로 복호화된 상기 결제 정보를 전송하거나, 상기 은행 서버 또는 상기 카드사 서버에서 암호화된 상기 결제 정보를 복호화하는 복화화키와, 암호화된 상기 결제 정보를 상기 은행 서버 또는 상기 카드사 서버로 함께 전송하는 것을 특징으로 하는 결제 처리 시스템의 결제 처리 방법.
- 제 5 항에 있어서,상기 허가된 사용자인지를 판별하는 단계는;상기 모바일 단말기로부터 전송된 상기 서비스 요청자 식별 정보가 상기 에이전트에 등록된 사용자인지를 판별하는 것을 특징으로 하는 결제 처리 시스템의 결제 처리 방법.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201680001382.7A CN106796687B (zh) | 2015-03-24 | 2016-01-07 | 使用加密支付信息的支付处理系统及其方法 |
BR112017020488-6A BR112017020488A2 (pt) | 2015-03-24 | 2016-01-07 | sistema de processamento de pagamento utilizando informações de pagamento encriptadas e seu método |
MX2017012298A MX2017012298A (es) | 2015-03-24 | 2016-01-07 | Sistema de procesamiento de pagos utilizando informacion de pago codificada y metodo para el procesamiento de los mismos. |
EP16768978.5A EP3128478A4 (en) | 2015-03-24 | 2016-01-07 | Payment processing system using encrypted payment information, and method therefor |
US15/307,158 US20170053273A1 (en) | 2015-03-24 | 2016-01-07 | Payment processing system using encrypted payment information, and method therefor |
CA2998703A CA2998703A1 (en) | 2015-03-24 | 2016-01-07 | Payment processing system using encrypted payment information and method for processing thereof |
US16/359,237 US20190236599A1 (en) | 2015-03-24 | 2019-03-20 | Payment processing system using encrypted payment information and method for processing thereof |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2015-0040710 | 2015-03-24 | ||
KR1020150040710A KR101560720B1 (ko) | 2015-03-24 | 2015-03-24 | 암호화된 결제 정보를 이용한 결제 처리 시스템 및 그 방법 |
Related Child Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/307,158 A-371-Of-International US20170053273A1 (en) | 2015-03-24 | 2016-01-07 | Payment processing system using encrypted payment information, and method therefor |
US16/359,237 Continuation US20190236599A1 (en) | 2015-03-24 | 2019-03-20 | Payment processing system using encrypted payment information and method for processing thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016153159A1 true WO2016153159A1 (ko) | 2016-09-29 |
Family
ID=54365787
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2016/000145 WO2016153159A1 (ko) | 2015-03-24 | 2016-01-07 | 암호화된 결제 정보를 이용한 결제 처리 시스템 및 그 방법 |
Country Status (8)
Country | Link |
---|---|
US (2) | US20170053273A1 (ko) |
EP (1) | EP3128478A4 (ko) |
KR (1) | KR101560720B1 (ko) |
CN (1) | CN106796687B (ko) |
BR (1) | BR112017020488A2 (ko) |
CA (1) | CA2998703A1 (ko) |
MX (1) | MX2017012298A (ko) |
WO (1) | WO2016153159A1 (ko) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104765999B (zh) * | 2014-01-07 | 2020-06-30 | 腾讯科技(深圳)有限公司 | 一种对用户资源信息进行处理的方法、终端及服务器 |
WO2016134016A1 (en) * | 2015-02-17 | 2016-08-25 | Visa International Service Association | Token and cryptogram using transaction specific information |
WO2017090951A1 (ko) * | 2015-11-23 | 2017-06-01 | 주식회사지니 | 휴대용 카드 결제 단말기를 이용하는 주유소 결제 처리 시스템 및 그 처리 방법 |
KR101723665B1 (ko) * | 2016-06-20 | 2017-04-11 | (주)마그넥스페이 | 단말장치, 단말장치의 제어방법 및 그를 수행하는 프로그램 |
KR101757156B1 (ko) * | 2016-07-18 | 2017-07-12 | 주식회사 스마트로 | 신용카드 직승인 거래 중계 시스템 및 방법 |
US10826875B1 (en) * | 2016-07-22 | 2020-11-03 | Servicenow, Inc. | System and method for securely communicating requests |
KR101688419B1 (ko) * | 2016-08-11 | 2016-12-21 | (주)케이클라우드 | 가상개인정보를 이용한 보안 운송장 발급관리 시스템 및 방법 |
KR101798059B1 (ko) * | 2016-12-21 | 2017-11-16 | 주식회사 한국스마트카드 | 동적가상카드의 생성 및 폐기 방법 |
US11127068B2 (en) * | 2017-07-07 | 2021-09-21 | Visa International Service Association | System and method for completing in-store transactions using a mobile computing device |
US20190050590A1 (en) * | 2017-08-14 | 2019-02-14 | Bank Of America Corporation | Ensuring Information Security by Utilizing Encryption of Data |
KR101872261B1 (ko) * | 2017-08-30 | 2018-06-29 | 한국인증서비스 주식회사 | Ic 카드 정보 보안 전송 시스템 및 이를 이용한 온라인 결제 및 인증 방법 |
CN112334934A (zh) * | 2018-04-13 | 2021-02-05 | 株式会社劳得系统 | 信用卡智能支付系统及支付处理方法 |
KR101976029B1 (ko) * | 2018-05-25 | 2019-08-28 | 에스트래픽 (주) | 결제 중계 시스템에서 보안성 향상 방법 및 시스템 |
CN109978533B (zh) * | 2019-03-21 | 2023-09-19 | 武汉安戍科技有限公司 | 一种抗二维码盗用的离线安全支付系统及方法 |
CN111210265A (zh) * | 2019-12-27 | 2020-05-29 | 特瓦特能源科技有限公司 | 一种非会员充电消息推送方法及装置 |
CN111885047A (zh) * | 2020-07-21 | 2020-11-03 | 黑芝麻智能科技(重庆)有限公司 | 用于终端获取数据的方法、终端访问数据的方法及终端 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070039368A (ko) * | 2005-10-07 | 2007-04-11 | 한국정보통신서비스 주식회사 | 휴대 인터넷 통신망을 이용한 카드결제 보안처리 방법 및시스템과 결제단말장치와 이를 위한 프로그램을 기록한것을 특징으로 하는 컴퓨터로 판독 가능한 기록매체 |
JP2012252665A (ja) * | 2011-06-07 | 2012-12-20 | Kotaro Anzai | 決済処理システム、決済処理方法およびプログラム |
KR20130082656A (ko) * | 2011-12-13 | 2013-07-22 | 주식회사 신한은행 | 스마트 통신단말기 및 금융카드 판독단말기를 이용한 전자금융결제 서비스 제공 방법 및 전자금융서비스 제공 시스템 |
KR20140039400A (ko) * | 2012-09-21 | 2014-04-02 | 주식회사 유아이디에스 | 밴사 서버와의 키교환을 이용한 스마트폰 카드결제 시스템 및 그 방법 |
KR20140128912A (ko) * | 2014-09-30 | 2014-11-06 | 한국정보통신주식회사 | 카드 리더, 단말기 및 그를 이용한 결제 정보 처리 방법 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20100060707A (ko) * | 2008-11-28 | 2010-06-07 | 주식회사 하렉스인포텍 | 이동통신 단말기를 이용한 구매자에 의한 결제 승인, 정산 및 멤버십가입 방법, 장치 및 시스템 |
KR101309749B1 (ko) * | 2012-05-11 | 2013-09-23 | 와이엠디(주) | 결제 중개 시스템 및 방법 |
US9445262B2 (en) * | 2012-12-10 | 2016-09-13 | Lg Uplus Corp. | Authentication server, mobile terminal and method for issuing radio frequency card key using authentication server and mobile terminal |
KR101510660B1 (ko) * | 2012-12-10 | 2015-04-17 | 주식회사 엘지유플러스 | 모바일 결제 시스템 및 방법 |
CN103530768A (zh) * | 2013-10-24 | 2014-01-22 | 成都衔石科技有限公司 | 移动通信支付系统及其用于费用支付的方法 |
-
2015
- 2015-03-24 KR KR1020150040710A patent/KR101560720B1/ko active IP Right Grant
-
2016
- 2016-01-07 BR BR112017020488-6A patent/BR112017020488A2/pt not_active IP Right Cessation
- 2016-01-07 CN CN201680001382.7A patent/CN106796687B/zh not_active Expired - Fee Related
- 2016-01-07 CA CA2998703A patent/CA2998703A1/en not_active Abandoned
- 2016-01-07 EP EP16768978.5A patent/EP3128478A4/en not_active Withdrawn
- 2016-01-07 WO PCT/KR2016/000145 patent/WO2016153159A1/ko active Application Filing
- 2016-01-07 US US15/307,158 patent/US20170053273A1/en not_active Abandoned
- 2016-01-07 MX MX2017012298A patent/MX2017012298A/es unknown
-
2019
- 2019-03-20 US US16/359,237 patent/US20190236599A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070039368A (ko) * | 2005-10-07 | 2007-04-11 | 한국정보통신서비스 주식회사 | 휴대 인터넷 통신망을 이용한 카드결제 보안처리 방법 및시스템과 결제단말장치와 이를 위한 프로그램을 기록한것을 특징으로 하는 컴퓨터로 판독 가능한 기록매체 |
JP2012252665A (ja) * | 2011-06-07 | 2012-12-20 | Kotaro Anzai | 決済処理システム、決済処理方法およびプログラム |
KR20130082656A (ko) * | 2011-12-13 | 2013-07-22 | 주식회사 신한은행 | 스마트 통신단말기 및 금융카드 판독단말기를 이용한 전자금융결제 서비스 제공 방법 및 전자금융서비스 제공 시스템 |
KR20140039400A (ko) * | 2012-09-21 | 2014-04-02 | 주식회사 유아이디에스 | 밴사 서버와의 키교환을 이용한 스마트폰 카드결제 시스템 및 그 방법 |
KR20140128912A (ko) * | 2014-09-30 | 2014-11-06 | 한국정보통신주식회사 | 카드 리더, 단말기 및 그를 이용한 결제 정보 처리 방법 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3128478A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP3128478A4 (en) | 2017-11-08 |
US20170053273A1 (en) | 2017-02-23 |
MX2017012298A (es) | 2018-06-13 |
BR112017020488A2 (pt) | 2018-07-03 |
US20190236599A1 (en) | 2019-08-01 |
CA2998703A1 (en) | 2016-09-29 |
CN106796687A (zh) | 2017-05-31 |
CN106796687B (zh) | 2021-08-13 |
EP3128478A1 (en) | 2017-02-08 |
KR101560720B1 (ko) | 2015-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016153159A1 (ko) | 암호화된 결제 정보를 이용한 결제 처리 시스템 및 그 방법 | |
CN110537195B (zh) | 许可卡使用的方法及使用其的服务器 | |
CN108292330B (zh) | 安全令牌分发 | |
AU2015259162B2 (en) | Master applet for secure remote payment processing | |
EP2733655A1 (en) | Electronic payment method and device for securely exchanging payment information | |
US20030154376A1 (en) | Optical storage medium for storing, a public key infrastructure (pki)-based private key and certificate, a method and system for issuing the same and a method for using | |
US8346671B2 (en) | System and method for point-to-point encryption with adjunct terminal | |
KR20140017264A (ko) | 결제 서비스 제공 방법 및 그 시스템 | |
KR20120108599A (ko) | 온라인 신용카드 결제 단말기를 활용한 신용카드 결제 서비스 | |
US20210383378A1 (en) | Validation Service For Account Verification | |
KR20010022588A (ko) | 전자 지불 수단의 보안 처리 및 비즈니스 거래의 보안 실행을 위한 방법 및 그를 실시하기 위한 장치 | |
US8666899B2 (en) | Information communication system, user management apparatus thereof, information providing apparatus thereof and user terminal apparatus thereof | |
WO2019203384A1 (ko) | 온라인 또는 오프라인 결제 시 결제금액을 사용자가 직접 입력하고 금융기관에서 생성되는 일회성 결제 보안코드를 사용자가 받아 결제함으로써 개인정보 유출, 중복결제, 초과결제 또는 결제오류를 방지하는 모바일 페이먼트 서비스 방법 및 시스템 | |
WO2017048005A1 (ko) | 개인용 금융 자동화 단말기를 이용한 전자 금융 처리 시스템 및 그의 처리 방법 | |
US20030110133A1 (en) | Automated digital rights management and payment system with embedded content | |
US20030070078A1 (en) | Method and apparatus for adding security to online transactions using ordinary credit cards | |
KR20200013494A (ko) | 사용자가 소지한 금융 카드 기반 본인 인증 시스템 및 방법 | |
WO2017175926A1 (ko) | Id 기반 공개 키 암호화를 이용한 전자 지불 방법 및 전자 디바이스 | |
KR20180039470A (ko) | 보안 환경 및 보안 암호화 소프트웨어 솔루션 기반 온라인 결제 시스템 및 방법 | |
WO2023085802A1 (ko) | 스마트 카드를 이용한 did 인증 방법 및 스마트 카드 장치 | |
US20130198020A1 (en) | Transaction method and system | |
JP6897147B2 (ja) | カード処理端末、決済データ処理方法、および決済データ処理プログラム | |
KR101872261B1 (ko) | Ic 카드 정보 보안 전송 시스템 및 이를 이용한 온라인 결제 및 인증 방법 | |
JP2002542545A (ja) | 移動体通信ネットワークで電子取引を効率的に実施するための通信システム及び方法 | |
WO2016209035A1 (ko) | 보안이 강화된 안심쇼핑 인증방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 15307158 Country of ref document: US |
|
REEP | Request for entry into the european phase |
Ref document number: 2016768978 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016768978 Country of ref document: EP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16768978 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: MX/A/2017/012298 Country of ref document: MX |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2998703 Country of ref document: CA |
|
REG | Reference to national code |
Ref country code: BR Ref legal event code: B01A Ref document number: 112017020488 Country of ref document: BR |
|
ENP | Entry into the national phase |
Ref document number: 112017020488 Country of ref document: BR Kind code of ref document: A2 Effective date: 20170925 |